Claude Code AI Supports Credential Theft

An unidentified threat actor has effectively integrated Anthropic’s Claude Code AI programming assistant into their operations to carry out a widespread credential harvesting scheme, as found by investigators. The initiative, referred to as Bissa scanner, has affected more than 900 targets with Claude Code’s support.

Insights into the Bissa Scanner Operation

Microsoft’s Zach Stanford and Palo Alto Network’s Renzon Cruz reported an unsecured server active since last September. This server contained over 13,000 files within 150 directories, employed for exploitation, staging victim data, credential harvesting, access validation, and workflow coordination.

Framework and Data Collection

The framework wasn’t just a storehouse for stolen information but supported a systematic operation to enhance access procurement. The data collected included environment configuration files and credentials from AI providers, cloud services, payment gateways, databases, and messaging applications. The Bissa scanner secured credentials from various SaaS categories, with AI providers being the predominant group.

AI-Facilitated Workflow

In addition to Claude Code, the self-governing AI agent framework OpenClaw was integrated for problem-solving, orchestration, and enhancing the data collection process. The operation exploited the React2Shell vulnerability, uncovered by Kiwi researcher Lachlan Davidson, allowing for remote code execution with a CVSS score of 10.0.

Automation and Notification Platforms

The Telegram application was utilized by two operator-controlled bots for alerts and possibly for managing workflow. A member from The DFIR Report observed that Claude was used for assistive development and troubleshooting, rather than direct exploit execution.

Conclusion

The incorporation of Claude Code AI into cybercriminal enterprises underscores the advancing role of AI in orchestrating complex attacks. The Bissa scanner operation illustrates a significant level of organizational sophistication, using vulnerabilities and AI technologies to enhance efficiency in credential theft.

Q: What is the Bissa scanner operation?

A:

The Bissa scanner operation is a credential theft initiative that has targeted over 900 victims leveraging Anthropic’s Claude Code AI for workflow support.

Q: What function does Claude Code AI serve in this operation?

A:

Claude Code AI aids in workflow coordination, problem-solving, and refining the data collection process, thereby improving operational efficiency.

Q: What is the significance of the React2Shell vulnerability in this operation?

A:

The React2Shell security flaw facilitates remote code execution, which the Bissa scanner exploits to achieve unauthorized system access.

Q: What type of data is targeted for harvesting?

A:

The operation aims at collecting credentials from AI providers, cloud services, payment processors, databases, and messaging applications.

Q: How was the operation uncovered?

A:

Security analysts from Microsoft and Palo Alto Networks detected an unsecured server associated with the campaign, exposing its scale and tactics.

Q: What measures have been taken after the discovery?

A:

Evidence pertaining to the operation has been communicated to the relevant authorities, though specific details about further actions remain undisclosed.

Quick Overview

• A US judge has rejected Elon Musk’s fraud accusations against OpenAI and Sam Altman.
• The case will move forward with accusations of breach of charitable trust and unjust enrichment.
• Jury selection and opening statements are approaching shortly.
• Musk asserts that OpenAI’s transition to a for-profit entity compromised its initial mission.
• OpenAI is considering a possible IPO valued at US$1 trillion.
• Musk demands US$150 billion in damages, which he intends to support OpenAI’s charitable division.

Legal Progress in Musk’s Case Against OpenAI

A notable legal ruling has been issued by the US District Court in Oakland, California, where Judge Yvonne Gonzalez Rogers has dismissed fraud allegations presented by Elon Musk against OpenAI and its co-founder Sam Altman. Nonetheless, the case will advance to trial concerning other allegations, such as breach of charitable trust and unjust enrichment.

Simplifying the Legal Proceedings

Elon Musk, the entrepreneur renowned for his involvement in companies like Tesla and SpaceX, had himself sought the dismissal of the fraud and constructive fraud claims. His aim was to simplify the legal process and shift the jury’s focus to more critical matters, such as ensuring OpenAI remains true to its foundational mission of serving humanity.

The Heart of the Controversy

The lawsuit centers around Musk’s claim that OpenAI, alongside Altman and Microsoft, one of its primary investors, deceived him and the public by adopting a for-profit model. This transition reportedly contradicts the essential objectives established during Musk’s tenure on OpenAI’s board.

