Cyber Toolkit Ltd, a UK Registered Company - 16938415
This is the Cyber Toolkit weekly roundup of key cyber security news, covering the most relevant vulnerabilities, breaches and incidents affecting organisations in the UK and beyond over the past week (7th July – 14th July 2026).
Ubiquiti urged customers to immediately update UniFi OS after researchers disclosed a maximum severity vulnerability affecting its widely deployed network management platform. The flaw could allow attackers to gain full administrative control of vulnerable systems, with additional critical vulnerabilities also addressed as part of the latest security updates. Organisations using UniFi infrastructure should prioritise patching internet-facing devices and ensure network management platforms are included within regular vulnerability management, as these systems continue to be attractive targets for attackers.
Security researchers also revealed a hidden backdoor embedded within the firmware of certain Tenda routers, providing administrative access through undocumented functionality. The backdoor could allow anyone aware of its existence to gain privileged access to affected devices, raising serious supply chain and product security concerns. Organisations should review whether vulnerable devices are deployed within their environments and replace or update affected hardware where fixes are available.
Australia's cyber security agencies warned of an active global campaign targeting vulnerable content management systems (CMS), with attackers exploiting unpatched platforms to gain initial access before deploying additional malicious tooling. The advisory reinforces the importance of maintaining timely patching programmes, particularly for internet-facing web applications, as attackers continue to automate the exploitation of known vulnerabilities within hours of disclosure.
The UK National Cyber Security Centre (NCSC), alongside international partners, issued fresh guidance warning that Russian intelligence services continue to target organisations operating within critical national infrastructure sectors. The advisory encourages organisations to strengthen network monitoring, improve vulnerability management and implement defence-in-depth strategies to reduce the risk of compromise. The joint warning serves as another reminder that geopolitical tensions continue to drive persistent cyber activity against both public and private sector organisations.
Meanwhile, AssuranceAmerica confirmed a significant data breach affecting approximately 6.9 million individuals after attackers gained access to sensitive personal information, including driver records. Large-scale data breaches remain valuable sources of information for cyber criminals conducting identity theft, phishing and credential-based attacks, reinforcing the need for organisations to minimise retained personal data and strengthen controls around sensitive information.
In a positive development for the wider cyber security community, Cyber Toolkit has signed the DSIT Cyber Resilience Pledge alongside many other organisations, reinforcing our commitment to promoting stronger cyber security practices across the industry and beyond. The initiative encourages organisations to strengthen their own cyber resilience while working collaboratively to improve the security of their supply chains, helping to build a more resilient digital ecosystem for everyone.
Lidl disclosed a data breach affecting customers of its online shop after an external service provider suffered a cyber security incident. According to the retailer, attackers briefly gained access to a file containing customer information, including names, email addresses, telephone numbers, dates of birth and customer numbers. Lidl stated there is currently no evidence that passwords or payment information were compromised but warned affected customers to remain vigilant against phishing attempts.
This week, Cyber Toolkit demonstrated its pivotal role by issuing 127 technical alerts, enabling organisations to stay ahead of emerging threats and respond promptly. Furthermore, our system identified 57 critical vulnerabilities across various systems. These figures highlight the importance of proactive measures and, as cyber threats continue to evolve, it is crucial for organisations to stay vigilant and utilise effective and FREE tools like Cyber Toolkit to manage their cyber security risks.
We'll see what next week brings.