// ClaudeHIGH
Mitiga Labs demonstrated a supply chain attack exploiting Claude Code's Model Context Protocol (MCP) configuration. A malicious npm package installs a postinstall hook to hijack ~/.claude.json, redirecting MCP traffic through attacker infrastructure and intercepting OAuth bearer tokens for persistent, unattributable access to connected SaaS platforms like Jira, Confluence, and GitHub. Anthropic declined to patch, citing user consent as prerequisite.
- Hackers Exploit Claude Code MCP to Steal OAuth Credentials(opens in a new tab)
- Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens(opens in a new tab)
- Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authenti(opens in a new tab)
// Get alerts for Claude