this post was submitted on 19 Jan 2026
13 points (100.0% liked)

Pulse of Truth

1928 readers
17 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth@infosec.pub
13
Anthropic's Cowork Shipped With Known Vulnerability (www.bankinfosecurity.com)
submitted 3 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
2 comments fedilink hide all child comments
 

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

you are viewing a single comment's thread
view the rest of the comments
[–] leds@feddit.dk 1 points 3 days ago

But this is uploading the data to same api it uses in the first place, just uploads it to someone else's account.