Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1. ...

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

DeepClaude swaps Claude Code's expensive Anthropic backend for DeepSeek V4 Pro, keeping the agent loop, slashing the bill.

Anthropic employee accidentally leaked Claude Code source via npm map file Leak exposed 1,900 TypeScript files with 500K+ lines of code, quickly mirrored on GitHub ...

The source code for Anthropic's CLI tool Claude Code was apparently unintentionally made publicly accessible on March 31, 2026. According to consistent reports, the trigger was a co-published source ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

Anthropic leaked 512,000 lines of Claude Code source via npm, its second security lapse in days as the $350B startup eyes a Q4 IPO.

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...