Storia in 5 fonti

One Malicious GitHub Issue Was All It Took to Hijack a Claude Code Agent

A researcher disclosed a vulnerability in the Claude Code GitHub Action that let an attacker submit a...

Raccontata dadev.tothenextweb.comthehackernews.comhwupgrade.itdecrypt.co

Confronto fonti

5 prospettive sulla stessa storia

AI · summaries

thehackernews.com3 g fa

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and gain write access to repos.

Leggi questa versione → originale

thenextweb.com3 g fa

Claude Code GitHub Action flaw enabled repository hijacking

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

Leggi questa versione → originale

decrypt.co1 g fa

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft - Decrypt

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software development pipelines.

Leggi questa versione → originale

dev.to4 g fa

Comment and Control: a GitHub comment hijacks Claude Code in CI

GitHub comments could hijack Claude Code in CI and exfiltrate secrets via prompt injection; Anthropic rated it CVSS 9.4 Critical. The flaw is structural: agents read untrusted input. The fix is firewall tool calls with Clampd to block recon and exfiltration.

Leggi questa versione → originale

hwupgrade.it2 g fa

Claude Code, una sola issue su GitHub poteva dirottare qualunque repository

Una singola issue aperta da una finta GitHub App poteva aggirare i controlli della Claude Code GitHub Action e rubare via prompt injection i token per ottenere accesso in scrittura a qualunque repository. Anthropic ha…

Leggi questa versione → originale

Timeline cronologica

1. mercoledì 3 giugno 2026·dev.to
   

   Comment and Control: a GitHub comment hijacks Claude Code in CI

   A security researcher showed that a GitHub PR title, issue body, or comment could become a prompt...

2. giovedì 4 giugno 2026·thenextweb.com
   

   Claude Code GitHub Action flaw enabled repository hijacking

   A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

3. giovedì 4 giugno 2026·thehackernews.com
   

   Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

   A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and gain write access to repos.

4. venerdì 5 giugno 2026·dev.to
   

   One Malicious GitHub Issue Was All It Took to Hijack a Claude Code Agent

   A researcher disclosed a vulnerability in the Claude Code GitHub Action that let an attacker submit a...

5. venerdì 5 giugno 2026·hwupgrade.it
   

   Claude Code, una sola issue su GitHub poteva dirottare qualunque repository

   Una singola issue aperta da una finta GitHub App poteva aggirare i controlli della Claude Code GitHub Action e rubare via prompt injection i token per ottenere accesso in…

6. sabato 6 giugno 2026·decrypt.co
   

   Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft - Decrypt

   Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software development pipelines.