Weekly INK

OWASP Highlights Supply Chain Risks in New Top 10 List Source: Dark Reading A major OWASP refresh spotlights software supply chain failures and misconfiguration as top risks. For SMBs, this means looking beyond code bugs to vendor components, CI/CD pipelines, and cloud settings. The takeaway: add supply-chain checks to patching, and tighten configuration governance to reduce real-world breach paths. Link to article Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI C

Multiple ChatGPT Security Bugs Allow Rampant Data Theft Source: Dark Reading Researchers found seven weaknesses that let attackers steal chat history and “memories,” bypass safety checks, and plant malicious instructions—no deep technical skill required. For SMBs exploring AI, this signals immediate risk: tighten browsing features, restrict plug-ins, and treat AI tools like any other internet-facing app. Link to article Microsoft: SesameOp malware abuses OpenAI Assistants API

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation Source: The Hacker News Security researchers observed real-world exploitation of the WSUS bug shortly after disclosure. The write-ups outline initial access and payload delivery patterns. Admins should review egress traffic, restrict WSUS exposure, and verify that emergency patches applied cleanly across all downstream servers. Link to article Massive China-Linked Smishing Campaign Leveraged 194,000 Do

Verizon: Mobile Blindspot Leads to Needless Data Breaches Source: Dark Reading Verizon’s Mobile Security Index says companies still treat phones as second-class citizens for security. Smishing is surging, BYOD policies are lax, and simple controls like MDM and zero trust would cut incidents dramatically. SMB takeaway: secure personal/work mobiles now—phishing isn’t just in email anymore. Link to article CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw Source:

Russia-linked hackers attack Texas electric cooperatives Source: CyberNews Qilin, the cybercriminal gang behind the alleged ransomware attacks, has listed two Texas electric distribution cooperatives as victims on its leak site on the dark web. One of the alleged victims is San Bernard Electric Cooperative, which has approximately 3,900 miles of electrical distribution lines serving approximately 28,000 households in eight Texas counties, including Austin, Colorado, Fayette,

Oracle patches EBS zero-day exploited in Clop data-theft attacks Source: BleepingComputer Oracle fixed a critical E-Business Suite flaw (CVE-2025-61882) that Clop abused to steal data. The bug allows unauthenticated remote code execution, making it urgent for any company running Oracle EBS to patch now and hunt for compromise indicators. SMBs using Oracle partners should ask vendors to confirm patching. Link to article Medusa ransomware actors exploit Fortra GoAnywhere flaw S

Maximum severity GoAnywhere MFT flaw exploited as zero day Source: BleepingComputer Attackers are actively exploiting a newly disclosed...

Npm Package Hides Malware in Steganographic QR Codes Source: Dark Reading A malicious npm package used QR-code images to conceal malware,...

689,000 Affected by Insider Breach at FinWise Bank Source: SecurityWeek A former FinWise Bank employee accessed sensitive data linked to...