Welcome to our weekly cyber threat digest. This edition covers significant breaches at major organizations, emerging AI-driven attack techniques, and critical vulnerabilities that demand immediate attention. Below, we break down the key incidents into questions and detailed answers.
What source code leak affected Vodafone, and was customer data compromised?
The Lapsus$ extortion group claimed a breach of Vodafone's source code, which the telecom giant confirmed. The incident involved limited access to files hosted on GitHub, stemming from compromised third-party development software. Critically, Vodafone stated that no customer data or core network infrastructure was impacted. The breach highlights the risks of supply chain vulnerabilities even in large enterprises.
How did the THORChain security breach lead to a $10.7 million theft?
Swiss cryptocurrency platform THORChain experienced a breach where one of its six vaults was compromised, resulting in the theft of approximately $10.7 million. In response, trading was halted to contain the attack. The company clarified that losses were limited to protocol-owned assets spread across multiple blockchains, meaning user funds were not directly affected. The incident underscores ongoing security challenges in decentralized finance.
What was the impact of the ransomware attack on West Pharmaceutical Services?
Global drug delivery component manufacturer West Pharmaceutical Services suffered a ransomware attack that encrypted systems and exfiltrated data. The breach disrupted shipping, manufacturing, and shared service functions. Notably, no ransomware group has publicly claimed responsibility, but the company confirmed that some systems were encrypted and data was stolen. The attack highlights the vulnerability of critical healthcare supply chains.
Did Foxconn confirm a cyberattack, and what did the Nitrogen ransomware group claim?
Yes, Foxconn, a major electronics manufacturer, confirmed a cyberattack on its North American operations. The Nitrogen ransomware group claimed to have stolen 8 TB of data. Foxconn reported disruptions at some factories, though affected facilities were gradually returning to normal production. The incident again demonstrates that ransomware groups continue to target large industrial organizations for maximum leverage.
What are the 'Claw Chain' vulnerabilities in the OpenClaw AI platform?
Researchers disclosed four vulnerabilities collectively named 'Claw Chain' in OpenClaw, an autonomous AI agent platform. These flaws allow attackers to bypass sandbox controls, expose restricted files, leak secrets, and gain owner-level access. The most critical, CVE-2026-44112, has a CVSS score of 9.6. The vulnerabilities pose serious risks to AI systems that rely on isolation and privilege restrictions.
How did researchers use AI to bypass Apple's memory integrity on M5 chips?
Researchers developed an AI-assisted kernel exploit that bypasses Apple's Memory Integrity Enforcement on M5 chips, granting full system control on macOS 26.4.1. The exploit was accelerated using Anthropic's Mythos Preview AI model. The findings were privately reported to Apple before public disclosure. This demonstrates how AI can speed up vulnerability discovery in complex operating system protections.
What are the two unpatched Windows zero-days, YellowKey and GreenPlasma?
Two zero-day vulnerabilities, YellowKey and GreenPlasma, affect Windows 11 and recent Windows Server versions. YellowKey allows BitLocker bypass via the Windows Recovery Environment with physical access, while GreenPlasma abuses the CTFMON framework to escalate privileges to SYSTEM. Proof-of-concept code is publicly available, and no patches have been released. Administrators should apply mitigations such as restricting physical access and monitoring CTFMON activity.