An attack chain that silently redirects Claude Code’s Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent, broadly scoped access to connected SaaS platforms like Jira, Confluence, and GitHub. Mitiga Labs has demonstrated that the entry point is a malicious npm package engineered to survive casual inspection. Concealed inside […]
The post Hackers Exploit Claude Code MCP to Steal OAuth Credentials appeared first on Cyber Security News.