Originally reported by Security Affairs
TL;DR
Major cybercrime developments include ShinyHunters releasing the full Odido dataset in what's being called the Netherlands' biggest data leak in history, and attackers using Anthropic's Claude Code AI to steal 150GB from Mexican government systems. Meanwhile, law enforcement operations resulted in 30 arrests targeting child exploitation networks and the takedown of an AI-powered fake ID operation.
The Netherlands faces its biggest data leak in history with the Odido breach, while AI tools are being weaponized for sophisticated attacks against government systems.
The cybercrime landscape has seen significant developments this week, spanning from AI weaponization in government attacks to massive telecommunications breaches and coordinated law enforcement operations.
Cybercrime group ShinyHunters has leaked the complete dataset from Odido, the Dutch telecommunications company formed from the 2023 rebrand of T-Mobile Netherlands and Tele2. Security researchers are calling this the biggest data leak in Netherlands history.
Odido operates as one of the largest mobile network operators in the Netherlands, serving millions of customers. The breach potentially exposes sensitive customer data including personal information, account details, and telecommunications metadata. The full scope of the compromised data remains under investigation by Dutch authorities.
Attackers leveraged Anthropic's Claude Code AI assistant to orchestrate a sophisticated cyberattack against Mexican government systems, according to Israeli cybersecurity firm Gambit Security. The threat actors used the AI tool to develop custom exploits, create specialized attack tools, and automate the exfiltration of over 150GB of sensitive government data.
This incident represents a concerning evolution in threat actor capabilities, demonstrating how publicly available AI coding assistants can be repurposed for large-scale cyber espionage operations. The automated nature of the attack suggests a level of sophistication that could lower barriers for less technically skilled attackers.
Europol's year-long Project Compass operation resulted in 30 arrests targeting "The Com," a cybercrime network specializing in crimes against children and teenagers. The coordinated international effort identified 62 victims and successfully protected four children from immediate harm.
The operation demonstrates continued law enforcement focus on networks exploiting minors online. Project Compass involved multiple European agencies working in coordination to map the network's infrastructure and identify both operators and victims across jurisdictions.
Ukrainian citizen Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI-powered platform that generated and sold over 10,000 counterfeit identity documents globally. The operation, prosecuted by the Southern District of New York, represents one of the largest AI-driven identity fraud schemes uncovered to date.
OnlyFake utilized artificial intelligence to create realistic-looking government identification documents, bypassing traditional detection methods used by financial institutions and other verification systems. The case highlights the dual-use nature of AI technology in criminal enterprises.
Oasis Security researchers disclosed "ClawJacked," a high-severity vulnerability in the OpenClaw AI agent platform that allowed malicious websites to hijack local AI agent instances through brute-force attacks. The flaw enabled silent data theft from compromised systems.
OpenClaw addressed the vulnerability in version 2026.2.26, released following coordinated disclosure. The issue underscores emerging security challenges in AI agent architectures, particularly around authentication and access control for locally-running AI services.
Originally reported by Security Affairs