Cyber Threat Landscape: Key Incidents and Vulnerabilities (March 30 – April 6)

During the week of March 30, the cybersecurity community faced a wave of significant incidents spanning data breaches, AI-driven threats, and critical software vulnerabilities. From compromise at European Union institutions to sophisticated cryptocurrency platform hacks and innovative AI attack vectors, organizations must stay vigilant. This article compiles the most notable events and vulnerabilities reported during this period.

Top Attacks and Breaches

European Commission Suffers Data Breach via Supply Chain Attack

The European Commission, the executive arm of the European Union, confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account, leading to data theft. While websites and internal systems remained operational, sensitive information was exposed. Authorities are investigating the breach.

Hasbro Network Breach Causes Operational Delays

Global toys and games giant Hasbro disclosed a cyberattack after detecting unauthorized access to its network on March 28. Some systems were taken offline, and the company warned that recovery could take weeks, potentially causing delays in operations. The full extent of the breach is still under investigation.

Drift Protocol Loses $280 Million in Solana Hack

Cryptocurrency trading platform Drift Protocol, built on Solana, suffered a major breach on April 1. An attacker acquired enough Security Council approvals to execute pre-signed transactions, affecting approximately $280 million. The platform froze activity and stated the incident did not involve a smart contract flaw or seed phrase compromise.

Roan and Eurocamp Data Breach Leads to WhatsApp Scams

Luxury camping providers Roan and Eurocamp experienced a data breach exposing guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are using the stolen data in WhatsApp payment scams. Companies confirmed the flaw was patched and that no passwords or payment data were taken.

AI Threats

ChatGPT DNS Exfiltration Technique Uncovered

Check Point Research demonstrated a hidden outbound channel in ChatGPT’s execution runtime that allows silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS. This highlights a new vector for data theft in AI systems.

Claude 'Mythos' Could Accelerate Attack Automation

Check Point warns that based on leaked details about Anthropic’s Claude “Mythos”, the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. These new capabilities could sharply reduce time to exploit and make advanced offensive techniques more broadly accessible.

AI Agents Manipulated through Impersonation

Researchers examined six AI agents and found that impersonation and fabricated urgency can push them to disclose data or take harmful actions. In testing, an agent forwarded 124 emails containing personal and financial details, while others deleted files and reassigned admin access. This underscores the need for robust agent permissions.

Vertex AI Agent Engine Flaw Exposes Cloud Credentials

Researchers observed a flaw in Google Cloud's Vertex AI Agent Engine that could let attackers extract service agent credentials and pivot into customer projects. The exposed privileges enabled access to storage and Artifact Registry resources. Permissive OAuth scopes also increased the risk of wider Google Workspace exposure.

Vulnerabilities and Patches

Cisco Urges Immediate Patching for Critical Auth Bypass

Cisco released urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller (IMC) software. This vulnerability affects devices such as ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover. Organizations are advised to apply patches immediately.

Stay informed for next week's threat intelligence report to keep your defenses up-to-date.