Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.
The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. “No clicks, no

Source

What's Hot

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Our Picks

Is Poshmark safe? How to buy and sell without getting scammed

Children and chatbots: What parents should know

How to tell if a voice call is AI or not

Subscribe to Updates

What's Hot

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Related Posts

Subscribe to Updates