29 May Security Report – 29 May 2026
The rapid adoption of AI and SaaS applications is significantly changing the cybersecurity landscape, making attacks faster, more sophisticated, and harder to detect. AI enables threat actors to automate tasks like reconnaissance and phishing, allowing attacks that once took weeks to unfold in a matter of hours.
At the same time, most businesses now rely on dozens—or even hundreds—of interconnected SaaS applications. While this drives productivity, it also significantly expands the attack surface and increases the risk of human error and misconfiguration.
Traditional security approaches are no longer effective in this environment. Security is often fragmented across multiple tools, resulting in limited visibility, siloed alerts, and delayed response times. In parallel, identity—user credentials, sessions, and access permissions—has become the primary control point. Attackers no longer need to breach infrastructure; instead, they can compromise identities and move laterally across systems largely undetected.
As SaaS adoption continues to grow, organisations need a more unified, identity-focused security strategy to reduce blind spots and respond effectively to modern, AI-driven threats.
This is why TCT is now recommending clients deploy our RTMS (Real-Time Monitoring & Security) agent—to provide centralised visibility, proactive threat detection, and rapid response across users, endpoints, and SaaS environments, helping close the gap left by fragmented traditional security tools.
Recent Breaches
United States – GitHub – Technology
Exploit: Supply Chain Attack
Risk to Business: Moderate: More than 5,000 GitHub repositories were impacted by an automated malicious campaign dubbed “Megalodon,” which used fake pull requests to steal sensitive information. Supply-chain attacks targeting open-source JavaScript and Python repositories continue to surge. One recent incident prompted Microsoft-owned GitHub to warn that attackers had stolen around 3,800 internal repositories after a developer installed a poisoned Visual Studio Code extension. The supply-chain hacking group TeamPCP claimed responsibility for the attack. Rather than modifying application code directly, the campaign inserted a malicious workflow file into repositories through GitHub Actions, GitHub’s cloud-based CI/CD platform for building, testing and deploying software. In total, the Megalodon campaign reportedly executed 5,718 malicious commits across 5,561 repositories within six hours.
United States – American Lending Center – Finance
Exploit: Ransomware & Malware
Risk to Business: Moderate: American Lending Center, a California-based non-bank lender specialising in loans for small businesses and startups, reported a ransomware attack that compromised the sensitive personal information of 123,158 individuals. The breach was discovered on July 27, 2025, and an investigation later determined that attackers had access to files between July 24 and July 30, 2025. The exposed data may include names, dates of birth and Social Security numbers. The forensic investigation was not completed until April 8, 2026, nearly nine months after the incident was first identified. No known ransomware group has publicly claimed responsibility for the attack, suggesting either that a ransom was paid or that the responsible actors do not operate a public leak site.
Talk to a TCT team member today about implementing Cyber Security strategy plan for your business.
Robert Brown
29/5/2026
Related Articles:
AiTM Phishing Bypassing your Password
LinkedIn Recruitment Scams