fix(nx-dev): small adjustment to the blog post

docs/blog/2025-06-12-cve-2025-36852-critical-cache-poisoning-vulnerability-creep.md

@@ -18,6 +18,10 @@ The CREEP vulnerability allows any contributor with pull request privileges to i
 - Nx Cloud is **NOT** affected due to its security architecture
 - Review this post to determine if your self-hosted cache solution is vulnerable
 
+{% callout type="warn" title="DIY implementations are vulnerable" %}
+DIY remote caches are likely vulnerable. Scanners won't catch all affected implementations, so understanding the vulnerability is crucial.
+{% /callout %}
+
 ## **Understanding the Vulnerability**
 
 A typical remote-cache flow using storage services follows these steps:
@@ -93,5 +97,6 @@ CVE-2025-36852 represents a serious threat to organizations using vulnerable cac
 
 - If your organization uses bucket-based remote caching: immediate action is required
 - If your organization uses other self-hosted remote cache solutions: immediate review required (most self-hosted caching solutions across many build systems—not just JavaScript, but also Java—are affected)
+- If your organization uses custom tasks runners to implement remote caching: immediate review required
 - If using Nx without remote caching: no action is required
 - If using Nx with Nx Cloud: [Review your settings](/ci/concepts/cache-security#use-scoped-tokens-in-ci). If you are using default settings, no actions should be required.