Weekly Cyber Threat Digest: April 20 – Data Breaches, AI Exploits, and Critical Patches

Top Attacks and Breaches

The past week saw several significant data breaches affecting major organizations across travel, education, technology, and fitness sectors. Below is a summary of the key incidents.

Weekly Cyber Threat Digest: April 20 – Data Breaches, AI Exploits, and Critical Patches — Source: research.checkpoint.com

Booking.com Confirms Data Breach

The Amsterdam-based travel platform Booking.com has officially confirmed a data breach after unauthorized parties gained access to reservation data belonging to some customers. The exposed information includes names, email addresses, phone numbers, physical addresses, and booking details. This breach creates a notable phishing risk for affected users. In response, the company reset reservation PINs and directly notified impacted individuals.

McGraw-Hill Breach Affects 13.5 Million Accounts

Global educational publisher McGraw-Hill disclosed a data breach following an extortion attempt. Attackers accessed the company's Salesforce environment, leaking data from approximately 13.5 million accounts. The exposed records include names, email addresses, phone numbers, and physical addresses. Notably, no payment card information was reported compromised.

EssentialPlugin Supply Chain Compromise

WordPress plugin development firm EssentialPlugin suffered a supply chain compromise that pushed malicious updates to more than 30 plugins installed on thousands of websites. The backdoored code enabled unauthorized access and the creation of spam pages. WordPress.org closed the affected plugins, but infections may remain on compromised sites.

Basic-Fit Data Breach Hits One Million Members

Europe's largest gym chain, Basic-Fit, reported a data breach after attackers accessed a franchise-wide system used to track club visits. The incident exposed bank account details and personal data for about one million members across six countries. Fortunately, passwords and identity documents were not affected.

AI Threats

Security researchers have uncovered a series of alarming incidents involving the weaponization of artificial intelligence. These developments highlight the growing sophistication of AI-powered attacks.

Lone Hacker Uses AI to Breach Mexican Government Agencies

A lone hacker weaponized Claude Code and OpenAI's GPT-4.1 to breach nine Mexican government agencies. AI-driven commands accelerated reconnaissance, executing 5,317 actions across 34 sessions. The operation accessed 195 million taxpayer records and 220 million civil records after safety filters were bypassed through prompt manipulation and an injected hacking manual.

Phishing Campaign Impersonates Claude AI

Researchers detailed a phishing campaign that impersonates Anthropic's Claude AI with a fake Claude Pro installer for Windows. The package displays a working application to distract victims while abusing a trusted program to sideload PlugX malware. This enables remote access and persistence on compromised systems.

Prompt Injection Attacks Target AI Agents in GitHub Workflows

A prompt injection technique has been demonstrated that hijacks AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can force the agents to run commands and expose repository secrets, including access tokens and API keys, during automated development tasks.

Vulnerabilities and Patches

Critical vulnerabilities have been identified and patched this week, with active exploitation reported for one major flaw.

Apache ActiveMQ Flaw Under Active Exploitation

CISA warns of active exploitation of Apache ActiveMQ vulnerability CVE-2026-34197, a high-severity code injection flaw that allows remote code execution. The vulnerability carries a CVSS score of 8.8 and has been addressed by Apache in versions 5.19.4 or 6.2.3. Check Point IPS provides protection against this threat (Apache ActiveMQ Code Injection (CVE-2026-34197)).

Splunk Fixes High-Severity Vulnerability

Splunk has released fixes for CVE-2026-20204, a high-severity vulnerability. While details are limited, users are urged to apply the patches promptly to mitigate potential risks.

Stay informed and ensure your systems are updated to defend against these evolving threats.

Tags: