#claude-code-security

[ follow ]
#cybersecurity #ai #claude-code #anthropic #vulnerabilities #ai-security #openai #security #malware #prompt-injection
#ai-security
fromInfoQ
1 day ago
Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Information security
fromTheregister
22 hours ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.
Information security
fromTNW | Anthropic
14 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
fromDevOps.com
6 days ago
Information security

LayerX: Anthropic's Claude Code Can Easily Be Easily Weaponized - DevOps.com

Information security
fromInfoWorld
1 week ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
Artificial intelligence
fromThe Hacker News
1 month ago

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Claude Code Security scans codebases for vulnerabilities, reasons about component interactions, verifies findings, and suggests targeted patches for human review.
Information security
fromInfoQ
1 day ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.
Information security
fromTheregister
22 hours ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.
Information security
fromTNW | Anthropic
14 hours ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
Information security
fromInfoWorld
1 week ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
more#ai-security
#ai
Software development
fromTechzine Global
20 hours ago

Anthropic introduces routines in Claude Code

Anthropic introduces routines in Claude Code to automate recurring tasks in software development, enhancing workflow efficiency without additional infrastructure.
Information security
fromTechzine Global
22 hours ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.
Artificial intelligence
fromThe Verge
1 day ago

Has Google's AI watermarking system been reverse-engineered?

A developer claims to have reverse-engineered Google's SynthID watermarking system, asserting that AI watermarks can be stripped from images.
more#ai
Privacy technologies
fromThe Verge
18 hours ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Science
fromwww.scientificamerican.com
1 day ago

China said it could break military encryption. DARPA built an AI to find out if that's true

Chinese researchers claim quantum computers could potentially unlock encrypted information, raising concerns for national security.
Marketing tech
fromMarTech
2 days ago

A framework for auditing generative AI outputs pre-launch | MarTech

Marketing teams should use a four-stage audit framework for Generative AI outputs to ensure brand voice consistency and copyright compliance.
fromSecurityWeek
6 days ago

Apple Intelligence AI Guardrails Bypassed in New Attack

The first is Neural Execs, a known prompt injection attack that uses 'gibberish' inputs to trick the AI into executing arbitrary, attacker-defined tasks. These inputs act as universal triggers that do not need to be remade for different payloads.
Apple
#claude-code
Agile
fromMedium
1 week ago

7 Rules for Creating an Effective Claude Code Skill

Effective Claude Code skills improve performance and save tokens by being focused and well-framed.
Software development
fromArs Technica
2 weeks ago

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.
Information security
fromSecurityWeek
1 week ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Agile
fromMedium
1 week ago

7 Rules for Creating an Effective Claude Code Skill

Effective Claude Code skills improve performance and save tokens by being focused and well-framed.
Software development
fromArs Technica
2 weeks ago

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.
Information security
fromSecurityWeek
1 week ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
more#claude-code
#ai-performance
fromFortune
1 day ago
Artificial intelligence

Anthropic faces user backlash over reported performance issues in its Claude AI chatbot | Fortune

Artificial intelligence
fromFortune
1 day ago

Anthropic faces user backlash over reported performance issues in its Claude AI chatbot | Fortune

Anthropic faces backlash over Claude AI's declining performance and perceived lack of transparency amid rising user dissatisfaction and potential IPO plans.
more#ai-performance
#open-source
Software development
fromZDNET
14 hours ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Information security
fromYcombinator
1 day ago

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.
Software development
fromZDNET
14 hours ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Information security
fromYcombinator
1 day ago

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.
more#open-source
Information security
fromSecurityWeek
16 hours ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
#openai
Information security
fromTNW | Apps
13 hours ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.
Information security
fromAxios
1 day ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromWIRED
1 day ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
Information security
fromTNW | Apps
13 hours ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.
Information security
fromAxios
1 day ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromWIRED
1 day ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
more#openai
#anthropic
Software development
fromTheregister
8 hours ago

Anthropic's Project Glasswing CVE count is still guesswork

Anthropic's Mythos model is under testing by select companies to identify security vulnerabilities, but actual findings remain uncertain.
Software development
fromFortune
2 weeks ago

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.
Software development
fromTheregister
8 hours ago

Anthropic's Project Glasswing CVE count is still guesswork

Anthropic's Mythos model is under testing by select companies to identify security vulnerabilities, but actual findings remain uncertain.
Software development
fromFortune
2 weeks ago

