TECH NEWS

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

TL;DR

A flaw in Anthropic’s Claude Code GitHub Action let attackers bypass permission checks via a fake bot account and use prompt injection to steal OIDC tokens, gaining write access to any vulnerable repository. Anthropic patched the vulnerability within four days of disclosure.

The attack starts with a GitHub issue. Not a sophisticated one. Just an issue opened by a bot account with a carefully worded body that looks like an error message. When Claude Code’s GitHub Action picks it up for triage, it follows the instructions hidden inside, reads the process’s environment variables, and writes them back into the issue for the attacker to collect.

Those variables contain the credentials needed to request an OIDC token, which can be exchanged for a Claude GitHub App installation token with full write access to the repository’s code, issues, and workflows. Aim the attack at Anthropic’s own claude-code-action repository, which ran...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

https://image.theregister.com/4094116.jpg?imageId=4094116&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

AMD takes a third of server CPU market as shipments grow

Intel still owns the room, but Epyc keeps nicking the furniture Processor shipments declined by more than six percent during the first quarter of 2026, at least for the x86 world, with server CPUs bucking the trend and AMD in particular showing strong performance. These are the latest figures from

https://image.theregister.com/5251362.jpg?imageId=5251362&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Meta to allow staff breaks from keylogging data grab scheme

ai & ml Benevolent dictator Zuck will give Meta staff 30-minute breaks from keylogging privacy assault Tech biz teaching AI to use computers by slurping staff activity Meta is reportedly backtracking on, or at least weakening, its plans to implement enhanced employee workplace monitoring following staff protests. According to the

https://image.theregister.com/253623.jpg?imageId=253623&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

AI heavyweights warn their tech could erode barriers to bioweapons

ai and ml AI heavyweights warn their tech could help terrorists develop bioweapons Scientists and industry leaders push for mandatory DNA synthesis screening The world’s AI luminaries love to warn us of impending planetary demise thanks to their creations, and they’re back with a new warning: Rapidly improving

https://image.theregister.com/5251401.jpg?imageId=5251401&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

OpenAI's Codex chains decade-old DoS techniques into HTTP/2 Bomb

OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds Codex drops an HTTP/2 Bomb The next threat your server faces may have been helped along by a bot. OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched

TL;DR

Read more

AMD takes a third of server CPU market as shipments grow

Meta to allow staff breaks from keylogging data grab scheme

AI heavyweights warn their tech could erode barriers to bioweapons

OpenAI's Codex chains decade-old DoS techniques into HTTP/2 Bomb