Security Check-in Quick Hits: Copilot Stealth Attacks, BLACKWATER Ransomware Debut, AI Zero-Day Hunters, and Supply Chain Wake-Up Calls

For April 12, 2026

GitHub Copilot Chat “CamoLeak” Vulnerability Exposes Private Repo Secrets

A high-severity flaw in GitHub Copilot Chat (tracked as CVE-2025-59145, CVSS 9.6) let attackers silently steal source code, API keys, and cloud credentials from private repositories.

Attackers hid malicious prompt-injection instructions inside invisible markdown comments in a pull request description. When a developer asked Copilot to review the PR, the AI parsed the hidden commands, scoured the codebase for sensitive data, base16-encoded it, and exfiltrated it by embedding the payload in pre-signed 1×1 pixel image URLs. These URLs bypassed GitHub’s Content Security Policy because they used trusted infrastructure. The entire process required zero malicious code execution on the victim’s machine.

GitHub patched the issue back in August 2025 by disabling image rendering in Copilot Chat, but the incident underscores a broader risk: any AI coding assistant with deep repo access can become an unwitting exfiltration channel when fed untrusted content. Developers using Copilot (or similar tools like Microsoft 365 Copilot or Google Gemini) should review PRs manually before letting AI touch them and enable strict prompt-sanitization policies. The CamoLeak campaign proves that the next big data breach might not come from malware—it could come from your helpful AI sidekick.

New BLACKWATER Ransomware Group Claims Turkish Healthcare Giant

A brand-new ransomware operation called BLACKWATER just announced its first major victim: Medical Park Hospitals Group, Turkey’s largest private healthcare network operating 36 hospitals.

The group added the victim to its leak portal on April 12, 2026, claiming 3.3 TB of stolen data. The attack is estimated to have occurred around March 20. Healthcare remains the most targeted sector for ransomware, and this fresh player signals yet another group entering the lucrative field of hospital extortion.

No ransom demand details or leaked samples have surfaced publicly yet, but the rapid public claim suggests BLACKWATER is following the classic double-extortion playbook: encrypt systems and threaten to dump patient records, financial data, and operational files. Hospitals everywhere should treat this as an immediate reminder to review offline backups, segment networks, and test incident response playbooks—especially with healthcare ransomware incidents already dominating 2025-2026 headlines.

Anthropic’s Claude Mythos Preview and Project Glasswing: AI as Both Cyber Weapon and Shield

Anthropic has quietly launched Project Glasswing—a private consortium that gives Apple, Google, Microsoft, Amazon, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other major tech, finance, and critical-infrastructure players exclusive early access to its Claude Mythos Preview model.

Trained primarily for code, the model turned out to be an elite cybersecurity researcher: it can discover thousands of critical vulnerabilities (including decades-old bugs missed in heavily audited code), craft full attack chains and proofs-of-concept, perform penetration testing, hunt misconfigurations, and analyze binaries without source access. The goal? Let defenders patch systems before the model goes public and bad actors weaponize it.

Access is tightly restricted and staggered to follow coordinated vulnerability disclosure principles. The news also sparked emergency meetings at the U.S. Treasury and White House over the national-security implications of language models that can find zero-days in seconds.

Bottom line: powerful AI is about to accelerate both offense and defense at unprecedented scale. Organizations that don’t start building AI-hardened defenses now may find themselves outpaced in 6–24 months.

Axios npm Supply-Chain Attack Hits OpenAI’s macOS Signing Pipeline

On March 31, 2026, attackers compromised the maintainer account of the popular Axios npm library and published malicious versions (1.14.1 and others) that dropped a cross-platform Remote Access Trojan.

OpenAI’s GitHub Actions workflow for macOS app signing pulled the tainted package, giving the attackers temporary access to signing certificates and notarization materials used for ChatGPT Desktop, Codex, and other apps. OpenAI moved quickly, found no evidence of user data access or IP compromise, and is hardening the pipeline.

This incident—widely believed to involve North Korea-linked actors—highlights how a single compromised dependency in a CI/CD pipeline can threaten even the most security-conscious organizations. The TryHackMe “Axios Chain Reaction” room that dropped this weekend turns the real-world event into a hands-on learning lab, simulating the exact kill chain that compromised millions of potential installs.

Takeaway for the weekend: Audit every third-party dependency, enforce Trusted Publishing where possible, and treat supply-chain hygiene as a board-level issue. The era of “it’s just a library” is officially over.

Stay safe out there—patch fast, monitor your AI tools, and keep those backups offline. See you in the next Security Check-in.