Agents
Supply-chain worms now poison CLAUDE.md and .cursorrules with zero-width hidden instructions
The continuously-mutating Miasma/Hades campaign (pivoting delivery every 48–72 hours since June 1) has added a novel agent-specific vector: packages inject .cursorrules and CLAUDE.md files containing zero-width Unicode hidden instructions. When a developer opens the project in Cursor or Claude Code, the assistant reads the configuration as legitimate project guidance and runs a 'security scan' that exfiltrates local secrets. Socket flagged 37 malicious Python wheels across 19 PyPI packages on June 7 and a compromised ensmallen 0.8.101 on June 8 — the first wave to weaponize AI coding-agent config files at scale.
↳ Follow the thread