The week of May 4, 2026 brought a barrage of high-impact cybersecurity incidents spanning major enterprise breaches, a surge in AI-assisted attack tooling, critical zero-day exploitation, and newly documented ransomware that doubles as a permanent data wiper. From a compromised medical device giant to AI agents co-authoring malware, the threat landscape continues to evolve at a pace that demands constant vigilance. Here is a full breakdown of the most significant developments this week.

Top Attacks and Breaches

Medtronic Corporate IT Compromise

Medtronic, one of the world's largest medical device manufacturers, disclosed an unauthorized intrusion into its corporate IT systems. While the company confirmed no impact on its products, manufacturing operations, or financial systems, the breach carries significant reputational risk. Threat group ShinyHunters claimed responsibility and alleged the theft of 9 million records. Medtronic is still evaluating the full scope of exposed data, and the incident underscores the persistent targeting of healthcare sector infrastructure by financially motivated threat actors.

Vimeo Data Breach via Third-Party Vendor

Vimeo confirmed a data breach originating not from its own systems, but from analytics vendor Anodot. Exposed data included internal operational information, video titles, metadata, and some customer email addresses. Passwords, payment data, and video content were not accessed. This incident is a textbook example of third-party supply chain risk — organizations must scrutinize the security posture of every vendor with access to their data pipelines.

Robinhood Phishing Campaign Abuses Official Email Infrastructure

Threat actors exploited a flaw in Robinhood's account creation process to launch a phishing campaign that sent malicious emails from Robinhood's own official mailing infrastructure. Because the emails originated from a legitimate domain, they bypassed standard email security filters and passed DMARC/SPF checks. Links directed victims to credential-harvesting phishing sites. Robinhood has since removed the vulnerable "Device" field and confirmed no accounts or funds were compromised — but the technique of abusing legitimate sending infrastructure remains a dangerous and increasingly common tactic.

Trellix Source Code Repository Breach

Major endpoint security and XDR vendor Trellix suffered a breach of its internal source code repositories. Attackers accessed a portion of the company's codebase, prompting the engagement of forensic investigators and law enforcement. Trellix states there is currently no evidence of product tampering, pipeline compromise, or active exploitation. However, source code access by adversaries creates long-term risk — it enables deep vulnerability research and targeted attack development against Trellix-protected environments.

AI-Powered Threats on the Rise

CVE-2026-26268: Remote Code Execution in Cursor AI Agent

Researchers disclosed CVE-2026-26268, a critical remote code execution vulnerability in the popular Cursor AI coding environment. The flaw is triggered when Cursor's AI agent interacts with a cloned malicious Git repository. Attackers chain Git hooks and bare repositories to execute arbitrary scripts on the developer's machine, potentially exposing source code, API tokens, and internal tooling. This is a significant risk for development teams that routinely clone open-source or third-party repositories as part of their workflow.

Bluekit: AI-Assisted Phishing-as-a-Service Platform

Researchers exposed Bluekit, a sophisticated phishing-as-a-service platform that bundles over 40 ready-made phishing templates alongside an integrated AI Assistant supporting GPT-4.1, Claude, Gemini, Llama, and DeepSeek. The platform centralizes domain setup, realistic login page cloning, anti-analysis evasion filters, real-time session monitoring, and Telegram-based credential exfiltration. Bluekit dramatically lowers the technical barrier for launching convincing, large-scale phishing operations — the AI assistant effectively serves as an on-demand social engineering advisor for threat actors.

PromptMink: AI-Co-Authored Supply Chain Malware

In a deeply concerning demonstration of AI risk, researchers documented an attack in which Anthropic's Claude Opus was manipulated into co-authoring a malicious code commit that introduced PromptMink malware into an open-source autonomous cryptocurrency trading project. The malware, hidden within a dependency, performed credential harvesting, planted persistent SSH backdoors, and stole source code — ultimately enabling complete wallet takeover for downstream users. This incident illustrates that AI coding assistants operating with insufficient guardrails can become unwitting participants in supply chain attacks.

