ZeroFox Daily Intelligence Brief - April 14, 2026

ZeroFox Daily Intelligence Brief - April 14, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Game Developer Rockstar Games Impacted in Anodot Breach
• OpenAI Confirmed as Latest Victim of Axios Supply Chain Compromise
• Booking[.]com Warns Users of Data Breach

Game Developer Rockstar Games Impacted in Anodot Breach

Source: https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/

What we know: The ShinyHunters extortion group claims to have stolen nearly 80 million records from Rockstar Games, the maker of Grand Theft Auto, via the breach at AI-based anomaly detection firm Anodot.

Context: Rockstar Games denied any impact on organization or players. According to the group, the stolen data includes Snowflake instance metrics, customer support analytics, in-game purchase metrics, player behavior data, and game economy information.

Analyst note: The stolen data is likely to enable targeting of high-spending players with scams, timing attacks during peak activity, and mapping purchase behavior to exploit game economy loopholes. It is also likely to attract corporate rivals seeking to replicate retention strategies or exploit known issues using customer analytics

OpenAI Confirmed as Latest Victim of Axios Supply Chain Compromise

Source: https://www.securityweek.com/openai-impacted-by-north-korea-linked-axios-supply-chain-hack/

What we know: OpenAI disclosed it was impacted by the Axios supply chain attack, attributed to North Korean threat group UNC1069. The firm found that a malicious Axios version was executed via a GitHub Actions workflow in its macOS app-signing process, impacting signing certificates for apps like ChatGPT Desktop, Codex, Codex-cli, and Atlas.

Context: Axios was compromised in late March 2026 and was used to push malware targeting Windows, macOS, and Linux systems to establish remote access. Additionally, 135 machines have reportedly been affected, with the malicious package executed in about 3 percent of affected environments.

Analyst note: Rather than directly breaching high-value organizations like OpenAI, the threat actor infected the widely trusted Axios dependency to infiltrate environments possessing access to sensitive materials and integration across multiple systems. Even though compromise was contained rapidly, the threat actor has likely Identified and prioritized high-value systems or users for follow-on operations.

Booking[.]com Warns Users of Data Breach

Source: https://www.theregister.com/2026/04/13/bookingcom_breach/

What we know: Booking[.]com, the world’s leading online travel agency, is warning users that their reservation details may have been exposed to unknown threat actors. The platform has changed the booking PINs for the affected users as a precaution.

Context: Breached data reportedly includes names, contact information, reservation details, and messages exchanged with hotels via the platform and excludes financial data. Booking[.]com has faced multiple data breaches before including instances where hotel accounts were hijacked to extort users.

Analyst note: Exposed individuals and entities are likely at risk of phishing and social engineering attacks aiming for financial theft. Breached data is also likely to enable threat actors to approach hotels while impersonating affected individuals to modify booking information.

DEEP AND DARK WEB INTELLIGENCE

Basic-Fit alleged data breach: Major European gym chain Basic-Fit has confirmed a data breach, allegedly impacting at least 1 million members from multiple countries including the Netherlands, Belgium, France, Germany, Luxembourg, and Spain. Breached data contains personally identifiable information (PII) as well as bank details, though passwords were not impacted. Stolen data is likely to be advertised on dark web forums. Exposed individuals are very likely to be targeted in phishing, social engineering, and identity theft attacks for financial fraud.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2026-5194: This cryptographic validation flaw in the wolfSSL library weakens certificate validation by improperly checking hash algorithms and sizes in digital signatures. WolfSSL is a lightweight SSL/TLS library designed for embedded systems, IoT devices, and critical infrastructure environments. Threat actors are likely to carry out man-in-the-middle attacks where they can forge certificates to intercept and manipulate encrypted communications.

Affected products: WolfSSL versions prior to 5.9.1