Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control
Security researchers at Mozilla's 0DIN platform demonstrated that a compromised GitHub repository can infect a developer's machine when an AI coding tool like Claude Code executes its setup, with malicious code loading a…