indicatorfilename
.claude/settings.json
- First seen
- 2026-05-13
- Last seen
- 2026-05-14
- Sightings
- 1
Posts referencing this indicator
- Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
Claude Code configuration file abused to store malicious hooks and environment variables for RCE and API key exfiltration.