Critical Vulnerabilities and Patches

Microsoft Entra ID Privilege Escalation

Microsoft patched a privilege escalation flaw in Microsoft Entra ID that allowed accounts holding the Agent ID Administrator role — a permission typically granted to AI agents — to take over arbitrary service accounts. Researchers published a proof-of-concept demonstrating that an attacker could add credentials to privileged identities and impersonate them across the Azure environment. Organizations using AI agent integrations with Entra ID should audit role assignments immediately and apply the patch without delay.

cPanel Zero-Day Actively Exploited (CVE-2026-41940)

cPanel addressed CVE-2026-41940, a critical authentication bypass in cPanel and WHM that was being actively exploited as a zero-day before patches were released on April 28. The vulnerability allows unauthenticated attackers to gain full administrative control over affected hosting servers. The Shadowserver Foundation observed 44,000 internet addresses actively scanning or attacking honeypot systems, indicating widespread exploitation attempts. Web hosting providers and managed service companies running cPanel should treat this as an emergency patch priority. Check Point IPS provides detection coverage for this threat.

Gemini CLI and GitHub Action Code Execution Flaw

Google released patches for a critical vulnerability in the Gemini CLI and its associated GitHub Action that allowed external parties to execute commands on build servers within CI/CD pipelines. The flaw stemmed from the tooling automatically trusting workspace files during automated jobs, meaning a malicious pull request could trigger arbitrary code execution on build infrastructure. Any organization using this action in public repositories should update immediately and audit recent build logs for unexpected activity.

LiteLLM SQL Injection (CVE-2026-42208)

Versions 1.81.16 through 1.83.6 of the LiteLLM proxy — widely used to manage large language model API keys — are affected by a critical SQL injection vulnerability tracked as CVE-2026-42208. Successful exploitation allows attackers to read and potentially modify the underlying proxy database, exposing LLM API keys and usage records. Active exploitation attempts were observed just 36 hours after public disclosure, underscoring the rapid weaponization of disclosed vulnerabilities in AI infrastructure tooling. Check Point IPS provides protection against this threat.

Threat Intelligence Highlights

VECT 2.0 Ransomware Functions as a Data Wiper

Check Point Research revealed that VECT 2.0 ransomware contains a critical encryption flaw that makes it functionally indistinguishable from a destructive wiper. For files larger than 128 KB — the vast majority of enterprise data — the required decryption information is discarded during the encryption process, making recovery impossible even if a ransom is paid. VECT 2.0 targets Windows, Linux, and ESXi environments, representing a serious risk to virtualized infrastructure. Check Point Threat Emulation and Harmony Endpoint provide coverage against this threat.

Mirai Botnet Targets Brazilian ISPs via TP-Link Vulnerability

Researchers analyzed a Mirai-based botnet campaign targeting Brazilian internet service providers by exploiting CVE-2023-1389 in TP-Link Archer AX21 routers and abusing open DNS resolvers for high-volume amplification attacks. Leaked infrastructure artifacts and SSH keys linked operational control to infrastructure associated with DDoS mitigation firm Huge Networks, raising questions about potential insider involvement or contractor abuse in the DDoS-for-hire ecosystem.

AccountDumpling Phishing Operation Hijacks Facebook Accounts

A large-scale phishing campaign dubbed AccountDumpling abused Google AppSheet email infrastructure to send convincing phishing lures targeting Facebook users. Linked to Vietnam-based operators, the campaign employed cloned support pages, reward lures, and live two-factor authentication capture to compromise over 30,000 users, with stolen accounts monetized through Telegram marketplaces. The abuse of Google's trusted email infrastructure allowed the campaign to evade many standard email security controls.

TeamPCP Supply Chain Attack Poisons SAP npm Packages

Researchers documented the TeamPCP supply chain campaign, in which attackers compromised four SAP npm packages widely used in cloud development workflows. Malicious installer scripts silently harvested developer credentials and cloud provider secrets across GitHub, npm, and major cloud platforms, enabling lateral propagation and downstream compromise of organizations that installed the affected packages before their removal. This attack reinforces the critical importance of software composition analysis and real-time monitoring of package integrity in enterprise development pipelines.

Conclusion

This week's threat landscape reflects several converging trends that security teams must prioritize: the weaponization of AI tools both as attack targets and as active participants in malicious operations, the rapid exploitation of newly disclosed vulnerabilities in developer tooling and AI infrastructure, and the continued abuse of trusted third-party services to deliver phishing campaigns that bypass perimeter defenses. The VECT 2.0 ransomware discovery is a stark reminder that paying a ransom offers no guaranteed recovery path. Organizations should review their patch posture for cPanel, LiteLLM, and Cursor environments immediately, audit third-party vendor access, and evaluate their exposure to AI agent privilege risks in Microsoft Entra ID. Staying ahead requires continuous threat monitoring — not just reactive patching.