Top Attacks and Breaches
Vercel Breach Linked to Compromised OAuth Tokens
Vercel, a prominent frontend cloud platform, revealed a security incident connected to a compromise at Context.ai. Stolen OAuth tokens allowed unauthorized access through a connected application. The company reported that an attacker gained access to employee information, internal logs, and a subset of environment variables. However, Vercel assured that the most sensitive secrets were not exposed. This event underscores the risks associated with third-party integrations and token management.
France Titres Data Breach Exposes Personal Information
France's identity and registration authority, France Titres, detected a data breach on April 15. The incident potentially exposed names, birth dates, email addresses, login IDs, and some physical addresses and phone numbers. A hacker subsequently offered the alleged agency data for sale on the dark web. This breach highlights ongoing vulnerabilities in government digital systems.
UK Biobank Breach: Health Data of 500,000 Volunteers Affected
UK Biobank, a research organization, confirmed a breach after de-identified health data of 500,000 volunteers was advertised for sale on Chinese marketplaces. Officials stated that the listings were removed and believed to be unsold. In response, the organization suspended access, shut down the research platform, and imposed download limits. The incident raises concerns about the security of large-scale biomedical databases.
Bitwarden Supply-Chain Attack via Malicious npm Package
Bitwarden, a widely used password manager, suffered a supply-chain attack when a malware-tainted CLI release was published to npm on April 22. According to Bitwarden, 334 developers installed version 2026.4.0 during a brief window, potentially exposing credentials. The attack stemmed from a hijacked GitHub account. Bitwarden emphasized that vault data remained unaffected, but the incident highlights the dangers of compromised software supply chains.
AI Threats
Unauthorized Access to Anthropic’s Claude Mythos Preview
Researchers flagged unauthorized access to Anthropic's Claude Mythos Preview, an unreleased AI cyber model, through a third-party vendor environment. A small Discord group reportedly used shared contractor accounts, API keys, and predictable URLs to reach the system. Anthropic stated it is investigating and has not seen impact to core systems. This case illustrates the challenges of securing advanced AI models during development.
Bissa Scanner: AI-Assisted Exploitation Platform Active
Researchers observed Bissa Scanner, an AI-assisted exploitation platform using Claude Code and OpenClaw. The platform supported mass scanning, exploitation, and credential harvesting, focusing on the React2Shell vulnerability (CVE-2025-55182). It scanned millions of targets, confirmed over 900 compromises, and collected tens of thousands of exposed environment files. This tool demonstrates how AI is being weaponized for large-scale attacks.
Prompt Injection in Google’s Antigravity IDE
Researchers highlighted a prompt-injection exploit chain in Google’s Antigravity agentic IDE that enabled sandbox escape and remote code execution. The flaw abused a file search tool that ran before security checks, allowing attackers to convert a benign prompt into system compromise, even in Secure Mode. Google patched the vulnerability, but the incident underscores the risks of AI-integrated development environments.
Vulnerabilities and Patches
Critical ASP.NET Core Privilege Escalation Flaw (CVE-2026-40372)
Microsoft issued out-of-band fixes for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability rated 9.1. The bug, affecting Data Protection versions 10.0.0 to 10.0.6, could allow attackers to forge cookies and antiforgery tokens, impersonate users, and gain SYSTEM-level access on Linux or macOS deployments. Administrators are urged to apply the patch immediately.
Apple Fixes iOS Notification Services Bug (CVE-2026-28950)
Apple released fixes for CVE-2026-28950 in iOS and iPadOS, a Notification Services bug that could lead to arbitrary code execution. The flaw, discovered in the notification processing system, posed a risk to device security. Apple's update is available for all supported devices, and users are advised to install it promptly.
Stay informed and protect your systems by monitoring these threats and applying patches as they become available. For more detailed analysis, refer to the full Threat Intelligence Bulletin.