Security researchers are exposing critical vulnerabilities in code repositories and AI coding agents, demonstrating how attackers hide malware in legitimate-looking GitHub repos to compromise developer machines and infrastructure. Multiple threat groups—from North Korean hackers to the Void Dokkaebi crew—are actively exploiting these weaknesses to steal credentials, install backdoors, and gain control of systems.
·Claude Code and similar AI agents automatically execute code from repositories without sufficient verification, allowing attackers to gain full machine control through hidden malware
·Harmless-looking repositories are being weaponized by threat actors to trick developers during job interviews and routine code reviews
·North Korean hackers are targeting cryptocurrency through compromised repositories
·Unpatched flaws in Argo CD repo-server allow attackers to take over Kubernetes clusters
·Inactive repositories remain unscanned and become attractive targets for malware injection
drawn from SecurityWeek, www.trendmicro.com, the-decoder.com, Tom's Hardware · updated 1d ago