Weekly Cyber Threat Digest: April 20, 2025

Top Attacks and Breaches

Booking.com Confirms Customer Data Exposure

The Amsterdam-based travel platform Booking.com has acknowledged a data breach after unauthorized individuals accessed reservation details belonging to some customers. Exposed information includes names, email addresses, phone numbers, physical addresses, and booking specifics. The company has reset reservation PINs and notified affected users, warning of potential phishing attacks leveraging the stolen data.

McGraw-Hill Suffers Salesforce Breach Affecting 13.5 Million Accounts

Global educational publisher McGraw-Hill disclosed a data breach following an extortion attempt. Attackers accessed its Salesforce environment, leaking names, email addresses, phone numbers, and physical addresses tied to approximately 13.5 million accounts. The company stated that no payment card information was exposed in the incident.

EssentialPlugin Supply Chain Compromise Hits Thousands of WordPress Sites

EssentialPlugin, a developer of WordPress plugins, suffered a supply chain attack that pushed malicious updates to more than 30 of its plugins, affecting thousands of websites. The backdoored code allowed unauthorized access and creation of spam pages. WordPress.org has closed the affected plugins, but infections may persist on already compromised sites.

Basic-Fit Data Breach Exposes One Million Members' Bank Details

Basic-Fit, Europe's largest gym chain, reported a breach after attackers accessed a franchise-wide system used to track club visits. The incident leaked bank account details and personal data for approximately one million members across six countries. Passwords and identity documents were not affected, according to the company.

AI Threats

Hackers Weaponize Claude Code and GPT-4.1 to Breach Mexican Government Agencies

Researchers revealed that a lone hacker used Claude Code and OpenAI's GPT-4.1 to breach nine Mexican government agencies. The AI-driven commands accelerated reconnaissance, executing 5,317 actions across 34 sessions and accessing 195 million taxpayer records and 220 million civil records. Safety filters were bypassed through prompt manipulation and an injected hacking manual.

Fake Claude Pro Installer Distributes PlugX Malware

A phishing campaign impersonating Anthropic's Claude AI uses a fake Claude Pro installer for Windows. The package displays a working application to distract victims while abusing a trusted program to sideload PlugX malware. This enables remote access and persistence on compromised systems.

Prompt Injection Hijacks AI Agents in GitHub Workflows

Researchers demonstrated a prompt injection technique that hijacks AI agents used in GitHub workflows from major vendors. Malicious instructions hidden in pull request titles or comments can make the agents run commands and expose repository secrets—including access tokens and API keys—during automated development tasks.

Vulnerabilities and Patches

CISA Warns of Active Exploitation in Apache ActiveMQ (CVE-2026-34197)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of CVE-2026-34197, a high-severity code injection flaw in Apache ActiveMQ. With a CVSS score of 8.8, the vulnerability allows remote code execution. Patches are available in versions 5.19.4 or 6.2.3. Check Point IPS provides protection against this threat (Apache ActiveMQ Code Injection (CVE-2026-34197)).

Splunk Patches High-Severity Vulnerability (CVE-2026-20204)

Splunk has released fixes for CVE-2026-20204, a high-severity vulnerability that could allow attackers to execute arbitrary code. Further details are limited, but organizations are urged to apply updates promptly to mitigate risk.