A critical supply chain vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using Anthropic’s official CI/CD workflow, including Anthropic’s own infrastructure. The vulnerability, discovered by security researcher RyotaK of GMO Flatt Security and patched in Claude Code GitHub Actions v1.0.94, stems from a flawed permission model in the checkWritePermissions […]
The post Claude Code’s GitHub Actions Vulnerability Lets Attackers Compromise Any Repository appeared first on Cyber Security News.