IT SECURITY
April 14, 2026 • 6 min read

A wave of ransomware attacks, major data breaches, and a groundbreaking AI vulnerability discovery tool dominate this week’s cybersecurity landscape. From Rockstar Games to Booking.com, no industry is spared — while Anthropic’s Mythos model exposes a fundamental truth: software flaws are being found far faster than they can be fixed.

Anthropic’s Mythos Finds Vulnerabilities Faster Than Companies Can Patch Them

VULNERABILITY

Anthropic has revealed that its new AI model, Mythos, is so capable at discovering and exploiting software vulnerabilities that the company has deemed it too dangerous for public release. Instead, access is being limited to a small group of major technology companies whose software underpins much of the world’s digital infrastructure.

According to Anthropic, Mythos has already discovered thousands of high-severity vulnerabilities — including critical flaws in every major operating system and web browser. Perhaps most alarming: over 99% of the vulnerabilities found remain unpatched. Security experts warn this exposes a fundamental gap between vulnerability discovery and remediation capacity, particularly in operational technology environments such as manufacturing, building systems, and power grids.

“Vulnerability discovery is outpacing patching,” said Shane Fry, CTO at RunSafe Security. The finding has prompted calls for a shift toward building exploit prevention directly into software, rather than relying on the traditional patch cycle.

Rockstar Games Hit by ShinyHunters Ransomware Attack

RANSOMWARE

Rockstar Games, the publisher behind the Grand Theft Auto franchise, has fallen victim to a ransomware attack orchestrated by the ShinyHunters group. The attackers issued a deadline of April 14 for the company to pay for stolen data, threatening to leak the compromised information publicly if demands were not met.

The exact scope of the breach remains under investigation, though ShinyHunters has a well-documented history of targeting major technology and gaming companies. The group has previously been linked to breaches involving substantial data exfiltration, often leveraging stolen credentials and supply chain access. This incident raises renewed concerns about the security posture of major entertainment companies holding valuable intellectual property.

Booking.com Notifies Customers of Reservation Data Breach

DATA BREACH

Booking.com has begun notifying customers that their reservation details were compromised in a data breach disclosed on April 12. The exposed information includes full names, addresses, booking dates and details, email addresses, phone numbers, and additional notes or requests made to hotels.

The breach carries particular significance for travellers, as the stolen reservation details could be weaponised for sophisticated phishing attacks. Security researchers warn that attackers could use the specific booking information to craft highly convincing scams, posing as hotels or Booking.com itself to extract payment details or additional personal data from affected customers.

Basic-Fit Breach Exposes Data of 200,000 Members and Bank Details of One Million

DATA BREACH

European gym chain Basic-Fit, which operates over 1,600 clubs across the continent, has disclosed a cyber attack compromising the personal data of approximately 200,000 members in the Netherlands and the bank details of roughly one million members across multiple countries.

The company stated that the unauthorised access was detected and contained within minutes of discovery. However, the scale of the exposure — particularly the banking information — is significant. Basic-Fit has begun notifying affected members and is working with authorities to investigate the full extent of the incident. The breach highlights the growing targeting of consumer-facing membership organisations that hold financial data at scale.

FBI Launches Operation Winter Shield After Ransomware Hits North Dakota Water Plant

CRITICAL INFRASTRUCTURE

A ransomware attack on Minot’s Water Treatment Plant in North Dakota disrupted operations and forced the facility to revert to manual management processes, raising serious public safety concerns. In response, the FBI has launched Operation Winter Shield, an initiative aimed at combating the rising tide of ransomware attacks targeting public utilities.

Meanwhile, threat actors have been exploiting the leaked source code from Anthropic’s Claude Code to create fraudulent GitHub repositories distributing malware including Vidar infostealer and GhostSocks proxy malware, targeting unsuspecting developers. The dual threats to both critical infrastructure and the developer supply chain underscore the expanding attack surface that organisations must defend in 2026.

ZY Media Productions

IT • Music • Technology