The past 24 hours have seen a surge in high-profile cybersecurity incidents, including data breaches, phishing campaigns, and emerging threats. This report provides an in-depth look at these events and their broader implications for the cybersecurity landscape.
AI and Supply Chain Attacks
Meta has paused its relationship with Mercor, an AI data vendor, following a security breach that may have exposed proprietary AI training data, including data selection criteria, labeling processes, and training strategies. The incident, first reported by Wired, is under investigation by multiple AI labs, including OpenAI and Google. The breach is linked to a supply-chain attack involving the LiteLLM library, where malicious code was inserted to steal credentials. The hacking group Lapsus$ claimed to have accessed Mercor’s data, publishing samples online. Meta’s suspension highlights structural vulnerabilities in the AI ecosystem, where reliance on external vendors increases attack surfaces. Recent discussions have emphasized the need for stronger risk management in AI supply chains.
The breach at Mercor was confirmed to be a supply-chain attack involving the LiteLLM library, widely used to connect applications with AI services. The attack allowed threat actors to collect login credentials and potentially access internal systems. The breach has raised concerns for Mercor’s partners, including Anthropic, OpenAI, and Meta, as leaked data may include internal communications, ticketing information, and system records. The incident is attributed to TeamPCP, a group specializing in supply-chain attacks, and Lapsus$, known for phishing and social engineering. Mercor has launched a third-party forensic investigation and is notifying affected users. Mercor’s confirmation underscores the complexity and risks associated with supply-chain dependencies in AI development.
AI and Supply Chain Attacks
Meta has paused its relationship with Mercor, an AI data vendor, following a security breach that may have exposed proprietary AI training data, including data selection criteria, labeling processes, and training strategies. The incident, first reported by Wired, is under investigation by multiple AI labs, including OpenAI and Google. The breach is linked to a supply-chain attack involving the LiteLLM library, where malicious code was inserted to steal credentials. The hacking group Lapsus$ claimed to have accessed Mercor’s data, publishing samples online. Meta’s suspension highlights structural vulnerabilities in the AI ecosystem, where reliance on external vendors increases attack surfaces.
Mercor is a $10 billion AI startup and confirmed a cybersecurity incident tied to the LiteLLM library, a widely used tool that connects applications with AI services. The attack allowed threat actors to collect login credentials and potentially access internal systems. The breach has raised concerns for Mercor’s partners, including Anthropic, OpenAI, and Meta, as leaked data may include internal communications, ticketing information, and system records. The incident is attributed to TeamPCP and Lapsus$. Mercor has launched a third-party forensic investigation and is notifying affected users. This attack underscores the growing threat of supply-chain vulnerabilities in the AI sector. Meanwhile, the breach at Mercor also highlights the importance of vendor risk management in AI supply chains.
The attack on Mercor is part of a broader trend of supply-chain attacks targeting AI and tech companies. These attacks exploit vulnerabilities in third-party software and services, making it crucial for organizations to implement robust vendor risk management practices. This includes thorough vetting of vendors, regular security audits, and stringent access controls. Additionally, the incident emphasizes the need for continuous monitoring and incident response plans to mitigate the impact of such breaches.
Phishing and Cyber Fraud
Trend Micro identified five banking malware families targeting customers of seven Indian banks to steal personal and credit card information via phishing campaigns. The attacks exploit fake login pages and social engineering to trick victims into divulging sensitive data. While details on the specific banks and malware strains were not disclosed, the scale of the operation suggests a coordinated effort by cybercriminal syndicates (Trend Micro).
The Rajasthan Police issued a public advisory warning citizens against handing over mobile phones to strangers, citing a rise in cyber fraud at public places like bus stands and railway stations. Fraudsters use call-forwarding scams (dialing *#21# to check status) to divert OTPs to their numbers, enabling unauthorized access to banking and social media accounts. Police advised using speaker mode for calls and securing payment apps with biometric/PIN locks. Victims are urged to report incidents via the cybercrime helpline (1930) (kcnet.in).
Transnational Cybercrime and Scam Operations
Cambodian authorities raided a telecom scam compound in Kampot province, housing 6,000–7,000 people across 31 buildings. The facility, operated by former tycoon Ly Kuong, included medical clinics, eateries, and luxury amenities but was abandoned after his detention on January 17, 2026. The crackdown highlights the scale of Southeast Asia’s scam industry, which has drawn victims globally. Analysts suggest the operation presents a rare opportunity for U.S.-China collaboration in dismantling transnational crime networks. The operation was a significant blow to the region’s illicit activities, revealing the extensive infrastructure supporting these scams. The compound’s abandonment following Kuong’s arrest underscores the pivotal role of key figures in sustaining such operations. This incident highlights the global reach of these scams, affecting numerous countries and necessitating international cooperation.
Final words
The diverse and evolving threats in the cybersecurity landscape, from government breaches to AI supply-chain attacks and transnational scams, highlight the need for vigilant monitoring and stricter vendor risk management. Phishing and social engineering continue to exploit human trust, emphasizing the importance of enhanced multi-factor authentication and third-party audits. Collaborative efforts, such as U.S.-China cooperation, are essential to combat cross-border cybercrime. Standardized security frameworks provide actionable tools for assessing and mitigating risks in cloud ERP and AI systems. Organizations and individuals must stay informed and proactive to mitigate emerging threats.