Tech »  Topic »  Claude Code Attack Persists After Token Rotation

Claude Code Attack Persists After Token Rotation

an hour ago   bankinfosecurity

Malicious npm Package Lets Attackers Capture Refreshed Tokens Rashmi Ramesh (rashmiramesh_) • May 13, 2026

Image: Shutterstock

Rotating a compromised credential is supposed to end an attack, but a new proof-of-concept targeting Claude Code shows how it restarted one.

See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?

Mitiga security researcher Idan Cohen described a five-step attack chain that hijacks the access credentials connecting Claude Code, Anthropic's command-line AI coding tool, to external services such as Jira, Confluence and GitHub. The attack does not require a software bug, privilege escalation or new vulnerability. Hackers just require one malicious npm package installation and a configuration file to carry out the attack.

The configuration file described in the report, ~/.claude.json, is a settings record in the home directory of whoever is logged in, meaning every developer running Claude Code has their own copy on their machine. It serves ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE