> TritonInfoSec News
Home / Jun 06, 2026 / Story
0
#9 The Hacker News general June 04, 2026 at 15:15 UTC

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

By [email protected] (The Hacker News)

AI Summary

Security researcher RyotaK of GMO discovered a flaw in Anthropic's Claude Code GitHub Action that allowed an attacker to hijack public repositories — including Anthropic's own action repo — using nothing more than a single malicious GitHub issue, potentially poisoning downstream projects that consume the action. The vulnerability illustrates the systemic risk of AI-assisted CI/CD tools running with excessive permissions in public repositories.

Read full article → https://thehackernews.com/2026/06/claude-code-gith…

Relevance score: 76.0/100

# More from June 06

  1. 1
    Cisco warns of unpatched SD-WAN zero-day exploited in attacks BleepingComputer
  2. 2
    Chrome 149 Patches 429 Vulnerabilities SecurityWeek
  3. 3
    Chinese APT deploys new malware to keep access to hacked networks BleepingComputer
  4. 4
    IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks The Hacker News
  5. 5
    Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites The Hacker News
  6. 6
    Cisco warns of critical Unified CM flaw with PoC exploit code BleepingComputer
  7. 7
    Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months The Hacker News
  8. 8
    CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers BleepingComputer
  9. 10
    Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities SecurityWeek