Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ghostcommit PNG-embedded prompt injection against AI code reviewers

Technical Analysis
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated Ghostcommit, a PNG-embedded prompt-injection technique that can bypass AI code review and leak .env secrets into committed source. The payload hides inside docs/images/build-spec.png instead of plain text, so text-only reviewers miss the instruction while a later coding agent follows it. In one end-to-end run, the agent turned repository secrets into a 311-integer constant that decoded back to the full secret file. The result exposes a structural blind spot in pull-request automation where review tooling, not the model alone, determines whether exfiltration succeeds.

Related Happenings

Prompt-injection proof-of-concept enables silent RCE in Claude Code and Codex

Technical Analysis
H score28 First: 10.07.2026 16:45 Last: 10.07.2026 16:45 Sources 1

About this happening: Researchers demonstrated a **proof-of-concept exploit** that can force **remote code execution** in **Anthropic’s Claude Code** and **OpenAI’s Codex**, exposing a trust-boundary f...

Friendly Fire: autonomous AI code-review modes can execute attacker-controlled repository code

Technical Analysis
H score28 First: 09.07.2026 08:15 Last: 09.07.2026 08:15 Sources 1

About this happening: **Friendly Fire** shows that autonomous code-review modes in **Claude Code** and **OpenAI Codex** can be manipulated into **executing attacker-controlled code** on the host. The p...

AI coding assistants GhostApproval symlink security flaw

Vulnerability
H score22 First: 09.07.2026 07:27 Last: 09.07.2026 07:27 Sources 1

About this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

Timeline

  1. 11.07.2026 12:03 2 articles · 1h ago

    Ghostcommit discloses PNG-based prompt injection against AI code review

    Initial Disclosure

    Researchers from the ASSET Research Group disclosed Ghostcommit, a proof-of-concept that hides prompt-injection instructions inside a PNG referenced by AGENTS.md so text-only AI code reviewers miss the payload. In testing, a coding agent later opened the repository's .env file and turned its contents into a commit-time numeric constant, including one run where Cursor driving Claude Sonnet emitted 311 integers that decoded back to the full secret file. The group also built a multimodal pull-request defender as a GitHub app to inspect conventions and images, and it blocked nearly all attacks in a live trial while avoiding false positives on legitimate pull requests.

    Show sources