Ghostcommit attack hides malicious AI instructions in images


Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images.

The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a later task.

A pull request is basically a formal “please review and add my changes” request that a developer sends before changes are added to the main version of a software project. Human reviewers and, increasingly, AI coding tools may review the changes before they’re accepted.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order

    June 8, 2026

    WhatsApp said that it disrupted a new hacking campaign linked to NSO Group, a spyware maker that has been ensnared in countless cases of abuse all over the world. The messaging app maker accused NSO of violating an earlier court order that bars the company from targeting WhatsApp and its users with its spyware, and is seeking to ...

  • Microsoft’s open source tools were hacked to steal passwords of AI developers

    June 8, 2026

    Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code. Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as ...

  • From cause to cash: a cross-border look at hacktivist activity

    June 8, 2026

    While tracking the activities of 4BID Kaspersky researchers uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – the latest findings reveal a shift. The actual ...

  • Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms

    June 5, 2026

    From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as “Luna Moth,” “Chatty Spider,” and “Silent Ransom Group”) targeting dozens of organizations across professional, legal, and financial services in the United States. UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to ...

  • Meta, Starlink and Microsoft team up with the FBI to delete over 1.4 million accounts and seize millions in cryptocurrency related to huge scam networks targeting Americans

    June 4, 2026

    Dozens of people have been arrested, and millions of dollars in cryptocurrency seized, in a large-scale, multi-national operation against internet scammers and fraudsters. On May 18, the US Department of Justice, the FBI, Secret Service, law enforcement agencies in the UK, Australia, Canada, New Zealand, and Thailand, as well as multiple commercial businesses such as Meta, ...

  • You do surprise me.exe: An unexpected executable in Hola Browser

    June 4, 2026

    During review work related to an AppEsteem Windows Certified Application test, Sophos X-Ops recently identified an unexpected executable delivered alongside Hola Browser (version 1.251.91.0). The executable, me.exe, was not listed as a certified component, and appears to be a crypto-miner. After the issue was reported through the certification program, Hola reported that they had fixed their delivery pipeline, removing the condition that ...