4 min read
News Brief LayerX Security demonstrated a technique that conditions AI browsers to accept false context, then exploits that state to extract credentials. Six mainstream AI browsers failed the test.
LayerX Security demonstrated a technique that conditions AI browsers to accept false context, then exploits that state to extract credentials. Six mainstream AI browsers failed the test.
A solo researcher has documented 9,330 malicious GitHub repositories designed to poison AI coding agent sessions and deliver credential-stealing malware via blockchain-hosted C2 infrastructure.
Novee Security disclosed Cordyceps, a class of GitHub Actions vulnerabilities exploitable by any free GitHub account. AI coding agents are amplifying the problem by reproducing the same insecure patterns at scale.