Malicious npm packages can overwrite Claude Code’s configuration file, steal OAuth tokens from the network, and use them to access all connected enterprise services while audit logs show clean Anthropic IP addresses.
Unvalidated input in Anthropic’s Claude Code GitHub Action enabled complete repository takeover via a simple issue, with potential impact on all dependent downstream projects.
Project Glasswing is a global initiative to enhance software security through systematic identification and remediation of vulnerabilities in widely used software worldwide, particularly targeting security leaders in organizations.
Project Glasswing is a global initiative to strengthen software security through systematic identification and remediation of vulnerabilities in critical systems worldwide.