10 Urgent Cybersecurity Updates from the Latest Threat Intelligence Report

Every week brings new cyber threats, and staying informed is your first line of defense. Our threat intelligence bulletin for the week of April 27 highlights critical breaches, AI-powered attacks, and urgent patches. Below are the ten most pressing developments you need to know right now.

1. Vercel OAuth Token Compromise via Third-Party App

Frontend platform Vercel disclosed a security incident tied to a breach at Context.ai, a connected app. Attackers stole OAuth tokens, allowing unauthorized access to Vercel systems. The intruders accessed employee information, internal logs, and some environment variables—though the most sensitive secrets remained secure. This incident underscores the risks of third-party integrations and the importance of monitoring OAuth token usage.

10 Urgent Cybersecurity Updates from the Latest Threat Intelligence Report — Source: research.checkpoint.com

2. France Titres Identity Data Breach

France Titres, the national authority for identity documents, detected a breach on April 15. Potentially exposed data includes names, birth dates, email addresses, login IDs, and some physical addresses and phone numbers. A hacker has already offered the stolen data for sale on dark web markets. If you use their services, watch for phishing attempts and consider changing credentials.

3. UK Biobank Health Data on 500,000 Volunteers Compromised

UK Biobank, a major research organization, confirmed that de-identified health data on half a million volunteers was advertised on Chinese marketplaces. Officials say the listings were removed and likely unsold, but access has been suspended, the research platform shut down, and download limits imposed. This breach highlights the growing value of health data to cybercriminals.

4. Bitwarden Supply-Chain Attack via Malware-Tainted CLI

Popular password manager Bitwarden suffered a supply-chain attack on April 22 when a malware-infected CLI release (version 2026.4.0) was published to npm. Some 334 developers installed the package before it was pulled. A hijacked GitHub account enabled the attack, potentially exposing credentials. Vault data remained unaffected, but users should check for unauthorized activity.

5. Unauthorized Access to Anthropic's Claude Mythos Preview

Researchers flagged unauthorized access to Anthropic's unreleased AI cyber model, Claude Mythos Preview, via a third-party vendor environment. A small Discord group reportedly used shared contractor accounts, API keys, and predictable URLs to reach the system. Anthropic is investigating but says core systems were not impacted. The incident raises concerns about AI model security.

6. Bissa Scanner: AI-Assisted Exploitation Platform

Security researchers observed Bissa Scanner, an AI-powered exploitation platform that uses Claude Code and OpenClaw to automate scanning, exploitation, and credential harvesting. The platform focused on exploiting the React2Shell vulnerability (CVE-2025-55182), scanning millions of targets, confirming over 900 compromises, and collecting tens of thousands of exposed environment files. This marks a new era of automated attacks.

7. Google Antigravity IDE Prompt Injection Sandbox Escape

A prompt-injection exploit chain in Google's Antigravity agentic IDE allowed sandbox escape and remote code execution. The flaw abused a file search tool that ran before security checks, letting attackers convert a benign prompt into full system compromise—even in Secure Mode. Google has since patched the vulnerability, but users should update immediately.

8. Critical Microsoft ASP.NET Core Privilege Escalation (CVE-2026-40372)

Microsoft issued an out-of-band fix for a critical ASP.NET Core privilege escalation flaw rated 9.1 (CVSS). The bug affects Data Protection versions 10.0.0 to 10.0.6, letting attackers forge cookies and antiforgery tokens, impersonate users, and gain SYSTEM-level access on Linux or macOS deployments. Apply the patch without delay.

9. Apple iOS Notification Services Bug (CVE-2026-28950)

Apple released fixes for CVE-2026-28950 in iOS and iPadOS, a Notification Services vulnerability that could allow attackers to exploit notification handling. While details are limited, the risk is significant given the widespread use of Apple devices. Update your iPhones and iPads to the latest version.

10. React2Shell (CVE-2025-55182) Mass Exploitation Underway

The React2Shell vulnerability, exploited by Bissa Scanner, remains a major threat. Attackers are scanning millions of targets, achieving over 900 confirmed compromises and harvesting environment files. If you use vulnerable React-based applications, patch immediately and monitor for signs of intrusion.

This week’s threat intelligence paints a clear picture: attackers are leveraging AI, supply-chain compromises, and critical vulnerabilities at scale. Stay vigilant, apply patches promptly, and review third-party integrations. Your security posture depends on it.

Tags: