Researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and install persistent implants. These packages threaten Node.js environments relying on npm dependencies, emphasizing the need for strict package vetting and credential management.
North Korean APT actors targeted an Axios developer in a sophisticated social engineering campaign aimed at supply chain compromise. The attack involved spear-phishing, credential theft, and attempts to inject malicious code into Axios, impacting multiple sectors relying on this HTTP client.
Device code phishing attacks exploiting OAuth 2.0 Device Authorization Grant flow have increased over 37 times this year, enabling attackers to hijack cloud accounts. Organizations must apply vendor patches, enforce MFA, and monitor OAuth logs to mitigate this rising threat.
Data privacy labels on mobile apps aim to improve transparency but often contain inaccuracies and under-report data collection. Security teams should not rely solely on these labels and need to implement additional monitoring and validation tools to ensure compliance and protect user data.
The BrowserGate report reveals Microsoft's LinkedIn uses hidden JavaScript to scan visitors' browser extensions and collect device data without user consent. This covert profiling technique raises privacy concerns and may aid targeted attacks. Organizations should monitor browser behaviors and apply mitigation strategies.
The BrowserGate report reveals that Microsoft's LinkedIn uses hidden JavaScript to scan visitors' browser extensions and collect device data, raising privacy concerns. Although not a traditional vulnerability, this data collection can aid profiling and tracking, urging organizations to consider mitigation strategies.
Since mid-2025, the China-aligned threat actor TA416 has resumed targeting European government and diplomatic organizations after a two-year lull. The group employs spear-phishing, exploits Microsoft Office vulnerabilities, and uses multi-stage malware to conduct espionage. Detection and defense require patch management, email filtering, and endpoint monitoring.
Microsoft Defender researchers uncovered a method where PHP web shells on Linux servers use HTTP cookies as covert channels for remote code execution. This technique bypasses traditional detection methods, enabling stealthy attacks that complicate incident response.
Organizations have disclosed breaches stemming from TeamPCP's supply chain compromise, with threat actors ShinyHunters and Lapsus$ claiming involvement. These attacks exposed sensitive data through injected malicious code in software updates, affecting numerous enterprises. Affected users should audit software integrity, reset credentials, and enable multi-factor authentication.
CVE-2024-XXXX exposes a vulnerability in VR, AR, and MR headsets using skull vibration harmonics for authentication. Attackers can spoof vital sign-based signals to gain unauthorized access. Vendors should deploy multi-factor authentication and improve signal validation to mitigate risks.
Software supply chains face critical vulnerabilities exploited by sophisticated attacks, necessitating their treatment as critical infrastructure. Implementing multi-layered security controls, including code signing, access restrictions, and continuous monitoring, is essential to mitigate these risks.
Chainguard's rebuilt platform introduces continuous reconciliation of open source artifacts across containers, libraries, agent skills, and GitHub Actions to strengthen supply chain security. This update supports compliance with cybersecurity frameworks and mitigates risks from supply chain attacks.