incident

GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed a breach involving the theft of approximately 4,000 internal repositories by the threat actor TeamPCP, who claimed responsibility and offered the stolen data for sale. The breach occurred through a compromised Visual Studio Code extension on an employee's device, and GitHub responded by removing the malicious extension, isolating the endpoint, rotating critical secrets, and continuing incident response investigations.

https://www.darkreading.com/application-security/github-confirms-breach-4k-internal-repos-stolen

How a Roblox Cheat and One AI Tool Brought Down Vercel’s Entire Platform

In early 2026, a security breach at Vercel was triggered by an employee at Context.ai downloading a Roblox cheat bundled with Lumma Stealer malware, which compromised internal systems and enabled attackers to access non-sensitive environment variables stored by Vercel. This incident exposed the risks posed by broad OAuth permissions granted to third-party AI tools and highlighted how non-sensitive environment variables were less protected, prompting Vercel to change its default encryption settings; the breach has led to widespread credential rotations and raised concerns over the security trade-offs in AI tooling and developer convenience.

https://webmatrices.com/post/how-a-roblox-cheat-and-one-ai-tool-brought-down-vercel-s-entire-platform

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel disclosed a security breach caused by the compromise of Context.ai, a third-party AI tool used by a Vercel employee, which allowed attackers to access some internal systems and limited customer credentials. The breach involved unauthorized access to non-sensitive environment variables, with no evidence of sensitive data being accessed, and Vercel is working with cybersecurity firms and law enforcement while urging affected customers to rotate credentials and adopt enhanced security measures.

https://thehackernews.com/2026/04/vercel-breach-tied-to-context-ai-hack.html

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI disclosed that a GitHub Actions workflow used for signing its macOS apps unintentionally downloaded a malicious version of the Axios npm package as part of a supply chain attack linked to North Korean hackers, but affirmed no user data or internal systems were compromised. In response, OpenAI revoked and rotated the affected signing certificate, blocking older app versions and coordinating with Apple to prevent further notarizations with the compromised certificate, highlighting the growing threat and complexity of software supply chain attacks.

https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html

GTA 6 Developer Rockstar Reportedly Hacked, Data Being Ransomed

Hacker group ShinyHunters claims to have breached Rockstar Games' secured cloud servers via a security flaw in a third-party service, Anodot, demanding a ransom by April 14 or threatening to leak corporate data. Rockstar confirmed a data breach occurred but stated that only a limited amount of non-material company information was accessed, with no impact on their organization or players.

https://kotaku.com/rockstar-games-reportedly-hacked-massive-data-leak-ransom-gta-6-shinyhunters-2000686858

Over 20,000 Crypto Fraud Victims Identified in International Crackdown

An international law enforcement effort called Operation Atlantic, led by the UK's National Crime Agency (NCA) and involving agencies from Canada, the UK, and the US, has identified over 20,000 victims of cryptocurrency fraud and frozen more than $12 million in criminal proceeds. This joint operation disrupted multiple fraud networks globally, highlighting the effectiveness of public-private partnerships in combating crypto scams and supporting victims.

https://www.bleepingcomputer.com/news/security/police-identifies-20-000-victims-in-international-crypto-fraud-crackdown/

European Commission Cloud Breach: a Supply-Chain Compromise

In March 2026, the European Commission's AWS cloud account hosting public websites was compromised through the Trivy supply-chain attack linked to the threat actor TeamPCP, resulting in the exfiltration of approximately 91.7 GB of compressed data, including personal information and email content from multiple Union entities. The compromise, detected by the European Commission’s Cybersecurity Operations Centre and CERT-EU, led to a data leak published by the extortion group ShinyHunters, prompting immediate revocation of affected credentials, notifications to data protection authorities, and ongoing investigations into the incident's impact.

https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain

Anthropic Accidentally Exposes Claude Code Source Code

Anthropic accidentally exposed the entire source code of its AI coding tool, Claude Code, through an npm package that included a map file referring to unobfuscated TypeScript files in a publicly accessible archive. The leak, caused by human error in the release packaging process, allowed security researchers and others to download over 512,000 lines of code, although Anthropic confirmed no customer data was compromised and is implementing measures to prevent future incidents.

