> TritonInfoSec News
Home / May 29, 2026 / Story
0
#9 The Hacker News general May 27, 2026 at 15:44 UTC

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

By [email protected] (The Hacker News)

AI Summary

OX Security researchers found a malicious npm package named 'mouse5212-super-formatter' designed to exfiltrate files from '/mnt/user-data', the directory used by Anthropic's Claude AI tool for handling uploads and outputs. The package uploaded stolen files via GitHub, demonstrating a targeted attack vector against developers using AI coding assistants. This highlights the growing threat of supply chain attacks specifically engineered to compromise AI development environments.

Read full article → https://thehackernews.com/2026/05/malicious-npm-pa…

Relevance score: 70.0/100

# More from May 29

  1. 1
    New Gogs zero-day flaw lets hackers get remote code execution BleepingComputer
  2. 2
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code The Hacker News
  3. 3
    Hackers exploit FortiClient EMS flaw to push infostealer malware BleepingComputer
  4. 4
    Carnival Cruise confirms data breach affecting nearly 6 million people BleepingComputer
  5. 5
    CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain CyberScoop
  6. 6
    GreyVibe hackers use ChatGPT, Gemini to power cyberattacks BleepingComputer
  7. 7
    Ransomware Actors Show Up In Person to Steal Law Firm Data Dark Reading
  8. 8
    JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware The Hacker News
  9. 10
    Gitea Vulnerability Exposed 30,000 Deployments to Attacks SecurityWeek