Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

AI assistants apparently can't distinguish between instructions and data, and that is at the center of many zero-click prompt ...
Tech Times

Hidden Claude Desktop Extension Flaw Could Let Hackers Seize Your PC

Security researchers warn that Claude Desktop Extensions may allow zero-click prompt injection attacks, potentially leading to remote code execution and full system compromise.

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...
Cybernews

Claude AI assistant is one calendar invite away from total system compromise

A critical vulnerability in Claude Desktop Extensions enables hackers to silently compromise systems with a single Google Calendar invite.
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...

OpenAI picks up pace against Claude Code with new Codex desktop app

By launching a desktop app, OpenAI is catching up to Anthropic’s popular Claude Code, which already offered a macOS version.