Hosted on MSN

Anthropic won't fix a bug in its SQLite MCP server

Anthropic says it won't fix an SQL injection vulnerability in its SQLite Model Context Protocol (MCP) server that a researcher says could be used to hijack a support bot and prompt the AI agent to ...
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...
Infosecurity-magazine.com

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

A single Google Calendar event can silently compromise a system running Claude Desktop Extensions, according to security researchers at browser security provider LayerX. In a new report published on ...
TechRepublic

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A newly disclosed flaw in Anthropic’s Claude Desktop Extensions shows how a routine productivity feature can enable zero-click system compromise. LayerX researchers found that a single malicious ...