Massive 'Sha1-Hulud' Supply Chain Attack Compromises 25,000+ GitHub Repos; CISA Warns of Multiple Actively Exploited Zero-Days
Summary
This intelligence briefing for November 25, 2025, covers a massive software supply chain attack named 'Sha1-Hulud' that has compromised over 25,000 GitHub repositories via malicious npm packages. Additionally, CISA has issued directives for actively exploited zero-day vulnerabilities in Oracle Identity Manager, Google Chrome, and Fortinet's FortiWeb. Other major threats include the Akira ransomware group targeting M&A activities, a surge in Black Friday phishing scams, and a data breach at a major banking vendor, SitusAMC.
Today New Articles
Akira Ransomware Targets M&A Blind Spots, Breaching Firms via Inherited SonicWall Devices
The Akira ransomware group is exploiting security blind spots created during corporate mergers and acquisitions (M&A). According to research by ReliaQuest, Akira affiliates are gaining initial access to acquiring companies by compromising vulnerable SonicWall...
Article Updates
URGENT: CISA Orders 7-Day Patch for Actively Exploited FortiWeb Zero-Day
Update:Fortinet has provided critical updates regarding the actively exploited FortiWeb zero-day, CVE-2025-58034. While rated medium severity (CVSS 6.7) in isolation, it can be chained with the previously disclosed path-traversal vulnerability, CVE-2025-64446, to ach...