Hackers abuse trusted dev tools, not break-ins

Two campaigns show attackers now exploit trusted developer tools instead of breaking in. TeamPCP injected malicious code into over 1,000 open-source packages, racking 500 million weekly downloads. Hackers also abused Anthropic's Claude Shared Chats feature to turn the AI against its own users.