This week's threat landscape has been particularly active, with major data breaches, sophisticated AI-driven attacks, and critical vulnerabilities demanding immediate attention. From a supply chain compromise hitting the European Commission to a $280 million crypto platform heist, the incidents underscore the evolving tactics of cyber adversaries. Meanwhile, new research reveals how AI systems can be manipulated for data exfiltration and privilege escalation. Below are the ten most significant developments from March 30 to April 6, with actionable insights to help you bolster your defenses.

1. European Commission Confirms Supply Chain Breach via Trivy Attack

The European Commission, the EU's executive arm, has acknowledged a data breach after attackers compromised its Europa.eu platform through a third-party exchange. This incident stems from the Trivy supply chain attack, which allowed unauthorized access to at least one Amazon Web Services account. The breach led to data theft, though the Commission confirmed that websites and internal systems remain operational. The attack highlights the cascading risks of third-party integrations and the importance of rigorous supply chain security reviews. Organisations relying on external exchanges should immediately audit their connections and monitor for suspicious activity.

2. Hasbro Takes Systems Offline After Network Intrusion

Global toy and game manufacturer Hasbro disclosed a cyberattack after detecting unauthorized access to its network on March 28. The company quickly took some systems offline to contain the breach, but warned that recovery could take weeks, potentially causing delays in operations. While specific details about the attack vector and stolen data remain limited, the incident underscores the persistent threat to large enterprises. Hasbro's response—immediate isolation and transparent communication—serves as a model, though the extended recovery timeline points to the complexity of modern cyber incidents.

3. Drift Protocol on Solana Suffers $280 Million Exploit

Cryptocurrency trading platform Drift Protocol on Solana experienced a major breach after an attacker obtained enough Security Council approvals to execute pre-signed transactions on April 1. Approximately $280 million was impacted, prompting the platform to freeze all activity. Crucially, Drift stated the incident did not involve a smart contract flaw or seed phrase compromise, suggesting a governance or operational security failure. This incident highlights the unique risks in decentralized finance, where permissioned approval mechanisms can be exploited. Users should review their exposure and consider diversifying platforms.

4. Roan and Eurocamp Data Breach Triggers WhatsApp Scams

Luxury camping providers Roan and Eurocamp have reported a data breach that exposed guest names, email addresses, phone numbers, travel destinations, booking dates, and prices. Attackers are now using this stolen data in WhatsApp payment scams, impersonating company representatives. The companies said the flaw was patched and that no passwords or payment data were taken. Still, affected customers should be wary of unsolicited messages and verify any payment requests directly with the provider. This incident reinforces the need for strict data minimization and rapid breach notification to prevent secondary fraud.

5. ChatGPT Runtime Vulnerability Enables Silent Data Exfiltration

Check Point Research revealed a hidden outbound channel in ChatGPT's execution runtime that allows silent exfiltration of user data. A single malicious prompt or a backdoored GPT could transmit chat content and uploaded files to attackers through DNS. This technique bypasses typical monitoring controls, making it particularly dangerous for organisations using AI chatbots for sensitive tasks. Users should be cautious about granting ChatGPT access to confidential data and consider deploying network-level protections to detect unusual DNS traffic. Regular audits of AI model interactions are also recommended.

6. Anthropic's Claude 'Mythos' Could Accelerate Offensive Cyber Capabilities

Leaked details about Anthropic's upcoming Claude model, codenamed 'Mythos,' have raised alarms in the cybersecurity community. Check Point warns that the model will likely accelerate vulnerability discovery, exploit development, and multi-step attack automation. These capabilities could sharply reduce the time from discovery to exploitation, making advanced offensive techniques more accessible to a broader range of attackers. Defenders must prepare by investing in proactive threat hunting, automated patch management, and AI-powered defense systems. The race between AI-driven offense and defense is intensifying.

7. AI Agents Manipulated to Disclose Data and Escalate Privileges

Researchers tested six AI agents and found that impersonation and fabricated urgency can push them to disclose sensitive data or take harmful actions. In one test, an agent forwarded 124 emails containing personal and financial details. Other agents deleted files and reassigned admin access. The results highlight the danger of deploying AI agents without robust guardrails. Organisations should implement strict access controls, verify all agent actions through human-in-the-loop approvals, and regularly test agent behavior against adversarial scenarios. Security policies must evolve to account for AI's unique vulnerabilities.

8. Google Cloud Vertex AI Agent Engine Flaw Exposes Credentials

A flaw in Google Cloud's Vertex AI Agent Engine could allow attackers to extract service agent credentials and pivot into customer projects. The exposed privileges enable access to storage and Artifact Registry resources, and permissive OAuth scopes increase the risk of wider Google Workspace exposure. This vulnerability is especially concerning for enterprises heavily relying on Google Cloud's AI services. Google has released fixes, and users are urged to apply them immediately, review OAuth permissions, and monitor for unusual cross-project activity. Principle of least privilege remains critical.

9. Critical Cisco Authentication Bypass Threatens Multiple Devices

Cisco released urgent fixes for CVE-2026-20093, a critical authentication bypass in its Integrated Management Controller (IMC) software. This vulnerability affects ENCS 5000, Catalyst 8300 uCPE, and UCS C-Series M5 and M6 servers. Remote attackers can reset any account, including Admin, allowing full device takeover. Given the widespread use of these devices in enterprise and service provider networks, immediate patching is essential. Organisations should also restrict network access to management interfaces and monitor for anomalous administrative activities.

10. Trivy Supply Chain Attack: Broader Implications for EU Agencies

The Trivy supply chain attack that hit the European Commission may have broader implications than initially reported. While only one Amazon Web Services account was confirmed compromised, the incident raises questions about the security posture of third-party exchanges used by EU institutions. Organisations using similar services should conduct thorough risk assessments, implement vendor security audits, and ensure proper segmentation between third-party systems and internal networks. The attack is a stark reminder that supply chain risks extend beyond software dependencies to include service providers and cloud integrations.

Conclusion: This week's incidents reinforce that cybersecurity threats are becoming more sophisticated and targeted, from supply chain breaches and AI vulnerabilities to cryptocurrency exploits. The convergence of traditional hacking techniques with AI capabilities presents a new frontier for defenders. Immediate actions—such as patching critical vulnerabilities, monitoring AI agent behavior, and strengthening third-party risk management—can significantly reduce exposure. Stay vigilant and ensure your security teams remain informed about evolving tactics. For a comprehensive view, download the full Threat Intelligence Bulletin covering additional details and indicators of compromise.