Supply Chain Attacks Surge as North Korean Hackers Flood NPM; CISA Issues Urgent Mobile & ICS Alerts

Publication Date: November 28, 2025

Summary

This cybersecurity advisory for November 27-28, 2025, highlights a significant escalation in software supply chain attacks, underscored by a North Korean campaign that flooded the NPM registry with nearly 200 malicious packages. Concurrently, CISA has issued critical warnings, adding an exploited ICS vulnerability (CVE-2021-26829) to its KEV catalog and releasing urgent guidance for mobile device security against commercial spyware. Other major incidents include a data breach at the French Football Federation exposing player information, a massive leak of over 17,000 secrets on public GitLab repositories, and evolving tactics from APT groups like Bloody Wolf and Tomiris targeting government entities across Central Asia.

Today New Articles

French Football Federation Data Breach Exposes Player Info Via Single Compromised Account

The French Football Federation (FFF) announced a significant data breach on November 28, 2025, after an attacker gained access to a centralized administrative software platform using a single compromised user account. The breach exposed the personally identifi...

IT Professional Jailed for 7 Years in Australia for 'Evil Twin' Wi-Fi Attacks on Flights

An Australian IT professional, Michael Clapsis, has been sentenced to seven years and four months in prison for conducting sophisticated 'evil twin' Wi-Fi attacks. Using a Wi-Fi Pineapple device, he created rogue Wi-Fi hotspots at airports and on flights to tr...

Massive Scan of Public GitLab Repositories Uncovers Over 17,000 Live Secrets

A security engineer, Luke Marshall, conducted a large-scale scan of all 5.6 million public repositories on GitLab Cloud, uncovering 17,430 verified, live secrets. The exposed credentials include thousands of API keys and access tokens for over 2,800 unique dom...

Legacy Python Scripts Create Dormant Supply Chain Risk via Abandoned Domain

Security researchers at ReversingLabs have identified a long-dormant supply chain vulnerability within the Python ecosystem affecting packages that use the legacy 'zc.buildout' tool. Outdated bootstrap scripts (`bootstrap.py`) found in several PyPI packages co...

'Adversarial Poetry' Emerges as Universal Jailbreak for Major LLMs

A new research paper has unveiled a simple yet powerful technique, dubbed 'adversarial poetry,' that can consistently bypass the safety guardrails of major Large Language Models (LLMs). By reformulating harmful prompts into verse, researchers were able to achi...

Bloody Wolf APT Shifts Tactics, Using Legitimate RATs to Target Central Asian Governments

The cyber-espionage group 'Bloody Wolf' has expanded its campaign, now targeting government entities in Kyrgyzstan and Uzbekistan. According to research from Group-IB, the APT group has evolved its tactics, moving away from custom malware to a more streamlined...

CISA Adds Actively Exploited OpenPLC XSS Flaw to KEV Catalog After Hacktivist Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR, CVE-2021-26829, to its Known Exploited Vulnerabilities (KEV) catalog. The action, taken on November 28, 2025, follows conf...

Tomiris APT Refines Toolkit, Using Discord and Telegram for C2 in Diplomatic Attacks

The cyber-espionage group 'Tomiris' has upgraded its tactical arsenal in a new wave of attacks targeting diplomatic and government organizations in Russia and Commonwealth of Independent States (CIS) countries. According to a new report from Kaspersky, the APT...