惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Scott Helme
Scott Helme
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
I
Intezer
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Cloudbric
Cloudbric
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
L
Lohrmann on Cybersecurity
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
LINUX DO - 热门话题
S
Secure Thoughts
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
Recent Announcements
Recent Announcements
Security Archives - TechRepublic
Security Archives - TechRepublic
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
Latest news
Latest news
B
Blog
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
博客园 - 叶小钗
L
LangChain Blog
GbyAI
GbyAI
Last Week in AI
Last Week in AI
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
Security Latest
Security Latest
Vercel News
Vercel News
Y
Y Combinator Blog
G
GRAHAM CLULEY
S
Securelist
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
雷峰网
雷峰网

Consumer Insights

The ransomware negotiator who was working for the other side After years on the run, alleged Ryuk ransomware operator pleads guilty INTERPOL crackdown shows scammers shifting to social media Meta lets strangers remix your public Instagram photos with AI—here’s how to opt out Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud India pauses WhatsApp username feature over security concerns Alleged teen ransomware hustler faces US charges after arrest in Finland WhatsApp usernames explained: how to reserve yours and stay safe Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year WhatsApp tests new safety prompt before you chat with strangers Social media is worth celebrating. It's also worth protecting. Polish police dismantle SIM-swap gang accused of crypto theft Operation Endgame deals fresh blow to StealC and Amadey malware networks Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Cybercrime now rivals traditional crime across parts of Asia Apple's Hide My Email tweak leaves privacy fans fuming Americans lost $3.5 billion to imposter scams last year — and the scams are getting harder to spot Scammers have killed the physical Steam Gift cards Crypto investment scam sends couriers to collect victims' cash, FBI warns Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Why schools remain one of cybercriminals' favourite targets WhatsApp detects new spyware activity from Israel’s NSO Group despite court order Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Europol cracks down on illegal streaming globally Hackers didn't hack Instagram; they just asked Meta AI FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup Virtual knife, real lawsuit: Counter-Strike skin dispute ends in court As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss Carnival breach exposes data of nearly 6 million people Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached FBI warns criminals impersonating IT support to breach law firms FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Telecom Executives Plead Guilty to Tech Support Fraud 7-Eleven data breach exposes data of 185,000 people ASIC Warns Australians About Crypto Trading Scams Google Search AI Mode brings a major overhaul Deleted Google API keys may remain active for 23 minutes Ukrainian police identify perp in $721k infostealer scheme Steam removes horror game after malware steals player data FBI: Crypto ATM Scams Keep Growing as Americans Lose Millions FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Scam Centers Under Pressure as INTERPOL Makes More Arrests FBI Warns Older Adults Lost Billions to Scammers Burst Statistics WordPress flaw under attack Android 17 Will Let Users Verify Whether Their OS Is Legit Suspected Dream Market kingpin arrested after gold bars sent to his home address BitLocker zero-day exposes Windows drives as PoC goes public Apple Fixes ‘Persistent Notifications’ Flaw on Older iPhones Football Ticket Scams Are Rising Fast, Lloyds Bank Warns When ransomware gets physical: cybercriminals turn to threats of violence iPhone-to-Android Texts Are Now Encrypted (RCS Messaging) UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years Instagram Drops Encrypted DMs — What This Means for You New fear: Man films woman with smart glasses, seeks money to take video down ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia Inside Department 4: Russia's secret school for hackers Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Chrome 4GB AI model: What weights.bin does Sri Lanka makes 37 arrests as it raids another scam centre DAEMON Tools Lite breach prompts urgent update after malware-laced installer Brits Lost £102 Million to Romance Scams Last Year The Online Safety Act Is Changing the Internet for Kids World Password Day 2026 How Hackers Stole and Sold Roblox Accounts for $250,000 Before Getting Caught Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition 276 Arrested in Crypto Scam Crackdown Popular WordPress redirect plugin found with years-old backdoor Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Alleged Silk Typhoon hacker extradited to the United States to face charges FTC: Social Media Scams Cost Americans $2.1 Billion in 2025 French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches iOS Flaw Exposed ‘Deleted’ Signal Messages Sony Starts Enforcing PlayStation Age Verification; UK and Ireland Are First Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers You’ve Got Mail and It’s Tracking Your Warship Crypto Investment Scam Costs Woman in Hong Kong Nearly $1 Million Operation PowerOFF warns 75,000 DDoS users Singer loses life savings to fake wallet downloaded from the Apple App Store AgingFly malware targets Ukraine government, hospitals 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data FBI: Cybercrime Losses Hit $21 Billion in 2025, Fueled by AI Life imprisonment for Cambodian scam compound operators - but will it make a difference? Apple Expands ‘DarkSword’ Patch to More iPhones and iPads Nigerian romance scammer jailed after being caught out by fellow fraudster Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns Fake CERT-UA emails spread AGEWHEEZE in ukraine Alleged RedLine malware developer extradited to United States The Scam That Tricks You Into Infecting Your Own Mac Iranian hackers breach FBI director's personal email, and post his CV and photos online Don't Ignore This Security Alert Apple Sent to iPhone Lock Screens Meta and YouTube Designed Addictive Platforms, Jury Finds TikTok Business phishing campaign targets advertisers Lapsus$ claims AstraZeneca breach exposes code and credentials How one man used 10,000 bots to steal $8,000,000 from music artists
Fake Claude Code leak on GitHub spreads Vidar malware
2026-04-03 · via Consumer Insights

Fake Claude Code leak repos on GitHub are pushing Vidar malware at people hunting for Anthropic’s exposed source code.

Anthropic data leak becomes bait

Threat actors are capitalizing on the recent exposure of Anthropic’s Claude Code source to lure curious developers into downloading malware from fake GitHub repositories. The campaign piggybacks on intense interest that followed the March 31 packaging mistake, when a source map in the npm release exposed more than 500,000 lines of readable TypeScript tied to the terminal-based coding agent.

That visibility appears to have created the perfect condition for opportunistic abuse. Security researchers say attackers quickly reframed the leak as a scarce, “unlocked” or unrestricted build, using GitHub as the staging ground for booby-trapped downloads aimed at users searching for the exposed code.

Search visibility weaponized

According to Zscaler, one malicious repository promoted a supposed Claude Code leak with claims of “enterprise features” and no usage limits. The listing was tuned to surface prominently in Google results for queries related to the leak, giving the operation an extra layer of credibility precisely as public curiosity peaked.

This scenario demonstrates how attackers no longer rely strictly on social engineering inside the payload, but prefer optimizing discovery itself by inserting malicious infrastructure into the path users take while chasing a breaking cybersecurity event.

Vidar malware pushed in GitHub repository

Researchers say victims who retrieved the archive received a Rust-based executable named ClaudeCode_x64.exe. Once launched, it reportedly deployed the Vidar infostealer together with GhostSocks, a tool used to proxy network traffic, and the archive was being updated frequently enough to suggest the campaign could evolve further.

A second repository with similar code was also spotted, indicating the same operator may be testing multiple delivery routes. This pattern is not unheard of, as attackers frequently move quickly during high-profile leaks, vulnerability disclosures or exploit trends, as they create search demand they can easily hijack.

Using dedicated solutions as a safety net

The weaponization of Anthropic’s leak is only one example of how threat actors can capitalize on surging interest in controversial topics. It also demonstrates why caution alone is not always enough.

Using dedicated tools like Bitdefender Ultimate Security can protect you from similar scenarios by helping detect malicious files, blocking suspicious activity and reducing the chances that a lure disguised as a developer tool turns into a fully-fledged compromise.