WinBuzzer

10,000+ Claude Desktop Users Exposed by Zero-Click Flaw

A zero-click vulnerability in Claude Desktop Extensions has exposed over 10,000 users to remote code execution through ...

Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

AI assistants apparently can't distinguish between instructions and data, and that is at the center of many zero-click prompt ...
Infosecurity Magazine

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution ...
Tech Times

Hidden Claude Desktop Extension Flaw Could Let Hackers Seize Your PC

Security researchers warn that Claude Desktop Extensions may allow zero-click prompt injection attacks, potentially leading to remote code execution and full system compromise.
Hosted on MSN

Anthropic won't fix a bug in its SQLite MCP server

Anthropic says it won't fix an SQL injection vulnerability in its SQLite Model Context Protocol (MCP) server that a researcher says could be used to hijack a support bot and prompt the AI agent to ...

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...