1. The TeamPCP hacking group is responsible for a major data breach at the European Commission and is conducting ongoing supply chain attacks (The Record).
2. North Korean threat actor UNC1069 compromised the Axios npm package through a highly targeted social engineering campaign against the maintainer (The Hacker News).
3. The Qilin ransomware group claimed responsibility for a data theft attack against the German political party Die Linke (Bleeping Computer).
4. China linked threat actor TA416 is targeting European government and diplomatic organizations using PlugX malware and OAuth based phishing (The Hacker News).
5. CISA ordered federal agencies to patch a critical video conferencing vulnerability within two weeks due to active exploitation by Chinese hackers (The Record).
6. Apple released security patches for iOS 18 to address the DarkSword exploit used for mobile device cracking (Dark Reading).
7. Researchers identified 21 malicious npm packages in 24 hours that target AI coding assistants using LLM API man in the middle attacks and encrypted backdoors (Reddit).
8. New Rowhammer attacks have been discovered that allow attackers to gain complete control over machines running Nvidia GPUs (Reddit).
9. Microsoft reported that threat actors are using HTTP cookies as a control channel for PHP web shells on Linux servers to achieve remote code execution (The Hacker News).
10. Hims and Hers Health confirmed a data breach involving stolen support tickets from a third party customer service platform (Bleeping Computer).
11. An emergency communications system serving towns in Massachusetts was impacted by a cyberattack (The Record).
12. LinkedIn is reportedly scanning visitors browsers for over 6000 Chrome extensions to collect device data (Bleeping Computer).
13. Multiple malicious packages are being actively published to target the Strapi plugin ecosystem (Reddit).
14. Ukraine CERT warned that Russian hackers are revisiting previously compromised infrastructure to verify if old access points and credentials remain valid (The Record).
15. A man admitted to an extortion plot involving the locking of thousands of Windows devices (Reddit).
Be First to Comment