%term

ShaiHulud worm and the Nx / S1ngularity attacks: How-to use JIT Access to Stop the Chain Reaction

Sep 19, 2025 By The Apono Team In Apono

The Shai‑Hulud worm and the Nx / S1ngularity attacks show how token‑stealing malware, vulnerable workflows, and always‑on elevated permissions allow cascading compromise. Enforcing JIT access on repository, organization owner/admin roles, and team‑based inherited permissions sharply reduces exposure, limits damage, and strengthens audit/compliance posture.

Read Post

Apono

Read more about ShaiHulud worm and the Nx / S1ngularity attacks: How-to use JIT Access to Stop the Chain Reaction

Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks

Sep 18, 2025 By SquareX

SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle malware through the browser. Despite responsible disclosures to all major SASE/SSE providers, no vendor has made an official statement to warn its customers about the vulnerability in the past 13 months - until two weeks ago.

Read Post

Read more about Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks

Obrela's latest Digital Universe report reveals shift to stealthier, more sophisticated attacks

Sep 18, 2025 By Obrela In Obrela

Brute force attacks surge, fileless techniques rise and attackers evolve toward stealth and scale.

Read Post

Obrela

Read more about Obrela's latest Digital Universe report reveals shift to stealthier, more sophisticated attacks

From GrimResource to PureLogs Stealer: Dissecting a Recent Attack

Sep 18, 2025 By Joshua Green and Thomas Elkins In BlueVoyant

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) researchers have uncovered a recent cyber campaign featuring a unique twist on fake browser updates. This attack leveraged the GrimResource vulnerability and delivered the PureLogs stealer malware to targeted environments through disguised Microsoft Management Console (MSC) files.

Read Post

BlueVoyant

Read more about From GrimResource to PureLogs Stealer: Dissecting a Recent Attack

Preventing Cyber Attacks Against HR Teams

Sep 18, 2025 By Keeper Security In Keeper

HR teams manage some of the most sensitive data in your organization. Watch this video to learn how Keeper protects HR departments from cyber threats and helps secure employee data at every level.

View Video

Keeper

Read more about Preventing Cyber Attacks Against HR Teams

Beware the Sandworm: The Shai-Hulud Attack Explained

Sep 17, 2025 By Edward Kost In UpGuard

A new and dangerous self-replicating worm has been identified targeting the JavaScript repository NPM, infecting at least 187 code packages. The novel malware strain is engineered to steal credentials from developers and publish them to a new public GitHub repository. The worm automatically propagates itself by copying its code into the top 20 most popular packages maintained by the compromised user and publishing them as new versions.

Read Post

UpGuard

Read more about Beware the Sandworm: The Shai-Hulud Attack Explained

Is your VPN a silent entry point for attackers?

Sep 17, 2025 By Netwrix In Netwrix

Is your VPN a silent entry point for attackers? Credential stuffing and password spraying exploit weak authentication, giving attackers a way into VPNs and edge network devices — making them prime targets in today’s identity-driven threat landscape. In this snippet, our expert breaks down: Watch the full webinar: Adapting to a New Paradigm in Security – Implementing ITDR in Your SOC: netwrix.com/go/adapting-to-a-new-paradigm-in-security-yt.

View Video

Netwrix

Read more about Is your VPN a silent entry point for attackers?

NPM Ecosystem Under Siege: Self-Propagating Malware Compromises 187 Packages in a Huge Supply Chain Attack

Sep 16, 2025 By Tom Abai In Mend

The NPM ecosystem has been rocked by one of its widest supply chain attacks to date, with over 187 popular packages compromised by advanced malware capable of self-propagation and automated credential harvesting. This attack, affecting packages with millions of weekly downloads including angulartics2, ngx-toastr, and @ctrl/tinycolor, demonstrates how cybercriminals are evolving their tactics to create “worm-like” malware that can autonomously spread across the software supply chain.

Read Post

Mend

Read more about NPM Ecosystem Under Siege: Self-Propagating Malware Compromises 187 Packages in a Huge Supply Chain Attack

Shai-Hulud: A Persistent Secret Leaking Campaign

Sep 16, 2025 By Gaetan Ferry In GitGuardian

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow injection in accessible projects. The compromised packages' structure has been detailed in blog posts by socket.dev and StepSecurity.

Read Post

GitGuardian

Read more about Shai-Hulud: A Persistent Secret Leaking Campaign

Why DFIR: A Guide to Digital Forensics and Incident Response Services and Retainers

Sep 15, 2025 By Trustwave In Trustwave

No organization likes to contemplate being successfully hit with a cyberattack, but turning a blind eye to the possibility is the exact wrong thing to do. Digital Forensics and Incident Response (DFIR) planning and retainers, like car, home, and health insurance, are a necessity in case the unthinkable happens.

Read Post