Cyber News Bytes: What’s Happening in Cybersecurity This Week

This week felt like the cybersecurity world could not catch a breath. 😅

From AI companies leaking their own source code to researchers warning that quantum encryption threats are arriving sooner than anyone expected, there was a lot to unpack.

Let's get into it.

1. Anthropic Leaks Claude Code Source in Massive npm Packaging Error

On March 31, 2026, Anthropic mistakenly included a debugging JavaScript sourcemap for Claude Code v2.1.88 in an npm package, kicking off a global rush to examine the de-obfuscated code.

The disclosure post amassed more than 28.8 million views on X, and the leaked codebase surpassed 84,000 stars and 82,000 forks on GitHub.

The leak contained 513,000 lines of unobfuscated TypeScript across 1,906 files, revealing the agent's orchestration logic, permissions and execution systems, hidden features, and security-related internals.

Anthropic called it a "release packaging issue caused by human error" and confirmed no customer data or credentials were exposed.

However, users who installed Claude Code via npm on March 31 between 00:21 and 03:29 UTC may have pulled a trojanized version of the Axios HTTP client. Downgrade to a safe version and rotate all secrets immediately.

Why it matters: Claude Code's run-rate revenue had exceeded $2.5 billion as of February, and this exposure hands rivals like OpenAI, Google and xAI a detailed map of the design logic underlying a product they have been racing to replicate, removing the need to reverse-engineer capabilities that took Anthropic years to build.

Rotate your API keys now and switch to the native installer going forward.

Read more on SecurityWeek

2. Fake Claude Code Downloads Are Delivering Infostealing Malware

The leak above immediately spawned a second threat.

A malicious GitHub repository published by idbzoomh used the Claude Code exposure as a lure to trick people into downloading malware, including Vidar, an infostealer that steals account credentials, credit card data, and browser history, and GhostSocks, which is used to proxy network traffic.

The repository advertised "unlocked enterprise features" with no usage limits.

Instead of legitimate code, the zip archive contained a Rust-based dropper that deployed Vidar and GhostSocks upon execution.

Zscaler ThreatLabz researchers caught it while actively monitoring GitHub for threats.

Why it matters: This illustrates how quickly criminals move to abuse a buzzy news event for financial gain, increasing the chance of opportunistic compromise through trojanized repositories.

Download software only from official sources, verify checksums before executing anything, and treat any repo advertising "unlocked" features for a paid product as an immediate red flag.

Read more on BleepingComputer

3. New Research Suggests Quantum Computers Could Break Encryption Before the Decade Is Out

The assumption keeping many security teams from treating post-quantum migration as urgent just got a serious challenge.

Two new analyses suggest that quantum computers could crack ubiquitous security keys and cryptocurrencies before the decade is over, creating a sense of "renewed urgency" among academics, bankers, and cryptocurrency holders alike.

The newly described JVG algorithm requires a thousand-fold fewer quantum computing resources than Shor's algorithm, and research extrapolations suggest fewer than 5,000 qubits would be needed to break RSA and ECC encryption.

Those cryptographic systems underpin nearly every secure digital interaction we have today.

Why it matters: The most urgent threat is the "harvest now, decrypt later" model, where adversaries capture encrypted data today and store it until a sufficiently capable quantum computer enables future decryption.

Sensitive data being transmitted right now is potentially at risk down the road.

Organizations that have not started planning a migration to post-quantum standards are already behind.

Read more on Nature

4. Drift Protocol Loses $285 Million in Sophisticated Multi-Week Crypto Attack

Solana-based decentralized exchange Drift confirmed that attackers drained approximately $285 million from the platform on April 1, 2026, gaining unauthorized access through a novel attack involving durable nonces that resulted in a rapid takeover of Drift's Security Council administrative powers.

The attack did not exploit a smart contract vulnerability or compromised seed phrases. Instead, it involved unauthorized transaction approvals obtained ahead of time through multi-week preparation, using durable nonce accounts to pre-sign transactions with delayed execution.

On-chain staging began on March 11, nearly three weeks before the April 1 execution, with attacker infrastructure, token manufacturing, and social engineering all running in parallel with careful coordination.

Why it matters: The level of planning involved here reflects exactly how sophisticated threat actors targeting DeFi platforms have become.

As these platforms grow in value and mainstream adoption, their security architecture has to keep pace.

This attack also underscores why transaction approval processes need layered review mechanisms rather than single points of administrative control.

Read more on The Hacker News

This week tied together a theme that keeps surfacing: the gap between how fast technology moves and how slowly security practices tend to follow.

Whether it is an AI company shipping source code by accident, bad actors weaponizing that mistake within hours, researchers compressing the quantum threat timeline, or a DeFi platform losing hundreds of millions to weeks of undetected preparation, the common thread is that reactive security is not keeping pace.

The answer is not panic, it is preparation and awareness, which is exactly why you are here.

Stay skeptical. Talk soon!

Sandra / Cyber With Sandra | withcybersecurity.com