Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads…
Author: Cybernoz
Progress OpenEdge AdminServer Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for…
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.…
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Sep 08, 2025Ravie LakshmananSupply Chain Attack / API Security Salesloft has revealed that the data breach linked to its Drift application started with the compromise…
Qualys Confirms Data Breach – Hackers Accessed Salesforce Data in Supply Chain Attack
Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a…
This “insidious” police tech claims to predict crime (Lock and Code S06E18)
This week on the Lock and Code podcast… In the late 2010s, a group of sheriffs out of Pasco County, Florida, believed they could predict…
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
Salesloft said it has restored the integration between its Drift platform and Salesforce after an investigation by Mandiant linked an August supply chain attack to…
March GitHub repo breach led to Salesforce data theft attacks
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft…
Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure
A massive data breach in early September 2025 attributed to a cyber actor known simply as “Kim” laid bare an unprecedented view into the operational…
Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
A critical zero-day vulnerability (CVE-2025-53690) is being actively exploited in Sitecore. This flaw, originating from old, insecure keys, allows hackers to achieve Remote Code Execution…
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
Sep 08, 2025Ravie LakshmananMalvertising / Encryption Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to…
Data security gaps stymy enterprise AI plans
Dive Brief: Organizations grapple with data security obstacles on the path to AI adoption, according to OpenText. The Ponemon Institute surveyed nearly 1,900 CIOs, CISO…