Check Point Research disclosed critical vulnerabilities in Anthropic's Claude Code where simply opening an untrusted repository could silently execute commands on a developer's machine, steal API credentials, and compromise an entire team's workspace — all through configuration files treated as harmless metadata. Separately, Google and Mandiant dismantled GRIDTIDE, a China-linked espionage campaign that used Google Sheets as command-and-control infrastructure to breach 53 organizations across 42 countries, targeting telecoms and governments for surveillance. Both stories reveal the same pattern: trusted, inert-looking data becoming active attack surfaces.

Links & Resources

• https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
• https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
• https://www.theregister.com/2026/02/26/clade_code_cves/
• https://www.darkreading.com/application-security/flaws-claude-code-developer-machines-risk
• https://www.securityweek.com/claude-code-flaws-exposed-developer-devices-to-silent-hacking/
• https://securityaffairs.com/188508/security/untrusted-repositories-turn-claude-code-into-an-attack-vector.html
• https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign
• https://www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/
• https://www.securityweek.com/google-disrupts-chinese-cyberespionage-campaign-targeting-telecoms-governments/
• https://www.infosecurity-magazine.com/news/google-prolific-china-hacking/