The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Mac Users Warned Over Fake Claude Install Instructions

Hackers are using Google Ads and Claude shared chats to target Mac users with fake setup instructions that can install malware.
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
Hosted on MSN

Anthropic says no sensitive data exposed in leak of code behind Claude AI agent

Anthropic (ANTHRO) said no sensitive customer data or credentials were exposed after accidentally revealing the underlying instructions it uses to direct its AI agent app Claude Code. "Earlier today, ...
VentureBeat

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message it over Telegram and Discord

Credit: VentureBeat made with Google Gemini 3.1 Pro Image The hit open source autonomous AI agent OpenClaw may have just gotten mogged by Anthropic. Today, Anthropic announced Claude Code Channels, a ...