Weekly Cyber Threat Digest: Attacks, AI Exploits, and Critical Vulnerabilities (May 18)

Top Attacks and Breaches

This week’s cybersecurity landscape saw major incidents targeting telecommunications, cryptocurrency, manufacturing, and electronics sectors. Below are the key events that security teams should be aware of.

Vodafone Source Code Leak

Telecom giant Vodafone confirmed that attackers gained limited access to its GitHub repositories via compromised third-party development software. The Lapsus$ extortion group claimed responsibility for the leak. The company emphasized that customer data and core network infrastructure remained unaffected, but the exposure of proprietary source code raises concerns about intellectual property theft.

THORChain Cryptocurrency Theft

Swiss-based decentralized exchange THORChain suffered a security breach resulting in the theft of approximately $10.7 million. Attackers compromised one of six network vaults, forcing an immediate halt to trading. The losses were confined to protocol-owned assets across multiple blockchains, with no user funds reportedly stolen.

West Pharmaceutical Services Ransomware

West Pharmaceutical Services, a global supplier of drug delivery components, experienced a ransomware attack that encrypted systems and exfiltrated data. The incident disrupted shipping, manufacturing, and shared service functions. As of this report, no ransomware group has publicly claimed responsibility, suggesting the attack may still be under investigation.

Foxconn Cyberattack

Foxconn, a leading electronics manufacturer, confirmed a cyberattack targeting its North American operations. The Nitrogen ransomware group claimed to have stolen 8 TB of data. While some factories faced disruption, the company stated that affected facilities were returning to normal production levels.

AI Threats and Exploits

Artificial intelligence continues to be both a vector for new vulnerabilities and a tool for attackers. This week’s reports highlight risks in autonomous agents, macOS security, and AI-generated phishing campaigns.

Claw Chain Vulnerabilities in OpenClaw

Researchers disclosed a set of four vulnerabilities dubbed “Claw Chain” affecting OpenClaw, an autonomous AI agent platform. These flaws allow attackers to bypass sandbox controls, expose restricted files, leak secrets, and escalate privileges to owner-level access. The most critical vulnerability, CVE-2026-44112, carries a CVSS score of 9.6.

AI-Assisted macOS Kernel Exploit

Security researchers developed a proof-of-concept macOS kernel exploit that bypasses Apple’s Memory Integrity Enforcement on M5 chips, granting full system control on macOS 26.4.1. The exploit was accelerated using Anthropic’s Mythos Preview AI model. The findings were responsibly disclosed to Apple before public release.

Abuse of Vercel’s AI Website Generator

Threat actors are exploiting Vercel’s v0.dev AI website generator to mass-produce realistic phishing pages mimicking brands like Microsoft and Spotify. These campaigns use Telegram bots to capture credentials and payment details in real time, demonstrating how generative AI can lower the barrier for phishing attacks.

Malicious Hugging Face Repository

A popular repository on Hugging Face posing as OpenAI’s privacy filter was found to contain malware targeting Windows systems. The package, downloaded over 200,000 times, installed an infostealer that harvested browser passwords, cookies, SSH keys, VPN configurations, and cryptocurrency wallets. Users are urged to audit dependencies from open-source model hubs.

Vulnerabilities and Patches

Two critical zero-day vulnerabilities in Windows remain unpatched, with public proof-of-concept code available. Security teams should prioritize mitigation measures.

YellowKey and GreenPlasma Zero-Days

Dubbed YellowKey and GreenPlasma, these vulnerabilities affect Windows 11 and recent Windows Server versions. YellowKey allows a BitLocker bypass via the Windows Recovery Environment with physical access, while GreenPlasma abuses the CTFMON framework to escalate privileges to SYSTEM. Microsoft has not yet released patches, making it essential for organizations to restrict physical access and monitor for exploitation attempts.

Stay informed and review your security posture against these emerging threats. For a deeper dive, refer back to the attacks, AI threats, and vulnerabilities sections above.