Real-World Security Incidents
Walk through actual supply chain attacks, data breaches, and vulnerability exploits in interactive, step-by-step scenarios. Understand how they happened and how to prevent them.
Axios Supply Chain Attack
npm account compromise deploys cross-platform RAT via trusted package
North Korean threat actors used a compromised long-lived npm token to bypass 2FA and publish malicious Axios versions containing a cross-platform RAT disguised as a crypto utility package.
Source Map Exposure — Claude Code Leak
Anthropic's Claude Code ships 59.8MB source map exposing 512K+ lines of proprietary TypeScript
Anthropic's Claude Code CLI tool (v2.1.88) accidentally shipped a 59.8MB source map in its npm package, exposing 1,906 TypeScript files including Undercover Mode, KAIROS autonomous agent, anti-distillation mechanisms, and native client attestation — discovered by security researcher Chaofan Shou.