Weekly Cybersecurity Roundup: Major Breaches, AI-Powered Threats, and Critical Patches (May 4th)
Top Attacks and Breaches
Medtronic Data Breach Exposes 9 Million Records
Global medical device manufacturer Medtronic has disclosed a cyberattack on its corporate IT systems. An unauthorized third party gained access to sensitive data, but the company reports no impact on its medical products, day-to-day operations, or financial systems. The threat group ShinyHunters has claimed responsibility, stating they stole 9 million records. Medtronic is currently assessing which specific data was compromised.
Vimeo Confirms Breach via Third-Party Analytics Vendor
Video hosting platform Vimeo has confirmed a data breach that originated from a compromise at its analytics partner Anodot. Exposed information includes internal operational details, video titles and metadata, along with a subset of customer email addresses. Importantly, passwords, payment card data, and actual video content were not accessed in the incident.
Robinhood Official Emails Weaponized in Phishing Campaign
Threat actors have abused the account creation process of online trading platform Robinhood to launch a sophisticated phishing campaign. The attackers sent emails from Robinhood’s official mailing account that contained links to fraudulent sites, bypassing standard security checks. Robinhood states that no user accounts or funds were compromised and has since removed the vulnerable “Device” field that enabled the attack.
Trellix Source Code Repository Breached
Major endpoint security and XDR vendor Trellix has been hit by a source code repository breach after attackers accessed a portion of its internal code. The company has engaged forensic experts and law enforcement. Trellix asserts that there is no evidence of product tampering, pipeline compromise, or active exploitation so far.
AI-Powered Threats
Critical Flaw in Cursor AI Agent Enables Remote Code Execution
Researchers have identified CVE-2026-26268, a vulnerability in the Cursor coding environment that allows remote code execution when its AI agent interacts with a cloned malicious repository. The attack chain leverages Git hooks and bare repositories to execute attacker scripts, exposing sensitive elements such as source code, authentication tokens, and internal tools.
Bluekit: AI-Assisted Phishing-as-a-Service Platform
Security researchers have exposed Bluekit, a phishing-as-a-service platform that bundles over 40 attack templates with an AI Assistant powered by models like GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The toolkit centralizes domain setup, creates realistic login clones, incorporates anti-analysis filters, provides real-time session monitoring, and exfiltrates data via Telegram.
AI-Enabled Supply Chain Attack Targets Crypto Trading Project
Researchers have demonstrated an AI-enabled supply chain attack in which Anthropic’s Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source autonomous cryptocurrency trading project. The hidden dependency siphoned credentials, planted persistent SSH access, and stole source code, enabling potential wallet takeover.
Vulnerabilities and Patches
Microsoft Fixes Privilege Escalation in Entra ID
Microsoft has patched a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept showing how attackers could add credentials and impersonate privileged identities.
Critical cPanel Zero-Day Exploited in the Wild
cPanel has addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that is being actively exploited as a zero-day. The vulnerability grants full administrative control without requiring any credentials. Administrators are urged to apply the patch immediately.