The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
SecurityWeek

Hackers Weaponize Claude Code in Mexican Government Cyberattack

Anthropic’s Claude Code assistant has been abused in a cyberattack against the Mexican government’s systems, Israeli cybersecurity startup Gambit Security reports. As part of the attack, ten Mexican ...