theAIcatchup

Timeline graphic of LiteLLM PyPI breach showing 40-minute attack window and data exfiltration

LiteLLM's 40-Minute Poison Pill: AI's Audit Trail Wake-Up Call

LiteLLM's supply chain nightmare lasted 40 minutes—and stole everything. AI teams without audit trails? They're next.

npm package page showing Anthropic Claude Code source map leak with 513K lines exposed

Anthropic's Epic Oops: 513K Lines of Claude Code Leaked on npm, Handing Attackers the Keys

Imagine the full blueprint of Anthropic's Claude Code agent — 513,000 lines of TypeScript — dumped accidentally on npm for the world to grab. Hackers forked it thousands of times before the fix.

3 min read 1 day, 4 hours ago

GitHub pull request diff hiding malicious code in a build config file like next.config.mjs

Security & Privacy

Attackers Slip Malware into Build Config Files, Bypassing GitHub PR Reviews

A compromised contributor's pull request looks legit—until build config files unleash hidden malware. This supply chain sneak attack is hitting 30+ repos right now.

3 min read 1 day, 11 hours ago

Terminal output showing compromised fairwords NPM package postinstall stealing credentials

Security & Privacy

Fairwords NPM Worm Steals Credentials, Hijacks Your Other Packages, and Jumps to PyPI

Hackers turned three obscure NPM packages into a credential-stealing monster that doesn't stop at theft—it bumps versions in your other packages and leaps to PyPI. Developers: check your tokens yesterday.

3 min read 2 days, 17 hours ago

#supply chain attack

LiteLLM's 40-Minute Poison Pill: AI's Audit Trail Wake-Up Call

Anthropic's Epic Oops: 513K Lines of Claude Code Leaked on npm, Handing Attackers the Keys

Attackers Slip Malware into Build Config Files, Bypassing GitHub PR Reviews

Fairwords NPM Worm Steals Credentials, Hijacks Your Other Packages, and Jumps to PyPI

Stay in the loop