hackers are now hiding malicious code inside .cursorrules and CLAUDE.md files.
invisible Unicode characters, your AI reads them, you don't.
→ 34 malicious packages across npm, PyPI and Crates .io
→ 384 versions designed to steal SSH keys, crypto wallets, and API tokens
→ attackers opened real PRs to LangChain, LlamaIndex, and MetaGPT to sneak these files in
→ your AI runs a fake "security scan" that silently exfiltrates everything
Socket detected it in under 6 minutes.
check your repos.
Show more
