AIThe Decoder1h ago
Claude Code runs a GitHub repo's hidden malware without verification
Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control
Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the…
Read full articleSource: The Decoder · Opens in new tab