Fetching from the wire…
Security2026-06-05 · source-backed
Microsoft researchers detailed SymJack, a symlink-hijack RCE affecting six coding agents, and TrustFall, which impacts Claude Code, Cursor, Gemini CLI, and GitHub Copilot (Microsoft Security). These join Semantic Kernel prompt-injection-to-host-RCE flaws. The local coding agent is now a prime attack surface, not a sandboxed toy. Audit filesystem and symlink handling in anything you run with shell access.
Each link below shares sources, entities, or timing with this story.
Claude Code uses MCP / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Claude Code uses MCP); both cover Claude Code, Cursor, Gemini CLI, RCE; overlapping topics (agent, claude, code, coding, cursor).
Claude Code competes with GitHub Copilot / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Claude Code competes with GitHub Copilot); both cover Claude Code, Cursor, Gemini CLI, GitHub Copilot; overlapping topics (agent, claude, code, coding, copilot).
Microsoft criticizes Semantic Kernel / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft criticizes Semantic Kernel); both cover Audit, Claude Code, Microsoft, RCE; overlapping topics (agent, attack, audit, chain, code).