Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results