Potential Claude Security Incident: Self-Sent Password Alerts and Suspicious .NET Process
Incident Details from Reddit Report
A Reddit user on r/ClaudeAI reported a concerning security incident involving Claude. The user's boss logged into Claude at 10:59 AM via an email link sent to their company Outlook account. At 11:00 AM, they received multiple emails about failed attempts to change their internal database password.
The unusual aspects noted in the report:
- The emails were addressed TO the boss FROM the boss's own account
- Normally, such notifications would come from the IT team as automated messages
- By 11:05 AM, the emails had completely vanished from the inbox
- No trace in sent, drafts, or recoverable deletions (screenshots were taken)
System Behavior Observations
When attempting to shut down the system, the OS prevented shutdown because ".NET-BroadcastEventWindow4.0.0.0.1a0e24.0" was still running. The user noted this had never happened before on their company computer.
The user's research indicated that while .NET files are normal Windows components, they can sometimes be malicious. The report mentions the recent Claude code leak as potential context for the incident.
The user's company has instructed the affected employee to shut down the system until IT can investigate. The IT team is currently tied up with a client emergency.
📖 Read the full source: r/ClaudeAI
👀 See Also
Delimiter defense boosts Gemma 4 from 21% to 100% prompt injection defense in 6100+ test benchmark
A benchmark tested 15 models across 7 attack types (6100+ tests) using random delimiters around untrusted content. Gemma 4 E4B went from 21.6% to 100% defense rate with delimiter + strict prompt.
Litellm PyPI Package Compromised: Malicious Version 1.82.8 Exfiltrated Credentials
The litellm PyPI package, which unifies calls to OpenAI, Anthropic, Cohere and other LLM providers, was compromised with malicious version 1.82.8 that exfiltrated SSH keys, cloud credentials, API keys, and other sensitive data for about an hour.
Cybercriminals Are Pushing Back Against AI-Generated Slop on Underground Forums
New research shows low-level hackers and scammers are complaining about AI-generated posts on cybercrime forums, viewing them as low-quality noise that undermines community trust and social interaction.
mcp-scan: Security scanner for MCP server configurations
mcp-scan checks MCP server configurations for security issues including secrets in config files, known vulnerabilities in packages, suspicious permission patterns, exfiltration vectors, and tool poisoning attacks. It auto-detects configs for Claude Desktop, Cursor, VS Code, Windsurf, and 6 other AI clients.