Anthropic patches Claude Code GitHub Action repo-takeover chain
GMO Flatt Security's RyotaK chained a checkWritePermissions bot bypass with prompt injection to hijack any public repo running claude-code-action. Fix shipped in v1.0.94.
Stories tagged: #github
VS Code github.dev zero-day exposed full GitHub OAuth tokens in one click
Researcher Ammar Askar dropped a webview-postMessage exploit on June 2 that steals github.dev OAuth tokens via a single click. Microsoft shipped a stopgap fix the next day.
CISA links GitHub repo exfiltration to malicious Nx Console 18.95.0
CISA's May 28 alert ties the 3,800-repo GitHub breach to a poisoned Nx Console VS Code extension. CVE-2026-48027 is in KEV. Federal deadline June 10.