SPIN Unprocessed
Source The Hacker News feeds.feedburner.com Media Center
July 9, 2026 ai_technology cybersecurity

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

View original on thehackernews.com

Overview

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.

SpinGraph analysis pending — check back after processing.

Ask AI about this story

Opens with the SpinGraph .md URL and structured context — one click, prompt included.

More from The Hacker News

View all →

Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO