EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Claude Code source leak leads to critical vulnerability and malware spread

Evidence first: scan the strongest sources, then decide whether to go deeper.

redditrss
cveexploitsmalwaresecurity_toolingincident_response
Trend in the last 24h
Archive source links paid
Current signal detail is open. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (5)Get the free brief by emailStart free trial
No card needed for the free brief.
Top sources
  • Help Net Security - Claude Code source leak exploited to spread malware
    helpnetsecurity.com
  • SecurityWeek - Critical vulnerability in Claude Code emerges days after source leak
    securityweek.com
  • BleepingComputer - Claude Code leak used to push infostealer malware on GitHub
    bleepingcomputer.com
  • Claude Code vulnerable to prompt injection due to subcommand limit
    SC Media
  • First analysis & detection pack for the Claude Code source leak (via Reddit)
    First analysis & detection pack for the Claude Code source leak (via Reddit)
Overview

Anthropic's accidental leak of Claude Code source code on March 31, 2026, has triggered multiple cybersecurity issues. Threat actors exploited the leak by creating fake GitHub repositories distributing Vidar infostealer malware disguised as unlocked Claude Code versions.

Entities
AnthropicAdversa AIClaude CodeVidarChaofan Shou
Score total
1.76
Momentum 24h
5
Posts
5
Origins
5
Source types
2
Duplicate ratio
20%
Why now
  • The leak occurred recently on March 31, 2026, with immediate exploitation observed.
  • Critical vulnerability was found days after the leak, increasing urgency for mitigation.
  • Security community response with detection tools is timely to prevent further damage.
Why it matters
  • Source code leaks can rapidly lead to exploitation and malware distribution.
  • Critical vulnerabilities discovered post-leak increase risk to users of affected software.
  • Detection packs help defenders identify and mitigate attacks stemming from leaked code.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Anthropic leaked Claude Code source code on March 31, 2026
  • Threat actors used the leaked Claude Code source to distribute Vidar infostealer malware via fake GitHub repositories
  • A critical vulnerability enabling prompt injection attacks was discovered in Claude Code days after the leak
How sources frame it
  • Help Net Security: neutral
  • SecurityWeek: neutral
  • BleepingComputer: neutral
All evidence
All evidence
Help Net Security - Claude Code source leak exploited to spread malware
helpnetsecurity.com
SecurityWeek - Critical vulnerability in Claude Code emerges days after source leak
securityweek.com
BleepingComputer - Claude Code leak used to push infostealer malware on GitHub
bleepingcomputer.com
Claude Code vulnerable to prompt injection due to subcommand limit
SC Media
First analysis & detection pack for the Claude Code source leak (via Reddit)
First analysis & detection pack for the Claude Code source leak (via Reddit)
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: -Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • helpnetsecurity.com (1)
  • securityweek.com (1)
  • bleepingcomputer.com (1)
  • SC Media (1)
  • First analysis & detection pack for the Claude Code source leak (via Reddit) (1)
Top origin domains (this list)
  • Unknown (5)