Daily Digest

Supply Chain Attacks Cripple NPM and Salesforce; FCC Rolls Back ISP Security Rules

Supply Chain Attacks Cripple NPM and Salesforce; FCC Rolls Back ISP Security Rules

November 24, 2025
8 articles (8 new)
24 min read

Summary

This 24-hour period saw a surge in high-impact supply chain attacks, with the 'Shai-Hulud' worm infecting hundreds of NPM packages and a breach at Gainsight exposing Salesforce customer data. Concurrently, a major cyberattack hit a key US mortgage vendor, and the FCC controversially rescinded ISP cybersecurity rules amidst ongoing nation-state threats. Ransomware and espionage campaigns also continue, with Akira hitting LG and a new APT, 'Autumn Dragon,' targeting Southeast Asia.

Filter by Category

New Articles (8)

Massive NPM Supply Chain Attack Spreads Self-Replicating "Shai-Hulud" Worm

CRITICAL

Hundreds of NPM Packages Compromised by "Shai-Hulud" Worm in Major Supply Chain Attack, Crypto Libraries Targeted

A significant, ongoing supply chain attack is targeting the NPM JavaScript ecosystem, where a self-replicating worm dubbed "Shai-Hulud" has infected over 400 software packages. The attack has a substantial impact on the cryptocurrency sector, compromising at least 10 widely used libraries crucial for the Ethereum Name Service (ENS), including 'content-hash' and 'address-encoder'. The malware functions as a general-purpose credential stealer, exfiltrating secrets like wallet keys from infected developer environments. The scale is vast, with researchers at Wiz observing over 25,000 affected repositories, highlighting a critical threat to developer infrastructure worldwide.

November 24, 2025
5 min read
NPMJavaScriptSupply Chain AttackShai-HuludWorm +3 more
Massive NPM Supply Chain Attack Spreads Self-Replicating "Shai-Hulud" Worm
Supply Chain Attack
Malware
Cloud Security

FCC Rolls Back ISP Cybersecurity Rules Despite China-Linked Hacking Threats

MEDIUM

FCC Rescinds Key Cybersecurity Mandates for ISPs, Drawing Criticism for Weakening National Security

In a controversial decision, the U.S. Federal Communications Commission (FCC) has rescinded cybersecurity regulations for internet service providers (ISPs). These rules were implemented by the Biden Administration following the discovery that the Chinese state-sponsored hacking group Salt Typhoon had breached major U.S. carriers. The revoked rules mandated minimum security standards and compliance certifications. The FCC claimed the original ruling was based on a "flawed legal analysis," but the move has drawn sharp criticism, with Commissioner Anna M. Gomez stating it leaves the country "less secure" against increasing nation-state threats.

November 24, 2025
4 min read
FCCISPCybersecurity PolicyRegulationSalt Typhoon +3 more
FCC Rolls Back ISP Cybersecurity Rules Despite China-Linked Hacking Threats
Policy and Compliance
Regulatory
Threat Actor

Akira Ransomware Gang Hits LG Energy Solution, Claims 1.7TB Data Theft

HIGH

LG Energy Solution Confirms Ransomware Attack as Akira Gang Claims Exfiltration of 1.7 Terabytes of Data

South Korean battery manufacturing giant LG Energy Solution has confirmed it was the victim of a ransomware attack at one of its overseas facilities. The notorious Akira ransomware gang has claimed responsibility for the breach, alleging on its dark web leak site that it stole 1.7 terabytes of data from the company's network. While LG Energy Solution reports that the affected systems have been restored and its headquarters was not impacted, the incident highlights the continued threat of double-extortion ransomware attacks against the manufacturing sector. The Akira gang has been highly active, often gaining initial access via compromised VPN credentials.

November 24, 2025
5 min read
RansomwareAkiraLG Energy SolutionData BreachManufacturing +2 more
Akira Ransomware Gang Hits LG Energy Solution, Claims 1.7TB Data Theft
Ransomware
Data Breach
Cyberattack

New "Autumn Dragon" Espionage Campaign Targets Southeast Asia

HIGH

China-Nexus APT "Autumn Dragon" Uses WinRAR Flaw in Espionage Campaign Targeting Southeast Asian Governments

A newly identified cyber-espionage campaign named "Autumn Dragon" has been targeting government and media organizations across Southeast Asia since early 2025. The operation, attributed with medium confidence to a China-nexus Advanced Persistent Threat (APT) group, aims to gather intelligence related to the South China Sea. The attackers use spearphishing emails with malicious WinRAR archives that exploit the vulnerability CVE-2025-8088. Upon execution, a dropper script masquerading as a Windows Defender update retrieves and runs additional payloads to establish a foothold for intelligence gathering.

