A new supply chain attack, dubbed Miasma Worm, has emerged, leveraging configuration files within AI coding tools to steal credentials. Attackers exploit features like session start hooks in tools such as Claude Code and Gemini CLI, as well as agent instructions in Cursor and auto-tasks in VS Code. The attack, attributed to TeamPCP, has already compromised over 100 GitHub repositories by embedding a JavaScript credential harvester that executes automatically when a project is opened in these AI development environments. AI
IMPACT Highlights critical security risks in AI development tools, necessitating immediate patching and heightened vigilance against new supply chain attack vectors.
RANK_REASON The article details a security vulnerability and attack method targeting specific AI coding tools, rather than a new model release or core research.
Read on dev.to — Claude Code tag →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →