Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Anthropic's Claude Code GitHub Action had a trigger-check bypass that let a malicious GitHub issue escalate into repository takeover for vulnerable public repositories. The flaw also enabled secret extraction from CI/CD workflows that trusted the action's access model. Anthropic shipped a fix in claude-code-action v1.0.94 after the report in January 2026.

Related Happenings

Visual Studio Code VS Code token-theft zero-day security flaw

Vulnerability
First: 03.06.2026 09:50 Last: 03.06.2026 09:50 Sources 1

About this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...

Latest development: 03.06.2026 15:58

Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.

Open Happening

Miasma GitHub and npm supply-chain campaign

Campaign
First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: A **Miasma** supply-chain campaign has spread through **GitHub** and **npm** abuse, compromising **309 GitHub repositories** and widening the risk of credential theft across devel...

Open Happening

Malware-Slop malicious npm file-theft campaign

Campaign
First: 27.05.2026 18:44 Last: 27.05.2026 18:44 Sources 1

About this happening: **Malware-Slop** is distributing **mouse5212-super-formatter**, a malicious **npm** package that steals local files from **Anthropic's Claude** workspace directory **/mnt/user-dat...

Open Happening

Mouse5212-super-formatter postinstall GitHub exfiltration package

Malware Activity
First: 27.05.2026 18:44 Last: 27.05.2026 18:44 Sources 1

About this happening: The **mouse5212-super-formatter** npm package is a **malicious infostealer** that can siphon files from **/mnt/user-data**, putting **Anthropic Claude** user data at risk of unaut...

Latest development: 29.05.2026 11:10

mouse5212-super-formatter leaked a hardcoded GitHub token, exposing the operator's credential and allowing about seven theft sessions to be observed in the attacker's GitHub repository; the malicious npm package recursively copied files from a victim machine, uploaded them through the GitHub Contents API, and was later removed from npm.

Open Happening

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

Timeline

  1. 04.06.2026 18:15 2 articles · 1h ago

    Claude Code GitHub Action trigger bypass lets public repositories be hijacked

    Initial Disclosure

    RyotaK of GMO Flatt Security disclosed that Anthropic's Claude Code GitHub Action accepted a single opened GitHub issue as a trigger path on vulnerable public repositories, enabling indirect prompt injection to steal workflow secrets and reach write access. Anthropic said it fixed the core bypass within four days after the January 2026 report, continued hardening through the spring, and shipped the fixes in claude-code-action v1.0.94; the issue was rated 7.8 under CVSS v4.0 and a bug bounty was paid.

    Show sources
    Open in new tab