Weekly Threat Intelligence: Critical Breaches, AI Exploits, and Patches (April 2025)
Summary of key cyber incidents: Vercel, France Titres, UK Biobank, Bitwarden breaches; AI threats from Anthropic, Bissa Scanner, Google IDE; critical patches from Microsoft and Apple.
The final week of April 2025 brought a flurry of significant cybersecurity events, ranging from supply-chain compromises and large-scale data breaches to novel AI-driven attack platforms and urgent patch releases. This report summarizes the most impactful incidents, offering actionable insights for defenders and highlighting emerging threat vectors.
Top Attacks and Breaches
Vercel Breach Via Context.ai OAuth Token Theft
Vercel, a frontend cloud platform, disclosed a security incident originating from a compromise at Context.ai. Attackers obtained stolen OAuth tokens that allowed unauthorized access to a connected application. The breach exposed employee information, internal logs, and a subset of environment variables. Vercel emphasized that the most sensitive secrets remained secure.
France Titres Data Leak
On April 15, France Titres—the national authority for identity and registration documents—detected a data breach. The incident potentially exposed names, birth dates, email addresses, login IDs, and some physical addresses and phone numbers. A hacker subsequently listed the purported agency data for sale on dark web marketplaces.
UK Biobank Health Data Offered for Sale
UK Biobank, a major research organization, confirmed a breach after de-identified health data of 500,000 volunteers was advertised for sale on Chinese marketplaces. Officials reported that the listings were removed and believed to be unsold. In response, access was suspended, the research platform was shut down, and download limits were imposed.
Bitwarden Supply-Chain Attack via Malicious npm Package
Password manager Bitwarden suffered a supply-chain attack when a malware-tainted CLI release was published to npm on April 22. Bitwarden stated that 334 developers installed version 2026.4.0 during a brief window, potentially exposing credentials. The attack exploited a hijacked GitHub account, though vault data remained unaffected.
AI Threat Landscape
Unauthorized Access to Anthropic’s Claude Mythos Preview
Researchers flagged unauthorized access to Anthropic’s Claude Mythos Preview, an unreleased AI cyber model, through a third-party vendor environment. A small Discord group reportedly used shared contractor accounts, API keys, and predictable URLs to reach the system. Anthropic stated it is investigating and has not seen impact to core systems.
Bissa Scanner AI-Assisted Exploitation Platform
Researchers observed Bissa Scanner, an AI-assisted exploitation platform leveraging Claude Code and OpenClaw. The tool performed mass scanning, exploitation, and credential harvesting, focusing on the React2Shell vulnerability (CVE-2025-55182). It scanned millions of targets, confirmed over 900 compromises, and collected tens of thousands of exposed environment files.
Prompt-Injection Chain in Google’s Antigravity IDE
Researchers highlighted a prompt-injection exploit chain in Google’s Antigravity agentic IDE that enabled sandbox escape and remote code execution. The flaw abused a file search tool that executed before security checks, letting attackers convert a benign prompt into system compromise—even in Secure Mode. Google patched the vulnerability.
Vulnerabilities and Patches
Microsoft Issues Out-of-Band Fix for ASP.NET Core Flaw
Microsoft released out-of-band fixes for CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core rated 9.1. The bug affected Data Protection versions 10.0.0 to 10.0.6. Attackers could forge cookies and antiforgery tokens, impersonate users, and gain SYSTEM-level access on Linux or macOS deployments. All users are urged to apply the update immediately.
Apple Patches Notification Services Bug in iOS and iPadOS
Apple released fixes for CVE-2026-28950 in iOS and iPadOS, addressing a Notification Services bug that could allow arbitrary code execution through specially crafted notifications. The vulnerability was reportedly actively exploited in the wild. Users should update to the latest version of iOS/iPadOS to mitigate the risk.
These incidents highlight the growing sophistication of attacks, from supply-chain infiltrations to AI-powered exploitation. Organizations must enforce strict access controls, monitor for abnormal OAuth usage, and keep all software patched. The rapid emergence of AI-assisted attack tooling also underscores the need for advanced detection and response capabilities. Stay tuned for next week’s intelligence summary.