3 articles connected to this topic.
Attackers exploited Anthropic's Claude Code source leak to create malicious GitHub repos promising 'enterprise features.' The ZIP archive installs Vidar info-stealer and GhostSocks proxy malware. A direct consequence of the March npm leak.
CrowdStrike attributes the supply chain attack on one of npm's most popular HTTP libraries to STARDUST CHOLLIMA, a DPRK-nexus threat actor. The compromise deployed cross-platform ZshBucket malware to Linux, macOS, and Windows — and Axios is downloaded over 100,000 times per week.
Huntress researchers discovered malicious OpenClaw installers promoted through Bing AI search results, delivering info-stealers and proxy malware. Here's what happened and how to protect yourself.