Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.

The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. “No clicks, no permission prompts. Just visit a page, and an attacker completely controls your browser.”

Governor approves tax breaks for Google data center in Henderson

State of Nevada Governor Paul Anderson has approved $25.2 million in tax breaks for a data center project in Henderson, Nevada, which we now know

Security

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A

Security

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Google Cloud unveils new tools to democratise AI

Governor approves tax breaks for Google data center in Henderson

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident