|
Latest posts
| Post | 🕚 tl;dr | |
|---|---|---|
|
Gone Phishing with Claude Teams: From Deceptive Team Onboarding to RCE 2026-05-24 |
With a $125 investment, and a valid email address for an arbitrary “business domain”, an attacker can create a Claude Team with 5 seats.They then can actively invite targets into that Team (same domain and cross domain) or passively have Anthropic ask all current and future Claude users to join the Team, like a watering hole attack (only same domain).After a victim decides to join the team, and uses Claude Code on that plan, the attacker, abusing a compliance feature, can run arbitrary code on the target’s machine.The beauty: all communication with the target is done by Anthropic, using Anthropic servers and domains. No need to build reputation or maintain infrastructure. All the target ever sees are mails from Anthropic and the usual warnings that administrative IT personnel might have administrative permissions. |
Featured Repositories
| Repository | Description | |
|---|---|---|
|
offensive-actions/release-tampering-pocs ⭐: … |
Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Workflows, presented at fwd:cloudsec Europe 2025 |
|
offensive-actions/terraform-provider-statefile-rce ⭐: … |
This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file. |
|
offensive-actions/azure-storage-reverse-shell ⭐: … |
This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs |