🏢 Major Breaches & Incidents - GitHub internal repository theft, Ajax football club breach arrest

🚨 Emerging Threats & Vulnerabilities - LiteSpeed cPanel plugin zero-day, FBI USB intrusion warning, GlassWorm botnet disruption

🔐 Privacy Watch - Wiley Rein class action, FBI license plate reader access, Lithuania national register leak

🛰️ APTs and State-Sponsored Attacks - LA Metro cyberattack linked to Iranian state-sponsored infrastructure

🤖 AI in Cyber - Claude directory-stealing npm package, SymJack AI coding-agent attack

🧩 GitHub Says Hackers Stole Data From Thousands of Internal Repositories
GitHub said attackers compromised an employee device through a poisoned VS Code extension and accessed thousands of internal repositories. The company said it has no evidence customer information outside internal repositories was affected, but that is not exactly a victory lap when the phrase “thousands of internal repositories” is already doing cardio. This is another reminder that developer tooling is now prime attack surface, especially when extensions sit directly between engineers, source code, and secrets.
👉️ Key takeaway: Lock down approved IDE extensions, monitor developer endpoints, scope repository access tightly, and treat internal code exposure as a real supply-chain risk.

⚽ Dutch Police Arrest Suspect Over Ajax Football Club Cyber Breach
Dutch police arrested a man suspected of illegally accessing systems at Ajax football club. The case is lighter than the week’s enterprise infrastructure stories, but sports organizations still hold valuable employee, fan, commercial, and operational data. Public brands also carry extra reputational blast radius, because nobody wants their breach response playing out next to match-day headlines.
👉️ Key takeaway: Sports organizations need the same identity controls, logging, and incident response discipline as any other data-rich business, even if the jerseys are nicer.

⚡ CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
CISA urged agencies to patch CVE-2026-48172, a critical LiteSpeed user-end plugin flaw for cPanel that was exploited as a zero-day. The bug can let attackers execute arbitrary scripts with root privileges, which is the hosting-server equivalent of handing them the keys, the alarm code, and a snack. LiteSpeed patched the issue, cPanel removed the vulnerable plugin through a nightly update, and CISA added the flaw to KEV with a short federal deadline.
👉️ Key takeaway: Patch or remove vulnerable LiteSpeed cPanel plugin versions immediately, review logs for suspicious root-level activity, and validate affected hosting environments.

🕴️ FBI Warns Hackers Are Sending Operatives in Person to Plug In USB Drives
The FBI warned that Silent Ransom Group is targeting U.S. law firms with phishing, fake IT support calls, and even in-person visits to insert USB devices and steal data. That is not “advanced persistent threat” so much as “advanced persistent showing up at reception.” Law firms are attractive targets because they hold sensitive client data, litigation strategy, deal information, and enough confidential documents to make extortion crews feel emotionally fulfilled.
👉️ Key takeaway: Physical security and cyber defense need to talk more. Train staff on fake IT support, restrict USB use, verify visitors, and treat unexpected device activity as an incident.

🪱 GlassWorm Botnet Disrupted After Targeting Open Source Software Ecosystem
Security firms disrupted GlassWorm after taking down all four command-and-control channels used by the botnet. The campaign targeted the open-source software ecosystem, continuing the delightful trend where developers cannot open a package manager without hearing boss music. Disruption is good news, but the broader lesson is that attacker interest in open-source maintainers, repositories, credentials, and build pipelines is not cooling off.
👉️ Key takeaway: Developer ecosystems need continuous package monitoring, token hygiene, and build-pipeline visibility because botnet takedowns do not erase the incentive model.

⚖️ Wiley Rein Hit With Class Action Over Breach Tied to Chinese Hackers
Law firm Wiley Rein is facing a proposed class action over a breach that allegedly exposed sensitive data from Microsoft 365 email accounts. Reported data types include names, addresses, birth dates, financial account numbers, medical information, and Social Security numbers. Reuters says the attackers were allegedly tied to hackers possibly affiliated with the Chinese government, giving this breach both privacy and geopolitical gravity.
👉️ Key takeaway: Law firms need stronger email security, data minimization, and privileged mailbox monitoring because client trust does not survive well inside stolen inboxes.

🚗 FBI Seeks Near Real-Time Access to U.S. License Plate Reader Data
WIRED reported that FBI procurement records show the Bureau seeking near real-time nationwide access to automated license plate reader data. This is not a traditional breach, but it is absolutely a privacy story because location trails can reveal work, worship, medical visits, relationships, protests, and routines. Surveillance infrastructure always sounds cleaner in procurement language than it feels when it maps everyone’s movements.
👉️ Key takeaway: Organizations and policymakers should treat mass location databases as sensitive systems, not convenient search bars for real-world movement.

🗂️ Lithuania Investigates Leak of 600,000-Plus National Register Entries
Lithuanian authorities are investigating a leak involving more than 600,000 national register entries, including real estate and legal entity records. Prosecutors suspect foreign involvement, and the head of the State Enterprise Centre of Registers resigned after the incident. Government registry data may look boring, but boring structured data is exactly what attackers love because it is accurate, official, and difficult for victims to change.
👉️ Key takeaway: National registries need tight access controls, strong monitoring, and rapid leak response because official records make excellent intelligence fuel.

🚇 LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
SecurityWeek reports that the LA Metro cyberattack was claimed by a hacktivist group, but evidence connected the activity to infrastructure linked to Iranian government threat actors. The transit angle matters because public transportation systems are operationally visible, politically sensitive, and not exactly low-impact targets. The hacktivist wrapper also shows how state-linked activity can be dressed up as ideological disruption, because apparently cyber attribution needed more costume changes.
👉️ Key takeaway: Critical infrastructure operators should investigate hacktivist claims carefully, especially when the tooling, infrastructure, or targeting points toward state-sponsored activity.

🧠 Malicious npm Package Steals Files From Claude AI User Directory
Researchers found a malicious npm package that stole files from a Claude AI user directory and used GitHub in the exfiltration flow. That is a neat little intersection of package ecosystem risk, developer workflow exposure, and local AI workspace data leakage. As more coding work moves through AI-assisted tools, attackers are starting to treat AI directories like the new “maybe there are secrets in here” folder.
👉️ Key takeaway: Monitor AI workspace directories, restrict package installs, rotate exposed tokens, and assume developer AI tooling may contain sensitive project context.

🪤 SymJack Attack Turns AI Coding Agents Into Supply-Chain Delivery Systems
SymJack research shows how malicious repositories and disguised symlinks can manipulate AI coding agents into installing attacker-controlled MCP servers. The practical risk is ugly: exposed secrets, compromised CI pipelines, and AI-assisted supply-chain paths that look like helpful automation until they start helping the wrong side. AI coding agents are powerful, but “agent can follow instructions” is less comforting when the instructions came from a repo with booby traps.
👉️ Key takeaway: Run AI coding agents in isolated environments, restrict MCP server installation, review repository trust boundaries, and require human approval before agents modify, build, or credential workflows.