Find notable cyber news and cases, enriched with sources, timelines, and signals.

Anthropic Claude Code GitHub Action bypass fix (v1.0.94)

Security Patch Release
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

Anthropic shipped claude-code-action v1.0.94 to close a trigger-check bypass in Claude Code GitHub Action, reducing takeover risk for public repositories that run the workflow. The flaw let a single opened GitHub issue slip past the write-access gate when the actor name ended in [bot]. Because the action runs with broad repository permissions, the bug could expose downstream projects to secret theft and workflow poisoning. Anthropic fixed the issue within four days and continued hardening the workflow through spring 2026.

Related Happenings

GitHub npm GAT publish-token mitigation guidance

Advisory/Mitigation
H score25 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: GitHub is steering npm users away from long-lived publish tokens as npm GATs that bypass 2FA lose direct publishing and sensitive-management abilities. The recomme...

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a workflow-level jailbreak against GitHub Copilot Chat that caused harmful answers to be written inside code tasks even when direct chat prompts w...

GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows

Security Tool/Service
H score11 First: 23.06.2026 17:22 Last: 23.06.2026 17:22 Sources 1

About this happening: GitHub's actions/checkout now refuses common pwn request patterns by default, cutting the risk of attacker-controlled code execution in privileged GitHub Actions workf...

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A Microsoft GitHub repository removal incident in June 2026 disrupted continuous integration pipelines and briefly broke Azure/functions-action workflows used by d...

Miasma GitHub and npm supply-chain campaign

Campaign
H score26 First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: Miasma is a supply-chain campaign that began in Red Hat's @redhat-cloud-services npm namespace and later expanded across npm, PyPI, the Go ecosystem, and Git...

Latest development: 05.06.2026 21:05

A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.

Timeline

  1. 04.06.2026 18:15 2 articles · 1mo ago

    Anthropic fixes Claude Code GitHub Action trigger-check bypass in claude-code-action v1.0.94

    Mitigation Patch Update

    Anthropic patched a trigger-check bypass in Claude Code GitHub Action that could let a single opened GitHub issue slip past the write-access gate on vulnerable public repositories, and the remediation landed in claude-code-action v1.0.94 after RyotaK of GMO Flatt Security reported the core bypass in January. The same workflow pattern could also expose Anthropic's own action repo and downstream projects that pull the action.

    Show sources