ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

A worm's source code entered public circulation this week, alongside disclosure of successful phishing attacks against AI agents and a critical patch for Claude's code interpreter. The incident reflects a broader trend of increasingly commoditized and sophisticated attack infrastructure entering the threat landscape.

The leaked code includes a supply chain attack toolkit available in a public repository, enabling lower-skilled operators to execute complex attacks. Simultaneously, researchers demonstrated that AI agents like Claude can be socially engineered into divulging legitimate credentials during routine interactions. Anthropic released a patch addressing code execution risks in Claude's environment.

A notable threat involves a remote access trojan priced at $5,000 monthly that replicates browser functionality, giving attackers seamless access to victim systems. The malware operates with operational maturity typically associated with enterprise-grade tools, but remains accessible to threat actors with moderate budgets.

The week's 28 additional incidents underscore a critical shift in the threat environment. Attack infrastructure now operates with service-level consistency. Mule networks, which traditionally launder stolen funds through money couriers, now function as managed services with documented processes and customer support. This professionalization lowers the barrier to entry for cybercriminals lacking technical expertise.

The convergence of leaked development code, AI manipulation tactics, and polished criminal infrastructure suggests threat actors are building modular attack capabilities. Organizations cannot assume their defenses against traditional malware remain effective against these evolved toolsets. The sophistication gap between amateur and professional attacks has narrowed dramatically.

Security teams should prioritize monitoring for supply chain indicators linked to publicly leaked code, implement strict authentication controls around AI systems handling sensitive data, and audit code execution environments for unauthorized access. The normalization of criminal services means smaller organizations face risks previously reserved for high-value targets.