12:00
2026-05-13
safedep.io
cybersecurity
Malicious npm Packages Backdoor Claude Code Sessions
Five typosquatting npm packages published by accounts named "superbase" and "micresoft" contain a hidden 4.5 MB ELF binary that executes automatically upon `npm install` and, through a hijacked `Sessiβ¦