data exfiltration

(3 articles)

May 27, 2026

Malicious npm Package Stole Claude AI Files via GitHub

A malicious npm package silently exfiltrated files from Claude AI's user directory and uploaded them to GitHub. Here's how it worked and what to do.

May 13, 2026

GemStuffer Hijacks 150+ RubyGems to Steal UK Data

GemStuffer abused over 150 RubyGems packages to exfiltrate scraped UK council portal data. Here's how the attack works and what Ruby devs must do now.

April 16, 2026

Taboola Routes Banking Sessions to Temu: What's at Risk

Taboola's ad scripts are routing logged-in banking session data to Temu servers. Here's what developers need to know and how to stop it now.