1. Typosquatting npm Packages Exploit Claude Code SessionStart Hooks to Deploy Persistent Developer Backdoors
A newly identified supply chain attack is targeting software developers through typosquatting npm packages that weaponize Claude Code's SessionStart hooks to establish persistent backdoors on infected systems. The campaign delivers a statically linked, UPX-compressed ELF binary that activates during package installatio...