SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
Dark Reading

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...
Tech Times

OpenAI Silently Rolled GPT-5.6 to Some Codex Users: A Hidden Prompt Exposes the Swap

GPT-5.6 was already running in Codex for some users before OpenAI’s government-approved preview opened to partners. A ...
SecurityWeek

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

DirtyClone, tracked as CVE-2026-43503, is a Linux kernel vulnerability that allows any local user to gain root privileges.