Hackers spread CloudCode leak with additional malware

Wired investigation Department of Homeland Security records this week revealed the identities of the paramilitary Border Patrol agents who repeatedly used force against civilians during Operation Midway Blitz in Chicago last fall. WIRED found that several agents have turned up in similar operations in other states across the United States.

CBP may want to remember to protect its facilities’ sensitive information. Using basic Google searches, WIRED discovered flashcards created by users of the online learning platform Quizlet that contained portal codes to CBP facilities and more.

In a rare move, Apple this week released “backported” patches for iOS 18 to protect millions of people still using the older operating system from a DarkSword hacking technique that was found in use in the wild. DarkSword, which was discovered in March, allows attackers to infect iPhones that simply visit a loaded website with takeover tools embedded within it. Apple initially pushed users to update to the current version of its operating system, iOS 26, but eventually released iOS 18 patches after DarkSword continued to spread.

The US-Israel war with Iran entered its second month this week, with Iran threatening attacks against more than a dozen US companies, including technology giants such as Apple, Google and Microsoft, which have offices and data centers in the Gulf region. The deadly conflict, with no clear end in sight, continues to wreak havoc on the global economy as shipping crews remain stranded in the Strait of Hormuz, a major trade route. On the other hand, some are beginning to wonder what might happen if US strikes cause real damage to Iranian nuclear facilities.

And that’s not all! Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Earlier this week, a security researcher noted that Anthropic had mistakenly released the source code for its popular encryption tool, Claude Code, to the public. Immediately, people started republishing the code on the developer platform GitHub. But beware if you want to try downloading some of these repositories yourself: BleepingComputer reports that some posters are actually hackers who have inserted a piece of information-stealing malware into their lines of code.

Anthropic, for its part, attempts to remove leaked copies (whether or not they’re tainted with malware) by issuing copyright takedown notices. The Wall Street Journal reported that the company initially attempted to remove more than 8,000 GitHub repositories but later reduced that to 96 copies and modifications.

This isn’t the first time hackers have taken advantage of interest in Claude Code, which requires users who may not be familiar with their computer terminal to copy and paste installation commands from the website. In March, 404 Media reported that sponsored ads on Google led to sites that were masquerading as official Claude Code installation guides, which directed users to run a command that would actually download the malware.

The FBI has officially classified the recent cyber breach of one of its surveillance collection systems as a “major incident” under FISMA — a legal classification reserved for breaches believed to pose serious risks to national security. The decision, which was reported to Congress earlier this week, is understood to be the first time since at least 2020 that the office has declared a major incident on its own systems. Politico reported, citing two senior officials in the Trump administration, whose names were not mentioned, that China is believed to be behind this hack. If the hack is confirmed, it could represent a major counterintelligence failure for the FBI.

The FBI said it discovered “suspicious activity” on its networks in February. In a notice to Congress on March 4, reviewed by Politico, the bureau said the compromised systems were unclassified and had “proceeds from legal action,” citing, for example, phone and Internet metadata collected under court orders and personal information “related to the subjects of FBI investigations.” The hackers reportedly gained access through a commercial ISP, an approach the FBI described as reflecting “sophisticated tactics.” In its only public statement, the office said it had deployed “all technical capabilities to respond.”