Supply Chain Under Siege: Malicious VS Code Extension, APT36 Linux Malware, and Major Data Breaches Rattle Global Industries
Summary
This cybersecurity brief for November 29-30, 2025, covers a series of high-impact incidents, led by the discovery of a malicious Visual Studio Code extension that infected over 16,000 developers using a sophisticated Solana blockchain-based C2. Concurrently, the APT36 threat actor escalated its cyber-espionage efforts by deploying custom Linux malware against Indian government entities. The period also saw major data breaches, including the exposure of Amazon data center blueprints from a steel contractor and the theft of 6.1 million Netmarble user records. In the financial sector, a DeFi exploit drained $9 million from Yearn Finance, while regulatory actions saw Comcast fined $1.5 million for a vendor-related breach, underscoring the pervasive risk across software development, government, and corporate supply chains.
Today New Articles
US Probes Bitcoin Mining Giant Bitmain for National Security Threats
The U.S. Department of Homeland Security is reportedly conducting a probe, codenamed 'Operation Red Sunset,' into Chinese bitcoin mining hardware manufacturer Bitmain. According to reports from November 29, 2025, the investigation centers on fears that Bitmain...
Yearn Finance Hit by $9M 'Infinite Mint' Exploit
On November 30, 2025, the DeFi protocol Yearn Finance was exploited for approximately $9 million. The attacker leveraged a flaw in a legacy yETH stableswap smart contract, using a deposit of just 16 wei (a fraction of a cent) to mint a massive 235 septillion y...
Amazon Data Center Blueprints Leaked in Breach of Steel Contractor
A significant data breach at Cooper Steel Fabricators, a major U.S. structural steel contractor, was reported on November 30, 2025. A threat actor is selling a 330 GB database, claiming it is a 'complete mirror' of the company's FTP server. The asking price is...
Gaming Giant Netmarble Breached, 6.1 Million Users' Data Exposed
South Korean gaming company Netmarble confirmed on November 30, 2025, that it suffered a data breach on November 22, exposing the personal information of 6.11 million members of its PC game portal. The compromised data includes names, birthdates, and encrypted...
CodeRED Alert System Hit by Ransomware, Wall Street Scrambles After Vendor Hack
A weekend news roundup from November 29, 2025, covered several major cyber incidents. The nationwide CodeRED emergency alert system, provided by OnSolve, was hit by an INC Ransom attack, disrupting a critical public safety service. In finance, Wall Street bank...
Comcast Fined $1.5M by FCC for Vendor's Data Breach
Comcast has agreed to a $1.5 million settlement with the Federal Communications Commission (FCC) following a 2024 data breach at a former vendor. The breach occurred at Financial Business and Consumer Solutions (FBCS), a debt collection agency, and exposed the...
Global Infrastructure Breach Alert Confirmed as False Alarm
Initial reports on November 30, 2025, of a major security breach impacting global infrastructure were officially confirmed to be a false alarm. The panic was triggered when automated monitoring tools misinterpreted routine, benign system tests as a sophisticat...
Article Updates
Supply Chain Breach at Vendor Marquis Exposes Data From Dozens of US Banks
Update:Co-Vantage Credit Union has confirmed 160,000 members were impacted by the Marquis Software Solutions data breach. The incident, which occurred on August 14, 2025, was discovered by the vendor on October 27, 2025, a delay of over two months. Affected members a...