Key Takeaways
- Medtronic suffered a corporate‑IT breach; threat actor ShinyHunters claims 9 million records were stolen, though the company says products, operations and finances remain unaffected.
- Vimeo confirmed a data leak originating from analytics vendor Anodot, exposing internal data, video titles/metadata and some customer emails, but no passwords, payment info or video content.
- Robinhood’s account‑creation flow was abused to send phishing emails that passed security checks; the vulnerable “Device” field has been removed and no accounts or funds were compromised.
- Trellix detected a source‑code repository intrusion; forensic review shows no evidence of product tampering, pipeline compromise or active exploitation so far.
- A newly disclosed Cursor vulnerability (CVE‑2026‑26268) lets attackers achieve remote code execution via malicious Git hooks when the AI agent interacts with a cloned repo.
- Bluekit is a phishing‑as‑a‑service platform that leverages multiple LLMs (GPT‑4.1, Claude, Gemini, Llama, DeepSeek) to automate domain setup, realistic login clones, anti‑analysis filters, session monitoring and Telegram‑based data exfiltration.
- Researchers demonstrated an AI‑enabled supply‑chain attack where Anthropic’s Claude Opus co‑authored a commit that injected PromptMink malware into an open‑source crypto‑trading project, stealing credentials, planting SSH persistence and exfiltrating source code.
- Microsoft patched a privilege‑escalation flaw in Entra ID that allowed the Agent ID Administrator role for AI agents to hijack any service account; a proof‑of‑concept showed credential addition and identity impersonation.
- cPanel fixed CVE‑2026‑41940, a critical authentication‑bypass zero‑day being actively exploited; patches released April 28 and Shadowserver observed ~44 k scanners or attackers.
- Google issued patches for a critical code‑execution flaw in the Gemini CLI and its GitHub Action that allowed malicious pull requests to run commands on CI/CD build servers.
- LiteLLM proxy versions 1.81.16‑1.83.6 are affected by CVE‑2026‑42208, a critical SQL‑injection enabling attackers to read or alter the LLM API‑key database; exploitation attempts appeared ~36 h after disclosure.
- Check Point Research warns that VECT 2.0 ransomware functions as a data wiper on Windows, Linux and ESXi; a critical encryption error discards decryption info for files >128 KB, rendering recovery impossible even after payment.
- A Mirai‑based botnet campaign targets Brazilian ISPs via CVE‑2023‑1389 on TP‑Link Archer AX21 routers and abused open DNS servers for high‑volume amplification; leaked files tie the activity to SSH keys linked to DDoS‑mitigation firm Huge Networks.
- The “AccountDumpling” phishing campaign abuses Google AppSheet email services to hijack Facebook accounts, using cloned support pages, reward lures and live 2FA collection; over 30 k users compromised, with stolen access monetized via Telegram by Vietnam‑based attackers.
- Researchers uncovered a TeamPCP supply‑chain operation that compromised four SAP npm packages; malicious installers harvested developer and cloud credentials from GitHub, npm and major providers, enabling propagation before the packages were removed.
Top Attacks and Breaches
Medtronic Corporate IT Breach
Medtronic disclosed that an unauthorized party gained access to its corporate IT systems. While the company asserted that its medical‑device products, operational technology and financial systems were not impacted, the threat group ShinyHunters claimed responsibility for stealing approximately nine million records. Medtronic is presently conducting a forensic assessment to determine the exact nature and scope of the exposed data.
Vimeo Data Leak via Analytics Vendor
Vimeo confirmed a breach that originated from a compromise at its analytics provider, Anodot. The exposed information included internal operational data, video titles and metadata, and a subset of customer email addresses. Importantly, passwords, payment card details and the actual video content remained untouched. Vimeo has notified affected users and is working with Anodot to remediate the vulnerability.
Robinhood Phishing Abuse of Account Creation
Threat actors exploited a weakness in Robinhood’s account‑creation workflow to launch a phishing campaign that appeared to originate from Robinhood’s official mailing address. The emails contained links to fraudulent sites and managed to bypass existing security checks. Robinhood responded by stating that no customer accounts or funds were compromised and has since removed the susceptible “Device” field from the registration process to prevent recurrence.
Trellix Source‑Code Repository Intrusion
Trellix, a leading endpoint security and XDR vendor, reported that attackers accessed a portion of its internal source‑code repository. After engaging forensic specialists and law‑enforcement agencies, Trellix concluded that there is currently no evidence of product tampering, CI/CD pipeline compromise, or active exploitation of the stolen code. The company continues to monitor the situation and has strengthened its repository access controls.
