Weekly Cybersecurity Bulletin: Major Breaches, AI Threats, and Critical Patches (April 13 Edition)

Top Attacks and Breaches

This week's threat landscape reveals significant incidents affecting law enforcement, healthcare, political entities, and financial services. Below are the most notable attacks and breaches.

LAPD Data Breach Exposes Sensitive Records

The Los Angeles Police Department confirmed a data breach involving a digital storage system used by the L.A. City Attorney's Office. The exposure included 7.7 terabytes of data and over 337,000 files, encompassing personnel records, internal affairs materials, and unredacted personal information. The scale of this incident raises serious privacy and operational security concerns for law enforcement personnel.

ChipSoft Ransomware Disrupts Dutch Hospitals

ChipSoft, a Dutch healthcare software vendor whose HiX platform is widely used across the Netherlands, suffered a ransomware attack that forced the company to disable patient and provider services. Multiple hospitals disconnected from ChipSoft's systems, disrupting medical operations. The company warned that the threat actor may have gained unauthorized access to patient data, potentially leading to further data breaches.

Qilin Ransomware Targets German Political Party

The ransomware group Qilin claimed responsibility for a cyberattack against the German political party Die Linke, which forced the party to shut down its IT infrastructure in late March. While the party stated that membership databases remained unaffected, Qilin threatened to leak stolen sensitive employee and party information. Check Point Endpoint and Threat Emulation provide protection against this specific ransomware variant (Ransomware.Wins.Qilin).

Bitcoin Depot Crypto Theft

Bitcoin Depot, a US cryptocurrency ATM operator with over 25,000 kiosks and checkout locations, disclosed a cyberattack that allowed attackers to steal credentials tied to digital asset settlement accounts. The perpetrators transferred more than 50 BTC (valued at over $3.6 million) from company-controlled wallets before access was blocked.

Emerging AI Threats

This week's report highlights novel attack vectors targeting artificial intelligence systems. These vulnerabilities demonstrate the expanding attack surface as organizations adopt AI-driven tools.

GrafanaGhost: Silent Data Exfiltration via Prompt Injection

Researchers identified a new attack called GrafanaGhost, which targets Grafana's AI components. The technique chains indirect prompt injection with an image URL validation bypass to silently exfiltrate enterprise data. Financial records, infrastructure details, and customer information can be stolen in the background without user awareness. Grafana has already addressed this weakness in its platform.

AI Agent Traps Framework

Security researchers outlined AI Agent Traps, a framework describing six web-based attack classes that can manipulate autonomous AI agents through malicious web content. These methods can inject hidden instructions, poison reasoning processes, corrupt memory, and steer tool usage. The framework shows how seemingly benign web pages can turn agent workflows into attack surfaces, posing risks to automated decision-making systems.

AI Supply Chain Risks from Third-Party Routers

A growing AI supply chain risk was measured: third-party API routers for AI models can hijack agent tool calls to alter commands and steal credentials. In controlled testing, several routers injected malicious code, abused intercepted cloud keys, and even triggered wallet theft from a researcher's environment. This underscores the need for rigorous vetting of third-party AI infrastructure components.

Critical Vulnerabilities and Patches

Ivanti Endpoint Manager Mobile Code Injection Flaw

CISA warns of active exploitation of CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile. This flaw allows unauthenticated remote code execution and full compromise of affected servers, with a CVSS score of 9.8. It affects multiple versions from 12.5 through 12.7 releases and has been exploited in the wild. Check Point IPS provides protection against this threat.

For comprehensive protection against these and other emerging threats, organizations should review their security postures and ensure timely patch application, especially for the Ivanti vulnerability. The incidents described in the attacks section and AI threats section highlight the diverse methods attackers employ across industries.