Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
GitHub

ChatDev 2.0 - DevAll

ChatDev has evolved from a specialized software development multi-agent system into a comprehensive multi-agent orchestration platform. •Sep 24, 2025: 🎉 Our paper Multi-Agent Collaboration via ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
GitHub

GoveeLife — Home Assistant Integration

Devices with per-zone LED control (such as ceiling panels and backlight kits) get individual segment entities — one light entity per zone — in addition to the main device entity. Segments support ...
The Hacker News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: ...