A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it.
RyotaK of GMO
SOURCE:
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K.,