indicatorurl
hxxp://attacker-server[.]com/payload.sh
- First seen
- 2026-05-14
- Last seen
- 2026-05-14
- Sightings
- 1
Posts referencing this indicator
- Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
Example malicious payload URL used in the PoC for RCE via Claude Code Hooks.