SECURITYTHE HACKER NEWS
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
A malicious npm package named 'mouse5212-super-formatter' was discovered to steal files from Anthropic's Claude AI user directory. Cybersecurity researchers from OX Security identified the package's ability to upload files from a specific directory used by Claude AI, highlighting a security risk for users of the AI tool.
Mentioned
Related Signal
Adjacent reporting
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
- Bitwarden CLI npm package compromised to steal developer credentials
- SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
- Shai-Hulud copycat worm infects yet another npm package
- Cache-poisoning caper turns TanStack npm packages toxic