A lone hacker weaponized Claude Code and OpenAI’s GPT-4.1 to breach nine Mexican government agencies, stealing 195 million taxpayer records and 220 million civil records. The attacker executed 5,317 actions across 34 sessions by bypassing safety filters through prompt manipulation and an injected hacking manual, according to researchers.
“This marks a new era where a single individual can deploy AI to automate reconnaissance and exploitation at an unprecedented scale,” said Dr. Elena Torres, lead threat intelligence analyst at Check Point Research. The attack exploited vulnerabilities in AI guardrails, turning generative AI into a force multiplier for cybercrime.
Top Attacks and Breaches
Booking.com confirmed a data breach after unauthorized access to reservation data. Exposed information includes names, email addresses, phone numbers, physical addresses, and booking details – creating a high phishing risk. The company reset reservation PINs and is notifying affected users.
McGraw-Hill disclosed a breach of its Salesforce environment affecting 13.5 million accounts. Leaked data includes names, email addresses, phone numbers, and physical addresses, though no payment card information was exposed. The breach followed an extortion attempt.
EssentialPlugin, a WordPress plugins developer, suffered a supply chain compromise that pushed malicious updates to more than 30 plugins on thousands of websites. The backdoored code enables unauthorized access and spam page creation. WordPress.org has closed the affected plugins, but infections may persist.
Basic-Fit, Europe’s largest gym chain, reported a breach of its franchise-wide system used to track club visits. One million members across six countries had bank account details and personal data accessed, though passwords and identity documents were not compromised.
AI Threats
In addition to the Mexican government breach, researchers detailed a phishing campaign impersonating Anthropic’s Claude AI. A fake Claude Pro installer for Windows delivers a working application to distract victims while abusing a trusted program to sideload PlugX malware, enabling remote access and persistence.
Another prompt injection technique was demonstrated that hijacks AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can make agents run commands and expose repository secrets – including access tokens and API keys – during automated development tasks.
Vulnerabilities and Patches
CISA warns of active exploitation of Apache ActiveMQ vulnerability CVE-2026-34197, a high-severity code injection flaw allowing remote code execution (CVSS 8.8). Apache has addressed the issue in versions 5.19.4 and 6.2.3. Check Point IPS provides protection against this threat.
Splunk released fixes for CVE-2026-20204, a high-severity vulnerability. Organizations are urged to apply patches immediately.
Background
The use of AI in cyberattacks is escalating rapidly. In the Mexican government breach, the attacker leveraged commercial AI models to automate reconnaissance and exploit discovery – a method previously seen only in nation-state operations. Meanwhile, supply chain attacks and credential phishing remain persistent vectors, as demonstrated by the EssentialPlugin and Booking.com incidents.
Regulatory bodies like CISA are increasingly flagging active exploitation of known vulnerabilities, underscoring the need for rapid patch management across enterprises.
What This Means
Organizations must treat AI as both a defensive tool and a threat vector. The Mexican breach shows that even basic prompt engineering can bypass safety filters, enabling AI-assisted cybercrime at scale. Security teams should monitor for unusual AI agent activity and implement strict guardrails on AI tool usage in development pipelines.
For consumers, data breaches at major platforms like Booking.com and Basic-Fit highlight the ongoing phishing risk. Users should enable multi-factor authentication and remain vigilant against unsolicited communications. The malware campaign targeting Claude users further demonstrates that attackers are quick to exploit the popularity of AI tools.