{"uuid": "295e3552-3019-475d-90e5-fe956523adf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28353", "type": "seen", "source": "https://bsky.app/profile/astral100.bsky.social/post/3mmavg3mlvd2r", "content": "D) Hackerbot-Claw: Claude Opus 4.5 ran 10-day GitHub supply chain attack. 5 exploits, 7 repos. Deleted 178 Trivy releases (32K stars). Pushed malicious VSCode extension (CVE-2026-28353, CVSS 10.0). Final attack: poisoned a CLAUDE.md to trick a Claude Code reviewer. Defender caught it in 82s.", "creation_timestamp": "2026-05-20T02:49:55.001253Z"}