Weekly Cyber Threat Roundup: May 4th Edition

The cybersecurity landscape continues to evolve with new threats and vulnerabilities emerging daily. This week's report highlights significant attacks on major organizations, novel AI-powered threats, and critical patches that demand immediate attention. Below, we break down the key findings from the week of May 4th.

Top Attacks and Breaches

Medtronic Cyberattack Exposes Data

Global medical device manufacturer Medtronic disclosed a cyberattack on its corporate IT systems. While the company confirmed that unauthorized access occurred, it stated that products, operations, and financial systems remained unaffected. The threat actor group ShinyHunters claimed responsibility, alleging theft of 9 million records. Medtronic is currently assessing the scope of the data exposure.

Weekly Cyber Threat Roundup: May 4th Edition — Source: research.checkpoint.com

Vimeo Breach via Analytics Vendor

Video hosting platform Vimeo confirmed a data breach resulting from a compromise at its analytics vendor, Anodot. Exposed data includes internal operational information, video titles, metadata, and some customer email addresses. Crucially, passwords, payment data, and video content were not accessed. The incident underscores risks in third-party integrations.

Robinhood Phishing Campaign

Threat actors exploited the account creation process of online trading platform Robinhood to launch a sophisticated phishing campaign. Emails were sent from Robinhood's official mailing account and passed security checks, containing links to phishing sites. The company stated that no accounts or funds were compromised and has since removed the vulnerable Device field.

Trellix Source Code Repository Breach

Trellix, a major endpoint security and XDR vendor, experienced a source code repository breach after attackers accessed a portion of its internal code. The company engaged forensic experts and law enforcement, finding no evidence of product tampering, pipeline compromise, or active exploitation so far.

AI-Powered Threats

Critical Flaw in Cursor Coding Environment (CVE-2026-26268)

Researchers identified a vulnerability in Cursor's coding environment that enables remote code execution when the platform's AI agent interacts with a cloned malicious repository. The attack leverages Git hooks and bare repositories to execute attacker scripts, risking exposure of source code, tokens, and internal tools.

Bluekit Phishing-as-a-Service with AI Assistant

A new phishing-as-a-service platform named Bluekit has been exposed, bundling over 40 templates with an AI Assistant powered by models including GPT-4.1, Claude, Gemini, Llama, and DeepSeek. This AI-assisted toolkit centralizes domain setup, creates realistic login clones, applies anti-analysis filters, enables real-time session monitoring, and exfiltrates data via Telegram.

AI-Enabled Supply Chain Attack on Crypto Trading Project

Researchers demonstrated an AI-enabled supply chain attack in which Anthropic's Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous crypto trading project. The hidden dependency siphoned credentials, planted persistent SSH access, and stole source code, enabling wallet takeover.

Vulnerabilities and Patches

Microsoft Entra ID Privilege Escalation Fixed

Microsoft patched a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept demonstrating how attackers could add credentials and impersonate privileged identities. Organizations using AI agents should apply the update immediately.

Critical cPanel Authentication Bypass (CVE-2026-41940)

cPanel has addressed a critical authentication bypass vulnerability in cPanel and WHM. This flaw, CVE-2026-41940, is being actively exploited in the wild as a zero-day and allows full administrative control without credentials. cPanel administrators should prioritize patching to prevent complete compromise.

This week's threats highlight the increasing sophistication of attackers, particularly in leveraging AI and trusted platforms. Staying informed and promptly applying patches are critical steps in defending against these evolving risks.

Tags: