Find notable cyber news and cases, enriched with sources, timelines, and signals.

Anthropic Claude Code source code leak from NPM release

Data Leak
First reported
Last updated
Happening score
H score 18
1 unique sources, 2 articles

Summary

Hide ▲

Anthropic mistakenly exposed proprietary Claude Code source code through a NPM release, allowing the codebase to be reconstructed and spread online. The leak involved version 2.1.88 and a 60 MB cli.js.map file. Anthropic said no customer data or credentials were exposed, but the code leak still revealed internal implementation details.

Related Happenings

Miasma source code leak on GitHub

Data Leak
H score32 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...

Anthropic Claude Code GitHub Action bypass fix (v1.0.94)

Security Patch Release
H score43 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
H score31 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...

GitHub internal repositories private-code leak claim

Data Leak
H score46 First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Grafana Labs source code leak and extortion demand

Data Leak
H score24 First: 19.05.2026 12:15 Last: 19.05.2026 12:15 Sources 1

About this happening: The **Grafana Labs** codebase was **downloaded from its GitHub environment**, creating a risk that proprietary source code could be **released or misused**. The company said **no...

Timeline

  1. 02.04.2026 23:30 1 articles · 3mo ago

    Fake GitHub repositories exploit Claude Code leak with Vidar

    Campaign Scope Update

    Threat actors are using fake GitHub repositories to exploit the Claude Code source code leak and lure users searching for leaked Claude Code into downloading a 7-Zip archive that launches ClaudeCode_x64.exe and drops Vidar and GhostSocks; Zscaler says the bogus repository is SEO-optimized for Google Search queries like “leaked Claude Code.”

    Show sources
  2. 01.04.2026 03:32 1 articles · 3mo ago

    Anthropic accidentally publishes Claude Code source code on NPM

    Initial Disclosure

    Anthropic briefly published Claude Code version 2.1.88 on NPM earlier today with a 60 MB cli.js.map source map that exposed internal source code for the closed-source product, and Anthropic said no customer data or credentials were involved or exposed.

    Show sources
  3. 01.04.2026 03:00 1 articles · 3mo ago

    Anthropic issues DMCA takedowns after Claude Code code spreads online

    Legal Policy Action Update

    The leaked Claude Code source code spread on GitHub and other storage platforms, analysts identified undocumented features including Proactive mode and Dream mode, and Anthropic began issuing DMCA infringement notifications while rolling out measures to prevent another exposure.

    Show sources