Top news stories this week
- Uno reverse. Hacking group exploits security tools to conduct major supply chain attack.
- Transit trouble. Spanish port operations and US vehicle access disrupted due to cyber incidents.
- Cybercrime vibe. Rising interest in “vibe coding” prompts new security warning.
- Hooked. Phishing attacks surge across state actors, tax scams, and cybercrime kits.
- Crunched. Nearly 7 million email addresses exposed in video streaming site’s third-party breach.
- Network patch. Citrix and TP‑Link Sound Alarm Over Security Flaws.
1. Hacking group exploits security tools to conduct major supply chain attack
Threat group TeamPCP has targeted security tools to compromise software development pipelines. The affected platforms include Trivy (a vulnerability scanner), Checkmarx (an Infrastructure-as-Code scanner), and LiteLLM (an LLM gateway), with early estimates suggesting that over 1,000 downstream enterprise SaaS environments may have been impacted.
So what?
Software development pipelines create a broad and interconnected attack surface, where weaknesses in third‑party dependencies or CI/CD workflows can rapidly cascade into production environments.
[Researcher: Jack Woods]
2. Spanish port operations and US vehicle access disrupted due to cyber incidents
A ransomware attack on Spain's Port of Vigo disrupted digital operations forcing some cargo operations to be handled manually. Separately, US vehicle breathalyser company, Intoxalock, suffered a cyber incident, which left some customers of the company’s devices unable to start their cars.
So what?
Cyber incidents can swiftly transition from virtual disruptions to physical challenges impacting businesses and individuals. Organisations should implement contingency plans for customers in the event of cyber incidents.
[Researcher: Lena Krummeich]
3. Rising interest in “vibe coding” prompts new NCSC security warning
The UK’s National Cyber Security Centre (NCSC) has warned that “vibe coding”, or using AI tools to develop software with very little human oversight, poses significant security risks, as AI-generated code can be unreliable, difficult to maintain and prone to security flaws.
Separately, an underground market for premium AI platform access is expanding, as cyber criminals seek to automate tasks and speed up their operations using AI tools.
So what?
Organisations need to consider how “vibe coding” might impact their security, since it can create software vulnerabilities and increase risks. It's also important to ensure that all access to AI tools is securely protected against potential breaches.
[Researcher: Milda Petraityte]
4. Phishing attacks surge across state actors, tax scams, and cybercrime kits
US authorities have warned of Russian-linked actors impersonating Signal Support to compromise high-value individuals. Meanwhile, Microsoft has reported an increase in IRS-themed phishing campaigns, coinciding with tax season in the US, hitting over 29,000 users in a single day.
Separately, the Tycoon2FA phishing kit resumed full operation following a major law enforcement takedown earlier this month.
SO WHAT?
Phishing campaigns are increasingly timed to real‑world events including geopolitical tensions and tax season, to boost credibility and success. With the Tycoon2FA phishing kit back in operation, these themed lures now carry a higher risk of MFA bypass and account compromise.
[Researcher: Ayo Olayinka]
5. Nearly 7 million email addresses exposed in video streaming site’s third-party breach
Further challenging news for outsourcing firm Telus Digital, which handles customer support for Crunchyroll - a popular anime streaming service owned by Sony. Crunchyroll is facing a security breach that may have leaked data for nearly 7 million users, including credit card information.
So What?
Supply chain vulnerability is a common attack vector, organisations should apply the same security standards to third-party partners as to their own systems.
[Researcher: Lester Lim]
6. Citrix and TP‑Link sound alarm over security flaws
Users are being urged to urgently patch Citrix NetScaler and TP‑Link Archer NX devices following the disclosure of multiple critical vulnerabilities. Citrix NetScaler appliances are exposed to CVE‑2026‑3055 and CVE‑2026‑4368, which could allow attackers to leak sensitive data or interfere with user sessions in certain configurations. TP‑Link routers are affected by CVE‑2025‑15517, CVE‑2025‑15605, and CVE‑2025‑15518/15519, flaws that could enable authentication bypass, configuration tampering, and remote command execution.
SO WHAT?
If unpatched, organisations risk attackers gaining initial access, manipulating network traffic, and pivoting deeper into internal systems, potentially leading to large‑scale compromise.
[Researcher: Jenny Eysert]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
