The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
eWeek

WhatsApp Messages on Android Expose New Gemini AI Security Risk

SafeBreach researchers showed how hidden commands in Android notifications could trick Google Gemini through indirect prompt ...

Researchers demonstrate prompt injection attacks via WhatsApp and Slack notifications

The attack relies on hidden prompts in a foreign language.
Semiconductor Engineering

Breaking The “Unhackable” Xbox One

A hardware fault injection attack results in the first Xbox One boot ROM-level compromise after 12 years.

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
eWeek

‘ChatGPhish’ Attack Turns ChatGPT Summaries Into Phishing Lures

Permiso researchers found ChatGPhish, a prompt-injection issue that can cause ChatGPT summaries to display phishing links, ...
GitHub

AV bypass using the shellcode loader 'GoPurple'

GoPurple is a shellcode loader tool for evaluating detection capabilities of endpoint security solutions. I tested the tool GoPurple with a metasploit shellcode and several injection techniques on a ...
GitHub

AV bypass using my shellcode loader 'Invoke-PoSH-ShellCodeLoader1

'Invoke-PoSH-ShellCodeLoader' is a shellcode loader script generator that aims to bypass AV solutions such as Windows Defender. It generates an obfuscated and encrypted shellcode loader PowerShell ...