{"data":{"id":"cf7d94f6-f407-4504-86b9-88305b7b64d8","title":"Malicious npm Package Stole Files From Claude AI User Directory via GitHub","summary":"Researchers discovered a malicious npm package (a collection of code shared through Node Package Manager, a repository for JavaScript libraries) called \"mouse5212-super-formatter\" that steals files from Claude AI users' directories. The package disguises itself as a legitimate tool but actually uploads files to a threat actor-controlled GitHub account by authenticating with stolen or hard-coded credentials during installation.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html","publishedAt":"2026-05-27T15:44:29.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude","npm","GitHub"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-27T15:44:29.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}