Infosecurity News
Open Source Community Thwarts Massive npm Supply Chain Attack
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
ReliaQuest warns that phishing campaigns abusing the Axios user agent have surged 241% in three months
Chinese Cyber Espionage Campaign Impersonates US Congressman
A House select committee said Chinese actors impersonated Representative John Moolenaar to steal information that could be used to influence trade talks
Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account
Wealthsimple Confirms Data Breach After Supply Chain Attack
Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers
MostereRAT Targets Windows Users With Stealth Tactics
Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques
Remote Access Abuse Biggest Pre-Ransomware Indicator
Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors
Qualys, Tenable Latest Victims of Salesloft Drift Hack
Palo Alto Networks, Cloudflare and Zscaler were also among confirmed victims of the attack
GhostAction Supply Chain Attack Compromises 3000+ Secrets
Security researchers have discovered a new malicious campaign impacting hundreds of GitHub users
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild
Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America
Bridgestone Americas confirmed the incident but has not detailed the scope of the attack
South Carolina School District Data Breach Affects 31,000 People
An investigation has revealed that files were stolen in a data breach affecting a South Carolina school district
macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps
US and 14 Allies Release Joint Guidance on Software Bill of Materials
The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued
61% of US Companies Hit by Insider Data Breaches
The OPSWAT report found that insider breaches cost impacted firms $2.7m on average due to factors such as regulatory fines and diminished productivity
GhostRedirector Emerges as New China-Aligned Threat Actor
A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools
North Korean Hackers Exploit Threat Intel Platforms For Phishing
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures
CMS Provider Sitecore Patches Exploited Critical Zero Day
Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments
Scattered Spider-Linked Group Claims JLR Cyber-Attack
JLR said it is investigating following claims by the actor “Scattered Lapsus$ Hunters” that it had stolen data from the firm and had issued an extortion demand
Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation
Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation
