The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...

Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

AI assistants apparently can't distinguish between instructions and data, and that is at the center of many zero-click prompt ...
Infosecurity Magazine

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution ...
Tech Times

Hidden Claude Desktop Extension Flaw Could Let Hackers Seize Your PC

Security researchers warn that Claude Desktop Extensions may allow zero-click prompt injection attacks, potentially leading to remote code execution and full system compromise.
Computing

Claude extensions open a security hole in endpoints

Claude Desktop is a local endpoint-based version of Anthropic’s Claude AI assistant, and Desktop Extensions is a marketplace for add-ons to extend its functionality, similar to browser add-ons.