Supply Chain Attacks Really Are Surging

Source: Data Breach Today

Hackers are doubling down on software supply chain attacks. In the first five months of this year, Cyble said roughly two thirds of the 79 software supply chain attacks it documented directly targeted IT, technology or telecommunications firms. They are "rich potential targets for threat actors hoping to exploit downstream users."

Link to article 

Whole Foods Distributor United Natural Foods Hit by Cyberattack

Source: Security Week

United Natural Foods, Inc. (NYSE: UNFI), the main distributor for Amazon’s Whole Foods, has been targeted in a cyberattack that has caused some disruptions to business operations. United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations.

Link to article

SentinelOne Sees No Breach After Hardware Supplier Hacked

Source: Data Breach Today

Cybersecurity firm SentinelOne said suspected Chinese attackers infiltrated a logistics firm that it used to supply hardware to its employees. The intrusion doesn't appear to have resulted in an infiltration of its own, corporate network, the company said.

Link to article

Google Bug Allowed Brute-Forcing of Any User Phone Number

Source: Dark Reading

The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.

Link to article

Password-spraying attacks target 80,000 Microsoft Entra ID accounts

Source: Bleeping Computer

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. The campaign started last December and has successfully hijacked multiple accounts, say researchers at cybersecurity company Proofpoint, who attribute the activity to a threat actor called UNK_SneakyStrike.

Link to article