SecurityWeek’s weekly roundup of cybersecurity news provides a quick rundown of significant happenings that may not warrant their own dedicated stories but are still important to understanding the overall threat environment.
This carefully selected summary spotlights major stories spanning newly disclosed vulnerabilities, novel attack techniques, policy changes, industry findings, and other notable incidents, helping readers stay well-informed about the ever-changing cybersecurity landscape.
This week’s key stories include:
Trump Mobile Suffers Data Breach
Telecommunications provider Trump Mobile has admitted that sensitive customer information—including names, physical addresses, email addresses, phone numbers, and additional personal details—was inadvertently exposed online. The company attributed the incident to a third-party platform vendor responsible for the data leak.
Russian Hackers Gained Extensive Access to Treasury Emails
Records released through a Freedom of Information Act lawsuit brought by Bloomberg News against the US government reveal that the Russian state-sponsored advanced persistent threat group behind the 2019–2020 SolarWinds supply chain compromise had broad access to Treasury Department email systems. According to the documents, the attackers specifically targeted only eight email accounts, though those accounts were linked to roughly 300 additional email addresses. At the time of the breach, the Treasury Department employed approximately 94,000 people.
VS Code Remote SSH Extension RCE Vulnerability
Security researcher Suman Kumar Chakraborty has flagged a remote code execution (RCE) flaw in the Visual Studio Code Remote-SSH extension that could let attackers jump into remote systems. The vulnerability stems from the fact that when a Remote-SSH connection is started, the extension drops a bootstrap shell script into the Temp folder. An attacker who already has access to that machine can tamper with the script before it gets sent to and run on the remote server—for example, to plant a reverse shell.
UK Visa Portal Exposes More Than 100,000 Documents
Immigration service UK Visa Portal left over 100,000 documents belonging to UK visa applicants publicly accessible online, according to TechCrunch. The site, which is not operated by the UK government, asks applicants to upload selfies and passport scans and to pay a processing fee. The leaked files were housed in an AWS S3 storage bucket and were secured earlier this week.
LinkedIn Phishing Scheme Leverages Adobe Target
A new phishing campaign is impersonating LinkedIn, posing as a business inquiry. The messages come with counterfeit contract attachments disguised as PDF files. In reality, they are HTML files that funnel victims to Adobe Target’s A/B testing platform. The threat actors are misusing Adobe Target to monitor victims and serve counterfeit login pages to capture credentials before redirecting users to the real LinkedIn site.
2026 FIFA World Cup in Attackers’ Sights
With the 2026 FIFA World Cup about to begin, Group-IB has identified over 4,300 fake domains impersonating FIFA, including an elaborate phishing operation run by a Chinese-speaking hacking collective known as Ghost Stadium. The group has registered more than 300 domains, including a near-identical replica of FIFA’s official website. The phishing activity could potentially result in hundreds of millions of dollars in losses.
Veeam, Notepad++, and Roundcube Release Patches
Veeam addressed two high-severity flaws in its Backup & Replication software this week, cautioning that the vulnerabilities could enable privilege escalation and arbitrary file writes. Notepad++ fixed three security bugs, two of which could allow arbitrary code execution. The newest Roundcube updates resolve eight vulnerabilities, including an unauthenticated SQL injection flaw and an arbitrary file deletion issue.
CISA Addresses Recent Supply Chain Attacks
The US cybersecurity watchdog CISA added three vulnerabilities tied to recent software supply chain attacks to its Known Exploited Vulnerabilities (KEV) catalog. The affected products include Daemon Tools Lite, TanStack, and Nx Console (the latter associated with a compromise of 3,800 internal GitHub repositories). CISA also published an advisory concerning the Megalodon and Nx Console incidents, encouraging organizations to investigate and remediate any potential breaches. In response to these attacks, NPM invalidated granular access tokens.
Supply Chain Attack Compromises 176 NPM Packages
Sonatype is warning about a supply chain attack involving 176 malicious NPM packages carrying postinstall scripts engineered to deploy information-harvesting malware on victims’ machines. The malware is designed to collect and siphon off credentials, system and directory details, environment variables, CI/CD secrets, and other tokens and sensitive data. Every malicious package uses the version number 99.99.99.
Contractor Sentenced to Prison for Hacking Former Employer
Maxwell Schultz, a 36-year-old from Columbus, Ohio, has been sentenced to 24 months in federal prison for breaking into his former employer’s network after his contract was ended in May 2021. Pretending to be another contractor, he obtained login credentials, infiltrated the company’s systems, and ran a script that reset approximately 2,500 passwords, locking out both employees and contractors and causing damages exceeding $862,000. Schultz pleaded guilty in November 2025.
Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