November 24, 2025
5 min read
Autumn DragonAPTCyber EspionageChinaSoutheast Asia +3 more
New "Autumn Dragon" Espionage Campaign Targets Southeast Asia
Threat Actor
Cyberattack
Vulnerability

ShadowPad Backdoor Deployed via Critical WSUS Server Vulnerability

CRITICAL

Chinese APTs Exploit Windows Server RCE Flaw (CVE-2025-59287) to Deliver ShadowPad Backdoor

An active intrusion campaign is exploiting a critical remote code execution (RCE) vulnerability, CVE-2025-59287, in Microsoft's Windows Server Update Services (WSUS). Attackers, believed to be Chinese state-sponsored APTs, are leveraging the flaw to gain system-level access and deploy the sophisticated ShadowPad backdoor. The attack chain involves using PowerShell and legitimate system utilities like 'certutil' and 'curl' to download the malware, which is then executed using a DLL sideloading technique for stealth and persistence. The campaign highlights the rapid weaponization of newly disclosed vulnerabilities for espionage purposes.

November 24, 2025
5 min read
ShadowPadWSUSCVE-2025-59287RCEAPT +3 more
ShadowPad Backdoor Deployed via Critical WSUS Server Vulnerability
Vulnerability
Threat Actor
Cyberattack

Supply Chain Breaches Escalate Despite Maturing Defenses, Report Finds

INFORMATIONAL

BlueVoyant Report: 97% of Firms Hit by Supplier Breach in Past Year, Up from 81%

A new 2025 report from cybersecurity firm BlueVoyant reveals a troubling trend: despite most organizations maturing their third-party risk management (TPRM) programs, the number of supply chain breaches is escalating. The study found that 97% of surveyed organizations experienced a supplier-related security incident in the past year, a significant jump from 81% in 2024. The report identifies ineffective tool integration and internal organizational silos as key barriers, with the manufacturing sector being particularly hard-hit, averaging 3.8 breaches per organization.

November 24, 2025
4 min read
Supply Chain SecurityThird-Party Risk ManagementTPRMBlueVoyantCybersecurity Report +2 more
Supply Chain Breaches Escalate Despite Maturing Defenses, Report Finds
Security Operations
Policy and Compliance
Supply Chain Attack

Ransomware Attacks Peak on Holidays and Weekends, Exploiting Low Staffing

INFORMATIONAL

Semperis Study: 52% of Firms Hit by Ransomware on Holidays or Weekends as SOC Staffing is Halved

A new global study by Semperis, the "2025 Holiday Ransomware Risk Report," confirms that threat actors strategically launch attacks during holidays and weekends to exploit reduced security staffing. The report found that 52% of organizations were targeted during these off-hour periods. Alarmingly, 78% of companies cut their Security Operation Center (SOC) staffing by 50% or more during these times. The study also revealed that 60% of attacks follow major corporate events like mergers or layoffs, when organizations are most distracted.

November 24, 2025
3 min read
RansomwareSecurity OperationsSOCIncident ResponseSemperis +2 more
Ransomware Attacks Peak on Holidays and Weekends, Exploiting Low Staffing
Security Operations
Ransomware
Incident Response

Italian IT Firm Almaviva Hit by Cyberattack, 2.3TB of Data Leaked

HIGH

Almaviva Breach Exposes Data from Italian National Railway, Including Passports and Defense Contracts

The prominent Italian IT services provider Almaviva has confirmed it was hit by a major cyberattack, resulting in the theft and leaking of nearly 2.3 terabytes of sensitive data. The breach has exposed information from several of Almaviva's clients, most notably Italy's national railway operator, Ferrovie dello Stato Italiane. The leaked files reportedly include highly sensitive data such as passenger passport details, employee records, financial documents, and defense-related contracts. The identity of the attackers has not yet been disclosed.

November 24, 2025
5 min read
AlmavivaData BreachItalyFerrovie dello Stato ItalianeData Leak +2 more
Italian IT Firm Almaviva Hit by Cyberattack, 2.3TB of Data Leaked
Data Breach
Cyberattack
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats