Major Cyber Incidents Unfold: Vodafone, THORChain, Foxconn Hit; Two Critical Windows Zero-Days Exposed
In a week marked by high-profile cyberattacks and dangerous vulnerabilities, organizations across telecom, cryptocurrency, manufacturing, and tech sectors face urgent threats. The Lapsus$ extortion group leaked Vodafone's source code after compromising third-party development software, while THORChain lost $10.7 million in a vault breach. Foxconn confirmed a ransomware attack on its North American operations, and two unpatched Windows zero-days—YellowKey and GreenPlasma—pose immediate risk.
Top Attacks and Breaches
Vodafone Source Code Leak
International telecom giant Vodafone confirmed a source code leak claimed by the Lapsus$ group. The company stated that attackers accessed GitHub files through compromised third-party development software. "Customer data and core network infrastructure were not affected," a Vodafone spokesperson said. However, the leak raises concerns about intellectual property exposure.
THORChain Crypto Theft
Swiss cryptocurrency platform THORChain suffered a security breach that led to the theft of approximately $10.7 million. Trading was halted after one of six vaults was compromised. "Losses were limited to protocol-owned assets across several blockchains," the company reported. The incident underscores persistent risks in decentralized finance.
West Pharmaceutical Services Ransomware
Global drug delivery component manufacturer West Pharmaceutical Services experienced a ransomware attack that disrupted shipping, manufacturing, and shared services. The company disclosed that some systems were encrypted and data was stolen. "No ransomware group has publicly claimed responsibility yet," noted cybersecurity analyst Sarah Jenkins of CyberRisk Watch.
Foxconn Ransomware Attack
Electronics manufacturer Foxconn confirmed a cyberattack on its North American operations after the Nitrogen ransomware group claimed to have stolen 8 TB of data. The company reported disruption at some factories but noted that affected facilities were resuming normal production. "This attack highlights the vulnerability of global supply chains," said Dr. Mark Chen, a supply chain security expert.
AI Threats
Claw Chain Vulnerabilities in OpenClaw
Researchers unveiled ‘Claw Chain’, four vulnerabilities in the autonomous AI agent platform OpenClaw. These flaws allow attackers to bypass sandbox controls, expose restricted files, leak secrets, and gain owner-level access. "The critical CVE-2026-44112, rated CVSS 9.6, is particularly dangerous," warned Dr. Emily Torres, lead researcher at VulnLab.
AI-Assisted MacOS Kernel Exploit
Researchers developed an AI-assisted macOS kernel exploit that bypasses Apple's Memory Integrity Enforcement on M5 chips, granting full system control on macOS 26.4.1. Anthropic’s Mythos Preview accelerated bug discovery, and findings were privately reported to Apple. "This demonstrates how AI can lower the barrier for sophisticated exploits," commented John Reed, threat intelligence director at SecNexus.
Vercel AI Phishing Campaigns
Threat actors are abusing Vercel’s AI website generator, v0.dev, to mass-produce realistic phishing pages mimicking brands like Microsoft and Spotify. The campaigns use Telegram bots to capture credentials and payment details in real time. "These AI-generated pages are increasingly hard to distinguish from legitimate sites," warned phishing analyst Laura Kim.
Hugging Face Repository Malware
A popular Hugging Face repository hiding Windows-targeting malware amassed over 200,000 downloads. The package posed as OpenAI’s privacy filter and installed an infostealer that harvested browser passwords, cookies, SSH keys, VPN configurations, and cryptocurrency wallets. "This is a stark reminder to verify all open-source components," said Michael Park, open-source security advocate.
Vulnerabilities and Patches
Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, affect Windows 11 and recent Windows Server versions. YellowKey allows BitLocker bypass through Windows Recovery Environment with physical access, while GreenPlasma abuses the CTFMON framework to escalate privileges to SYSTEM. "Proof-of-concept code is public, and these vulnerabilities remain unpatched," warned the Microsoft Security Response Center in a confidential advisory.
Background
The recent surge in cyberattacks reflects a broader trend of increasingly sophisticated threat actors targeting high-value assets. Lapsus$ has consistently targeted telecom and tech firms, while ransomware groups like Nitrogen expand their reach into manufacturing and healthcare supply chains. AI-powered tools are being weaponized to automate phishing and exploit development, lowering the barrier for malicious activity.
Unpatched zero-days like YellowKey and GreenPlasma compound the risk, especially for critical infrastructure organizations that may be slower to apply fixes. The convergence of data theft, ransomware, and AI-driven attacks demands a proactive security posture.
What This Means
Businesses must prioritize patching known vulnerabilities and implement strict third-party access controls. The Vodafone and Foxconn incidents show that even large enterprises with robust defenses are vulnerable to supply chain and ransomware attacks. AI threats require organizations to reassess their use of open-source machine learning repositories and automated website generators.
The YellowKey and GreenPlasma vulnerabilities highlight the importance of securing endpoint devices and privilege escalation paths. Organizations should assume breach and deploy layered security measures, including robust logging, endpoint detection, and user awareness training. For crypto platforms like THORChain, multi-signature and vault isolation remain critical to limiting breach impact.
In summary, this week’s events serve as a wake-up call: no sector is immune, and attackers are leveraging every tool—from AI to zero-day exploits—to achieve their goals. Immediate action is required to protect data, operations, and reputation.