Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

AI assistants apparently can't distinguish between instructions and data, and that is at the center of many zero-click prompt ...
WinBuzzer

10,000+ Claude Desktop Users Exposed by Zero-Click Flaw

A zero-click vulnerability in Claude Desktop Extensions has exposed over 10,000 users to remote code execution through ...

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...
The Register on MSN

AI connector for Google Calendar makes convenient malware launchpad, researchers show

'Claude DXT's container falls noticeably short of what is expected from a sandbox' LayerX, a security company based in Tel ...
Technobezz on MSN

A zero-click flaw in Claude Desktop Extensions exposes over 10,000 users to remote code execution

A critical zero-click flaw in Claude Desktop Extensions allows remote code execution via calendar invites, risking over ...
Infosecurity Magazine

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution ...