Weekly INK

Supply Chain Attack Embeds Malware in Android Devices Source: Dark Reading Researchers found malware embedded at the Android firmware level through a supply chain compromise. The threat can copy itself into apps and then pull down additional payloads for ad fraud, browser hijacking, and other remote actions. The key risk is that users may receive devices or updates already compromised. Link to article Flaws in popular VSCode extensions expose developers to attacks Source: Ble

Shai-hulud: The Hidden Costs of Supply Chain Attacks Source: Dark Reading A new breed of self propagating supply chain malware in open source ecosystems can rapidly alter thousands of software packages and create downstream damage well beyond the initial victim. The article explains how these campaigns spread, why detection is difficult, and what organizations must do to reduce software dependency risk. Link to article CISA warns of SmarterMail RCE flaw used in ransomware att

Harvard, UPenn Data Leaked in ShinyHunters Shakedown Source: Data Breach Today Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors’. Cyber extortion group ShinyHunters claimed responsibility Wednesday for late 2025 attacks against Harvard University and the University of Pennsylvania, publishing on a darkweb leak site what they claimed were more than 2 million records stolen from the two Ivy League schools. Link to article Russia’s APT28 Rapidly Weap

Social Engineering Hackers Target Okta Single Sign On Source: Data Breach Today Single sign-on customers of identity provider Okta should be on alert against attackers seeking to gain access to their corporate network, steal data and hold it to ransom, security experts warn. A surge in social engineering attacks has targeted users of Okta's SSO tools, leading the company to directly warn customers last week about this campaign. Link to article Chrome, Edge Extensions Caught S

AI Agents Undermine Progress in Browser Security Source: Dark Reading Early browser security gains are being eroded as AI agents and complex extensions increase attack surface. The piece explains how automated agents can misuse permissions, pivot via tabs, and skirt traditional controls, with practical advice to rein in extensions, harden policies, and monitor browser telemetry in business environments. Link to article Okta SSO accounts targeted in vishing-based data theft at

'Most Severe AI Vulnerability to Date' Hits ServiceNow Source: Dark Reading Authentication issues in ServiceNow potentially opened the door for arbitrary attackers to gain full control over the entire platform and access to the various systems connected to it. ServiceNow is a Fortune 500 company that, according to its promotional materials, acts as an IT services management platform for 85% of the companies that comprise the rest of the Fortune 500. Link to article Microsoft

CTO New Year’s Resolutions for a More Secure 2026 Source: Dark Reading Experts lay out practical security goals for the new year, from operationalizing AI governance to hardening CI/CD and improving CISO–CTO alignment. For smaller teams, the list doubles as a roadmap: standardize secure-by-default build paths, tighten vendor access, and measure security like any other business KPI. Link to article Texas court blocks Samsung from collecting smart TV viewing data Source: Bleepi

Browser Extension Harvests 8M Users’ AI Chatbot Data Source: Dark Reading A popular Chrome extension marketed for privacy was quietly collecting and selling content from users’ AI conversations. For SMBs, that is a reminder to restrict browser extensions, enforce allow lists, and review permissions that can capture on-screen data and network traffic. Link to article Coupang data breach traced to ex-employee who retained system access Source: BleepingComputer Coupang says a fo

CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks Source: Dark Reading US agencies say Chinese state actors are deploying the Brickstorm backdoor in VMware vSphere environments, enabling persistence, VM snapshot theft, and lateral movement. For SMBs supporting critical sectors: harden vSphere, restrict remote access, enforce MFA, and monitor for anomalous VM and DNS-over-HTTPS activity. Link to article Pharma firm Inotiv discloses data breach after ransomware attack Source: