Signal

Claude Code source leak leads to critical vulnerability and malware spread

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-02 17:54 UTCUpdated 2026-04-03 10:54 UTC

redditrss

cveexploitsmalwaresecurity_toolingincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (5)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Claude Code source leak exploited to spread malware

Help Net Security · News · helpnetsecurity.com · 2026-04-03 10:54 UTC

Claude Code leak used to push infostealer malware on GitHub

BleepingComputer · News · bleepingcomputer.com · 2026-04-02 20:30 UTC

Critical Vulnerability in Claude Code Emerges Days After Source Leak

SecurityWeek · News · securityweek.com · 2026-04-02 18:00 UTC

Claude Code vulnerable to prompt injection due to subcommand limit

SC Media · News · scworld.com · 2026-04-02 17:54 UTC

View all evidence

Overview

Anthropic's accidental leak of Claude Code source code on March 31, 2026, has triggered multiple cybersecurity issues. Threat actors exploited the leak by creating fake GitHub repositories distributing Vidar infostealer malware disguised as unlocked Claude Code versions.

Entities

AnthropicAdversa AIClaude CodeVidarChaofan Shou

Score total

1.76

Momentum 24h

5

Posts

5

Origins

5

Source types

2

Duplicate ratio

20%

Why now

The leak occurred recently on March 31, 2026, with immediate exploitation observed.
Critical vulnerability was found days after the leak, increasing urgency for mitigation.
Security community response with detection tools is timely to prevent further damage.

Why it matters

Source code leaks can rapidly lead to exploitation and malware distribution.
Critical vulnerabilities discovered post-leak increase risk to users of affected software.
Detection packs help defenders identify and mitigate attacks stemming from leaked code.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Anthropic leaked Claude Code source code on March 31, 2026
Threat actors used the leaked Claude Code source to distribute Vidar infostealer malware via fake GitHub repositories
A critical vulnerability enabling prompt injection attacks was discovered in Claude Code days after the leak

How sources frame it

Help Net Security: neutral
SecurityWeek: neutral
BleepingComputer: neutral

All evidence

All evidence

Claude Code source leak exploited to spread malware

Help Net Security · helpnetsecurity.com · 2026-04-03 10:54 UTC

Claude Code leak used to push infostealer malware on GitHub

BleepingComputer · bleepingcomputer.com · 2026-04-02 20:30 UTC

Critical Vulnerability in Claude Code Emerges Days After Source Leak

SecurityWeek · securityweek.com · 2026-04-02 18:00 UTC

Claude Code vulnerable to prompt injection due to subcommand limit

SC Media · scworld.com · 2026-04-02 17:54 UTC

First analysis & detection pack for the Claude Code source leak

blueteamsec · reddit.com · 2026-04-03 04:22 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 5 / 0

Top publishers (this list)

Help Net Security (1)
BleepingComputer (1)
SecurityWeek (1)
SC Media (1)
blueteamsec (1)

Top origin domains (this list)

helpnetsecurity.com (1)
bleepingcomputer.com (1)
securityweek.com (1)
scworld.com (1)
reddit.com (1)