Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens

A five-step attack chain that silently redirects Claude Code’s Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent, broadly scoped access to connected SaaS platforms like Jira, Confluence, and GitHub with no patch incoming from Anthropic. Researchers at Mitiga Labs have demonstrated the attack, with the entry point being […] The post Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens appeared first on Cyber Security News.