Weekly Cyber Threat Roundup: May 18 Edition – Major Breaches, AI-Driven Attacks, and Critical Unpatched Flaws

Top Attacks and Breaches

This week's threat landscape saw a series of significant cyber incidents affecting major global organizations, ranging from telecom and cryptocurrency platforms to manufacturing and pharmaceutical sectors.

Weekly Cyber Threat Roundup: May 18 Edition – Major Breaches, AI-Driven Attacks, and Critical Unpatched Flaws — Source: research.checkpoint.com

Vodafone Source Code Leak Linked to Lapsus$ Group

International telecom giant Vodafone confirmed a security incident involving unauthorized access to its GitHub repositories. The extortion group Lapsus$ claimed responsibility for leaking source code obtained through compromised third-party development software. Despite the breach, Vodafone emphasized that customer data and core network infrastructure remained unaffected. The incident highlights the ongoing risk of supply chain attacks targeting development environments.

THORChain Loses $10.7 Million in Vault Compromise

Switzerland-based cryptocurrency platform THORChain suffered a security breach that resulted in the theft of approximately $10.7 million. Attackers compromised one of the platform's six vaults, prompting an immediate halt to trading. The firm stated that losses were limited to protocol-owned assets across multiple blockchains. This incident underscores the persistent vulnerabilities in decentralized finance (DeFi) infrastructure.

West Pharmaceutical Services Hit by Ransomware

Global drug delivery components manufacturer West Pharmaceutical Services experienced a ransomware attack that disrupted shipping, manufacturing, and shared service functions. The company disclosed that some systems were encrypted and data exfiltrated. As of this report, no ransomware group has publicly claimed responsibility. The attack adds to a growing list of cyber incidents targeting the pharmaceutical supply chain.

Foxconn Confirms Attack After Nitrogen Ransomware Claims 8TB Data Theft

Electronics manufacturing giant Foxconn confirmed a cyberattack on its North American operations following claims by the Nitrogen ransomware group that it had stolen 8TB of data. The company acknowledged disruption at some factories but stated that affected facilities were resuming normal production. This incident highlights the ongoing threat to manufacturing sector critical infrastructure.

AI-Powered Threats

Cybersecurity researchers have uncovered several novel attack vectors leveraging artificial intelligence, including vulnerabilities in autonomous AI platforms and abuse of AI-driven services to scale malicious campaigns.

‘Claw Chain’ Vulnerabilities Expose OpenClaw Platform

Researchers disclosed ‘Claw Chain’, a set of four vulnerabilities in the autonomous AI agent platform OpenClaw. These flaws enable attackers to bypass sandbox controls, access restricted files, leak secrets, and escalate privileges to owner level. The most critical, CVE-2026-44112, carries a CVSS score of 9.6. Organizations using OpenClaw are urged to apply patches immediately.

AI-Assisted macOS Kernel Exploit Bypasses Apple’s Memory Integrity

Security researchers developed an AI-assisted kernel exploit targeting macOS that bypasses Apple’s Memory Integrity Enforcement on M5 chips, granting full system control on macOS 26.4.1. The exploit discovery was reportedly accelerated by Anthropic’s Mythos Preview AI model. The findings were responsibly disclosed to Apple before public release. This demonstrates how AI can both aid attackers and accelerate vulnerability research.

Vercel’s AI Website Generator Abused for Mass Phishing

Threat actors are exploiting Vercel’s v0.dev AI website generator to mass-produce highly realistic phishing pages that mimic brands such as Microsoft and Spotify. These campaigns leverage Telegram bots to capture credentials and payment details in real time. The abuse of legitimate AI services for malicious purposes represents an emerging trend in social engineering attacks.

Malicious Hugging Face Repository Infects Over 200,000 Downloads

A popular repository on the Hugging Face platform was found to contain Windows-targeting malware after amassing over 200,000 downloads. The package masqueraded as OpenAI's privacy filter and installed an infostealer capable of harvesting browser passwords, cookies, SSH keys, VPN configurations, and cryptocurrency wallets. This incident highlights the risks of supply chain attacks in AI model repositories.

Critical Vulnerabilities and Patches

Two unpatched Windows zero-day vulnerabilities pose significant risks to Windows 11 and recent Windows Server versions. Organizations should implement compensating controls until official patches are released.

YellowKey and GreenPlasma: Unpatched Windows Zero-Days

Two zero-day vulnerabilities, YellowKey and GreenPlasma, affect Windows 11 and recent Windows Server editions. YellowKey allows an attacker with physical access to bypass BitLocker encryption through the Windows Recovery Environment. GreenPlasma abuses the CTFMON framework to escalate privileges to SYSTEM level. Proof-of-concept code has been publicly released, and Microsoft has not yet issued patches. Admins should restrict physical access and monitor for exploit attempts.

Tags: