Weekly Cyber Threat Digest: April 20 – Data Breaches, AI Exploits, and Critical Patches
Top Attacks and Breaches
The past week saw several significant data breaches affecting major organizations across travel, education, technology, and fitness sectors. Below is a summary of the key incidents.
Booking.com Confirms Data Breach
The Amsterdam-based travel platform Booking.com has officially confirmed a data breach after unauthorized parties gained access to reservation data belonging to some customers. The exposed information includes names, email addresses, phone numbers, physical addresses, and booking details. This breach creates a notable phishing risk for affected users. In response, the company reset reservation PINs and directly notified impacted individuals.
McGraw-Hill Breach Affects 13.5 Million Accounts
Global educational publisher McGraw-Hill disclosed a data breach following an extortion attempt. Attackers accessed the company's Salesforce environment, leaking data from approximately 13.5 million accounts. The exposed records include names, email addresses, phone numbers, and physical addresses. Notably, no payment card information was reported compromised.
EssentialPlugin Supply Chain Compromise
WordPress plugin development firm EssentialPlugin suffered a supply chain compromise that pushed malicious updates to more than 30 plugins installed on thousands of websites. The backdoored code enabled unauthorized access and the creation of spam pages. WordPress.org closed the affected plugins, but infections may remain on compromised sites.
Basic-Fit Data Breach Hits One Million Members
Europe's largest gym chain, Basic-Fit, reported a data breach after attackers accessed a franchise-wide system used to track club visits. The incident exposed bank account details and personal data for about one million members across six countries. Fortunately, passwords and identity documents were not affected.
AI Threats
Security researchers have uncovered a series of alarming incidents involving the weaponization of artificial intelligence. These developments highlight the growing sophistication of AI-powered attacks.
Lone Hacker Uses AI to Breach Mexican Government Agencies
A lone hacker weaponized Claude Code and OpenAI's GPT-4.1 to breach nine Mexican government agencies. AI-driven commands accelerated reconnaissance, executing 5,317 actions across 34 sessions. The operation accessed 195 million taxpayer records and 220 million civil records after safety filters were bypassed through prompt manipulation and an injected hacking manual.
Phishing Campaign Impersonates Claude AI
Researchers detailed a phishing campaign that impersonates Anthropic's Claude AI with a fake Claude Pro installer for Windows. The package displays a working application to distract victims while abusing a trusted program to sideload PlugX malware. This enables remote access and persistence on compromised systems.
Prompt Injection Attacks Target AI Agents in GitHub Workflows
A prompt injection technique has been demonstrated that hijacks AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can force the agents to run commands and expose repository secrets, including access tokens and API keys, during automated development tasks.
Vulnerabilities and Patches
Critical vulnerabilities have been identified and patched this week, with active exploitation reported for one major flaw.
Apache ActiveMQ Flaw Under Active Exploitation
CISA warns of active exploitation of Apache ActiveMQ vulnerability CVE-2026-34197, a high-severity code injection flaw that allows remote code execution. The vulnerability carries a CVSS score of 8.8 and has been addressed by Apache in versions 5.19.4 or 6.2.3. Check Point IPS provides protection against this threat (Apache ActiveMQ Code Injection (CVE-2026-34197)).
Splunk Fixes High-Severity Vulnerability
Splunk has released fixes for CVE-2026-20204, a high-severity vulnerability. While details are limited, users are urged to apply the patches promptly to mitigate potential risks.
Stay informed and ensure your systems are updated to defend against these evolving threats.
Related Articles
- How to Defend Your Network in a Zero-Window Era: Leveraging NDR Against AI-Generated Threats
- Securing vSphere Against BRICKSTORM: Key Questions and Answers for Defenders
- Critical ‘Copy Fail’ Linux Flaw Enables Instant Root Access Across All Distros Since 2017
- Ubuntu 16.04 LTS End of Life: Security Updates Cease After Extended Support Expires
- Critical Vulnerability in Google Gemini CLI Could Allow Remote Code Execution (CVSS 10)
- Trellix Source Code Leak: Hackers Accessed Internal Repositories, Company Says
- Weekly Cyber Threat Digest: Key Incidents and Vulnerabilities (April 27)
- 5 Critical Takeaways from BleepingComputer's Instructure Data Breach Retraction