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.
more#anthropic
#malware
Information security
fromTheregister
2 days ago

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.
Information security
fromTheregister
1 week ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.
Information security
fromTheregister
2 days ago

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.
Information security
fromTheregister
1 week ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.
more#malware
Information security
fromTheregister
12 hours ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
Information security
fromTheregister
18 hours ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.
Information security
fromSecurityWeek
23 hours ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
DevOps
fromTheregister
1 month ago

Microsoft Azure CTO says Claude found vulns in Apple II code

AI can decompile machine code and discover vulnerabilities in legacy systems, creating security risks for billions of deployed microcontrollers worldwide.
Artificial intelligence
fromFuturism
1 week ago

Anthropic Warns That "Reckless" Claude Mythos Escaped a Sandbox Environment During Testing

Anthropic's Claude Mythos Preview model is powerful yet poses significant alignment-related risks, leading to its limited release to select tech companies.
Information security
fromThe Hacker News
16 hours ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.
#iam
Information security
fromComputerworld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
1 day ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
more#iam
Software development
fromInfoWorld
2 weeks ago

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

LLMs can quickly identify security vulnerabilities in code, but their rapid evolution poses potential risks.
Information security
fromSecuritymagazine
1 day ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.
#adobe
Information security
fromSecurityWeek
1 day ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechRepublic
1 day ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromSecurityWeek
1 day ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechRepublic
1 day ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
more#adobe
Information security
fromTechzine Global
1 day ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromArs Technica
1 day ago

UK gov's Mythos AI tests help separate cybersecurity threat from hype

Mythos outperformed previous models in TLO tests, showing capability in attacking vulnerable systems but still facing limitations in complex scenarios.
Information security
fromSecurityWeek
1 day ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
#cybersecurity
Information security
fromTechzine Global
2 days ago

How AI could drive cyber investigation tools from niche to core stack

The rise of AI presents new cybersecurity risks, necessitating a shift from traditional defensive strategies to proactive measures against sophisticated threats.
Information security
fromThe Hacker News
2 days ago

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.
Information security
fromTechzine Global
2 days ago

How AI could drive cyber investigation tools from niche to core stack

The rise of AI presents new cybersecurity risks, necessitating a shift from traditional defensive strategies to proactive measures against sophisticated threats.
more#cybersecurity
Information security
fromThe Hacker News
1 day ago

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.
Information security
fromThe Hacker News
1 day ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
Information security
fromTechzine Global
2 days ago

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.
Information security
fromInfoWorld
2 days ago

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.
Information security
fromThe Hacker News
1 week ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
Artificial intelligence
fromInfoWorld
2 months ago

Claude AI finds 500 high-severity software vulnerabilities

Claude Opus 4.6 uncovered 500 high-severity zero-day vulnerabilities in open-source projects while running in a VM with standard analysis tools and no guidance.
Artificial intelligence
fromSecurityWeek
1 month ago

Claude's New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

Cybersecurity company stocks fell sharply after Anthropic announced Claude Code Security, an AI capability for finding code vulnerabilities, triggering market concerns about AI replacing traditional security solutions.
Information security
fromThe Hacker News
4 weeks ago

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart attacks hide malicious code in dynamically loaded third-party assets and EXIF metadata, bypassing repository-based static analysis tools like Claude Code Security because the code never enters the source repository.
Information security
fromDEV Community
2 months ago

I Let Claude Write 60 Functions. 65-75% Had Security Vulnerabilities.

AI code generation models produce insecure code by default, with no statistically significant difference among the tested models.
#ai-security-vulnerabilities
fromDevOps.com
1 month ago
Information security

Security Flaws in Anthropic's Claude Code Risk Stolen Data, System Takeover - DevOps.com

fromDevOps.com
1 month ago
Information security

Security Flaws in Anthropic's Claude Code Risk Stolen Data, System Takeover - DevOps.com

more#ai-security-vulnerabilities
Information security
fromThe Hacker News
1 month ago

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Multiple critical vulnerabilities in Claude Code allow remote code execution and API credential theft when users open untrusted repositories.
Information security
fromTheregister
1 month ago

Claude's collaboration tools allowed remote code execution

Claude Code contained three security vulnerabilities allowing remote code execution and API key theft through malicious repository configurations, posing significant supply chain risks to developers.
[ Load more ]