Cybercrime Infighting, Supply Chain Hacks & Router Wars.

A total of 27 breach events were found and analysed resulting in 5,142,595 exposed accounts containing a total of 30 different data types of personal datum. The breaches found publicly and freely available included Cal.ai, Belgium Spam List, Breach Forums - Version 5, City of Paris and C&A Mexico. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Impact

While the volume may seem modest, the spread across public sector entities, retail, and, notably, breach forum data itself adds an extra layer of irony (and risk). For third-party organisations, it’s a subtle but serious warning: exposure doesn’t need scale to sting, just the right data in the wrong hands. And for individuals, it’s another reminder that even smaller leaks can open the door to targeted scams, account takeovers, and all the usual digital headaches. Low numbers, high nuisance.

Cyber Update

The cyber underworld is serving up fresh drama again, and this time it’s less quiet espionage, more public shouting match with receipts. Just days after threatening BreachForums clones, ShinyHunters have now turned their attention to a threat actor group known as TeamPCP, and they didn’t exactly send a polite email.

Their statement reads like a mix of roast session and threat bulletin: “A better name for them is ‘VibePCP’ because all they can do is use AI… We bet they wouldn’t even know what IAM is on AWS.” Ouch.

They go on to claim they’ve already compromised TeamPCP’s infrastructure, mocking their security posture and suggesting they backdoored their storage. To add a bit of spice, they’ve also threatened to leak doxes, chat logs, and internal data. TeamPCP’s response remains unverified, but whatever the reply is, if it comes, it’s unlikely to be friendly. This isn’t just rivalry; it’s turning into full-blown intra-underground warfare.

And here’s where it stops being amusing and starts getting uncomfortable. TeamPCP is allegedly linked to recent supply chain attacks targeting widely used open-source security tooling, including Trivy, a tool heavily embedded in development pipelines.

The reported playbook:
• Impersonate a trusted GitHub contributor.
• Steal access tokens from Aqua Security.
• Inject malicious code into Trivy’s repository and Docker containers.

From there, things spread nicely:
• Users pulling compromised containers = potential malware exposure.
• Infection chain extended into npm packages.
• LiteLLM also caught in the blast radius.

In other words, a classic modern supply chain attack, compromise the trusted source, and let everyone downstream do the distribution for you. If true, this isn’t just another breach. It’s a reminder that trust in open-source ecosystems is both the strength… and the Achilles’ heel.

Meanwhile, over in the United States, the FCC has decided to shake things up at the hardware layer. They’ve announced a ban on the sale of new routers manufactured outside the US, even if they’re sold by American companies. Existing foreign-made models can still be sold, but anything new faces restrictions unless granted “conditional approval.”

The justification? Phrases like “unacceptable risk”, “supply chain vulnerability”, and “severe cybersecurity risk” have been doing the rounds. All very serious. All very official. There’s just one small detail: The US doesn’t currently manufacture routers at scale. Which raises a few practical questions. What This Means (In the Real World)...

For consumers, the likely outcomes aren’t exactly subtle:
• Prices go up (less supply, more restrictions).
• Upgrade cycles slow down (people hold onto older hardware longer).
• Security risk potentially increases (unpatched devices lingering in the wild).

Because nothing says “cybersecurity improvement” quite like millions of outdated routers quietly collecting vulnerabilities. And Then There’s the Bigger Question… Beyond supply chain concerns, critics are already raising eyebrows at what this could enable longer term.

Control over networking hardware means influence at a very fundamental layer of the internet:
• Traffic visibility.
• Access controls.
• Potential policy enforcement baked into devices.

Now, to be clear, none of that is confirmed intent. But when you combine:
• Hardware restrictions.
• Growing regulatory pressure.
• Increasing identity requirements online.

…it’s not unreasonable that some are asking whether this edges toward a more controlled, less open internet. Because “Made in the USA” doesn’t automatically mean:
• More secure
• Less vulnerable
• Or free from backdoors

Sometimes it just means… different risks.

Software Vulnerabilities

Progress Telerik UI, deserialisation flaw (active exploitation, KEV).
Another week, another deserialisation issue doing exactly what it says on the tin, turning trusted input into a full-blown compromise. Telerik UI components are widely embedded across enterprise apps, which makes this one particularly spicy.
What to do: patch immediately, hunt for web shells, and assume anything internet-facing may have been “tested” already.

Windows CLFS, privilege escalation zero-day (KEV).
Microsoft’s Common Log File System (CLFS) is back on stage, because attackers clearly enjoy a sequel. This privilege escalation flaw is being actively exploited, typically as part of post-compromise chains. In other words, once they’re in, this helps them own the place.
What to do: apply patches from the latest updates and monitor for unusual privilege changes.

Fortinet FortiClient EMS, SQL injection (active exploitation).
Fortinet makes a repeat appearance, this time with a SQL injection flaw in FortiClient EMS. Attackers can abuse it to manipulate backend databases and potentially gain control over managed endpoints. Not ideal when your security tool becomes the vulnerability.
What to do: patch urgently and review database and admin activity logs.

GitLab CE/EE, account takeover vulnerability.
GitLab instances were flagged for a flaw that could allow account takeover under certain conditions. Given GitLab’s role in development pipelines, this is less “oops” and more “supply chain entry point.”
What to do: update immediately and review authentication logs for anomalies.

Zyxel firewall / networking devices, command injection (KEV).
Zyxel devices once again reminded everyone that edge devices are prime real estate for attackers. This command injection flaw is being actively exploited, particularly in internet-exposed environments.
What to do: patch, restrict management access, and check for persistence mechanisms.

Data & Privacy Headlines

AI scraping lawsuits quietly gaining momentum. More publishers and data owners are taking aim at AI companies over how training data is sourced. The argument is shifting from “is this legal?” to “how expensive will this become?” Expect a steady drumbeat of litigation.

Governments doubling down on platform accountability. Regulators are increasingly pushing responsibility onto platforms for how user data is handled, especially where harm (misinformation, exploitation, abuse) intersects with privacy. The era of “we’re just a platform” is looking rather shaky.

Biometric backlash continues to build. Following weeks of age verification debates, scrutiny around biometric data collection hasn’t cooled off. If anything, more voices are questioning whether storing sensitive identity data at scale is a disaster waiting to happen. Spoiler: it probably is.

Breach disclosures becoming reputational crises overnight. With faster reporting cycles and social media amplification, companies are discovering that breaches are no longer slow-burn issues. They’re instant brand events. The PR team now sits uncomfortably close to the incident response team.

Data minimisation finally getting some love. A rare positive note: organisations are starting to realise that the best way to protect data is… not to collect quite so much of it. Groundbreaking, we know. But in a world of constant breaches, less data equals less drama.

Smarter Protection Starts with Awareness

Third-party exposure is now a first-order risk. You can’t patch what you can’t see.
Free Data Breach Exposure Scan: Check any domain in seconds: https://breachaware.com/scan