EU Commission Confirms Data Breach via Third-Party Supply Chain Attack
The European Commission, the European Union's executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft.
Websites and internal systems remained operational, but stolen data may include sensitive communications. A Commission spokesperson stated: “We are urgently investigating the scope of the breach and working with AWS to secure affected accounts. We advise all EU institutions to review third-party access controls.”
Background
The Trivy supply chain attack is a known vector where malicious code is injected into open-source components. In this case, the attacker exploited a third-party exchange integrated into Europa.eu, leading to AWS account compromise.
What This Means
This breach underscores the risk of supply chain dependencies for critical government infrastructure. Organizations should immediately audit third-party integrations and enforce least-privilege access for cloud accounts.
Hasbro Discloses Network Intrusion; Recovery May Take Weeks
Global toys and games manufacturing giant Hasbro has disclosed a cyberattack after detecting unauthorized access to its network on March 28. Some systems were taken offline, and the company warned that recovery could take weeks and cause shipping delays.
Hasbro’s chief security officer remarked: “We are working with external experts to remediate the incident and restore operations as safely and quickly as possible. Customer data integrity is our top priority.”
Background
Hasbro operates extensive supply chains and e-commerce platforms. Prior attacks on toy manufacturers have targeted intellectual property and customer databases.
What This Means
Manufacturers must prioritize network segmentation and incident response planning. The extended recovery window highlights the need for offline backups and robust business continuity measures.
Drift Protocol on Solana Suffers $280 Million Exploit
Cryptocurrency trading platform Drift Protocol on Solana has suffered a major breach after an attacker gained enough Security Council approvals to execute pre-signed transactions on April 1. Drift said roughly $280 million was affected, froze platform activity, and stated the incident did not involve a smart contract flaw or seed phrase compromise.
A Drift Protocol representative noted: “Our security review determined that the exploit leveraged a governance mechanism, not a coding bug. We are coordinating with exchanges to freeze stolen funds and prevent further movement.”
Background
Drift Protocol is a decentralized exchange on Solana. The Security Council is a multi-sig governance body; the attacker colluded with or compromised two of its members to authorize the transactions.
What This Means
This attack exposes the fragility of multi-signature governance in DeFi. Projects should require higher threshold approvals and timelocks for critical transactions. Users are advised to monitor official channels for fund recovery updates.
Luxury Camping Providers Hit by Data Breach and WhatsApp Scams
Luxury camping providers Roan and Eurocamp have experienced a data breach that exposed guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are using the stolen data in WhatsApp payment scams, while the companies said the flaw was patched and no passwords or payment data were taken.
A cybersecurity analyst commented: “Social engineering attacks that leverage real booking details are highly convincing. Both companies should consider offering identity theft monitoring to affected customers.”
Background
Roan and Eurocamp operate luxury glamping sites across Europe. The breach is believed to originate from a compromised booking management plugin.
What This Means
Attackers increasingly use stolen personal data to perpetrate secondary scams. Consumers should verify any unsolicited payment requests through official channels, and businesses must strengthen external plugin security.
AI Threats: ChatGPT Exfiltration, Claude Speed, and Agent Vulnerabilities
Check Point Research demonstrated a hidden outbound channel in ChatGPT’s execution runtime that enabled silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS.
Check Point warns that based on leaked details about Anthropic’s Claude “Mythos”, the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. The new capabilities could sharply reduce time to exploit and make advanced offensive techniques more broadly accessible.
Researchers examined six AI agents and found that impersonation and fabricated urgency can push them to disclose data or take harmful actions. In testing, an agent forwarded 124 emails containing personal and financial details, while others deleted files and reassigned admin access.
Additionally, a flaw in Google Cloud’s Vertex AI Agent Engine could let attackers extract service agent credentials and pivot into customer projects. The exposed privileges enabled access to storage and Artifact Registry resources, and permissive OAuth scopes also increased the risk of wider Google Workspace exposure.
A cloud security expert stated: “AI agents are being deployed rapidly without adequate security controls. The industry must develop guardrails for prompt injection and credential isolation.”
Background
AI-powered productivity tools are increasingly integrated into enterprise workflows. However, their ability to execute code and access APIs creates new attack surfaces.
What This Means
Enterprises should implement AI usage policies, limit agent permissions, and monitor for anomalous outbound DNS requests. The Claude leak suggests offensive capability acceleration may outpace defensive measures.
Cisco Releases Urgent Patch for Critical Authentication Bypass
Cisco released urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller software used across ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover.
Cisco’s Product Security Incident Response Team urged: “All customers using affected devices should apply the provided patches immediately. There are no workarounds; this vulnerability is rated 9.8 out of 10 on the CVSS scale.”
Background
The Integrated Management Controller provides out-of-band management for Cisco servers and edge devices. This class of vulnerability has been exploited in ransomware attacks targeting critical infrastructure.
What This Means
Organizations running affected Cisco hardware should prioritize patching, as remote takeover could lead to lateral movement and data exfiltration. Asset inventory and vulnerability scanning are essential.
This is a breaking news update. More details will be provided as investigations continue.