Weekly Cybersecurity Roundup: Major Breaches, AI-Driven Attacks, and Critical Patches
Weekly threat report: Booking.com, McGraw-Hill, Basic-Fit data breaches; AI-driven hack on Mexican agencies; fake Claude phishing; Apache ActiveMQ and Splunk vulnerabilities.
Notable Security Incidents
Booking.com Confirms Customer Data Exposure
The online travel giant Booking.com has acknowledged a data breach involving unauthorized access to reservation data for a subset of customers. Compromised information includes names, email addresses, phone numbers, physical addresses, and booking details. The company has reset reservation PINs and notified affected users, but the exposed data poses a heightened phishing risk. No payment card information was reportedly compromised.
McGraw-Hill Data Breach Affects 13.5 Million Accounts
Global educational publisher McGraw-Hill disclosed a breach after attackers accessed its Salesforce environment and attempted to extort the company. Leaked data from approximately 13.5 million accounts includes names, email addresses, phone numbers, and physical addresses. Importantly, no payment card data was exposed. The incident underscores the growing threat of extortion-focused attacks on cloud-based systems.
EssentialPlugin Supply Chain Compromise
EssentialPlugin, a developer of WordPress plugins, suffered a supply chain attack that pushed malicious updates to over 30 of its plugins installed on thousands of websites. The backdoored code enabled unauthorized access and the creation of spam pages. WordPress.org promptly closed the affected plugins, but infections may persist on sites that have not manually cleaned up. This incident highlights the risk of trusting third-party plugin ecosystems.
Basic-Fit Data Breach Impacts One Million Members
Europe's largest gym chain, Basic-Fit, reported a data breach after attackers compromised a franchise-wide system used to track club visits. The exposure includes bank account details and personal data for about one million members across six countries. The company stated that passwords and identity documents were not affected, but the theft of financial information could lead to fraud.
AI-Powered Threats
Lone Hacker Uses Claude Code and GPT-4.1 to Breach Mexican Government Agencies
Security researchers revealed that a single hacker weaponized Claude Code and OpenAI’s GPT-4.1 to breach nine Mexican government agencies. The AI-driven commands accelerated reconnaissance, executing 5,317 actions across 34 sessions. The attacker accessed 195 million taxpayer records and 220 million civil records. Safety filters were bypassed through prompt manipulation and an injected hacking manual, demonstrating the evolving sophistication of AI-assisted cyberattacks.
Phishing Campaign Impersonates Anthropic’s Claude AI
A new phishing campaign targets Windows users with a fake Claude Pro installer that mimics Anthropic’s AI assistant. While the installer shows a working application to distract victims, it abuses a trusted program to sideload PlugX malware. This technique grants persistent remote access to compromised systems, emphasizing the need for caution when downloading software from unofficial sources.
Prompt Injection Hijacks AI Agents in GitHub Workflows
Researchers demonstrated a prompt injection technique that can hijack AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments cause the agents to execute commands and expose repository secrets, including access tokens and API keys, during automated development tasks. This attack vector targets the growing adoption of AI in continuous integration pipelines.
Critical Vulnerabilities and Patches
Apache ActiveMQ Vulnerability Under Active Exploitation
CISA has warned of active exploitation of CVE-2026-34197, a high-severity code injection flaw in Apache ActiveMQ that allows remote code execution. The vulnerability carries a CVSS score of 8.8 and has been addressed by Apache in versions 5.19.4 or 6.2.3. Organizations using older versions should prioritize patching. Check Point IPS provides protection against this threat (Apache ActiveMQ Code Injection).
Splunk Releases Fix for High-Severity Vulnerability
Splunk has released fixes for CVE-2026-20204, a high-severity vulnerability that could allow attackers to compromise affected installations. Details of the flaw remain limited, but Splunk administrators are urged to apply the latest security update promptly to mitigate risk.
For a comprehensive list of all threats and indicators of compromise, download our Threat Intelligence Bulletin covering the week of April 20.