Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control
Blog LLMs & Texto Robótica & RL

Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control

Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself. The article Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control appeared first on The Decoder .

The Decoder ·Matthias Bastian ·
Ver no Hugging Face
compartilhar:
// relacionados

Leia também

The US military used AI to pick thousands of targets but missed a note saying one was a school
Blog

The US military used AI to pick thousands of targets but missed a note saying one was a school
HP accelerates enterprise workflows with OpenAI Frontier
Blog

HP accelerates enterprise workflows with OpenAI Frontier
Editorial

O fantasma do Fable 5: banido, o modelo vive nos datasets que o destilam
Editorial

MultiHashFormer: e se cada palavra fosse uma impressão digital?