Issue #153 - June 9, 2025
- Weekly INK
- Jun 9
- 2 min read
Updated: Jun 12
Supply Chain Attacks Really Are Surging
Source: Data Breach Today
Hackers are doubling down on software supply chain attacks. In the first five months of this year, Cyble said roughly two thirds of the 79 software supply chain attacks it documented directly targeted IT, technology or telecommunications firms. They are "rich potential targets for threat actors hoping to exploit downstream users."
Whole Foods Distributor United Natural Foods Hit by Cyberattack
Source: Security Week
United Natural Foods, Inc. (NYSE: UNFI), the main distributor for Amazon’s Whole Foods, has been targeted in a cyberattack that has caused some disruptions to business operations. United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations.
SentinelOne Sees No Breach After Hardware Supplier Hacked
Source: Data Breach Today
Cybersecurity firm SentinelOne said suspected Chinese attackers infiltrated a logistics firm that it used to supply hardware to its employees. The intrusion doesn't appear to have resulted in an infiltration of its own, corporate network, the company said.
Google Bug Allowed Brute-Forcing of Any User Phone Number
Source: Dark Reading
The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.
Password-spraying attacks target 80,000 Microsoft Entra ID accounts
Source: Bleeping Computer
Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. The campaign started last December and has successfully hijacked multiple accounts, say researchers at cybersecurity company Proofpoint, who attribute the activity to a threat actor called UNK_SneakyStrike.