Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
With the recent launches of Novo Nordisk’s Wegovy pill and Eli Lilly’s Foundayo, the obesity market has started to shift toward oral GLP-1 drugs. While Novo leverages its first-mover advantage with ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...