6h ago

TrapDoor supply chain attack poisons CLAUDE.md and .cursorrules files to hijack Claude Code and Cursor agents

The attack steals developer wallets, SSH keys, and credentials.

0
Original post
OPChubby♨️#1496Chubby♨️@KIMMONISMUS

A coordinated supply chain attack called "TrapDoor" just hit npm, PyPI, and Crates. io simultaneously, 34 malicious packages targeting crypto, AI, and security developers to steal wallets, SSH keys, and cloud credentials. New: attackers are also submitting pull requests to popular open-source repos, injecting manipulated CLAUDE.md and .cursorrules config files. When a developer clones the repo and works with Claude Code or Cursor, the AI agent reads those files as trusted instructions, and could execute malicious commands without the developer realizing it. Using AI assistants as the attack surface is new.

9:24 AM · May 24, 2026 View on X
QUOTE POSTxlr8harder#1674xlr8harder@XLR8HARDER

All this credential stealing stuff is sort of making me want to make a key-holding VPS that i proxy requests through and block to my dev machine IP.

5:44 PM · May 24, 2026 · 785 Views
REPLYxlr8harder#1674xlr8harder@XLR8HARDER

like fundamentally the same problem as "my agent might get prompt injected so don't trust it with the keys" except it's all of open source

xlr8harderxlr8harder@xlr8harder

All this credential stealing stuff is sort of making me want to make a key-holding VPS that i proxy requests through and block to my dev machine IP.

5:44 PM · May 24, 2026 · 785 Views
5:45 PM · May 24, 2026 · 185 Views