Tag: claude code
10 articles

Anthropic's Claude Code Exposes Security Risk, China Alleges
A Chinese cybersecurity group has raised a red flag about a potential backdoor security risk in Anthropic's Claude Code, warning that certain versions can secretly send sensitive user data to remote servers without consent. This alarming claim puts users' identity and location information at risk.

China Warns of Claude Code Backdoor Risks, Urges Developers to Uninstall
China's National Vulnerability Database has issued a high-priority alert, warning developers to immediately uninstall certain versions of Claude Code due to a potential backdoor risk that could compromise sensitive data. Upgrade to the latest secure version to safeguard your information.

AI Models' Rapid Updates Expose Security Gaps
Researchers uncovered over 30 security patches for Anthropic's Claude Code in just two months, revealing a concerning pattern of brief, often silent vulnerabilities as AI models are rapidly updated. This finding highlights the need for greater transparency and scrutiny in the high-stakes world of AI model security.

Flaw in Claude Code GitHub Action Exposes Repositories to Hijacking
A security researcher discovered a logic hole in Anthropic's Claude Code GitHub Action that could let attackers hijack vulnerable public repositories with just a single opened GitHub issue. This flaw exploited broad read and write permissions, putting countless repositories at risk.

Claude Code Attack Persists Through Token Rotation Flaw
A surprising lack of resistance to a proof-of-concept attack has exposed a vulnerability in Claude Code, allowing a five-step attack chain that can turn routine token rotation into a continuous compromise. This exploit requires just one malicious npm package and the ability to run code on a developer's machine, making it a concerning threat.

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk
A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

AI-Assisted Attacks Surge as Barrier to Entry Drops
A 17-year-old with no coding experience was recently arrested for hacking into Kaikatsu Club and stealing 7 million users' personal data - his motive? To fund his Pokémon card habit. This shocking case highlights a disturbing trend: nontechnical individuals are now using AI-powered tools to launch devastating cyberattacks.

GitHub Exposed to Infostealer Malware via Claude Code Leak
A recent leak of Claude's source code has taken a dark turn, with hackers exploiting the situation to spread Vidar, a notorious infostealer malware, by creating fake GitHub repositories that masquerade as legitimate projects. This cleverly crafted bait is luring unsuspecting users into a trap that can have serious cybercrime consequences.

Malware Infiltrates Leaked Claude Code Downloads
Tens of thousands of people who downloaded the leaked Claude Code over the last week unknowingly installed credential-stealing malware, including Vidar stealer and GhostSocks, alongside the purported source code. This digital trap turned what seemed like open-source gold into a digital pickpocket, putting sensitive information at risk.

Anthropic Confirms Claude Code Source Leaked via npm Error
A recent mishap at Anthropic led to the public leak of internal code for its AI coding assistant, Claude Code, due to a simple human error during the npm packaging process. Fortunately, the company confirmed that no sensitive customer data was exposed, and swift action can mitigate the impact of this isolated incident.