💥 Claude Code Leak: 512k Lines Weaponised, 10k US Dev Rigs Now Proxy Zombies

TL;DR

• Claude Code source code leaked, triggering trojanized repos with Vidar and GhostSocks infostealers targeting 10,000+ downloads
• Microsoft integrates Sysmon into Windows 11 with AI-powered threat detection
• Russia's internet blocking attempts trigger nationwide banking failure, disrupting payments and Telegram services

💥 Claude Code Leak: 512k Lines Weaponised, 10k US Dev Rigs Now Proxy Zombies

512k lines of Claude just dropped like a drunk USB in the club—59MB of TS treasure map baited 10k+ devs to snort Vidar & GhostSocks straight up their CI! 🧨 Corp “oops” → your rigs mine coin for rando socks. Who’s reinstalling Windows tonight, USA coders?

Anthropic’s crown-jewel source-map—512 k lines, 59 MB of TypeScript—was “oops-dropped” on GitHub last Monday. By Tuesday, two fork-farms were slinging a .7z labeled “Leaked Claude Code” like it was Black-Friday firmware. One click → Rust dropper → Vidar v18.7 vacuums passwords, cookies, seed phrases; GhostSocks flips your laptop into a $0.30-per-Gb SOCKS sock-puppet. Ten-thousand-plus devs already bit; Zscaler tallies 793 malicious forks still smirking behind DMCA takedowns that missed the party.

How the heist works (spoiler: it’s stupidly simple)

• Source-map ships full CLI logic; no obfuscation, no guardrails.
• Bad actors add one fake “Download ZIP” button; GitHub stars snowball (564 and climbing).
• ClaudeCode_x64.exe is just a 1.2 MB Rust wrapper that sideloads two payloads before you can say “npm audit.”

Impacts (or, why your weekend is now ruined)

Credential Hemorrhage: >10 k endpoints coughing up AWS keys, crypto seeds, corporate VPN creds → instant underground supermarket.
Proxy Farm: infected boxes join a residential botnet; your ISP bill spikes while someone else streams abuse through your IP.
Reputational Face-Plant: Anthropic’s “helpful, harmless, honest” tagline becomes a punch-line on InfoSec Twitter.

Institutional “response” (a.k.a. whack-a-mole)

GitHub nuked ~8 k repos but left 96 forks “for research”; npm yanked poisoned axios 0.14.1 & 0.30.4 yet fresh typosquats pop up hourly. Anthropic’s official advice so far: “Please don’t download leaked code.” Gee, thanks.

SWOT for the rest of us

• Strength: public IOC list drops—block ClaudeCode_x64.exe, port 1080 SOCKS.
• Weakness: source-maps still default-on in half the npm universe.
• Opportunity: cheap PR for any vendor selling “supply-chain sparkle.”
• Threat: next leak won’t need social engineering; CI will auto-clone-and-own itself.

Outlook (set calendar reminders so you can say “told ya”)

• This week: fork count 1 k, downloads 20-30 k, fresh fake releases on DirectDownload sites.
• Q2 2026: modular Rust loader goes file-less, targets GitHub Actions runners; expect Fortune-500 “Claude inside” breaches.
• 2027: regulators mandate source-map sterilization; meanwhile your build pipeline is still sipping from whatever repo has the most stars.

Bottom line: if the code’s “too big to ignore,” it’s too fat to audit. Wrap your own CI in tar, feathers, and offline keys—because the next “oops” is already queued.

🪓 Sysmon Hardwired in 80 M Win11 US Boxes: 2 % CPU Toll, AI Cop Watches Every Click

🪓 80 million US PCs just got a built-in snitch—Sysmon baked into Win11, AI cop reading every twitch. That’s 3→0.3 day rollout, +2 % CPU for the privilege. Your cheat engine already BSOD’ing, gamer. Still trust the “optional” switch? — who’s muting Redmond in YOUR taskbar?

Microsoft finally duct-taped Sysmon into Windows 11 (build 26200.8037, March 10). One sysmon ‑i config.xml later, every Home gamer, broke SMB, and Fortune-500 mothership inherits 30–50 % better anomaly visibility—without the 3-day manual-install hangover. CPU tax? A lazy 2 % at idle; RAM bloat, 15 MB—less than one Chrome tab of doom.