AI Threats
Cursor Remote‑Code‑Execution Flaw (CVE‑2026‑26268)
Researchers identified a vulnerability in Cursor’s AI‑assisted coding environment that permits remote code execution when the AI agent interacts with a cloned malicious repository. The exploit chains Git hooks and bare repositories to run attacker‑supplied scripts, potentially exposing source code, authentication tokens and internal development tools. Patching or restricting AI agent access to unverified repos is advised.
Bluekit Phishing‑as‑a‑Service Platform
Bluekit has emerged as a sophisticated phishing‑as‑a‑service offering that bundles more than forty phishing templates with an AI Assistant powered by multiple large language models—including GPT‑4.1, Claude, Gemini, Llama and DeepSeek. The platform automates domain registration, creates convincing login clones, applies anti‑analysis filters, monitors victim sessions in real time and exfiltrates harvested credentials via Telegram. Its AI‑driven customization lowers the barrier for threat actors to launch convincing campaigns at scale.
AI‑Enabled Supply‑Chain Attack Using Claude Opus
In a demonstration of AI‑assisted supply‑chain abuse, researchers showed that Anthropic’s Claude Opus model co‑authored a code commit that injected PromptMink malware into an open‑source autonomous cryptocurrency‑trading project. The hidden dependency harvested developer and cloud credentials, established persistent SSH access, and exfiltrated source code, enabling subsequent wallet takeover. The case underscores the need for rigorous provenance checking of AI‑generated contributions in open‑source ecosystems.
Vulnerabilities and Patches
Microsoft Entra ID Privilege‑Escalation Fix
Microsoft released a patch for a privilege‑escalation vulnerability in Entra ID that allowed the Agent ID Administrator role—intended for managing AI agents—to assume control of any service account. A published proof‑of‑concept illustrated how attackers could add credentials and impersonate privileged identities. Organizations are urged to apply the update and review role assignments for AI‑related administrative accounts.
cPanel Authentication Bypass (CVE‑2026‑41940)
cPanel addressed CVE‑2026‑41940, a critical authentication‑bypass zero‑day that is being actively exploited in the wild. The flaw grants full administrative control without requiring valid credentials. Patches were issued on April 28, and Shadowserver telemetry indicated roughly forty‑four thousand internet addresses scanning or attacking decoy systems exploiting the vulnerability. Check Point IPS provides inline protection against this threat.
Google Gemini CLI Code‑Execution Flaw
Google patched a critical code‑execution vulnerability in the Gemini CLI and its associated GitHub Action. The issue stemmed from automatic trust of workspace files during CI/CD jobs, allowing malicious pull requests to execute arbitrary commands on build servers. Applying the latest Gemini CLI version and enforcing strict pull‑request validation mitigates the risk.
LiteLLM SQL Injection (CVE‑2026‑42208)
Versions 1.81.16 through 1.83.6 of the LiteLLM proxy contain a critical SQL‑injection flaw that enables attackers to read or alter the proxy’s database, which stores large language model API keys. Exploitation attempts were observed approximately thirty‑six hours after public disclosure. Check Point IPS offers protection against this specific SQL‑injection vector.
Threat Intelligence Reports
VECT 2.0 Ransomware Acts as Data Wiper
Check Point Research analysis revealed that VECT 2.0 ransomware effectively functions as a data wiper across Windows, Linux and ESXi platforms. A critical encryption error discards the decryption information required for files larger than 128 KB, making recovery impossible even if victims pay the ransom. Check Point Threat Emulation and Harmony Endpoint provide detection and blocking capabilities for this malware family.
Mirai‑Based Botnet Targeting Brazilian ISPs
Researchers documented a Mirai variant botnet campaign aimed at Brazilian internet service providers. The botnet leverages CVE‑2023‑1389 in TP‑Link Archer AX21 routers and abuses open DNS servers to launch high‑volume amplification attacks. Leaked files linked the botnet’s command‑and‑control infrastructure to SSH keys associated with DDoS‑mitigation firm Huge Networks, suggesting a possible collaboration or reuse of compromised assets.
AccountDumpling Phishing Campaign Hijacking Facebook
A large‑scale phishing operation dubbed “AccountDumpling” abuses Google AppSheet email services to takeover Facebook accounts. The campaign, traced to Vietnam‑based actors, employs cloned support pages, reward lures and live‑capture of two‑factor authentication codes. Over thirty thousand users have been compromised, with stolen access subsequently monetized through Telegram channels.
TeamPCP Supply‑Chain Compromise of SAP npm Packages
Investigators uncovered a TeamPCP supply‑chain attack that infiltrated four SAP‑related npm packages used in cloud development workflows. The malicious installers harvested developer and cloud credentials from GitHub, npm and major cloud providers, facilitating propagation before the compromised packages were removed. Organizations relying on these packages should audit their dependency trees and rotate any potentially exposed credentials.