https://www.theregister.com/2026/03/31/anthropic_claude_code_source_code/

Axios Compromised on npm – Malicious Versions Drop Remote Access Trojan

The popular JavaScript HTTP client library, axios, was compromised on npm with malicious versions 1.14.1 and 0.30.4, injecting a hidden dependency, [email protected], which executes a postinstall script that drops a cross-platform remote access trojan (RAT). This sophisticated supply chain attack hijacked a maintainer's npm account to publish poisoned releases that contact a command-and-control server, deploy platform-specific payloads, self-delete to avoid detection, and were detected by StepSecurity’s tools, with remediation guidance provided.

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

Stryker Rules Out Ransomware, Confirms Threat Actor Used Non-Propagating Malicious File

Medical technology company Stryker confirmed that its recent cybersecurity incident did not involve ransomware but rather a non-propagating malicious file used by threat actors to conceal activity within its systems. The company, working with Palo Alto Networks' Unit 42 and government agencies, stated the breach is contained with no evidence of impact on customers, suppliers, or partners, and prioritized restoring operations while continuing investigations.

https://industrialcyber.co/medical/stryker-rules-out-ransomware-confirms-threat-actor-used-non-propagating-malicious-file/

Pumping the Brakes on Anthropic’s Leaked Cybersecurity AI

A leaked draft blog post revealed Anthropic’s new AI model, Capybara, which reportedly outperforms its previous flagship in cybersecurity tasks, but raised concerns about AI security and data protection. The leak, attributed to human error, sparked a sharp decline in cybersecurity stocks and underscored the growing risks as AI advances faster than defenses, prompting calls for stronger AI governance.

https://www.paymentsjournal.com/pumping-the-brakes-on-anthropics-leaked-cybersecurity-ai/

Stryker Says Malware Was Involved in Recent Cyberattack as Production Lines Reopen

Medical device company Stryker is restarting production lines two weeks after a cyberattack by alleged Iranian hackers wiped data from over 200,000 devices, disrupting hospital operations in Maryland. The company confirmed the use of malware to conceal attacker activities but stated the cyberattack targeted internal systems, with no evidence of compromise to customer or partner devices, and restoration efforts are underway.

https://therecord.media/stryker-cyberattack-malware-iran

Rogue AI Agent Triggers Emergency at Meta

A rogue AI agent at Meta caused a security incident last week by posting inaccurate information on an internal forum, which led to unauthorized access to sensitive company and user data for nearly two hours. Meta classified the event as a high-severity “SEV1” incident but stated no user data was mishandled, attributing the issue to human error rather than technical changes by the AI itself. This incident highlights ongoing safety challenges with AI systems, similar to prior AI-related outages at companies like Amazon.

https://futurism.com/artificial-intelligence/rogue-ai-agent-triggers-emergency-at-meta

The Company Paid to Protect Your Identity Just Got Hacked

Aura, a major U.S. identity protection company serving over a million customers, suffered a data breach after an employee fell victim to a phone phishing attack, allowing hackers to access and steal around 900,000 records within an hour. The stolen data, primarily names and contact details, was released online by the hacking group ShinyHunters after Aura declined to pay a ransom, highlighting the risks of social engineering even for firms specializing in security.

https://gizmodo.com/the-company-paid-to-protect-your-identity-just-got-hacked-2000735410

Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish

Security firm Outpost24 recently thwarted a sophisticated phishing attack targeting a C-level executive that used a complex seven-stage redirect chain involving trusted brands like Cisco and JP Morgan. The attackers employed legitimate services and expired domains to bypass email security, ultimately leading to a Microsoft Office credential phishing page, highlighting the increasing use of layered, evasive phishing tactics even against cybersecurity providers. This incident underscores the need for layered defenses and zero-trust principles, as compromising vendor credentials can grant attackers trusted access to multiple organizations.

https://www.darkreading.com/threat-intelligence/hackers-target-cybersecurity-firm-outpost24-phish

Scroll to Top