SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
The Currency Analytics

Qihoo 360 and Z.ai Both Launch AI Vulnerability Tools With Opposite Strategies

Qihoo 360 dropped a new AI tool this week built to hunt for software vulnerabilities. Same week, Z.ai went a different ...
Dark Reading

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...
winbuzzer.com

GLM-5.2 Tops Claude Code in Semgrep IDOR Benchmark

GLM-5.2, Z.ai’s open-weight model, has reached 39% F1 on Semgrep’s IDOR benchmark, beating Anthropic’s Claude Code coding assistant in the prompt-only lane. Claude Code scored 37% F1 with Opus 4.6 and ...
SecurityWeek

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

DirtyClone, tracked as CVE-2026-43503, is a Linux kernel vulnerability that allows any local user to gain root privileges.