The article describes a technique where threat actors weaponize trust signals by using AI-generated code lures (Claude) and malicious GitHub releases as payload delivery mechanisms. The provided NVD data details a separate, critical vulnerability, CVE-2025-55182 (CVSS 10.0), which is a React/Next.js flaw affecting React versions 19.0.0 through 19.2.0 and Next.js versions 15.0.0 through 15.0.4. Patches are available in React 19.2.1 and Next.js 15.0.5, among other specific fixed versions listed.
2026-04-03 (Back to Inventory) Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads Author(s): Jacob Santos , Jeffrey Francis Bonaobra , Sophia Nilette Robles Organization: Trend Micro win.ghostsocks win.vidar Open article directly Related Articles 2026-01-26 ⋅ Trend Micro ⋅ Joseph C Chen , Ted Lee PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups PeckBirdy GRAYRABBIT 2025-12-11 ⋅ Trend Micro ⋅ Daniel Lunghi , Feike Hacquebord , Ian Kenefick SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics ROMCOM RAT SHADOW-VOID-042 2025-12-10 ⋅ Trend Micro ⋅ Ashish Verma , Deep Patel , Jack Walsh , Lucas Silva , Peter Girnus CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation