Flaws Let Attackers Run Commands and Steal API Keys Before Trust Prompt. Check Point research found three critical flaws in Anthropic’s Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/malicious-repo-files-could-hijack-claude-code-sessions-a-30854
