The Register reported that Wiz found a symlink-based vulnerability pattern in Amazon Q Developer, Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. The attack described in the report uses a misleading approval prompt around an edit that appears local while the symlink target points outside the project workspace.
The report says Amazon, Cursor, and Google treated the issue as critical or high severity and fixed it, while Augment and Windsurf had acknowledged the report but had not patched it at publication time. Anthropic told Wiz that the Claude Code behavior was outside its current threat model.
Featured source: The Register .
Other Stories
HalluSquatting research targets agentic coding tools
Researchers described HalluSquatting, a pull-based prompt-injection and supply-chain attack that uses hallucinated repository or skill identifiers to steer coding agents toward attacker-controlled resources. Ars Technica reports that the study found exposure across Cursor, Cursor CLI, Gemini CLI, Windsurf, GitHub Copilot, Cline, OpenClaw, ZeroClaw, and NanoClaw.
Filed from: Ars Technica , Research project .
GitLost disclosure targets GitHub Agentic Workflows
Noma Security disclosed GitLost, a prompt-injection vulnerability in GitHub Agentic Workflows that it says could leak private repository data when a crafted issue is posted in a public repository of the same organization. The Register reported the disclosure and said GitHub was notified.
Filed from: The Register , Noma Security .
Cloudflare introduces Meerkat consensus experiment
Cloudflare Research introduced Meerkat, an internal experimental distributed consensus service intended for small pieces of control-plane state across its global network. Cloudflare says Meerkat is powered by QuePaxa, a 2023 consensus algorithm from EPFL researchers, and that it is building applications such as a transactional key-value store and leasing system on top of the consensus log.
Filed from: Cloudflare , QuePaxa paper .
Microsoft adds Cloud Rebuild to Windows 11 Insider preview
Microsoft introduced Cloud Rebuild in Windows 11 Insider Experimental Preview Build 26300.8772, adding a recovery option that can reinstall Windows 11 from WinRE when the installed operating system will not boot. Microsoft’s documentation says the preview downloads both the Windows image and device drivers from Windows Update, then sends the machine through OOBE.
Filed from: The Register , Microsoft Learn , Insider release notes .
Supreme Court leaves Texas app-store age law in effect
Ars Technica reported that the US Supreme Court left in place a Texas law requiring app stores to verify users’ ages and obtain parental consent for minors before downloads and in-app purchases. AP reported that the order was unsigned and that Justices Elena Kagan, Sonia Sotomayor, and Ketanji Brown Jackson dissented.
Filed from: Ars Technica , AP .
NHS Palantir benefits claims face statistics review
Foxglove asked Health Secretary James Murray to clarify public and parliamentary claims about NHS Federated Data Platform benefits after NHS England’s methodology page said the before-and-after figures do not prove cause and effect. The Register says the Office for Statistics Regulation is assessing the information around NHS England’s FDP claims.
Filed from: The Register , Foxglove , NHS England .
UK campaigners ask MPs to probe eVisa complaints
A coalition of immigration, digital-rights, and human-rights groups asked Parliament’s Science, Innovation and Technology Committee to examine the ICO’s response to alleged data-protection failures in the Home Office eVisa programme. The Register reports that the groups cite an FOI disclosure showing 851 complaints about the Home Office between December 2023 and December 2025.
Filed from: The Register , Open Rights Group letter , GOV.UK .
Mecklenburg-Vorpommern moves SharePoint work to Nextcloud
Mecklenburg-Vorpommern’s state IT provider says the German state is using a Nextcloud-based collaboration platform operated by DVZ M-V as part of its public-sector open-source and digital-sovereignty strategy. DVZ M-V says about 5,000 employees actively use the platform for file sharing, with plans to expand it into chat, videoconferencing, and groupware for more than 50,000 public-sector employees.
Filed from: The Register , DVZ M-V .
New Jersey robotaxi bill would require multiple sensing technologies
The Verge reported that New Jersey’s S1677 autonomous-vehicle pilot bill would require fully autonomous vehicle operators to use cameras plus two additional sensing technologies before operating in the state. The article says the bill would also require state authorization, crash reporting, and at least 50,000 miles of supervised in-state testing without a major incident before a company removes the human safety driver.
Filed from: The Verge , New Jersey Legislature .
SambaNova closes first tranche of $1 billion financing
SambaNova completed the first close of a $1 billion Series F financing at an $11 billion post-money valuation, with General Atlantic leading and Seligman Ventures, T. Rowe Price Associates, and Capital Group named among significant investors. The company release says JPMorganChase selected SambaNova RDUs for on-prem AI inference.
Filed from: TechCrunch , Business Wire .
ZML releases LLMD inference server
ZML released ZML/LLMD, an LLM inference server that TechCrunch says is designed to run open-source models across Nvidia, AMD, Google TPU, Apple Metal, and Intel Arc hardware. TechCrunch reports the product is not open source and is launching free while the company measures usage.
Filed from: TechCrunch , ZML .
Meta launches Muse Image across Meta AI, Instagram, and WhatsApp
Meta introduced Muse Image, a text-to-image model available through Meta AI and on Instagram and WhatsApp. The company says the Instagram integration can generate, animate, restyle, and edit images, including edits that apply prompts to user-provided photos.
Filed from: The Verge , Meta .
Anthropic expands Claude Cowork to web and mobile
Anthropic’s July 7 release notes say Claude Cowork is now available on web and mobile in addition to desktop, with rollout beginning on the Max plan before more plans. The release notes say Cowork sessions now run remotely in beta so work can continue after a laptop closes and scheduled tasks can run when no device is online.
Filed from: Anthropic , The Verge .
Check Point details browser-only ransomware technique
Check Point described a browser-only ransomware technique generated from an LLM concept and implemented with Web Crypto APIs, Origin Private File System access, Web Workers, and WebAssembly. TechRadar reported the technique from Check Point’s research post.
Filed from: TechRadar , Check Point Research .
Meta says AI glasses disable camera after capture-LED tampering
Meta said its AI glasses are designed to stop the capture camera from functioning if someone covers or tampers with the capture LED. The Verge reported the update from Meta’s public answers about the glasses.
Filed from: The Verge , Meta .
sqlite-utils 4.0 adds migration support
Simon Willison released sqlite-utils 4.0 with database schema migrations, nested transactions, and support for compound foreign keys. The changelog says the release adds new migration APIs and changes the underlying migration behavior.
Filed from: Simon Willison , sqlite-utils changelog .
From the Community
AI audit pipeline finds seven bugs in Cloudflare’s CIRCL library
zkSecurity’s AI audit agent found seven bugs in Cloudflare’s CIRCL experimental cryptography library, including a critical float64 precision loss in threshold RSA, a DLEQ proof forgery via a prover-controlled security parameter, a BLS aggregate verification missing message distinctness check, and a CP-ABE access-control break from a one-line AND-share mistake. The post says all seven bugs have been fixed upstream.
Filed from: zkSecurity blog .
Jim’s TrueType QR Code Font generates QR codes in a font
An experimental OpenType font turns bracket-delimited text into a QR Code symbol while leaving surrounding text readable, using OpenType GSUB features to encode the QR code generation logic including Reed-Solomon error correction and module placement. The project generates three font variants supporting up to 17, 32, or 53 characters per QR code.
Filed from: GitHub repository .




