A WIRED inquiry, drawing from Department of Homeland Security files this week, unveiled the particulars of quasi-military Border Patrol operatives who frequently employed coercion against non-combatants throughout Operation Midway Blitz in Chicago last autumn. A number of these agents, WIRED ascertained, participated in comparable missions across the nation.
Customs and Border Protection ought to bear in mind the importance of safeguarding its confidential site data. By employing simple Google queries, WIRED uncovered user-generated digital cards crafted by individuals on the online learning platform Quizlet that included entry passwords to CBP facilities and additional sensitive information.
In an unusual step this week, Apple issued “backported” fixes for iOS 18, aimed at safeguarding millions of individuals still running the legacy operating system from the DarkSword exploitation method, which was detected actively being exploited. Identified back in March, DarkSword enables malicious actors to compromise iPhones that merely browse a webpage infused with exploitation utilities. Apple initially urged users to upgrade to the latest iteration of its operating system, iOS 26, but eventually released the iOS 18 patches after DarkSword persisted in propagating.
This week, the US-Israel confrontation with Iran plunged into its second month, with Iran vowing to initiate assaults against over twelve US companies, including technology behemoths such as Apple, Google, and Microsoft, which boast facilities and server farms in the Persian Gulf area. The lethal conflict, without a visible resolution in sight, continues to inflict severe damage upon the global economy as maritime personnel remain marooned in the Strait of Hormuz, a vital commercial passage. Concurrently, questions are emerging about what might transpire if US strikes cause significant harm to Iran’s atomic installations.
But wait, there’s more! Every seven days, we compile the security and privacy news we couldn’t delve into extensively personally. Tap the titles to read the complete articles. And remain secure, folks.
In the early part of this week, a security researcher drew attention to the fact that Anthropic inadvertently exposed the underlying script for its popular vibe-coding utility, Claude Code. Instantly, people began re-sharing the code on the programmer’s hub, GitHub. However, exercise caution should you attempt to acquire some of those code archives yourself: BleepingComputer reports that some of the posters are in fact malicious actors who have concealed data-stealing malicious software within the script.
Anthropic, for its part, has endeavored to eliminate instances of the exposed data (whether infected with malicious software or not) by dispatching intellectual property removal requests. The Wall Street Journal stated that the company initially sought to delete upwards of eight thousand repositories on GitHub but subsequently reduced that number to 96 duplicates and altered versions.
This marks not the inaugural instance that malicious actors have exploited fascination with Claude Code, which necessitates that individuals less acquainted with their system console replicate and insert installation instructions from a website. In March, 404 Media published that paid advertisements on the Google search engine directed to webpages pretending to be legitimate Claude Code setup manuals, which instructed individuals to execute a directive that would in reality procure malicious software.
The FBI officially categorized a recent digital breach into one of its intelligence gathering platforms as a “major incident” under FISMA—a statutory classification allocated to security compromises thought to endanger gravely the state’s safety. This classification, conveyed to lawmakers earlier this week, is presumed to mark the first time not since 2020 at the earliest that the agency has announced a major incident within its proprietary networks. Politico, quoting two anonymous high-ranking Trump-era government figures, indicated that China is suspected of orchestrating the intrusion. Should this be validated, the breach might signify a considerable intelligence lapse for the FBI.
The FBI reported noticing “questionable behaviors” within its digital infrastructure in February. Within a communiqué to legislators on March 4, scrutinized by Politico, the bureau affirmed that the breached platforms contained no classified data and held “outcomes of legal proceedings,” detailing, for instance, telecommunication and web usage data gathered via judicial directives and private details “relevant to individuals under FBI scrutiny.” The perpetrators apparently penetrated the systems via a commercial internet service provider, an approach the FBI described as demonstrating “advanced methodologies.” In its sole official declaration, the bureau affirmed it had utilized “its complete technological resources for a countermeasure.”
{content}
Source: {feed_title}