The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Want Flawless OpenClaw in 2026? You Need MaxClaw and the MiniMax M2.7

MaxClaw adds 24/7 OpenClaw agents with long-term memory, plus Telegram, Discord, and Slack integrations using tokens and ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...