Wiz researchers found that six AI coding assistants will write to your SSH keys or shell config while displaying an innocent-looking filename in the confirmation dialog. The agent knows. The dialog doesn't say.
Wiz researchers found that six AI coding assistants will write to your SSH keys or shell config while displaying an innocent-looking filename in the confirmation dialog. The agent knows. The dialog doesn't say.
Anthropic has disclosed what it describes as the first documented case of a large-scale autonomous AI cyberattack — a Chinese state-sponsored group that jailbroke Claude Code and used it to autonomously conduct reconnaissance, exploitation, lateral movement, and data exfiltration across roughly 30 global targets.
Tenet Security's Threat Labs published research on June 17 demonstrating how a single fake Sentry error event can hijack AI coding agents like Claude Code and Cursor into executing arbitrary code on developer machines — no phishing, no infrastructure access, 85% success rate across 100+ tested organisations.
LLMs suggest non-existent package names in 20-30% of coding responses. Attackers register these hallucinated names with malicious payloads — slopsquatting as a supply chain attack.
A self-replicating worm compromised 73 Microsoft GitHub repositories on June 5, 2026, via stolen contributor PAT and malicious AI coding tool configs. Contained in 105 seconds.
Adversa AI disclosed SymJack (symlink hijacking to plant malicious MCP servers) and TrustFall (trust dialog bypass) hitting six AI coding agents including Copilot and Cursor.
A flawed permission check in Anthropic's Claude Code GitHub Action allowed attackers to use prompt injection via a crafted issue to steal CI/CD secrets. Patched in v1.0.94.