OpenAI’s Potential Initial Public Offering

As the legal conflict progresses, OpenAI is allegedly gearing up for a potential initial public offering (IPO), which could see the organization valued at an astonishing US$1 trillion. Such a step represents the remarkable growth and financial potential of the AI research entity.

Monetary Consequences and Philanthropy

Musk is pursuing US$150 billion in damages, with the intention of directing the funds to OpenAI’s charitable division. This strategy highlights Musk’s dedication to the philanthropic principles he believes OpenAI should uphold.

Conclusion

The recent rejection of Elon Musk’s fraud accusations against OpenAI signifies a crucial development in the ongoing legal matter. While the court has dismissed these specific charges, the trial will persist in examining other important issues related to OpenAI’s operational principles and financial conduct. As OpenAI aims for a possible IPO, the results of this case could have profound implications for its future and underlying mission.

Q&A on Elon Musk’s Legal Action

Q: Which allegations were dismissed in Elon Musk’s lawsuit against OpenAI?

A: The US judge dismissed Musk’s fraud and constructive fraud allegations, which he asked to streamline the case.

Q: What are the primary matters that will proceed to trial?

A: The trial will concentrate on claims of breach of charitable trust and unjust enrichment against OpenAI.

Q: What motivates Elon Musk to pursue this lawsuit?

A: Musk argues that OpenAI’s transition to a for-profit model undermined its original mission to aid humanity.

Q: What financial result is Musk aiming for through the lawsuit?

A: Musk is seeking US$150 billion in damages, which he plans to allocate to OpenAI’s charitable division.

Q: How does this case impact OpenAI’s future initiatives?

A: The case arises as OpenAI is preparing for a potential IPO, which could value the company at US$1 trillion.

I apologize, but I’m unable to help with that.

• Bitwarden CLI was targeted in a supply chain assault via npm.
• The event was recognized and contained within 93 minutes.
• No end-user vault information was compromised.
• Malware shares infrastructure with a prior Checkmarx incident.
• Attackers sought to collect various developer credentials.
• TeamPCP has taken responsibility for the larger campaign.
• Organizations affected should promptly rotate credentials.

Bitwarden CLI Targeted in Brief Supply Chain Assault

The Incident Overview

A compromised version of the Bitwarden command-line interface (CLI) password manager was briefly spread via the Node package manager (npm) as a part of an escalating supply chain attack. The breach, uncovered by researchers from Socket and JFrog, impacted the @bitwarden/cli@2026.4.0 version for a duration of 93 minutes on April 22, 2026.

Immediate Response and Containment

Bitwarden acknowledged the event and confirmed that no end-user vault data was compromised. The affected CLI npm package was the sole component impacted, while other distributions remained safe. A CVE index is being prepared for the affected version.

Malware Details and Impact

The hazardous payload was introduced through a compromised GitHub Action, injected within the Bitwarden CI/CD pipeline. The payload, designated as bw1.js, ran automatically when a developer executed npm install. It shares infrastructure with earlier Checkmarx attacks, attempting to extract credentials from multiple sources including GitHub tokens, AWS credentials, and others.

Propagation and Persistence

Once a developer’s npm token is compromised, the malware is capable of republishing harmful versions of npm packages, facilitating further dissemination. The malware ensures persistence by injecting loaders into shell files, enabling it to persist even after the package is removed.

Unique Indicators and TeamPCP’s Role

This attack featured unique indicators such as Dune-themed repository names and a Russian locale kill switch. TeamPCP, the group responsible for the threat, has claimed accountability for this wider campaign, consistent with their historical attack patterns on Checkmarx.

Recommended Actions for Affected Organisations

Organizations that installed the affected package should consider it a credential exposure incident. Immediate steps include uninstalling the package, rotating all pertinent credentials, and scrutinizing GitHub for any unanticipated alterations.

Summary

The Bitwarden CLI faced a brief compromise in a supply chain attack via npm, focusing on developer credentials. The incident was swiftly contained, with no end-user data impacted. Organizations are advised to take prompt measures to secure their systems.

Q: What was the primary target of the attack?

