Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs, SecureList (Kaspersky)
TL;DR
A critical TP-Link router authentication bypass vulnerability threatens network infrastructure while TeamPCP compromised the popular LiteLLM Python package in a supply chain attack. Meanwhile, courts sentenced a Russian botnet operator used in BitPaymer ransomware campaigns, and novel AI-powered fraud schemes target music streaming platforms and hiring processes.
TP-Link's critical authentication bypass vulnerability in widely-deployed routers combined with active supply chain attacks on PyPI packages creates immediate risk to infrastructure and development environments.
TP-Link issued emergency patches for multiple vulnerabilities in its Archer NX router series, headlined by a critical-severity authentication bypass flaw. The vulnerability could allow attackers to circumvent authentication mechanisms and upload malicious firmware to affected devices. Given the widespread deployment of TP-Link routers in both consumer and small business environments, this represents a significant attack surface expansion for threat actors seeking initial network access.
PTC Inc. warned customers of a critical remote code execution vulnerability affecting Windchill and FlexPLM, enterprise product lifecycle management solutions used across manufacturing and engineering sectors. The company described the threat as "imminent," suggesting either active exploitation or high likelihood of weaponization. Organizations running these PLM systems should prioritize immediate patching.
The TeamPCP threat group successfully compromised the widely-used LiteLLM package on PyPI, embedding malicious code designed to steal credentials and authentication tokens. The attackers claim to have exfiltrated data from hundreds of thousands of devices during the campaign. This represents a significant escalation in supply chain attacks targeting the Python ecosystem, particularly packages integrated into AI and machine learning workflows.
Security researcher Khaled Mohamed identified a vulnerability in Microsoft Authenticator during his transition from "script kiddie" to professional bug bounty hunter. While specific technical details remain limited, the discovery highlights ongoing security challenges in multi-factor authentication implementations.
A Russian national received a two-year prison sentence after pleading guilty to managing a phishing botnet that facilitated BitPaymer ransomware attacks against 72 U.S. companies. The case demonstrates continued law enforcement focus on dismantling ransomware infrastructure and prosecuting operators, though the relatively light sentence may not provide significant deterrent effect.
One individual pleaded guilty to defrauding music streaming platforms of over $8 million through an elaborate scheme involving AI-generated songs and bot networks. The operation created hundreds of thousands of fake tracks, then used approximately 10,000 bots to generate billions of fraudulent plays, siphoning royalty payments from legitimate artists.
Bug bounty platform HackerOne disclosed that employee data was compromised following a breach at Navia, one of its U.S. benefits administrators. The incident underscores how third-party vendor compromises can cascade into customer organizations, even those with strong internal security postures.
Infinite Campus, a K-12 student information system serving numerous school districts, confirmed a data breach following extortion demands from threat actors. The ShinyHunters group's involvement suggests potential for student and educational data to appear on underground markets.
The Federal Communications Commission expanded its Covered List to include all consumer routers manufactured outside the United States, effectively banning new foreign-made models from U.S. markets. The policy represents a significant shift toward domestic supply chain requirements for critical network infrastructure.
Criminal organizations operating forced labor scams are hiring women to serve as "AI models" for deepfake video calls, attempting to legitimize fraudulent hiring processes. The technique represents an evolution in social engineering tactics, leveraging deepfake technology to overcome victim suspicion during video interactions.
Mozilla released Firefox 149 featuring integrated VPN functionality with 50GB monthly data limits, enhancing user privacy protection without requiring external VPN services.
Microsoft addressed synchronization problems affecting Classic Outlook users connecting to Gmail and Yahoo email services, resolving authentication and connection failures that had disrupted email workflows.
Kaspersky's Security Services team published their annual threat landscape analysis, incorporating findings from Managed Detection and Response services and real-world Incident Response cases from 2025. The report provides statistical insights into attack trends and threat actor tactics observed across their customer base.
Security researchers continue emphasizing limitations in current multi-factor authentication implementations, noting that successful MFA completion doesn't guarantee session security. Token hijacking and device compromise can still enable unauthorized access despite proper identity verification.
Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs, SecureList (Kaspersky)