Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
2don MSN
Top open source PyPI package with over 1 million downloads each month hacked to send out malware
This was not a case of stolen credentials, but rather of vulnerability exploitation.
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results