Hackers Share Claude Code Exposure Alongside Additional Malware

An investigation by WIRED this week uncovered the identities of paramilitary Border Patrol agents who frequently resorted to force against civilians during Operation Midway Blitz in Chicago last fall, based on records from the Department of Homeland Security. WIRED also found that several of these agents participated in similar operations across various states in the US.

Customs and Border Protection should take note of the importance of safeguarding sensitive facility information. Through simple Google searches, WIRED found flashcards on the online learning platform Quizlet that exposed gate codes to CBP facilities and more.

In an unusual move, Apple this week issued “backported” patches for iOS 18 to protect millions still on the older operating system from the DarkSword hacking technique, recently found to be in active use. Discovered in March, DarkSword enables attackers to compromise iPhones just by visiting a website containing embedded takeover tools. Initially, Apple encouraged users to upgrade to the latest version, iOS 26, but eventually released patches for iOS 18 as DarkSword continued to spread.

The US-Israel conflict with Iran entered its second month this week, with Iran threatening to target over a dozen US companies, including major tech firms like Apple, Google, and Microsoft that have operations and data centers in the Gulf region. This deadly conflict, with no clear resolution in sight, continues to disrupt the global economy as shipping crews remain stranded in the vital Strait of Hormuz. Meanwhile, speculations grow about the potential consequences of US strikes damaging Iran’s nuclear facilities.

And that’s just the tip of the iceberg! Each week, we summarize the security and privacy news that we didn’t cover in detail ourselves. Click the headlines to read the full stories. Stay safe out there.

Earlier this week, a security researcher pointed out that Anthropic inadvertently made the source code for its widely-used vibe-coding tool, Claude Code, public. Almost immediately, individuals began reposting the code on the developer platform GitHub. However, caution is advised if you’re looking to download any of those repositories: BleepingComputer reports that some posters are, in fact, hackers who have embedded infostealer malware within the code.

Anthropic has been actively attempting to remove instances of the leak (malware-laden or otherwise) by sending out copyright takedown notices. According to the Wall Street Journal, the company initially sought to eliminate over 8,000 repositories on GitHub but later reduced that effort to 96 copies and adaptations.

This isn’t the first instance of hackers leveraging interest in Claude Code, which requires users, some of whom may not be well-versed in their computer’s terminal, to copy and paste installation commands from a website. In March, 404 Media reported that sponsored ads on Google led users to sites masquerading as official installation guides for Claude Code, which prompted users to execute commands that actually downloaded malware.

The FBI has officially categorized a recent cyber intrusion into one of its surveillance systems as a “major incident” under FISMA—a designation reserved for breaches considered to pose serious national security risks. Reported to Congress earlier this week, this is believed to be the first major incident declaration by the bureau regarding its own systems since at least 2020. Politico has reported, citing two unnamed senior Trump administration officials, that China is suspected to be behind the intrusion. If confirmed, this breach could signify a major counterintelligence failure for the FBI.

The FBI noted that it detected “suspicious activities” on its networks back in February. In a notice to Congress on March 4, reviewed by Politico, the bureau indicated that the compromised systems were unclassified and contained “returns from legal process,” which would include phone and internet metadata collected under court orders as well as personal information related to subjects of FBI investigations. The intruders reportedly gained access via a commercial internet service provider, a tactic the FBI described as indicative of “sophisticated methods.” In its only public comment, the bureau stated that it deployed “all technical capabilities to respond.”