[Claude Code 소스 코드가 npm 레지스트리 맵 파일을 통해 유출
Anthropic의 Claude Code CLI 소스 코드가 npm 레지스트리 내 .map 파일을 통해 유출된 사례가 보고되었다. .map 파일은 소스 코드의 디버깅 정보를 포함하여 원본 소스 코드를 복원 가능한 형태로 제공할 수 있어, 보안상 심각한 문제로 평가된다. 이 사건은 오픈소스 프로젝트나 클라우드 기반 AI 도구 개발 시 보안 취약점 관리와 소스 코드 유출 방지 전략의 중요성을 강조한다.
https://news.hada.io/topic?id=28059
#anthropic #claudecode #sourcecodeleak #npmsecurity #aisecurity
The source code of Grand Theft Auto V has been leaked online, causing concerns for Rockstar Games. The leak initially occurred on a Discord server and was later shared on the dark web through Telegram groups. The leaked code includes a version of the game, related files, and a Python script for GTA6. The leak has also revealed details about cancelled projects and unreleased DLCs for GTAV. This incident follows another recent leak of GTAVI gameplays by a hacker named ArionKurtaj. Rockstar Games has not yet commented on the situation.
"🔥 HelloKitty Ransomware Source Code Leaked! 🔥"**
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum.
Recently, the source code for the HelloKitty ransomware was leaked on a Russian-speaking hacking forum by an individual known as 'kapuchin0,' who also goes by the alias 'Gookee.' This actor has a history of involvement in malicious activities, including selling access to Sony Network Japan and operating a Ransomware-as-a-Service named 'Gookee Ransomware.' They claim to be working on a more potent encryptor.
The leaked source code includes a Microsoft Visual Studio solution for building the HelloKitty encryptor and decryptor, along with the NTRUEncrypt library used for file encryption. Security experts have confirmed that this source code is indeed the original one used when HelloKitty ransomware first emerged in 2020.
While the release of ransomware source code aids security research, it also poses risks, as threat actors often use such code to launch their extortion operations. For instance, the Babuk ransomware source code was widely adopted by multiple ransomware groups after its release.
HelloKitty is a human-operated ransomware operation known for targeting corporate networks, stealing data, and encrypting systems. They employ double extortion tactics, threatening to leak stolen data if the ransom is not paid. In a notable attack on CD Projekt Red, they claimed to have stolen source code for popular games. Over time, the HelloKitty ransomware has evolved and has been used under various names, such as DeathRansom, Fivehands, and possibly Abyss Locker. Security professionals should remain vigilant, although indicators of compromise provided by the FBI in 2021 may have become outdated due to these changes.
Be on the lookout for potential new variants and stay secure! 🚨🔐
Source: BleepingComputer by Lawrence Abrams
Tags: #HelloKitty #Ransomware #SourceCodeLeak #CyberThreat #Malware #CyberSecurity 🌐🔐🔍
sayzard
TryCatchDebug.net
🛡 
𝑪𝒉𝒓𝒊𝒔 𝑻𝒉𝒐𝒓𝒏𝒆®
ITSEC News