Comorando

Some researchers are discussing risks like: • API key exposure • Config-based RCE vectors These are NOT confirmed in this case, but technically plausible.

Some researchers are discussing risks like: • API key exposure • Config-based RCE vectors These are NOT confirmed in this case, but technically plausible.

🚨 Reports suggest a potential Claude Code source exposure via npm. Not confirmed yet — but the mechanism is worth attention. Here’s what’s being claimed, what’s real, and what it could mean 👇 #cybersecurity #AI

@The_Cyber_News Confirmed. Claude Code source code leaked via npm map file — 512K lines exposed. CVE-2026-21852 (API key theft) & CVE-2025-59536 (RCE via .claude/settings.json). Update to v2.0.65+. Rotate keys. Curious—how many audited their AI dev tools?"

🛡️Anthropic's Claude Code Source Code Reportedly Leaked Via Their npm Registry Source: cybersecuritynews.com/claude-code-so… Anthropic's proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on Anthropic's own cloud infrastructure. The published @ anthropic-ai/claude-code npm package reportedly contained a source map (.map) file that referenced the complete, unminified TypeScript source, which was directly downloadable as a ZIP archive from Anthropic's own R2 cloud storage bucket. The original unmodified source has since been preserved and mirrored in a public GitHub repository under the backup branch nirholas/claude-code. #claudecode #cybersecuritynews

🚨 BREAKING: Axios, used by 83 million developers weekly, was just compromised on npm. Hackers hijacked a maintainer account and injected a RAT that works on macOS, Windows and Linux. The malware deleted itself after infection to avoid detection. Another supply chain attack in March 2026. #Axios

Axios: 83 million weekly downloads. Compromised via a hijacked maintainer account. A hidden dependency deployed a cross-platform RAT across macOS, Windows and Linux. The malware self-destructed after infection to erase all traces. Supply chain attacks are the new normal. #Axios

🚨Cyber Alert ‼️ 🌍Global - 𝗔𝘅𝗶𝗼𝘀 Unknown attackers compromised the npm account of Axios maintainer “jasonsaayman” and published malicious versions (1.14.1, 0.30.4) with a fake dependency delivering a cross-platform RAT. The malware enabled remote control, persistence, and data access across macOS, Windows, and Linux, with C2 communication and self-cleanup for evasion. Given Axios’ ~83M weekly downloads, impact could be large, but affected users are unknown. Threat actor: Unknown Sector: ICT Data exposure (claimed): Not specified Data type: Not specified Observed: Mar 31, 2026 Status: Pending verification ESIX©: 7.45 Full details and impact assessment on HackRisk.io

28 organismos. Un solo grupo. Un solo día. Si el Banco Central, la Justicia y las fuerzas policiales no pudieron proteger sus datos, ¿qué pasa con las PyMEs que ni siquiera monitorean sus emails corporativos? Nadie está a salvo si no sabe qué datos ya están expuestos.

🏥 Salud y educación comprometidas: → Ministerios de Salud de Buenos Aires, Misiones y Neuquén → OSEP Mendoza e IOMA Buenos Aires → Educación de Chubut, Jujuy y Catamarca → 200.000 registros educativos filtrados Datos de pacientes, alumnos y docentes expuestos.

🚨 28 organismos del Estado argentino hackeados simultáneamente. Banco Central, Ministerios, Policías, Salud, Educación, Justicia. El grupo CHRONUSTEAM se adjudicó el ataque más grande en la historia digital de Argentina. 🧵 Qué se sabe hasta ahora ↓ #Argentina

The pattern is always the same: → Hack one trusted tool → Steal credentials → Use those to hack the next tool → Repeat March 2026 proved that your security tools can become your biggest vulnerability. What are you doing about it?

March 27: They compromised Telnyx, downloaded 3.75 million times. In 10 days: GitHub, Docker Hub, npm, OpenVSX, PyPI. The FBI warned: "Expect more breach disclosures in the coming weeks."

One hacking group compromised 5 ecosystems in 10 days. They didn't hack companies directly. They hacked the security tools companies trust. The FBI warned: more breaches are coming. 🧵 What happened ↓ #TeamPCP