The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The ...
Women's Health

Which Is Better: The Weight Loss Pill or Injection?

While GLP-1 weight loss meds have been a mainstay in pop culture for a few years now, they're potentially about to get even more widespread. Formerly only available as an injection, Wegovy recently ...
blockchain

OpenAI Reveals How ChatGPT Now Fights Prompt Injection Attacks

OpenAI details new 'Safe Url' defense system treating AI prompt injection like social engineering, with attacks succeeding 50% of the time before fixes. OpenAI published technical details on March 16 ...
GitHub

coding-agent: avoid command injection when opening OAuth URL

coding-agent currently opens OAuth URLs in the login dialog with an exec() command string. Because the URL is interpolated into a shell command, a crafted URL can break out of quoting and execute ...