Information security
fromtheregister
11 hours agoMalware dev tries to steal Claude users' secrets, writes npm slop, leaks own GitHub private token
An npm package targeting Claude users stole GitHub data, leaked its own token, and affected all versions, requiring immediate token revocation and file checks.