AI ResearchThe Decoder·June 29, 2026

Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control

Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself. The article Claude Code runs a GitHub repo's hidden malware without…

This is a summary curated by AIFuture. Read the complete article at the original source:

Read the full story on The Decoder

More AI News

IndustryTechCrunch

The AI jobs debate just got messier

A new report finds "high-intensity AI adopters” saw headcount increase 10.2%. Among those companies, entry-level headcount rose by 12%, countering the rhetoric that AI kills junior jobs.

Jun 30, 2026

ProductTechCrunch

Vibe coding platform Base44 launches own model as AI startups seek defensibility

Wix-owned vibe coding platform Base44 has started rolling out its own AI model — with hopes that it will eventually outperform frontier models.

Jun 30, 2026

ProductMarkTechPost

OpenClaw Releases iOS and Android Companion Node Apps That Connect a Phone to a Self-Hosted AI Agent Gateway

OpenClaw's iOS and Android apps are companion nodes, not standalone chatbots. Each phone pairs to a self-hosted Gateway over WebSocket. This adds device hardware — camera, location, voice, and Canvas — to a local-first AI agent. Here is the architecture, the capabilities, and the trade-offs for builders. The post OpenClaw Releases iOS and Android Companion Node Apps That Connect a Phone to a…

Jun 29, 2026