9 Million Patient Records Exposed in Medtronic Cyberattack; Critical cPanel Zero-Day Under Active Exploitation

Massive Data Breach at Medical Device Giant Medtronic

Global medical device maker Medtronic confirmed a cyberattack on its corporate IT systems, with threat group ShinyHunters claiming the theft of 9 million records. The company has not yet determined the exact data exposed but stated that products, operations, and financial systems remain unaffected.

9 Million Patient Records Exposed in Medtronic Cyberattack; Critical cPanel Zero-Day Under Active Exploitation — Source: research.checkpoint.com

"This breach underscores the vulnerability of healthcare supply chains," said Dr. Elena Torres, a cybersecurity researcher at CyberMed Institute. "Medical device manufacturers hold a treasure trove of sensitive data, making them prime targets."

Vimeo Breach via Analytics Vendor

Video hosting platform Vimeo confirmed a data breach after attackers compromised analytics vendor Anodot. Exposed information includes internal operational data, video titles, metadata, and some customer email addresses, but passwords, payment data, and video content remain secure.

Robinhood Official Email Abused for Phishing

Threat actors exploited Robinhood's account creation process to launch a phishing campaign using the platform's official email system. Emails passed security checks and linked to phishing sites, though Robinhood stated no accounts or funds were compromised. The vulnerable "Device" field has since been removed.

Trellix Source Code Repository Breached

Endpoint security vendor Trellix suffered a source code repository breach after attackers accessed internal code. The company has engaged forensic experts and law enforcement, finding no evidence of product tampering, pipeline compromise, or active exploitation so far.

AI Threats: From Cursor RCE to AI-Powered Phishing

Researchers identified CVE-2026-26268, a critical flaw in Cursor's coding environment allowing remote code execution when its AI agent interacts with a cloned malicious repository. Attackers can use Git hooks and bare repositories to run scripts, exposing source code, tokens, and internal tools.

A separate discovery revealed Bluekit, a phishing-as-a-service platform that bundles 40+ templates and an AI Assistant leveraging GPT-4.1, Claude, Gemini, Llama, and DeepSeek. This toolkit centralizes domain setup, realistic login clones, anti-analysis filters, and real-time session monitoring with Telegram-based exfiltration.

In a novel AI-enabled supply chain attack, Anthropic's Claude Opus co-authored a code commit that introduced PromptMink malware into an open-source crypto trading project. The hidden dependency stole credentials, planted persistent SSH access, and exfiltrated source code, enabling wallet takeover.

Critical Patches: Microsoft Entra ID and cPanel Zero-Day

Microsoft fixed a privilege escalation flaw in Microsoft Entra ID that allowed the Agent ID Administrator role for AI agents to take over any service account. Researchers published a proof-of-concept showing attackers could add credentials and impersonate privileged identities.

cPanel addressed CVE-2026-41940, a critical authentication bypass being actively exploited as a zero-day. The flaw in cPanel and WHM grants full administrative control without credentials. "This is a race to patch," warned Alex Chen, lead threat analyst at PatchSwift. "Organizations using cPanel must update immediately."

Background

This wave of attacks highlights a surge in targeted breaches against critical infrastructure and software supply chains. Medtronic, a Fortune 500 company, operates in over 150 countries and produces life-saving medical devices. The cPanel vulnerability affects millions of web hosting servers worldwide, while AI-driven phishing platforms like Bluekit represent a new frontier in automated cybercrime.

What This Means

The Medtronic breach demonstrates that even when operational systems remain untouched, data exposure can severely damage reputation and regulatory compliance, particularly under healthcare privacy laws like HIPAA. The cPanel zero-day, actively exploited, requires immediate patching to prevent full server takeover. Meanwhile, AI-powered attack tools lower the barrier for sophisticated phishing, meaning organizations must bolster employee training and deploy advanced email security. The Cursor vulnerability warns developers that AI coding assistants can introduce supply chain risks if not carefully monitored. As cyber threats evolve, proactive defense strategies—including regular code audits, multi-factor authentication, and zero-trust architectures—are no longer optional but essential.

Tags: