Kimberly and Trend Micro Research describe how a Claude Code leak and packaging error were rapidly weaponized via fake GitHub repositories, showing how brand trust can be abused even without exploiting a software vulnerability.
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
@AnthropicAI shipped Claude Code's entire source code to every npm mirror on the planet. Not through a breach. Through a missing .npmignore file.
Yesterday we saw the Claude Code blunder. Where someone has accidentally committed the entire src to npm for anyone to download, view and reconstruct.
Anthropic strikes back after the Claude Code leak, nuking 8,100 GitHub repos.
Anthropic's Boris Cherny confirms a "human error" leaked Claude Code's source via MAP files.
Program Change Controls? Ever heard of it?
Anthropic accidentally leaked 512,000+ lines of Claude Code, exposing internal features and AI architecture after a packaging error during an update that turned out to be a major blunder.
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
After a Claude Code packaging error became public, threat actors quickly launched fake GitHub repos to spread Vidar and GhostSocks malware.
The incident shows how trust in platforms and brands can be weaponized without exploiting a vulnerability:
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.
← Back to Cyber Security