Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...