‘SymJack’ attack shows how AI coding agents can be manipulated through malicious repositories and MCP servers to steal data and enable software supply chain attacks.
We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.
Hi, what are you looking for?
Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code.
By
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
GPU mining malware spreads via SEO poisoning, AI chatbots
Millions of AI agents imperiled by critical vulnerability in open source package
The real attack surface for AI coding agents is the config file
An npm Package for AI Agent Orchestration Just Shipped With Its Front Door Unlocked. Here's What the CVE Actually Reveals.
Detectify debuts MCP server to let AI agents find and fix vulnerabilities in real time - SiliconANGLE
Cybercrooks ruin engineers' weekends with Saturday attack
New IElevator2 COM interface? No problem
GitHub is scanning Model Context Protocol servers for prompt injection, malicious tools, and supply chain risks. Here is what the…
Microsoft uncovered 150+ AI-assisted cryptojacking domains using fake software downloads to deploy persistent malware.
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff…
: Mini Shai-Hulud caught spreading credential-stealing malware
