Vulnerability Reports

We scan real-world threats, publish what we find, and add new patterns based on what we learn. Every report makes SUNGLASSES stronger. Every gap we find gets fixed in public.

April 1, 2026 NEW LIVE THREAT

axios Supply Chain RAT — BlueNoroff / Lazarus Group

Malicious axios versions (1.14.1, 0.30.4) deployed a cross-platform Remote Access Trojan via npm. Concurrent with the Claude Code source leak. We scanned the real deobfuscated payload — 460 lines of credential-stealing, wallet-draining, self-deleting malware attributed to North Korean state actors.

1 CRITICAL 1 HIGH 1 MEDIUM +8 new patterns 3.67ms scan

Coming soon

Claude Code Leaked Source — Prompt Injection Surface Analysis

With the full source exposed, we'll analyze the MCP/Hooks attack surface for prompt injection vectors. What can attackers do now that they have the blueprint?

Coming soon

OpenClaude / Claw Code Fork Analysis

Community forks of the leaked code are spreading fast. Some strip guardrails. Some add unknown code. We'll scan the most popular forks for hidden threats.

Coming soon

Anti-Distillation Trap Detection

The leak revealed that Claude Code injects fake tool definitions to poison competitor training data. Can SUNGLASSES detect when an agent is being fed decoy tools? New pattern category in development.

Found a threat you want us to scan? Have malware samples from the wild?

[email protected]

Or open an issue on GitHub