ELEVATED 3 min read 12 Apr 2026

Akira Breaches French Aerospace Supplier Gauthier Connectique; CamoLeak Vulnerability Targets GitHub Copilot

A 42GB data breach at French aerospace supplier Gauthier Connectique by the Akira ransomware group signals a sharp escalation in industrial supply-chain targeting. Simultaneously, the discovery of 'CamoLeak' in GitHub Copilot Chat exposes a silent path for source-code and API-key exfiltration via malicious markdown comments.

Key findings
01
Akira Targets French Aerospace Supply Chain via Gauthier Connectique
HIGH
[High] Confidence: High The Akira ransomware group has reportedly exfiltrated 42GB of sensitive data from Gauthier Connectique, a prominent French manufacturer of connectors for civilian and military aerospace applications. The stolen data is said to include blueprints and detailed financial records.
02
Qilin Ransomware Expands EU Industrial Victim List
HIGH
[High] Confidence: High The Qilin ransomware group has added two additional European industrial victims to its disclosure site: A Roettgers (Germany) and Guerin Glass (France). These additions confirm a sustained campaign targeting manufacturing and industrial service sectors across the EU.
03
CamoLeak: GitHub Copilot Chat Vulnerability Exfiltrates Source Code (CVE-2025-59145)
HIGH
[High] Confidence: High A new vulnerability known as 'CamoLeak' (CVE-2025-59145) has been identified in GitHub Copilot Chat. Research shows that hidden markdown comments in untrusted repositories can trigger prompt-injection attacks when a developer interacts with the code.
CVE-2025-59145
04
Update: Fortinet FortiClient EMS Public PoC Released (CVE-2026-35616)
HIGH
[High] Confidence: High Update: A public Proof-of-Concept (PoC) exploit has been released for the critical vulnerability in Fortinet FortiClient EMS (CVE-2026-35616). This significantly increases the risk of opportunistic scanning and exploitation against unpatched management consoles.
CVE-2026-35616
05
Update: Smart Slider 3 Pro Clean Patch Released
HIGH
[High] Confidence: High Update: A clean patch (v3.5.1.36) is now available for the backdoored Smart Slider 3 Pro plugin. Organisations should update immediately and perform a compromise assessment to identify any rogue administrator accounts created by the previous malicious build.
06
Update: parisneo/lollms XSS Fixed
HIGH
[High] Confidence: High Update: The stored XSS vulnerability in parisneo/lollms (CVE-2026-1115) has been addressed in version 2.2.0. Users of the open-source LLM UI should update to the latest version to prevent potential session hijacking.
CVE-2026-1115

Akira Breaches French Aerospace Supplier Gauthier Connectique; CamoLeak Vulnerability Targets GitHub Copilot

Akira Targets French Aerospace Supply Chain via Gauthier Connectique

Confidence: High

The Akira ransomware group has reportedly exfiltrated 42GB of sensitive data from Gauthier Connectique, a prominent French manufacturer of connectors for civilian and military aerospace applications. The stolen data is said to include blueprints and detailed financial records. This breach highlights the persistent focus of extortion groups on high-leverage industrial suppliers within European defence and aerospace sectors.

The loss of technical blueprints is concerning, as it may provide adversaries with insights into component specifications used in sensitive aerospace systems. Organisations operating within similar supply chains should anticipate continued interest from Akira and Qilin, both of whom have demonstrated a high tempo in European industrial targeting over the last 24 hours.

Qilin Ransomware Expands EU Industrial Victim List

Confidence: High

The Qilin ransomware group has added two additional European industrial victims to its disclosure site: A Roettgers (Germany) and Guerin Glass (France). These additions confirm a sustained campaign targeting manufacturing and industrial service sectors across the EU. The consistent focus on suppliers suggests a deliberate effort to disrupt or extract value from industrial supply chains rather than a sequence of one-off attacks.

CamoLeak: GitHub Copilot Chat Vulnerability Exfiltrates Source Code (CVE-2025-59145)

Confidence: High

A new vulnerability known as 'CamoLeak' (CVE-2025-59145) has been identified in GitHub Copilot Chat. Research shows that hidden markdown comments in untrusted repositories can trigger prompt-injection attacks when a developer interacts with the code. This flaw allows for the silent exfiltration of private source code and environment-variable API keys to attacker-controlled domains.

This finding is particularly relevant to organisations that have integrated AI assistants into their development workflows. It reinforces the danger of allowing AI tools to process untrusted or third-party code without rigorous context-isolation controls.

Update: Fortinet FortiClient EMS Public PoC Released (CVE-2026-35616)

Confidence: High

Update: A public Proof-of-Concept (PoC) exploit has been released for the critical vulnerability in Fortinet FortiClient EMS (CVE-2026-35616). This significantly increases the risk of opportunistic scanning and exploitation against unpatched management consoles.

Update: Smart Slider 3 Pro Clean Patch Released

Confidence: High

Update: A clean patch (v3.5.1.36) is now available for the backdoored Smart Slider 3 Pro plugin. Organisations should update immediately and perform a compromise assessment to identify any rogue administrator accounts created by the previous malicious build.

Update: parisneo/lollms XSS Fixed

Confidence: High

Update: The stored XSS vulnerability in parisneo/lollms (CVE-2026-1115) has been addressed in version 2.2.0. Users of the open-source LLM UI should update to the latest version to prevent potential session hijacking.

Why This Matters

The breach of Gauthier Connectique reminds us that the security of the aerospace supply chain is only as strong as its smallest component manufacturer. At the same time, vulnerabilities like CamoLeak demonstrate that AI-assisted productivity tools are introducing new, invisible attack vectors that bypass traditional code-review practices. The weaponisation of management software like FortiClient EMS further underscores the need for rapid patch cycles in the face of public exploit availability.

  • Recommended Actions
  • Aerospace Supply Chain: Suppliers in the aerospace and defence sectors should review Akira-associated Indicators of Compromise (IoCs) and strengthen identity-access controls.
  • AI Tooling Policy: Implement strict policies for the use of AI assistants with untrusted code and monitor for 'CamoLeak' exfiltration patterns (CVE-2025-59145).
  • Fortinet EMS Triage: Prioritise the patching of CVE-2026-35616 and monitor management logs for unauthorised certificate-bypass or header-spoofing attempts.
  • Plugin Remediation: Update Smart Slider 3 Pro to v3.5.1.36 and audit WordPress/Joomla admin users for anomalies.

All findings grounded in A13E intelligence sweeps through 06:30 UTC 12 April 2026.

ai-securityakiracamoleakcve-2025-59145cve-2026-1115cve-2026-35616gauthierconnectiqueransomwaresupplychain

Act on this brief

Map detection coverage gaps for the techniques above, or generate Sigma rules from the named CVEs.

Try DCV Try CloudSigma ← Back to feed