The BuddyBoss Attack: Claude’s Supply-Chain Attack

This report details a high‑impact supply‑chain attack where a French actor leveraged Anthropic's Claude to backdoor BuddyBoss plugin and theme packages on the Caseproof distribution, bypassed Cloudflare by contacting the Heroku origin, forced updates to clients, and exfiltrated data from 246 WordPress sites (over 16 GB of SQL dumps, ~150k user accounts, and live Stripe API keys); the document analyzes the Claude prompts, attack steps, TTPs, victimology, and C2/exfiltration mechanisms and outlines remediation complexity.