New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.