Top Attacks and Breaches
Vodafone Source Code Leak
Vodafone, one of the world's largest telecommunications companies, suffered a source code leak that was claimed by the notorious Lapsus$ extortion group. The company confirmed that an attacker gained limited access to GitHub repositories through a compromised third-party development tool. However, Vodafone emphasized that customer data and core network infrastructure remained unaffected. The breach highlights the risks of supply chain vulnerabilities in software development environments.
THORChain Cryptocurrency Theft
The Swiss-based decentralized cryptocurrency platform THORChain experienced a security breach resulting in the theft of approximately $10.7 million. The attack targeted one of the platform's six vaults, prompting an immediate halt to trading. The company reported that losses were limited to protocol-owned assets distributed across multiple blockchains. This incident underscores the ongoing security challenges facing decentralized finance (DeFi) platforms.
West Pharmaceutical Ransomware Attack
West Pharmaceutical Services, a global manufacturer of drug delivery components, fell victim to a ransomware attack that disrupted shipping, manufacturing, and shared service functions. The company disclosed that certain systems were encrypted and data was exfiltrated. As of the report, no ransomware group had publicly claimed responsibility, leaving the investigation ongoing.
Foxconn Cyberattack
Electronics manufacturing giant Foxconn confirmed a cyberattack targeting its North American operations. The Nitrogen ransomware group claimed responsibility, alleging the theft of 8 terabytes of data. The attack caused disruptions at some factories, though Foxconn reported that affected facilities were in the process of resuming normal production. This incident further demonstrates the persistent threat to large-scale industrial organizations.
AI Threats
'Claw Chain' Vulnerabilities in OpenClaw
Researchers uncovered a set of four vulnerabilities in OpenClaw, an autonomous AI agent platform, collectively dubbed 'Claw Chain'. These flaws allow attackers to bypass sandbox controls, expose restricted files, leak secrets, and gain owner-level access. The most critical among them is CVE-2026-44112, which carries a CVSS score of 9.6. This discovery highlights security gaps in emerging AI agent frameworks.
AI-Assisted macOS Kernel Exploit
Security researchers developed an AI-assisted macOS kernel exploit that bypasses Apple's Memory Integrity Enforcement on M5 chips, granting full system control on macOS 26.4.1. The exploit was accelerated by Anthropic's Mythos Preview, an AI tool that helped identify vulnerabilities. The findings were privately reported to Apple before public disclosure, emphasizing the double-edged nature of AI in cybersecurity.
Abuse of Vercel's AI Website Generator
Threat actors are abusing Vercel's AI website generator, known as v0.dev, to mass-produce realistic phishing pages mimicking well-known brands such as Microsoft and Spotify. These campaigns use Telegram bots to capture credentials and payment details in real time. The ease of generating convincing phishing sites with AI tools represents a growing threat to online security.
Hugging Face Repository Hides Malware
Researchers discovered a popular repository on Hugging Face that hid Windows-targeting malware after accumulating over 200,000 downloads. The malicious package was disguised as OpenAI's privacy filter and installed an infostealer that harvested browser passwords, cookies, SSH keys, VPN configurations, and cryptocurrency wallets before exfiltrating the data. This incident illustrates the risks of trusting AI/ML model repositories without rigorous vetting.
Vulnerabilities and Patches
Two Windows Zero-Day Flaws: YellowKey and GreenPlasma
Two unpatched Windows zero-day vulnerabilities, named YellowKey and GreenPlasma, affect Windows 11 and recent Windows Server versions. YellowKey allows a BitLocker bypass via the Windows Recovery Environment when an attacker has physical access. GreenPlasma exploits the CTFMON framework to escalate privileges to the SYSTEM level. Proof-of-concept code has been made public, and as of the report, no official patches have been released. Administrators are urged to apply additional security controls and monitor for signs of exploitation.