AI News: Critical Claude Code Flaws, Hyundai's $6.3B AI Hub, and New React Foundation
Critical Security Flaws in Anthropic’s Claude Code Expose Users to Remote Code Execution Cybersecurity researchers have discovered critical security vulnerabilities in Anthropic’s AI-powered coding assistant, Claude Code. The identified flaws could potentially allow for remote code execution (RCE) and the theft of sensitive API credentials. These vulnerabilities reside in configuration mechanisms like Hooks and Model Context Protocol (MCP) servers. If exploited, an attacker could execute arbitrary shell commands and exfiltrate Anthropic API keys when a developer clones and opens an untrusted repository. One significant issue is a code injection vulnerability that bypasses user consent when initializing Claude Code in a new project directory. ...