#supply-chain

1 article

Beware: GhostCommit Hides Prompt Injection in PNGs to Drain Your .env

A new supply-chain attack smuggles prompt-injection instructions inside image files so coding agents exfiltrate .env secrets right…