Check Point Researchers Expose Critical Claude Code Flaws
Critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, in Anthropic’s Claude Code enabled remote code execution and API key theft through malicious repository-level configuration files, triggered simply by cloning and opening an untrusted project Built-in mechanisms—including Hooks, MCP integrations, and environment variables—could be abused to bypass trust controls, execute hidden shell commands, and redirect authenticated API traffic before user consent Stolen Anthropic API keys posed enterprise-wide risk, particularly in shared workspaces where a single compromised key could expose, modify, or delete shared files and resources and generate unauthorized costs The findings highlight a broader shift in the AI supply chain threat model: repository […]
The post Check Point Researchers Expose Critical Claude Code Flaws appeared first on Check Point Blog.
目录
最新
- March 2026 Cyber Threat Landscape Shows No Relief as Ransomware Rebounds and GenAI Risks Intensify
- PS Private Training: Turning Cyber Complexity into Operational Control
- Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance
- Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense
- Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East
- Uncovering ROI of a Hybrid Mesh Architecture – 2026 IDC Business Value Study
- When Trusted Software Updates Become the Attack Vector: Inside Operation TrueChaos and a New Zero Day Vulnerability in a Popular Collaboration Tool
- When AI Trust Breaks: The ChatGPT Data Leakage Flaw That Redefined AI Vendor Security Trust