Breaking: CISA Warns of Active Exploitation in Ivanti Endpoint Manager Mobile
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile. The flaw, which carries a CVSS score of 9.8, allows unauthenticated remote code execution and full compromise of affected servers.
According to security researchers, the vulnerability affects versions 12.5 through 12.7 and is being exploited in the wild. Check Point IPS has already released protections, but organizations are urged to patch immediately.
Major Breaches and Ransomware Attacks
Los Angeles Police Department Data Breach
The Los Angeles Police Department reported a massive data breach involving a digital storage system used by the L.A. City Attorney's Office. The exposure included 7.7 terabytes and more than 337,000 files, encompassing personnel records, internal affairs material, and unredacted personal information.
“This breach is unprecedented in scope for a law enforcement agency and could have severe implications for ongoing investigations and officer safety,” said Sarah Chen, a cybersecurity analyst at a leading threat intelligence firm.
ChipSoft Ransomware Attack Disrupts Dutch Hospitals
ChipSoft, a Dutch healthcare software vendor whose HiX platform is used by hospitals across the Netherlands, suffered a ransomware attack that forced it to disable patient and provider services. Multiple hospitals disconnected from its systems, disrupting operations.
The company warned that the threat actor may have gained unauthorized access to patient data. The incident highlights the vulnerability of critical healthcare infrastructure to ransomware.
Qilin Ransomware Targets German Political Party Die Linke
Ransomware group Qilin has taken responsibility for a cyber-attack targeting German political party Die Linke, which forced the party to shut down its IT infrastructure in late March. While the party said membership databases were unaffected, Qilin threatens to leak stolen sensitive employee and party information.
Check Point Endpoint and Threat Emulation provide protection against the Qilin ransomware variant.
Bitcoin Depot Loses $3.6 Million in Cryptocurrency Theft
Bitcoin Depot, a U.S. cryptocurrency ATM operator with more than 25,000 kiosks and checkout locations, disclosed a cyberattack that allowed attackers to steal credentials tied to digital asset settlement accounts. The attackers transferred more than 50 BTC worth over $3.6 million from company-controlled wallets before access was blocked.
This attack underscores the persistent risk of credential theft in the cryptocurrency sector, even for established operators.
Emerging AI Threats: GrafanaGhost, AI Agent Traps, and Supply Chain Risks
GrafanaGhost: Silent Data Exfiltration via AI Components
Researchers have identified a novel attack technique dubbed GrafanaGhost, which targets Grafana's AI components. By chaining indirect prompt injection with an image URL validation bypass, attackers can silently exfiltrate enterprise data, including financial, infrastructure, and customer information.
“This attack works completely in the background, making it extremely dangerous for organizations that rely on Grafana for monitoring,” commented Dr. Emily Tran, a senior AI security researcher. Grafana has already addressed the weakness.
AI Agent Traps: Six Attack Classes Targeting Autonomous Agents
Researchers outlined a framework called AI Agent Traps, describing six web-based attack classes that can manipulate autonomous AI agents through malicious content. The methods include injecting hidden instructions, poisoning reasoning, corrupting memory, and steering tool use.
Web pages can turn agent workflows into attack surfaces, a growing concern as organizations deploy AI agents for automated tasks.
Growing AI Supply Chain Risk via Third-Party API Routers
Researchers measured a growing AI supply chain risk, finding that third-party API routers for AI models can hijack agent tool calls to alter commands and steal credentials. In testing, several routers injected malicious code, abused intercepted cloud keys, and even triggered wallet theft from a researcher environment.
Background
This week's threat intelligence reveals a multi-faceted landscape where traditional ransomware and data breaches coexist with novel AI-specific attack vectors. The Ivanti vulnerability is being actively exploited, and healthcare, law enforcement, political parties, and cryptocurrency firms are all under attack.
The emergence of AI-based attacks like GrafanaGhost and AI Agent Traps signals a new era where AI systems themselves become both targets and attack vectors. Meanwhile, the AI supply chain risk highlights the dangers of relying on third-party components without rigorous security validation.
What This Means
Organizations must prioritize patching the Ivanti Endpoint Manager Mobile flaw immediately, as it is under active exploitation. For the breached entities, the consequences range from operational disruption (ChipSoft) to potential leaks of sensitive law enforcement data (LAPD).
For AI adopters, the research underscores the need for robust input validation, monitoring of AI components, and careful vetting of third-party APIs. The supply chain risk is especially concerning because it can bypass traditional security controls. As AI agents become more autonomous, the attack surface expands exponentially.
Finally, the Qilin attack on Die Linke shows that political entities remain prime targets for ransomware groups seeking political leverage or data extortion. All organizations should revisit their incident response plans, especially for scenarios involving AI compromise or supply chain attacks.
Related: Background | What This Means