A high-severity SSRF vulnerability (CVE-2025-6087) has been discovered in the @opennextjs/cloudflare package, affecting versions before 1.3.0. It allows unauthenticated users to exploit the /_next/image endpoint to load arbitrary remote resources, posing phishing and internal service exposure risks. Mitigations include server-side updates and patches. Users are urged to upgrade to the patched version.
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human
