Posts tagged #developer-security
═══ #DEVELOPER-SECURITY ═══
Microsoft's AutoJack research showed how a browsing AI agent could turn a malicious web page into host-level code execution through a local MCP control plane.
The Atomic Arch campaign turned trusted-looking AUR packages into a route for rootkit-like credential theft. The old advice to read the build script is starting to look painfully small.
Microsoft-owned GitHub repositories were disabled after Miasma malware hit Azure and AI coding tool workflows. The repo is no longer passive infrastructure. It is part of the runtime.