#3
The Hacker News
general
July 09, 2026 at 04:27 UTC
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
By [email protected] (The Hacker News)
AI Summary
Wiz researchers disclosed 'GhostApproval,' a symlink-based attack affecting six AI coding assistants — Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. A malicious repository can trick the agent into writing to sensitive system files while appearing to edit a harmless target, enabling arbitrary code execution on the developer's machine.
Relevance score: 84.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →