Cyber Victor – a leading blog on cyber security

Anthropic recently confirmed that the source code for its Claude Code AI agent was accidentally exposed through a large JavaScript source map in a public npm package. This leak, totaling over 500,000 lines of TypeScript, revealed the tool’s internal orchestration logic and security protocols to the public. Tens of thousands of users quickly sought out the code, leading to a surge in unauthorized forks and re-uploads across platforms like GitHub.

Cybercriminals capitalized on the interest by creating fraudulent GitHub repositories that appear at the top of search engine results for “leaked Claude Code.” These repositories often promise unlocked enterprise features but instead deliver a Rust-based dropper containing the Vidar information-stealer and GhostSocks proxy malware. Once executed, the malicious software exfiltrates sensitive credentials and turns the infected machine into a residential proxy for further illegal traffic.

Security researchers from firms like Zscaler noted that these malicious archives are frequently updated, indicating that attackers are actively refining their delivery methods and payloads. While GitHub has since removed several of the offending accounts, the incident serves as a stark reminder of how quickly hackers exploit trending AI news to target developers. Experts urge extreme caution when downloading unofficial source code, as the rapid pace of AI development can often outrun traditional security vetting.

Read more about it here.

The European Commission has confirmed a data breach after its Europa.eu web site was hacked in a cyberattack claimed by the ShinyHunters data extortion group. This was first reported on March 26, 2026.

The EC stated that “the Commission’s internal systems were not affected by the cyber-attack”.

The threat actor claimed that they stole over 350 GB of data, and they released 90 GB of data.

Read more about it here.

Anthropic accidentally leaked the source code of its Claude Code tool, after a large debug file was included in a public npm release. A 59.8 MB JavaScript source map file (.map), intended for internal debugging, was inadvertently included in version 2.1.88 of the @anthropic-ai/claude-code package on the public npm registry pushed live on March 31, 2026.

Claude code source code has been leaked via a map file in their npm registry!

Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8

— Chaofan Shou (@Fried_rice) March 31, 2026

The file exposed 1,900 TypeScript files, consisting of more than 512,000 lines of code, full libraries of slash commands and built-in tools. Once flagged online, the code was quickly shared and analyzed by developers.

The leaked source reveals a sophisticated, three-layer memory architecture that moves away from traditional “store-everything” retrieval.

Read more about it here.

Anthropic said on March 6, 2026 it discovered during a two week period in January 2026 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. It was using the Claude Opus 4.6 AI model. Of these, 14 were classified as high, 7 were classified as moderate, and 1 was rated low in severity. The issues were addressed in Firefox 148, released in late February 2026.

Claude identified a Use After Free vulnerability, which the team validated and reported to Mozilla along with a proposed patch written by Claude. By the end of this effort, Claude scanned nearly 6,000 C++ files and submitted a total of 112 unique reports, including the high- and moderate-severity vulnerabilities mentioned above. Most issues have been fixed in Firefox 148, with the remainder to be fixed in upcoming releases.

Read more about it here.

The French national bank account registry (FICOBA), a state agency which manages a registry of all bank accounts in France, said on February 18, 2026 that it has suffered a cyberattack, allowing hackers to gain information on over 1.2 million bank accounts. A hacker was using stolen credentials belonging to a government official to gain access.

Leaked data included bank account details including RIBs/IBANs, account holder identity, physical address, and in some cases also Taxpayer identification number.

Authorities quickly pulled FICOBA offline, restored access, and are notifying affected users.

Read more about it here.

Popular image sharing website Flickr confirmed it was hit by a cyberattack in which it lost sensitive data on a yet undisclosed number of customers.

In an email notification sent to its customers, Flickr said: “On February 5, 2026, we were alerted to a vulnerability in a system operated by one of our email service providers. This flaw may have allowed unauthorized access to some Flickr member information. We shut down access to the affected system within hours of learning about it.”

The data breached may have exposed full names, usernames, email addresses, IP addresses, general location data, Flickr account types and activity history.

The company immediately took action: They disabled access to the affected system, removed links to the vulnerable endpoint, alerted the third-party provider, requesting a full investigation, and notified the relevant data protection authorities.

Owned by SmugMug, Flickr is a photo sharing platform. It has 112 million registered users and millions of active photographers.

Read more about it here.

