Researchers at Wiz found that a flaw in six popular
AI coding assistants lets a booby-trapped code project quietly take
control of a developer's computer. The assistant asks permission to
edit one harmless-looking file, but the write lands on a sensitive
one instead. The affected tools are Amazon Q Developer, Anthropic's
Claude Code, Augment, Cursor, Google Antigravity, and
Windsurf.
Read more https://thehackernews.com/2026/07/ghostapproval-symlink-flaws-could-let.html

