infoworld.com
by Howard Solomon
Mar 31, 2026
A version of the AI coding tool in Anthropic's npm registry included a source map file, which leads to the full proprietary source code.
An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s open npm registry account, a risky mistake, says an AI expert.
“A compromised source map is a security risk,” said US-based cybersecurity and AI expert Joseph Steinberg. “A hacker can use a source map to reconstruct the original source code and [see] how it works. Any secrets within that code – if someone coded in an API key, for example – is at risk, as is all of the logic. And any vulnerabilities found in the logic could become clear to the hacker who can then exploit the vulnerabilities.”
However, Anthropic spokesperson told CSO, “no sensitive customer data or credentials were involved or exposed. This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”
But it wasn’t the first time this had happened; according to Fortune and other news sources, the same thing happened last month.
Don’t expose .map files
Map files shouldn’t be left in the final version of code published on open source registries, where anyone can download a package; they can be sources of useful information for hackers.
According to developer Kuber Mehta, who published a blog on the latest incident, when someone publishes a JavaScript/TypeScript package to npm, the build toolchain often generates source map files (.map files). These files are a bridge between the minified/bundled production code and the original source; they exist so that when something crashes in production, the stack trace can point to the actual line of code in the original file, not to some unintelligible reference.
What’s available in these files? “Every file. Every comment. Every internal constant. Every system prompt. All of it, sitting right there in a JSON file that npm happily serves to anyone who runs npm pack or even just browses the package contents,” said Mehta.
“The mistake is almost always the same: someone forgets to add *.map to their .npmignore or doesn’t configure their bundler to skip source map generation for production builds,” Mehta said. “With Bun’s bundler (which Claude Code uses), source maps are generated by default unless you explicitly turn them off.”
Think of a source map as a file that shows what parts of minified computer code, which is not easily understandable to humans, are doing, shown in the human-readable source code, said Steinberg. For example, he said, it may indicate that the code in a specific portion of the executable code is performing the instructions that appear in some specific snippet of source code.
A source map can help with debugging, he added. Without it, he said, many errors would be identified as coming from a larger portion of code, rather than showing exactly where the errors occur.
mybroadband.co.za
29.03.2026
By Jan Vermeulen
Statistics South Africa has become the latest government entity to fall victim to a ransomware attack by the emerging cybercrime group known as XP95.
The threat actors claim to have successfully breached the agency responsible for conducting South Africa’s census, as well as producing and disseminating other official statistics, like the Consumer Price Index.
It was established by the 1999 Statistics Act to produce comprehensive data about South Africa’s people, economy, and society to support informed decision-making by government and business.
According to XP95’s dark web leak site, the hackers have stolen 453,362 files totaling 154 GB of data from an unspecified Stats SA server.
The cyber-extortionists have demanded a ransom payment of $100,000 (R1.7 million) to prevent the public release of the stolen data.
Given their claim that it was a ransomware attack, it is possible that they left the breached server encrypted and unusable.
XP95 has set a 20 April 2026 deadline for the payment, after which the group threatens to leak the full archive online.
Based on the samples of the exfiltrated data, the hackers obtained another trove of personally identifying information from what appears to be a human resources file server.
This is similar to the attack by the same group on the Gauteng Provincial Government, which saw terabytes of personal data from what appeared to be job seekers put up for sale.
The XP95 group is a relatively new actor in the cyber-extortion space, having first emerged in March 2026 with a unique interface that mimics legacy Microsoft Windows operating systems.
“What makes XP95 stand out immediately is its leak site design,” cyber threat intelligence company DarkFeed said in an analysis published shortly after the group first emerged.
“It is a striking throwback, heavily mimicking an old desktop operating system interface complete with classic teal backgrounds, old-school folders, and a vintage taskbar.”
From the site design, it appears that the group’s name is an amalgamation of two old versions of Microsoft’s operating system: Windows XP and Windows 95.
“Stats SA is aware of a cybersecurity breach affecting one Human Resources database,” stated Semakaleng Thulare, acting DDG Statistical Support and Informatics.
“The system that was breached is exclusively the HR system available for job seekers to apply online.”
Thulare explained that the national statistics office is part of a wider government response to matters dealing with cybersecurity breaches.
“Stats SA will not pay any ransom. Deployment of state financial resources is done in line with PFMA. Stats SA will notify the information regulator and will be guided by their processes.”
Gauteng Provincial Government server breach
Screenshot of XP95 dark web leak site announcing the Stats SA breach and ransom
In the previous attack on Gauteng, the hackers claimed to have stolen 3.8TB of data and demanded a lower payment of $25,000 (around R420,000 at the time) for the release of the information.
However, in that case, the group was selling the data to third parties, rather than holding the sensitive information to ransom.
Cybersecurity experts have warned that South African government departments remain prime targets for ransomware gangs and other cybercriminals.
Orange Cyberdefense highlighted in its Security Navigator Report 2025 that cyber extortion remains a pervasive threat that is impacting organisations of all sizes and sectors.
Small and medium-sized enterprises faced a 53% rise in ransomware incidents last year, and 2025 also marked the largest ransom ever paid to a ransomware group: $75 million to Dark Angels.
“With the emergence of AI tools designed specifically for fraud, extortion, and impersonation, AI has enabled an increase in the volume and sophistication of extortion incidents across sectors,” Orange Cyberdefense stated.
“The impact of these attacks reaches beyond the immediate target, with disruptions cascading through supply chains and posing risks to larger companies.”
Orange Cyberdefense also observed growing cynicism, as criminals no longer avoid critical services such as healthcare.
“We need resilience-building strategies to counter these risks,” the company stated.
“This includes the implementation of robust recovery protocols and reliable backup systems to reduce downtime and data loss after an attack.”
