Anthropic, the AI company behind the Claude family of agents, suffered an unexpected exposure that rippled across the developer community and the wider AI market. Earlier today, a sizable JavaScript source map file—bundled with a public npm release—made internal implementation details of Claude Code visible to anyone who downloaded it. What began as a packaging mistake quickly became a public
Category: Data Breach
Data Breach, data breach alert, data leak, data leakage, security incident, breach investigation, breach response, credential leak, personal data exposure, data theft, leaked database, exposed records, account compromise, password leak, corporate data breach, remote code execution, cyber espionage
Anthropic’s Claude Mythos Leak: When Pre-Release Secrets Meet Cybersecurity Risk
Anthropic recently found itself at the center of an avoidable but consequential security incident: leaked internal drafts revealing the existence of an unreleased, high-capability model called “Claude Mythos.” The exposure—rooted in an unsecured, publicly searchable data cache—pulled back the curtain on product plans, internal risk assessments, and even references to an exclusive executive event. For organizations building powerful AI, the
LiteLLM Supply Chain Breach — 95M Downloads, Import-Time Backdoor, and What Teams Must Do Now
The Python package ecosystem suffered another high-impact supply chain compromise: LiteLLM — a popular library that routes requests across large language model providers and sees tens of millions of downloads — shipped malicious code in recent PyPI releases. Two versions published on March 24, 2026 (1.82.7 and 1.82.8) contained an import‑time backdoor that escalates into credential harvesting, lateral movement, and
AstraZeneca Allegedly Targeted by LAPSUS$ — Claims of a 3GB Internal Data Dump
A known hacking collective identifying as LAPSUS$ has posted claims that it obtained and is attempting to sell a 3GB .tar.gz archive allegedly containing AstraZeneca internal data. As of the reports dated March 20, 2026, AstraZeneca had not issued a public statement confirming or denying the claim. What the threat actors presented The actors published teasers and screenshots on breach
What the Marquis Breach Teaches Us About Vendor Risk and Ransomware Preparedness
Marquis, a Texas-based provider of digital marketing, CRM and analytics services for hundreds of financial institutions, disclosed a major security incident tied to a mid‑2025 ransomware attack that ultimately exposed the personal information of more than 672,000 people. The story is less about a single failure and more about how a cascade of weaknesses—an exploited firewall, third‑party exposure, and slow
Aura Exposed: When 900,000 Marketing Contacts Turned Into a Security Crisis
Aura, the consumer digital safety company known for identity protection and fraud monitoring, recently confirmed a data breach that exposed nearly 900,000 marketing contacts. What seems like a single shocking number actually reveals deeper problems: legacy data inherited through acquisitions, the continued effectiveness of social-engineering attacks, and the tricky line between marketing lists and active customer records. This incident is