The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

Mac Users Warned Over Fake Claude Install Instructions

Hackers are using Google Ads and Claude shared chats to target Mac users with fake setup instructions that can install malware.
Hosted on MSN

Anthropic says no sensitive data exposed in leak of code behind Claude AI agent

Anthropic (ANTHRO) said no sensitive customer data or credentials were exposed after accidentally revealing the underlying instructions it uses to direct its AI agent app Claude Code. "Earlier today, ...
TechJuice

Researcher Found 50 Ways to Break Claude Code. Here Is the Worst One.

A Claude Code GitHub Action flaw let one malicious issue hijack repositories via prompt injection. Anthropic has patched it.
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...
VentureBeat

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message it over Telegram and Discord

Credit: VentureBeat made with Google Gemini 3.1 Pro Image The hit open source autonomous AI agent OpenClaw may have just gotten mogged by Anthropic. Today, Anthropic announced Claude Code Channels, a ...