Ghostcommit attack hides malicious AI instructions in images


Ghostcommit is a proof of concept that shows how AI assistants used to review software code can be tricked by hidden instructions embedded in images.

The academic ASSET Research Group showed that an attacker can place instructions inside an image file, point to it in an AGENTS.md file, and get an AI coding agent to follow those instructions during a later task.

A pull request is basically a formal “please review and add my changes” request that a developer sends before changes are added to the main version of a software project. Human reviewers and, increasingly, AI coding tools may review the changes before they’re accepted.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Worm rubs out competitor’s malware, then takes control

    May 8, 2026

    There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place. Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack ...

  • ‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit

    May 8, 2026

    Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE A fresh Linux privilege escalation bug dubbed “Dirty Frag” has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions.Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he ...

  • Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto

    May 7, 2026

    Police have arrested and brought 44 charges against three men for allegedly operating an SMS blaster in downtown Toronto. The scheme, which began in November 2025, is the “first known instance” of an SMS blaster operating in Canada, according to the police report. In a statement, the Toronto Police Service said it believes tens of thousands of ...

  • Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware

    May 6, 2026

    Researchers at Rapid7 say that they have spotted what they believe was an Iranian intelligence cyber unit masquerading as the Chaos ransomware gang to hide a state-sponsored espionage operation. The intrusion was spotted earlier this year, and investigators say breadcrumbs left behind give them “medium confidence” in saying it was the work of MuddyWater, which has ...

  • DOJ says ransomware gang tapped into Russian government databases

    May 6, 2026

    A U.S. court has sentenced Latvian hacker Deniss Zolotarjovs to more than eight years in prison following his conviction for carrying out ransomware attacks. The Justice Department accused the hacker of working for a notorious Russian ransomware gang called Karakurt, which was led by former leaders of the Akira and Conti ransomware gangs, who were sanctioned ...

  • Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

    May 6, 2026

    On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The vulnerability carries a CVSSv4 score of 9.3 and has been confirmed as exploited in the wild ...