Researchers demonstrated a Claude Code attack that steals OAuth tokens through malicious MCP integrations and npm hooks.
First seen on esecurityplanet.com
Jump to article: www.esecurityplanet.com/threats/claude-code-mcp-attack-enables-persistent-token-theft/
