Neural Newscast

Today’s briefing focuses on a critical unpatched vulnerability in Hugging Face's LeRobot platform, CVE-2026-25874, which allows for unauthenticated remote code execution via unsafe pickle deserialization. We also examine the compromise of the 'element-data' Python package, where attackers stole signing keys through a GitHub action flaw to exfiltrate credentials from over a million monthly users. The episode covers the exploitation of Robinhood's onboarding process for high-fidelity phishing and a corporate IT breach at medical giant Medtronic claimed by the ShinyHunters group. Finally, we look back at the discovery of 'fast16,' a sophisticated malware framework analyzed by SentinelOne that targeted high-precision mathematical calculations five years before Stuxnet. This episode connects these diverse incidents through the lens of supply chain vulnerability and the persistent risk of trusting unauthenticated data in production environments.

Show Notes

In this episode of Prime Cyber Insights, we break down a series of critical vulnerabilities and breaches impacting the AI, finance, and healthcare sectors. We lead with an analysis of a CVSS 9.3 flaw in Hugging Face's LeRobot robotics platform and a significant supply chain compromise of the 'element-data' package that affected over a million users. Our team also explores how Robinhood's account creation flow was turned against its customers and the latest data extortion claims against medical device leader Medtronic. Finally, we provide a historical perspective on cyber sabotage with the revelation of the 'fast16' framework, which predates Stuxnet and targeted industrial math modeling software.

Topics Covered

  • 🤖 AI Vulnerabilities: Unpacking the critical RCE flaw in Hugging Face LeRobot and the risks of pickle deserialization.
  • 🛡️ Supply Chain Security: The compromise of the element-data package and the role of insecure GitHub actions.
  • 📧 Phishing Tactics: How HTML injection in Robinhood's onboarding emails bypassed traditional security filters.
  • 🏥 Medical Data Risks: Assessing the ShinyHunters breach claims against Medtronic corporate IT systems.
  • 📜 Cyber Sabotage History: The discovery of fast16 and its implications for high-precision computing security.

The views expressed are for informational purposes only and do not constitute professional security advice.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

  • (00:11) - Introduction
  • (00:23) - AI & Supply Chain Threats
  • (01:02) - Conclusion
  • (01:02) - Historical Sabotage: Fast16
  • (01:02) - Financial & Medical Breaches

What is Neural Newscast?

Neural Newscast delivers clear, concise daily news - powered by AI and reviewed by humans. In a world where news never stops, we help you stay informed without the overwhelm.

Our AI correspondents cover the day’s most important headlines across politics, technology, business, culture, science, and cybersecurity - designed for listening on the go. Whether you’re commuting, working out, or catching up between meetings, Neural Newscast keeps you up to date in minutes.

The network also features specialty shows including Prime Cyber Insights, Stereo Current, Nerfed.AI, and Buzz, exploring cybersecurity, music and culture, gaming and AI, and internet trends.

Every episode is produced and reviewed by founder Chad Thompson, combining advanced AI systems with human editorial oversight to ensure accuracy, clarity, and responsible reporting.

Learn more at neuralnewscast.com.

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers.
[00:11] Aaron Cole: Welcome to Prime Cyber Insights. Today is April 28, 2026. We are tracking a wave of supply chain vulnerabilities and significant corporate breaches.
[00:22] Lauren Mitchell: We begin with a critical flaw in Hugging Face's LaRobot Robotics platform.
[00:28] Lauren Mitchell: According to reports from the hacker news, CVE 2026-25,854 carries a CVSS score of 9.3,
[00:38] Lauren Mitchell: and leave systems open to unauthenticated remote code execution.
[00:42] Aaron Cole: The issue is classic, but devastating, Lauren.
[00:45] Aaron Cole: It is an untrusted data deserialization vulnerability using the unsafe pickle format.
[00:50] Aaron Cole: Specifically, it affects the async inference pipeline, where pickle.loads handles data from unauthenticated GRPC channels without TLS.
[00:58] Aaron Cole: An attacker can simply send a crafted payload and gain full control of the policy server.
[01:03] Lauren Mitchell: The irony is that Hugging Face created safe tensors specifically to avoid this pickle risk.
[01:09] Lauren Mitchell: Yet they utilized it here.
[01:11] Lauren Mitchell: The Lee Robot team admitted that security has not been a primary focus, because it was designed as a research tool.
[01:18] Lauren Mitchell: But as these systems move to production, that excuse vanishes.
[01:23] Lauren Mitchell: In the software supply chain, Ars Technica reports that the Element Data Package,
[01:27] Lauren Mitchell: which sees a million downloads a month, was compromised this past Friday.
[01:32] Aaron Cole: That was a sophisticated operation, Lauren.
[01:34] Aaron Cole: Attackers exploited a vulnerability and a GitHub action to steal signing keys.
[01:39] Aaron Cole: They then pushed version 0.23.3, which was designed to exfiltrate cloud provider keys,
[01:45] Aaron Cole: SSH keys, and API tokens.
[01:47] Aaron Cole: If you are running that version, you must assume everything accessible to that environment is compromised.
[01:53] Aaron Cole: It is a stark reminder that your CICD runners are high-value targets.
[01:58] Lauren Mitchell: On the financial side, Robin Hood customers were targeted by a clever phishing campaign.
[02:03] Lauren Mitchell: Bleeping Computer found that attackers abused an HTML injection flaw in Robin Hood's onboarding process.
[02:10] Lauren Mitchell: They modified device metadata fields so that the legitimate recent login email actually rendered a fake security alert with a phishing link.
[02:18] Aaron Cole: Because it originated from the official no-reply address and passed SPF and DKIM checks, it was incredibly effective.
[02:26] Aaron Cole: Meanwhile, medical technology leader Medtronic is dealing with a breach in its corporate IT systems.
[02:32] Aaron Cole: The Shiny Hunter's extortion group claims they took 9 million records, including personally identifiable information.
[02:38] Lauren Mitchell: Medtronic states business operations and patient safety are not affected.
[02:43] Lauren Mitchell: but they are still investigating the full extent of the data access.
[02:47] Lauren Mitchell: Finally, we have a major discovery by Sentinel-1.
[02:51] Lauren Mitchell: They have uncovered a malware framework called Fast16
[02:54] Lauren Mitchell: that rewrites our history of cyber sabotage.
[02:57] Aaron Cole: This is a significant find, Lauren.
[03:00] Aaron Cole: Fast16 dates back to 2005, five years before the discovery of Stuxnet.
[03:05] Aaron Cole: It was designed to inject time...
[03:06] Aaron Cole: tiny systematic errors into high-precision mathematical calculations in software like LSD, Y, and A.
[03:12] Aaron Cole: We're talking about sabotaging physics and nuclear research by subtly corrupting the math.
[03:18] Aaron Cole: It's a level of sophistication we thought had not matured until much later.
[03:22] Lauren Mitchell: It shows that the threat to our core scientific infrastructure has been active for decades.
[03:27] Lauren Mitchell: Thanks for the breakdown, Aaron. That is the briefing for today.
[03:31] Announcer: For more analysis, find us at pci.neuralnewscast.com.
[03:36] Announcer: This program is for informational purposes only.
[03:39] Aaron Cole: Stay secure. Neural Newscast is AI-assisted, human-reviewed.
[03:43] Aaron Cole: View our AI transparency policy at neuralnewscast.com.
[03:47] Announcer: This has been Prime Cyber Insights on Neural Newscast.
[03:51] Announcer: Intelligence for Defenders, Leaders, and Decision Makers.