Claude

• Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website March 26, 2026

  A DOM-based XSS flaw in the Arkose Labs CAPTCHA component on claude.ai's subdomain enabled zero-click prompt injection from any website via a legitimate Google ad. No user interaction required.

• The Claude Code Plugins Worth Installing in 2026 March 23, 2026

  Claude Code's plugin system extends the CLI with slash commands, agents, hooks, and MCP servers. This is a practical roundup of which plugins are actually worth adding to your setup.

• Claude's 1M Context Window Is Now GA -- What Actually Changes for Engineers March 14, 2026

  Claude Opus 4.6 and Sonnet 4.6 now offer a full 1M token context window at standard pricing, with no long-context premium. Here's what that changes in practice for engineers building AI systems.