The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Anthropic hands Claude Code more control, but keeps it on a leash

Anthropic’s new auto mode for Claude Code lets AI execute tasks with fewer approvals, reflecting a broader shift toward more ...
SecurityWeek

Hackers Weaponize Claude Code in Mexican Government Cyberattack

Anthropic’s Claude Code assistant has been abused in a cyberattack against the Mexican government’s systems, Israeli cybersecurity startup Gambit Security reports. As part of the attack, ten Mexican ...