6th April – Threat Intelligence Report

Check Point Research reports multiple critical threats across supply chain, AI, and infrastructure domains. The European Commission confirmed a breach via the Trivy supply chain attack affecting its Europa.eu platform and at least one AWS account. Hasbro suffered a network compromise with recovery expected to take weeks. Cryptocurrency platform Drift Protocol experienced a $280 million breach through manipulated Security Council approvals. AI research revealed critical risks including a covert data exfiltration channel in ChatGPT, credential extraction vulnerabilities in Google Cloud's Vertex AI, and concerning capabilities in Anthropic's Claude 'Mythos' model. Critical vulnerabilities include active exploitation of Chrome's WebGPU flaw (CVE-2026-5281), Cisco authentication bypass (CVE-2026-20093), F5 BIG-IP RCE (CVE-2025-53521), and TrueConf zero-day (CVE-2026-3502) deployed by Chinese-nexus TrueChaos. Organizations should prioritize patching critical infrastructure, monitor AI data flows, and implement supply chain verification controls.

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident […] The post 6th April – Threat Intelligence Report appeared first on Check Point Research .

Check Point Research reports multiple critical threats across supply chain, AI, and infrastructure domains. The European Commission confirmed a breach via the Trivy supply chain attack affecting its Europa.eu platform and at least one AWS account. Hasbro suffered a network compromise with recovery expected to take weeks. Cryptocurrency platform Drift Protocol experienced a $280 million breach through manipulated Security Council approvals. AI research revealed critical risks including a covert data exfiltration channel in ChatGPT, credential extraction vulnerabilities in Google Cloud's Vertex AI, and concerning capabilities in Anthropic's Claude 'Mythos' model. Critical vulnerabilities include active exploitation of Chrome's WebGPU flaw (CVE-2026-5281), Cisco authentication bypass (CVE-2026-20093), F5 BIG-IP RCE (CVE-2025-53521), and TrueConf zero-day (CVE-2026-3502) deployed by Chinese-nexus TrueChaos. Organizations should prioritize patching critical infrastructure, monitor AI data flows, and implement supply chain verification controls. For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident […] The post 6th April – Threat Intelligence Report appeared first on Check Point Research . For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft, while websites and internal systems remained operational. Global toys and games manufacturing giant Hasbro has disclosed a cyberattack after detecting unauthorized access to its network on March 28. Some systems were taken offline, and the company warned that recovery could take weeks and cause delays. Cryptocurrency trading platform Drift Protocol on Solana has suffered a major breach after an attacker gained enough Security Council approvals to execute pre-signed transactions on April 1. Drift said roughly $280 million was affected, froze platform activity, and stated the incident did not involve a smart contract flaw or seed phrase compromise. Luxury camping providers Roan and Eurocamp have experienced a data breach that exposed guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are using the stolen data in WhatsApp payment scams, while the companies said the flaw was patched and no passwords or payment data were taken. AI THREATS Check Point Research demonstrated a hidden outbound channel in ChatGPT’s execution runtime that enabled silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS. Check Point warns that based on leaked details about Anthropic’s Claude “Mythos”, the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. The new capabilities could sharply reduce time to exploit and make advanced offensive techniques more broadly accessible. Researchers examined six AI agents and found that impersonation and fabricated urgency can push them to disclose data or take harmful actions. In testing, an agent forwarded 124 emails containing personal and financial details, while others deleted files and reassigned admin access. Researchers observed a flaw in Google Cloud’s Vertex AI Agent Engine that could let attackers extract service agent credentials and pivot into customer projects. The exposed privileges enabled access to storage and Artifact Registry resources, and permissive OAuth scopes also increased the risk of wider Google Workspace exposure. VULNERABILITIES AND PATCHES Cisco released urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller software used across ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover. Researchers discovered CVE-2026-5281, a zero-day memory flaw in Chrome’s WebGPU component, Dawn, that also impacts Edge, Brave, Opera, and other Chromium-based browsers. The vulnerability is being actively exploited and can enable code execution on user systems, prompting inclusion in CISA’s Known Exploited Vulnerabilities catalog. Progress has addressed two critical ShareFile vulnerabilities, including CVE-2026-2699 with a CVSS score of 9.8, that can be chained for unauthenticated remote code execution. The flaws...