IronWorm Commits as 'claude.' It Steals Your Anthropic and OpenAI Keys.

37 npm packages infected with Rust-based malware that hides behind an eBPF rootkit, talks over Tor, and self-propagates through npm Trusted Publishing. The commit author: claude@users.noreply.github.com.

Raccontata dadev.to