AgentsCVE-2025-59536: Claude Code Configuration RCENVD·high signalCritical RCE in Claude Code via crafted config files. Attackers can execute arbitrary commands during agent initialization.SourceSource pageNVD↳ Follow the threadPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternMid-Session Tool Injection weaponized against WebMCP agents via threshold poisoning and fake diagnostic eventsAdversa AIStack layer / Update threadClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsPolicy dependency / Stack layerAnthropic Restores Global Access to Fable 5 and Mythos 5, Launches Claude for Government BetaAnthropicStack layer / Threat patternClawHavoc campaign plants 300+ malicious skills on a single marketplace to run infostealersUnit 42 (Palo Alto Networks)Policy dependency / Stack layerPattern: Safety Rails Are Migrating From the Prompt Into the Harness's Auto ModeClaude Code ChangelogStack layer / Threat patternClaude Cowork Sandbox-Escape Chain Reportedly Escalates Local Code Execution to RootCyberdesserts