Thu Aug 28 03:44:45 2025
(*097dfbf6*):: this is green fields for exploits https://x.com/zack_overflow/status/1960771720727683507
*** zack (in SF) (@zack_overflow) on X
*** A popular NPM package got compromised, attackers updated it to run a post-install script that steals secrets
But the script is a *prompt* run by the user’s installation of Claude Code. This avoids it being detected by tools that analyze code for malware
You just got vibepwned
*** X (formerly Twitter)
(*097dfbf6*):: +public!
GzYEJ8Va4AE3Y_-.jpglarge