The ShinyHunters cyber gang claimed that it stole data from over 14 million Panera Bread accounts, totaling 760 MB in compressed format. According to the actor, the stolen information contains Full names, Email addresses, Phone numbers, Home addresses, Account details, and Personally Identifiable Information (PII). The cyber gang said that the files were leaked because the company didn’t pay an unspecified ransom.

Data breach notification service Have I Been Pwned (HIBP) said that a data breach at Panera Bread affected 5,120,000 accounts, not 14 million accounts as previously reported.

ShinyHunters told BleepingComputer that they gained access to Panera’s systems via a Microsoft Entra single sign-on (SSO) code. The attack was part of a new ShinyHunters voice phishing (vishing) campaign, targeting Single Sign-On (SSO) accounts at Okta, Microsoft, and Google across more than 100 high-profile organizations.

Soon after, the company was hit with two class action lawsuits over data breach.

Panera Bread is a US based bakery-café chain known for its bread, sandwiches, soups, salads, and coffee. Founded in 1987, it employees about 140,000 employees and operates nearly 2,300 locations in the US and Canada.

Read more about it here.

A data breach at American apparel giant Under Armour has leaked the personal information of 72.7 million customers following a ransomware attack. The data breach surfaced in November 2025 after the Everest ransomware gang claimed responsibility for the attack by listing Under Armour on a dark web leak site.

🚨DATA BREACH– Under Armour (underarmour[.]com)

In November 2025, the Everest ransomware group claimed responsibility for a massive cyberattack on Under Armour, exfiltrating ~343 GB of sensitive data. After Under Armour reportedly failed to pay the ransom within the 7-day… pic.twitter.com/bJj6Hc6wSW

— JustaBreach (@justabreach) January 18, 2026

On January 18, 2026, the ransomware gang leaked samples on an underground hacking forum and demanded an unspecified ransom to avoid leaking the entire trove, totaling about 343 GB.

Data breach tracking website Have I Been Pwned (HIBP) confirmed the data breach and assessed that it leaked customers names, email addresses, genders, dates of birth, and geographic locations.

Have I Been Pwned said the stolen Under Armour dataset included names, email addresses, genders, dates of birth, and customers’ approximate location based on postcode or ZIP code. The data also included purchase information, such as product IDs, prices, quantities, store preferences, and marketing campaign logs. Together, this can be used by cybercriminals for shopping scams and phishing.

Under Armour is now facing a class action lawsuit for its alleged negligent handling of personal information and the November 2025 data breach.

Read more about it here.

Claims administration and risk management giant Sedgwick disclosed a cybersecurity incident at its federal contractor subsidiary, Sedgwick Government Solutions, on January 4, 2026. The company made the disclosure after the TridentLocker ransomware gang publicly claimed responsibility for stealing 3.4 GB of sensitive data.

The list of federal agencies using Sedgwick Government Solutions’ services includes the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Commerce, the United States Citizenship and Immigration Services (USCIS), the United States Coast Guard, the Department of Homeland Security (DHS), the U.S. Department of Labor, the Customs and Border Protection (CBP), the Transportation Security Administration (TSA), the Federal Emergency Management Agency (FEMA), and the U.S. Coast Guard.

Sedgwick responded to the incident by immediately activating its incident response protocols with the support of external cybersecurity experts. The company added that Sedgwick Government Solutions is segmented from the rest of its business, and no wider Sedgwick systems or data were affected.

Sedgwick employs 33,000 employees and serves 10,000 clients across 80 countries, including 59% of the Fortune 500, and its subsidiary serves over 20+ government agency clients.

Read more about it here.

British luxury car maker Jaguar Land Rover has reported devastating preliminary 2025 fourth quarter results as a result of crippling cyberattack.

Wholesale sales in the last quarter of 2025 were 59,200 units, down 43.3% vs. the last quarter of 2024.
Retail sales in the last quarter of 2025 were 79,600 units, down 25.1% vs. the last quarter of 2024.

The September 2, 2025 cyberattack forced the car maker to send staff home and shut down production. In a follow-up statement, the company also confirmed that data had been stolen during the cyberattack, which was later claimed by the Scattered Lapsus$ Hunters cybercrime collective made out of cybercriminal groups.

JLR got £1.5 billion in financial support from the UK government to aid its recovery and help companies in the supply chain as JLR struggled to bring its invoicing system online.

Read more about it here.