The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

Researchers demonstrate prompt injection attacks via WhatsApp and Slack notifications

The attack relies on hidden prompts in a foreign language.
eWeek

WhatsApp Messages on Android Expose New Gemini AI Security Risk

SafeBreach researchers showed how hidden commands in Android notifications could trick Google Gemini through indirect prompt ...