Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
Trend Micro Simply Security
2026-04-03 08:00:00
收藏
A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.
目录
最新
- Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
- Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
- What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do
- Supporting the National Cyber Strategy: How TrendAI™ Helps
- InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
- Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
- Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
- Kuse Web App Abused to Host Phishing Document