A WIRED investigation based on Department of Homeland Security records this week revealed the identities of paramilitary Border Patrol agents who frequently used force against civilians during Operation Midway Blitz in Chicago last fall. Several of the agents, WIRED found, appeared in similar operations in other states around the US.

Customs and Border Protection may want to remember to protect its sensitive facility information. Using basic Google searches, WIRED discovered flashcards made by users of the online learning platform Quizlet that contained gate codes to CBP facilities and more.

In a rare move, Apple this week released “backported” patches for iOS 18 to protect millions of people still using the older operating system from the DarkSword hacking technique that was found in use in the wild. Discovered in March, DarkSword allows attackers to infect iPhones that simply visit a website loaded with the takeover tools embedded in it. Apple initially pushed users to update to the current version of its operating system, iOS 26, but ultimately issued the iOS 18 patches after DarkSword continued to spread.

The US-Israel war with Iran careened into its second month this week, with Iran threatening to launch attacks against more than a dozen US companies, including tech giants like Apple, Google, and Microsoft, which have offices and data centers in the Gulf region. The deadly conflict, which has no clear end in sight, continues to wreak havoc on the global economy as shipping crews remain stranded in the Strait of Hormuz, a key trade route. Meanwhile, some are beginning to wonder what could happen if US strikes cause real damage to Iran’s nuclear facilities.

And that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Earlier this week, a security researcher flagged that Anthropic accidentally made the source code for its popular vibe-coding tool, Claude Code, public. Immediately, people began reposting the code on the developer platform GitHub. But beware if you want to try to download some of those repos yourself: BleepingComputer reports that some of the posters are actually hackers who have tucked a piece of infostealer malware into the lines of code.

Anthropic, for its part, has been trying to remove copies of the leak (malware-ridden or not) by issuing copyright takedown notices. The Wall Street Journal reported that the company initially tried to remove more than 8,000 repositories on GitHub but later narrowed that down to 96 copies and adaptations.

This isn’t the first time that hackers have capitalized on interest in Claude Code, which requires users who might not be as familiar with their computer’s terminal to copy and paste install commands from a website. In March, 404 Media reported that sponsored ads on Google led to sites that were masquerading as official Claude Code installation guides, which directed users to run a command that would actually download malware.

The FBI formally classified a recent cyber intrusion into one of its surveillance collection systems as a “major incident” under FISMA—a legal designation reserved for breaches believed to pose serious risks to national security. The determination, reported to Congress earlier this week, is understood to be the first time since at least 2020 that the bureau has declared a major incident on its own systems. Politico, citing two unnamed senior Trump administration officials, reported that China is believed to be behind the intrusion. If confirmed, the breach could mark a significant counterintelligence failure for the FBI.

The FBI said it detected “suspicious activities” on its networks in February. In a notice to Congress on March 4, reviewed by Politico, the bureau said the compromised systems were unclassified and held “returns from legal process,” citing, as examples, phone and internet metadata collected under court orders and personal information “pertaining to subjects of FBI investigations.” The intruders reportedly gained access through a commercial internet service provider, an approach the FBI characterized as reflecting “sophisticated tactics.” In its only public statement, the bureau said it had deployed “all technical capabilities to respond.”