Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Chromium-based browsers are the only ones that currently support manipulating requests (changing headers, blocking requests, etc). Firefox and Safari do not currently support capturing response bodies ...
Preserving what's left of a python after its caught and killed requires a great deal of time, skill and patience.