Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

âš¡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: ...
GitHub

Awesome AI Agent Attacks

Flowise CSV Agent prompt injection RCE (CVE-2026-41264, Apr 21, 2026): Lack of sandboxing in the CSV_Agents run method lets an LLM-emitted Python script run on the host; bypass for the earlier ...