Hackers left empty‑handed after massive NPM supply‑chain attack

Source: BleepingComputer

An attack on the JavaScript ecosystem saw a maintainer tricked by a fake password‑reset email, leading to malicious updates of popular “chalk” and “degit” packages that attempted to steal cryptocurrency. The community reacted quickly, purging the malicious modules within hours. Even though the compromised packages are used in 99 % of Node projects, impact was limited; downloads appeared in about 10 % of cloud environments, and the attacker gained little reward.

Link to article

Hackers Compromise 18 NPM Packages in Supply Chain Attack

Source: GovInfoSecurity

GovInfoSecurity reports that a threat actor typosquatted a domain to send a phishing email to maintainer John Junon and injected malware into 18 popular npm packages, including libraries downloaded billions of times. The malicious code hijacked browser-based crypto transactions; Junon deleted most packages before NPM suspended his account. Only about $970 was stolen. Experts urge developers to use internal registries and require code reviews to mitigate open‑source supply‑chain risks.

Link to article

Hand‑Tool Maker Says Hack Compromised Medical Info

Source: BankInfoSecurity

Cornwell Quality Tools notified nearly 104 000 individuals that hackers stole personal and medical data during a December 2024 breach. Although the Ohio hand-tool company sells tools, it holds sensitive health information through its HR and benefits operations. Experts warn that non‑healthcare SMBs should treat employee health data with HIPAA‑level security, performing rapid detection, data segregation, encryption and vulnerability assessments to reduce reputational and legal exposure.

Link to article

Qualys, Tenable Latest Victims of Salesloft Drift Hack

Source: Infosecurity Magazine

Security vendors Tenable and Qualys joined a growing list of organisations hit by the Salesloft Drift supply‑chain hack. Attackers stole OAuth tokens from the Drift application integrated with Salesforce, gaining limited access to customer support case data such as subject lines, descriptions and business contact information. Both companies disabled the integration, rotated credentials and hardened their Salesforce environments. The same campaign has affected multiple tech firms since late August.

Link to article

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Source: The Hacker News

Researchers warn that the Akira ransomware group is targeting SonicWall SSL VPN devices by exploiting a year-old flaw (CVE‑2024‑40766) and misconfigured user groups. Rapid7 observed a spike in intrusions since late July 2025. Attackers brute‑force credentials, abuse default LDAP group assignments and pivot through SonicWall’s Virtual Office portal. Organizations should rotate passwords, restrict portal access, enable multi-factor authentication and review group policies to block these attacks.

Link to article