Cybernews

Popular AI coding tool Blackbox AI, with 5M downloads, grants root access to hackers

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.
The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
The Hacker News

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

Transparent Tribe uses AI tools to mass-produce polyglot malware targeting India using Slack, Discord, and Google Sheets C2.

ClickFix attackers using new tactic to evade detection, says Microsoft

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.
PCMag

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.