How it works

• Events: process, network, file, registry, driver—SHA-256 hashes included.
• AI risk score: 0-100, only screams when >70; model is a black box, because transparency is so 2020.
• Channel: dumps into Microsoft-Windows-Sysmon/Operational; your SIEM will drink it like cheap coffee.

Impacts
Home users: suddenly sport telemetry that used to require a CS degree → mom’s laptop now snitches on phishing exe’s.
Enterprise: 25 % more endpoint noise headed to Sentinel/CrowdStrike → analysts drown faster, but catch creeps.
Gamers: 0.3 % see anti-cat drivers nuke boot loops → “Compatibility Mode” registry hack keeps RGB alive.

Timeline—mark your calendar, or don’t

• Q3 2026: auto-quarantine switch flips; lateral-movement AI gets revenge.
• Q4 2026: file-hash cloud lookup + Azure AD correlation; expect 12 % fewer false positives—still means 88 % bullshit.
• 2027 preview: “Sysmon-as-a-Service” lands in Windows 12—because why own your logs when you can rent them?

Bottom line
Redmond stuffed a free, open-source bouncer inside the club. It’s underpaid, overworked, but yours—no license audit, no CFO tears. Use it, tweak it, drown the logs in cheap storage, and remember: the only thing cheaper than zero cost is the zero damn Microsoft gives about your Sunday uptime.

💥 80% Telegram Dead, Banks Bleed $24M: Russia’s Net Clampdown Hits Moscow

80% of Telegram pings vanish→Kremlin says "just a hiccup"💥 That’s 50M VPN junkies cold-turkey, banks barfing $24M in 24h, & babushkas dusting off pagers📟 Cash-only Moscow feels 1998 again—except now the app they shove down your throat is named MAX🤡 Who’s side-loading freedom tonight?

Russia just rage-quit its own economy. On 3 Apr, the Kremlin’s whitelisting circus throttled Telegram, WhatsApp, Signal—and, bonus round, the banking APIs that actually move money. Result: Sberbank, T-Bank and VTB went dark for 30-45 min, shoving 100 % of retail back to sweaty wads of rubles. Instant damage: 1-2 billion RUB (≈ $12-24 M) in lost sales—enough to buy every Muscovite a beer, if beer hadn’t vanished from card readers.

Payments: Plastic turned plastic-implant → cash-only queues snaking round blocks, counterfeit risk up, liquidity gasping.
Comms: Telegram reach -25 %; military & charity donation channels flatline—70-80 % drop in crisis-crowdfunding expected.
Consumer Darwinism: Walkie-talkie sales +27 %, pagers +73 %—because nothing screams “modern economy” like 1993 hardware.

How the sausage was made

Roskomnadzor flipped its “whitelist” switch: only pre-approved IP ranges pass. Anything encrypted and not called “MAX” (the state’s sad clone) gets 80 % packet loss. Banks ride the same pipes, so when Telegram bled, their APIs drowned. Meanwhile 50 M VPN junkies hit brick walls; 60 k accounts ghosted in a single afternoon.

Institutional face-plants

• MAX app adoption: <10 %—even bureaucrats won’t friend it.
• VPN fee proposal: $15/month for 15 GB—turns privacy into a luxury tax.
• International shrug: investors eye the exit; sanctions sharpen.

Short → long arc (brace)

• Q2 2026: Intermittent bank tantrums each time Telegram sneezes; VPN traffic down another 15 %.
• Q3 2026: Full Telegram block probable; MAX limps to 20-30 % share, satisfaction sub-40 %.
• 2027-28: E-commerce hemorrhages 50-100 B RUB yearly; offline comms market stabilizes 2× bigger—your next “start-up” might be re-selling fax ribbons.

Hack the pain

Banks: multi-path routing + satellite backup—stop hitching your wagon to censors.
Users: flash-drive-sized mesh firmware, stealth VPN configs—swap ‘em in cafés like mixtapes.
Policy voyeurs abroad: sanction the DPI vendors, not just the politburo.

Russia wanted a sovereign net; it built a sovereign net-loss. Every block is a free ad for open tech—download it while you still can.

In Other News

• Windows 11 Introduces PktMon: Built-In Packet Analyzer for SDN, Containers, and Network Diagnostics
• Perplexity faces $5,200-per-violation lawsuit for sharing user data with Google and Meta without consent