A Nx Console extension compromised by cybercriminals (TeamPCP) enabled credential stealers and the theft of approximately 3,800 GitHub internal repositories in just 18 minutes of Marketplace availability.
Microsoft Exchange Server is being actively exploited, Cisco SD-WAN Controllers fall victim to authentication gaps, and trusted software packages are being manipulated; enterprises should prioritize patching less obvious risks to protect themselves from attack chain effects.
MCP Server initialization can now be configured via the MCP_TIMEOUT environment variable, and the MCP Server starts without blocking the main application startup.
Anthropic has released two new command-line tools to simplify the management of Model Context Protocol (MCP) servers, enabling direct imports from Claude Desktop and JSON-based configuration automation.
An interactive setup wizard for Model Context Protocol (MCP) servers is now available, making configuration in Claude much simpler, and persistent shell fixes have also been released.
Custom slash commands and MCP debug mode: markdown files in custom slash command directories can now be recognized and inserted directly into conversations, while a new debug mode for the Model Context Protocol provides comprehensive error details for administrators and engineers.
Plugin dependencies are now enforced, background sessions preserve model and effort level, and various crashes and UI issues on Windows and macOS have been fixed.
Claude Code v2.1.142 introduces eight new agent flags, uses Opus 4.7 as the standard for Fast Mode, and fixes critical bugs affecting background sessions on macOS and Windows.
The version improves hook integration for terminal events, adds identity federation support, and closes 20+ bugs in permission dialogs, history management, and renderer logic.
Anthropic releases ten agent templates for financial services that drastically accelerate complex processes, integrating with Microsoft 365 and providing access to existing data sources via connectors and MCP apps.