Today’s threat landscape is highlighted by significant software supply chain risks, with North Korean hackers deploying malicious npm packages and legacy Python scripts creating takeover vulnerabilities. CISA has issued a critical alert for an actively exploited vulnerability in OpenPLC ScadaBR. Additionally, researchers detail new TTPs from the Tomiris APT group and a major ransomware attack has potentially exposed data from 1.5 million individuals.
Top 5 Critical Security Alerts
- CISA Adds One Known Exploited Vulnerability to Catalog: CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its KEV catalog, confirming it is under active exploitation by threat actors. Read more
- North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware: North Korean APT actors have flooded the npm registry with 197 malicious packages, downloaded over 31,000 times, to deliver the OtterCookie malware. Read more
- Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages: Vulnerable bootstrap files in legacy Python packages create a significant domain takeover risk, potentially enabling widespread supply chain attacks via PyPI. Read more
- Tomiris wreaks Havoc: New tools and techniques of the APT group: Kaspersky reports the Tomiris APT group has updated its toolkit with open-source C2 frameworks like Havoc and is using Discord and Telegram for communications. Read more
- Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people: Asahi disclosed a ransomware incident that may have resulted in the data exposure of 1.5 million individuals, including names, addresses, and phone numbers. Read more
Threat Intelligence
- CISA Adds One Known Exploited Vulnerability to Catalog: CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its KEV catalog, confirming it is under active exploitation by threat actors. Read more
- North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware: North Korean APT actors have flooded the npm registry with 197 malicious packages, downloaded over 31,000 times, to deliver the OtterCookie malware. Read more
- Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages: Vulnerable bootstrap files in legacy Python packages create a significant domain takeover risk, potentially enabling widespread supply chain attacks via PyPI. Read more
- Tomiris wreaks Havoc: New tools and techniques of the APT group: Kaspersky reports the Tomiris APT group has updated its toolkit with open-source C2 frameworks like Havoc and is using Discord and Telegram for communications. Read more
- Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery: Attackers are abusing calendar subscription features via hijacked domains to push phishing links and malware directly to unsuspecting users’ devices. Read more
Security Breaches & Incidents
- Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people: Asahi disclosed a ransomware incident that may have resulted in the data exposure of 1.5 million individuals, including names, addresses, and phone numbers. Read more
- French Football Federation discloses data breach after cyberattack: The French Football Federation (FFF) announced a data breach after an attacker used a compromised account to access administrative software containing player data. Read more
- Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison: An Australian man was sentenced to over seven years in prison for operating malicious ‘evil twin’ WiFi networks at airports to steal traveler data. Read more
Security Tools & Best Practices
- Public GitLab repositories exposed more than 17,000 secrets: A security researcher discovered over 17,000 exposed secrets after scanning 5.6 million public repositories on GitLab Cloud, highlighting ongoing credential leakage risks. Read more
- Microsoft: Windows updates make password login option invisible: Microsoft has warned that recent Windows 11 updates may hide the password sign-in icon on the lock screen, causing user confusion but not removing the functionality. Read more
Cloud & Network Security
- MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants: A security blind spot in MS Teams guest access can negate a user’s home organization security policies, as protections are determined by the host tenant. Read more
Emerging Security Technologies
- Prompt Injection Through Poetry: Researchers found that structuring malicious prompts as poetry serves as a universal jailbreak method for LLMs, successfully bypassing current safety mechanisms. Read more
