SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Crowdfund Insider

Chainalysis Shares Insights on $7.5 Million Reverse Honeypot Exploit Against Ethereum’s Top Sandwich Bot

Blockchain analytics firm Chainalysis has published an in-depth examination of a sophisticated exploit that drained at least ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

How to burst the AI bubble: Strike at its roots

Ars Technica: It could be catastrophic, economically speaking, when the AI bubble finally bursts. But you point out that ...
winbuzzer.com

Linux 7.2 Removes String-Copying Function Strncpy After Six-Year Cleanup

Linux kernel maintainers released a June 20 Linux 7.2 merge that removes the legacy C string-copy function strncpy from kernel code. Kernel-side is the key scope: strncpy remains part of user-space C ...
GitHub

registry_keys_used_for_persistence.yml

description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...
GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...