Overview
This week's cyber landscape saw high-profile attacks on telecom and manufacturing giants, sophisticated AI-driven threats, and critical zero-day vulnerabilities still awaiting patches. Below is a detailed breakdown of the top incidents and risks to watch.
Cyber Attacks and Data Breaches
Lapsus$ Claims Source Code Leak at Vodafone
International telecom provider Vodafone confirmed a security incident in which its GitHub repositories were partially exposed. The Lapsus$ extortion group claimed responsibility for the source code leak, which occurred after attackers compromised third-party development software. Vodafone reassured that customer data and core network infrastructure remained unaffected, but the incident highlights the risk of supply chain vulnerabilities in software development pipelines.
THORChain Loses $10.7 Million in Vault Compromise
Switzerland-based cryptocurrency platform THORChain suffered a breach that forced a trading halt when one of its six vaults was infiltrated. The attack resulted in the theft of approximately $10.7 million in protocol-owned assets across multiple blockchains. The company stated that user funds were not directly impacted, but the incident underscores the persistent security challenges in decentralized finance.
West Pharmaceutical Services Hit by Ransomware
Global drug delivery component manufacturer West Pharmaceutical Services reported a ransomware attack that disrupted shipping, manufacturing, and shared service functions. An unknown ransomware group encrypted some systems and stole data, though no group has publicly claimed responsibility. The company is working to restore operations while investigating the extent of the data exfiltration.
Foxconn Confirms Cyberattack on North American Operations
Electronics manufacturing giant Foxconn acknowledged a cyberattack on its North American facilities, with the Nitrogen ransomware group claiming to have stolen 8 TB of data. The attack caused temporary disruption at some factories, but production has since resumed. The incident emphasizes the vulnerability of global supply chains to ransomware.
Emerging AI Threats
Critical Vulnerabilities in OpenClaw AI Agent Platform
Researchers disclosed a set of four vulnerabilities—collectively named ‘Claw Chain’—affecting OpenClaw, an autonomous AI agent platform. The flaws, including the critical CVE-2026-44112 (CVSS 9.6), enable attackers to bypass sandbox controls, expose restricted files, leak secrets, and gain owner-level access. Organizations using OpenClaw are urged to apply patches immediately.
AI-Assisted Exploit Bypasses Apple’s Memory Integrity on M5 Chips
A team of researchers developed an AI-assisted kernel exploit targeting macOS 26.4.1 running on Apple’s M5 chips. The exploit bypasses Apple’s Memory Integrity Enforcement, granting full system control. The research was accelerated by Anthropic’s Mythos Preview AI model. The findings were responsibly disclosed to Apple before public release, but the proof-of-concept demonstrates the growing role of AI in uncovering complex vulnerabilities.
Vercel’s AI Website Generator Abused for Phishing
Threat actors are reportedly exploiting Vercel’s v0.dev AI website generator to mass-produce realistic phishing pages that mimic brands like Microsoft and Spotify. The campaigns use Telegram bots to capture credentials and payment details in real time. This tactic lowers the barrier for creating convincing phishing sites, increasing risks for users and organizations.
Hugging Face Repository with 200,000 Downloads Hides Malware
A popular Hugging Face repository disguised as OpenAI’s privacy filter was found to contain Windows-targeting malware after accumulating over 200,000 downloads. The malicious package installed an infostealer that harvested browser passwords, cookies, SSH keys, VPN configurations, and cryptocurrency wallets. Users should verify the authenticity of AI model repositories before deployment.
Critical Vulnerabilities and Patches
Two Unpatched Windows Zero-Days: YellowKey and GreenPlasma
Two zero-day vulnerabilities—YellowKey and GreenPlasma—affect Windows 11 and recent Windows Server versions. YellowKey allows a BitLocker bypass via the Windows Recovery Environment with physical access, while GreenPlasma abuses the CTFMON framework to escalate privileges to SYSTEM. Public proof-of-concept code is available, and Microsoft has not yet released patches. Organizations should restrict physical access to devices and monitor for privilege escalation attempts.
Stay informed with our weekly Threat Intelligence Bulletin for the latest cyber research and mitigation strategies.