// Alert

Claude threat report

Mitiga Labs demonstrated a supply chain attack exploiting Claude Code's Model Context Protocol (MCP) configuration. A malicious npm package installs a postinstall hook to hijack ~/.claude.json, redirecting MCP traffic through attacker infrastructure and intercepting OAuth bearer tokens for persistent, unattributable access to connected SaaS platforms like Jira, Confluence, and GitHub. Anthropic declined to patch, citing user consent as prerequisite.

// Get alerts for Claude