The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
Cybernews

AI assistant runs hacker’s commands just from opening a project: critical vulnerability found in Claude Code

Claude Code would execute hidden code from untrusted projects before any user confirmation, Check Point reports.