GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
A new attack technique dubbed HalluSquatting turns AI assistants’ tendency to hallucinate into a scalable infection vector.
Hermes Agent makes it easy to run an AI coding agent in its own container.
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Researchers warn AI agents could be tricked into downloading malicious code by exploiting hallucinations that cause chatbots ...