Find notable cyber news and cases, enriched with sources, timelines, and signals.

Claude Code deny-rule bypass fix (version 2.1.90)

Security Patch Release
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

Anthropic released Claude Code version 2.1.90 last week to fix a command-parsing flaw that could let user-configured deny rules silently stop applying when a command exceeded 50 subcommands. The issue mattered because a blocked command such as rm could run without restriction once it was preceded by enough harmless statements. The update formally closed the bypass in the AI coding agent that executes shell commands on developers' machines.

Related Happenings

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

GuardFall shell-trick bypass of command safety checks in AI coding agents

Technical Analysis
H score25 First: 30.06.2026 17:26 Last: 30.06.2026 17:26 Sources 1

About this happening: **GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...

Anthropic Claude Code GitHub Action bypass fix (v1.0.94)

Security Patch Release
H score43 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...

Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign

Campaign
H score30 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...

PromptMink malicious npm dependency stealing secrets and crypto wallets

Malware Activity
H score35 First: 29.04.2026 17:00 Last: 29.04.2026 17:00 Sources 1

About this happening: The **PromptMink** malicious npm dependency now poses an immediate theft risk because it is stealing sensitive data and exposing **crypto wallets** from infected environments. The...

Timeline

  1. 08.04.2026 12:16 2 articles · 3mo ago

    Claude Code 2.1.90 fixes deny-rule bypass for long commands

    Mitigation Patch Update

    Anthropic addressed a command-parsing flaw in Claude Code version 2.1.90 that could silently ignore user-configured security deny rules when a command contained more than 50 subcommands, allowing blocked commands such as rm to run without restriction.

    Show sources