"A malicious npm package named 'mouse5212-super-formatter' was found acting as an information stealer. The malware targeted Claude users by exfiltrating files from local directories. Researchers discovered the malware after it accidentally leaked its own GitHub private token."