TECH NEWS

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Bash (Bourne Again SHell), the 1989 GNU rewrite of the original Linux Bourne Shell, can still cause problems more than three decades later through its Bash Tricks. Adversa AI has discovered a structural security flaw in multiple open source AI agents. It’s not a specific bug but a process that can get malicious Bash instructions ingested into the agent, and from there into whatever the agent does – typically with the operator’s approval.

Adversa calls this structural issue GuardFall.

“We tested eleven popular open source agents, including Hermes, OpenCode, Roo-code, and others,” explains Serge Malenkovich, head of communications at Adversa AI. “Ten leave the gap open in one of four ways; and only one closes it.”

The ‘gap’ is a failure to guard the agent against the decades old Bash shell tricks, such as quote removal and $IFS spacing. Since these agents run with a developer’s full account authority,...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

not set

© 2009-2025 Independent News Service. All rights reserved. * Site Map * Legal disclaimer * Privacy Policy * CSR Policy * RIO * RSS Copyright of this story solely belongs to indiatvnews.com. To see the full text click HERE

https://www.zdnet.com/a/img/resize/0486c276f768d1b6b522fb03adc74fda1aa3746b/2026/06/30/601f8534-1ef2-4f52-9307-cc9516198cae/apple-ios-26-5-2.jpg?auto=webp&fit=crop&height=675&width=1200

Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP

Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways * Apple's latest OS updates patch 29 security flaws. * The fixes were rolled out sooner than expected. * Apple cited the increase in AI-powered security threats. iPhone, iPad, and Mac owners, it's time

https://cdn.mos.cms.futurecdn.net/2TTaVZdSSeLQizvYPKXnck-1920-80.jpg

Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ

* US DOJ has seized nearly 400 domains * The sites were being used to illegally stream World Cup games * Users of the sites were exposed to malware, data theft, and other threats Almost 400 domains have been seized as part of Operation Offsides - a coordinated global effort to take down

https://cdn.mos.cms.futurecdn.net/dBKnGPGEdE6k259YyMiHC5-2560-80.jpg

Huawei MatePad Pro Max review: brilliant, iPad Pro-rivaling hardware — but there’s one major flaw

The MatePad Pro Max proves Huawei still knows how to make premium hardware; this is a slim and lightweight large-screen tablet that looks and feels brilliant. The anti-reflective PaperMatte screen means you can use it outside with ease, and it’ll slip subtly into a bag. It’s also nice

Read more

not set

Apple rushed to squash 29 bugs because AI is supercharging hackers - update ASAP

Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ

Huawei MatePad Pro Max review: brilliant, iPad Pro-rivaling hardware — but there’s one major flaw