Claude Code tool could allow attackers that allowed silent command execution on machines.

Check Point researchers uncovered multiple vulnerabilities in Anthropic’s Claude Code tool that allowed silent command execution on developers’ machines via malicious repository configuration files. Attackers could abuse hooks, override approval mechanisms, and even reroute API traffic to steal API keys. These issues created a software supply‑chain risk where simply cloning a compromised repository could compromise an entire team.

Read more:

https://www.securityweek.com/claude-code-flaws-exposed-developer-devices-to-silent-hacking/