Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

AppDomainManager

Researchers find flaw that could let websites inject prompts into Anthropic’s Claude Chrome extension

News, Research, Risk, Vendors, Vulnerabilities

March 27, 2026

Researchers disclosed a flaw called ShadowPrompt in Anthropic’s Claude Chrome extension that combined an overly permissive origin allowlist and a DOM-based XSS in an Arkose Labs CAPTCHA, allowing websites to inject prompts; Anthropic and Arkose issued fixes in December 2025 and February 2026.
Microsoft finds SesameOp backdoor that uses OpenAI Assistants API for C2

Cloud, Cybercrime, Research, Vendors, Vulnerabilities

November 4, 2025

Microsoft’s DART reported discovery of a custom .NET backdoor called SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel; Microsoft shared its findings with OpenAI, which disabled a suspected API key, and the victim remains unnamed.

About
Editorial Policy
Privacy
Contact