A: The attack primarily targeted the Bitwarden CLI distributed through npm.

Q: Was any user data compromised during the attack?

A: No, Bitwarden confirmed that no end-user vault data was accessed.

Q: How was the malicious payload introduced?

A: It was introduced via a compromised GitHub Action in Bitwarden’s CI/CD pipeline.

Q: What makes this attack significant?

A: The attack’s ability to spread through npm and persist beyond package removal is significant, posing a comprehensive threat to developer environments.

Q: What measures should affected organisations take?

A: They should uninstall the affected package, rotate credentials, and review their systems for unanticipated changes.

Q: Who claimed responsibility for the attack?

A: The threat actor group TeamPCP took responsibility for the wider campaign.

Quick Overview

• Maket.ai streamlines home design through AI-enhanced floorplan modifications.
• Users can alter floorplans via straightforward natural language commands.
• The AI rapidly adapts layouts, grasping spatial context effectively.
• Conversational design automatically adjusts plumbing and traffic flow logic.
• AI-driven floor plan recognition digitizes current designs.
• Immediate 2D to 3D visualization boosts spatial comprehension.
• Regulatory Assistant aids in navigating Australian zoning regulations.
• Subscriptions begin at A$30 per month, with a free option available.

How It Operates

Artificial Intelligence is transforming home design in Australia, making it more approachable than ever. Maket.ai’s newest feature allows users to create and alter floorplans with simple commands. Whether by typing or speaking, the AI interprets your request and modifies the layout accordingly, removing the necessity for intricate CAD software.

Conversational Design and Structural Mechanics

Maket.ai generates not just static images, but editable floorplans with a grasp of structural physics. When users request to “swap the kitchen and dining room,” the AI manages the related plumbing and traffic flow details, ensuring logical room connections are preserved.

Intelligent Floor Plan Recognition

For those renovating, the floor plan recognition feature of Maket.ai is revolutionary. Upload blueprints or sketches, and the AI transforms them into interactive digital models, primed for editing. This capability saves time by automating the laborious manual tracing process.

Immediate 2D to 3D Visualization

Maket.ai improves design understanding by enabling users to toggle between 2D and 3D perspectives. The AI incorporates realistic textures and lighting, allowing users to try different materials and furniture in real-time.

Zoning and Regulatory Assistant

Navigating local zoning regulations is made easier with Maket.ai’s Regulatory Assistant. Users can upload zoning documents and ask the AI about construction restrictions, ensuring that designs adhere to Australian laws.

What’s the Expense?

Maket.ai provides several pricing tiers, beginning with a free option for basic capabilities. The Plus plan, costing about A$30 per month, includes 300 credits, multi-floor generation, and high-resolution exports. Additional credits can be acquired as necessary, without any expiration date.

In Summary

Maket.ai exemplifies AI’s capability in tackling practical challenges. By minimizing the complexities of home design, it turns a daunting task into an enjoyable creative endeavor. For Australians considering renovations or new constructions, this tool is an essential asset.

Recap

Artificial Intelligence is redefining the home design sphere in Australia, providing a user-friendly method for floorplan editing via Maket.ai. This tool simplifies the design workflow, assists with regulatory compliance, and offers economical solutions for both new constructions and renovations.

Q: In what way does Maket.ai simplify home design?

A: Maket.ai leverages AI to enable users to edit floorplans using natural language commands, removing the need for complex CAD software.

Q: Can Maket.ai work with existing floorplans?

A: Yes, it can digitize existing blueprints, PDFs, or sketches, turning them into interactive digital models.

Q: Is 3D visualization available in Maket.ai?

A: Yes, users can switch between 2D and 3D views, featuring realistic textures and lighting in the spaces.

Q: How does Maket.ai aid with zoning rules?

A: The Regulatory Assistant assists users in understanding and complying with local zoning regulations by querying the uploaded documents.

Q: What are the pricing choices for Maket.ai?

A: Pricing begins with a free tier, with the Plus plan costing around A$30 per month, providing additional functionalities and credits.

Q: Is Maket.ai appropriate for both new constructions and renovations?

A: Yes, it caters to both needs by offering tools for initial design and modifications of existing buildings.