Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...