Hybrid Cloud
Cybersecurity
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Cybersecurity Weekly Briefing, 3 April
Analysis of TeamPCP’s activities, which have compromised Cisco’s development environment
The supply chain attack campaign carried out by the threat actor TeamPCP against Trivy (whose compromise led to a breach of Cisco’s development environment, according to BleepingComputer), KICS, LiteLLM and Telnyx has prompted the publication of various analyses of the group and its activities.
Researchers at Wiz report that the actors quickly validated the stolen secrets using TruffleHog, carried out intensive reconnaissance in AWS environments, and expanded their access by abusing GitHub Actions with stolen PATs and ECS Exec on running containers. The final phase focused on the exfiltration of source code, secrets and data from S3, Secrets Manager and databases, with a very noisy, speed-oriented operational pattern, supported by open-source tools.
For its part, Unit 42 notes that the malicious payloads stole cloud tokens, SSH keys, Kubernetes secrets and sensitive environment variables, whilst also establishing persistence and lateral movement.
- In Trivy and KICS, malicious commits were forced onto official tags using stolen credentials, executing the TeamPCP cloud stealer payload and, subsequently, the CanisterWorm.
- In LiteLLM (versions 1.82.7 and 1.82.8), persistent execution was introduced via .pth files, allowing code to be executed on every launch of the Python interpreter, whilst the Telnyx SDK (versions 4.87.1 and 4.87.2) incorporated an injector using WAV steganography to deploy second-stage payloads.
Iranian actor launches password spraying campaign against Microsoft 365
Check Point Research has discovered a password spraying campaign targeting Microsoft 365 environments, attributed with moderate confidence to an actor linked to Iran, which was carried out in three waves on 3, 13 and 23 March 2026.
The operation focused primarily on Israel and the United Arab Emirates, with over 300 organisations affected in Israel and more than 25 in the UAE, although limited targets were also observed in Europe, the United States, the United Kingdom and Saudi Arabia. The hardest-hit sector was the municipal sector, a particularly significant finding given the correlation between some of the targeted municipalities and cities attacked by Iran during March, suggesting possible support for kinetic operations and bombing damage assessment tasks.
The actor used Tor exit nodes for the scanning phase with a User Agent mimicking Internet Explorer 10, and once valid credentials were obtained, gained access via commercial VPN ranges geolocated in Israel to evade geographical restrictions.
It is recommended to detect authentication anomalies, apply geofencing controls and Tor blocking, implement MFA across the board, and ensure log retention for post-compromise investigation.
F5 reclassifies CVE-2025-53521 as critical RCE following confirmation of active exploitation in BIG-IP APM
F5 Networks has reclassified the CVE‑2025‑53521 vulnerability (CVSSv4 9.3 according to the vendor) in BIG-IP APM, changing it from denial of service (DoS) to remote code execution (RCE) following confirmation of active exploitation.
The flaw allows unauthenticated attackers to execute code on BIG-IP APM systems with access policies configured on a virtual server. Webshell deployments have been observed on unpatched devices, and F5 has published indicators of compromise (IOCs) alongside recommendations to review disks, logs and executed commands. The company confirms that the original patches also mitigate the RCE variant. CISA has added the vulnerability to its catalogue of exploited flaws and requires its immediate correction in federal environments.
Shadowserver has identified over 240,000 exposed BIG-IP instances, with no precise data on how many maintain vulnerable configurations. Historically, flaws in BIG-IP have been exploited by state-sponsored actors and criminal groups for intrusions, malware deployment and information exfiltration.
24-month Magecart campaign affecting Spain uncovered
Any.run has uncovered a Magecart operation active for over 24 months that has compromised at least 17 WooCommerce stores using multi-stage JavaScript loaders, rotating infrastructure and WebSocket exfiltration.
The attack replaces the legitimate payment flow with spoofed interfaces and extracts full card details (PAN, BIN, CVV, expiry date). The architecture includes loaders with fallback mechanisms, dynamic payloads, anti-tampering measures and a WebSocket C2 channel for real-time control.
The campaign is globally distributed, with a strong focus on Spain, France and the US, and shifts the impact to banks and PSPs.
A study warns that AI chatbots validate harmful behaviour to please the user
Researchers at Stanford University evaluated 11 commercial conversational models, including ChatGPT, Claude and Gemini, and demonstrated a strong tendency to validate users’ behaviour and decisions far more frequently than humans, as well as a bias towards compliance linked to satisfaction and retention metrics.
In tests involving personal advice, the models endorsed 47% of statements with the potential to harm the user. The study emphasises that AI should not be treated as a personal advisor or a substitute for real human support.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
