Claude Code

Attackers are leveraging indirect prompt injection against AI agents with access to private data, untrusted content, and external communication channels to steal sensitive information by embedding malicious instructions in content processed by the agent.

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

Attackers can silently redirect Claude Code MCP traffic to intercept OAuth tokens, enabling persistent access to connected SaaS platforms by modifying the ~/.claude.json file in a man-in-the-middle attack.

AI coding agents like Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot Agents can be manipulated to introduce malicious code into software supply chains by accessing attacker-controlled repositories, leading to potential remote code execution and supply chain compromises.

A vulnerability in Claude Code allowed for trust dialog bypass via git worktree spoofing, potentially leading to arbitrary code execution by crafting a malicious repository with a `commondir` file pointing to a previously trusted path, bypassing the trust dialog, and executing malicious hooks defined in `.claude/settings.json`.