National Cyber Warfare Foundation (NCWF)

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents


0 user ratings
2026-07-09 05:00:51
milo
Developers
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead.

The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Developers



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.