TMC A.I CyberSecurity Scoring
TMC
Company Information
Website:https://www.tmc.edu/
Employees number:371
Number of followers:31,094
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:tmc.edu
TMC Risk Score (AI oriented)
Between 700 and 749
TMCHospitals and Health Care
Updated:
22/06/2026
22/06/2026
729/1000
Moderate
Ba
TMC Global Score (TPRM)
xxxx
TMCHospitals and Health Care
Score locked

TMCModerate
Current Score
729Ba (MODERATE)
01000
1 incidents
-35 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
730
JUNE 2026
764
Cyber Attack
22 Jun 2026 • TMC
iRhythm Technologies, Jamf, ShapedPlugin, Tanium, Fortinet, Microsoft and Texas Parks and Wildlife Department: 22nd June – Threat Intelligence Report
Cybersecurity Roundup: Major Breaches, AI Exploits, and Critical Vulnerabilities (Week of June 22)
729
CRITICAL-35
FORSHATANMICJAMIRHTEX1782147825
Cybersecurity Roundup: Major Breaches, AI Exploits, and Critical Vulnerabilities (Week of June 22)
This week’s cybersecurity landscape saw significant breaches, supply chain attacks, and emerging AI-driven threats, alongside critical vulnerabilities under active exploitation.
### Major Breaches & Attacks
- Texas Parks and Wildlife Department suffered a third-party breach via its license system vendor, exposing driver’s license details, passport numbers, emails, phone numbers, and addresses of 3.1 million hunting and fishing license customers. Social Security numbers and payment data remained unaffected.
- ShapedPlugin, a WordPress plugin vendor, fell victim to a supply chain attack, delivering malicious updates for three paid plugins. The malware installed a hidden fake WooCommerce plugin to steal admin credentials, database access, and 2FA details, while modifying affected sites. The compromise stemmed from the vendor’s release infrastructure.
- iRhythm Technologies, a U.S. digital health firm specializing in remote cardiac monitoring, confirmed a cyberattack where threat actors via a social engineering breach of third-party business applications stole protected health information, proprietary data, and personal records. Clinical systems were not impacted.
- Klue, a market intelligence platform, disclosed a breach after attackers used compromised legacy integration credentials to steal OAuth tokens linked to customer Salesforce environments. The tokens enabled the theft of sales and customer data from clients, including Huntress, Recorded Future, Tanium, and Jamf. The Icarus extortion group claimed responsibility.
### AI-Driven Threats
- Microsoft researchers uncovered AutoJack, an exploit chain where malicious web pages turn AI browsing agents into remote code execution vectors by abusing localhost trust, missing authentication, and unsafe parameter handling in AutoGen Studio’s MCP WebSocket interface.
- SearchLeak, a prompt injection technique in Microsoft 365 Copilot Search, was revealed to exfiltrate data including emails, authentication codes, and OneDrive/SharePoint files via crafted links abusing Bing image fetches. Microsoft patched the flaw as CVE-2026-42824.
- Researchers analyzed OpenClaw AI agent flaws, demonstrating how hidden contacts and phishing emails could trigger prompt injections, code execution, and data leaks, exposing local tools, secrets, and enterprise data through trusted external interactions.
### Critical Vulnerabilities & Exploits
- Fortinet FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being exploited via unauthenticated API requests, enabling path traversal and root-level command execution, risking sandbox takeover and disruption of malware analysis and security workflows.
- Microsoft confirmed CVE-2026-50656, a Defender zero-day allowing privilege escalation to SYSTEM via a race condition. A public proof-of-concept works on fully updated Windows 10 and 11, with a patch in development.
- Cisco acknowledged active exploitation of CVE-2026-20262, an arbitrary file write flaw in Catalyst SD-WAN Manager. Authenticated attackers can overwrite system files and escalate to root, prompting patches for affected devices.
- Splunk Enterprise’s CVE-2026-20253 is under active exploitation, allowing unauthenticated attackers to trigger file operations, potentially leading to remote code execution. Splunk confirmed limited attacks and released security updates.
### Threat Intelligence Highlights
- A crypto clipboard hijacker, written in Rust and targeting Windows and macOS, was distributed via phishing sites and amplified on GitHub, SourceForge, YouTube, and legitimate news platforms. The malware swaps copied wallet addresses to redirect funds to attacker-controlled wallets.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
764
APRIL 2026
764
MARCH 2026
764
FEBRUARY 2026
764
JANUARY 2026
764
DECEMBER 2025
764
NOVEMBER 2025
764
OCTOBER 2025
764
SEPTEMBER 2025
764
AUGUST 2025
764
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for TMC ??
What was TMC's A.I Rankiteo Cyber Score in June 2026 ??
What was TMC's A.I Rankiteo Cyber Score in May 2026 ??
What was TMC's A.I Rankiteo Cyber Score in April 2026 ??
What was TMC's A.I Rankiteo Cyber Score in March 2026 ??
What was TMC's A.I Rankiteo Cyber Score in February 2026 ??
What was TMC's A.I Rankiteo Cyber Score in January 2026 ??
What was TMC's A.I Rankiteo Cyber Score in December 2025 ??
What was TMC's A.I Rankiteo Cyber Score in November 2025 ??
What was TMC's A.I Rankiteo Cyber Score in October 2025 ??
What was TMC's A.I Rankiteo Cyber Score in September 2025 ??
What was TMC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on TMC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with TMC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view TMC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?