AI coding tools have a serious vulnerability outbreak, hackers are already attacking encrypted users

GasFeeLady · 2026-01-08T02:12:09+00:00

Security researchers have discovered a serious vulnerability (CVE-2025-64755) in Anthropic's Claude Code, allowing attackers to bypass user authorization and execute commands directly. Hackers have already launched phishing attacks exploiting this vulnerability. Users are advised to avoid performing high-privilege operations in this tool until the issue is fixed.

GasFeeLady

2026-01-08 02:12:09

Abstract generation in progress

【Blockchain Rhythm】Recently, security researchers discovered a serious vulnerability in Anthropic’s Claude Code—attackers can bypass user authorization to execute commands directly. This issue is numbered CVE-2025-64755, and the technical details have been made public, similar to the previous vulnerability exposed by the Cursor tool.

What is even more concerning is that hackers have already targeted this vulnerability. They are launching phishing attacks against encrypted users, exploiting this command execution flaw to carry out malicious operations. If you are using such AI coding tools to handle sensitive information or manage private keys, you should be on high alert now. It is recommended to temporarily avoid performing high-privilege operations in these tools until an official patch is released and normal use can resume.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

18 Likes

Reward
18
7
Repost
Share

Comment

0/400

mev_me_maybe

· 01-11 00:51

It's AI tool mining again. These big companies really don't take security seriously. Claude had a pretty bad crash this time; hackers got involved. My private key is still okay, haha. Another patch? When will this end? This happened before with Cursor, why is it happening again? What are they learning? Don't run scripts with this thing anymore; let's stick to traditional methods. I need to remember this CVE number and wait for the follow-up. A combination of phishing and vulnerabilities—crypto users are really targets. Anthropic needs to step up; otherwise, their reputation will drop by half.

View OriginalReply0

GasFeeSurvivor

· 01-09 13:37

Damn, how are these two tools so similar that they have the same漏洞? Now I have to deal with it again. Private keys, really don't mess with these AI tools. I've already managed everything locally. Hackers got the hang of it so quickly? Luckily, I was already警惕 of this broken thing. Another patch? So annoying, might as well just stop using it. Are Cursor and Claude Code the same? Then I better check quickly. That's why I never do sensitive stuff in these coding tools. Lesson learned, everyone.

View OriginalReply0

LightningPacketLoss

· 01-08 02:42

It's the same old trick again, with AI tool vulnerabilities popping up one after another. This time, they’re directly targeting crypto users' wallets. Never paste your private keys into these places, really be careful. Wait, this vulnerability is so serious, why are people still using it? Claude needs to patch this quickly, or trust will be completely ruined. Phishing attacks targeting us are really ruthless. Everyone, be more cautious. Honestly, these incidents are happening more and more frequently, and it feels like the risks of using these tools are increasing.

View OriginalReply0

CryptoCross-TalkClub

· 01-08 02:42

Laughing to death, once again an AI tool fails spectacularly, this time it's Claude Code. Hackers are really diligent; before the vulnerabilities even cool down, they come to harvest. Storing private keys in tools like this? Isn't that basically voluntarily giving away your account passwords? Am I easy to fool? Honestly, the crypto world is more exciting than my comedy sketches. Today AI tools explode, tomorrow project teams run away, the day after wallets are emptied—just another day, everyone. The previous wave with Cursor, now Claude's failure—these coding tools feel like harvesters in a leek field, coming one after another. High-privilege operations should be handled cautiously; wait for patches before tinkering, or you'll just become a hacker's ATM.

View OriginalReply0

SeeYouInFourYears

· 01-08 02:39

Damn, it's the same old story, AI tools keep having issues one after another. These hackers are really idle, they've set their sights on us programmers. Never put your private keys into these tools, it's too scary. Cursor had a problem before, now Claude is back, when will it finally settle down? Hurry up and update Anthropic, if this keeps going, who will dare to use it? I told you not to give sensitive information to these tools. Waiting for patches again, so annoying. Phishing directly targets encrypted users, clearly they've figured out the pattern. Quickly disable high-permission operations, safety first. Now that this vulnerability is public, hackers will definitely try it out. Still, be more cautious.

View OriginalReply0

rekt_but_resilient

· 01-08 02:38

Damn, it's another vulnerability, just like Cursor, so useless Private keys really shouldn't be stored in these tools, it's too dangerous Is Claude still safe to use now? It seems no one dares to touch it Hackers have really become desperate lately, targeting crypto users Wait for the patches, in the meantime, just focus on writing code honestly Another vulnerability exposed, AI tool security is really a joke Who still trusts these coding tools? Anyway, I’ve uninstalled them Phishing attacks combined with command execution—this combo is really ruthless High-privilege operations really shouldn't be performed these days, not worth it

View OriginalReply0

ReverseTrendSister

· 01-08 02:17

Damn, it's Claude again. These large model companies really need to wake up. Don't put private keys into AI tools, I really don't understand why some people are playing like this. Another CVE, it feels like this year's vulnerabilities are as frequent as rain. The issues with Cursor haven't been resolved yet, and now Claude is here? This pace is really unsustainable. Are hackers already in action? Then stop using them immediately, wait until patches are released. Does anyone really use these tools to manage private keys... I just want to ask who is so brave. 建议别碰了，至少这周别碰，等风声过了再用 Another explosion of issues, oh my God, is this the price of using AI?

View OriginalReply0