Critical Supply Chain Attacks on Trivy and Axios Rattle Global Software Industry
Summary
This period saw a dramatic escalation in supply chain attacks, with the widely-used Trivy security scanner and the popular Axios npm package both compromised to distribute malware, impacting countless development pipelines worldwide. Concurrently, the European Commission confirmed a major data breach by the ShinyHunters group, who claim to have exfiltrated over 350GB of sensitive data. New malware threats also emerged, including the 'Infiniti Stealer' targeting macOS and 'DeepLoad' using AI for obfuscation. A critical unpatched vulnerability in PTC Windchill prompted an unprecedented physical police response in Germany, highlighting the severe risk to the manufacturing sector.
Today New Articles
'DeepLoad' Malware Leverages AI-Generated Code and ClickFix Social Engineering to Steal Credentials
A new malware campaign dubbed 'DeepLoad' is using a potent combination of stealthy delivery and advanced obfuscation to steal credentials from enterprise environments. Researchers at ReliaQuest identified the malware, which is delivered using the 'ClickFix' so...
UK Employee Data Breaches Hit Seven-Year High, Driven by Human Error in Hybrid Work
Reports of employee data breaches submitted to the UK's Information Commissioner's Office (ICO) have surged to a seven-year high, with 3,872 incidents recorded in 2025. An analysis by law firm Nockolds reveals that while cyber-related incidents fell, non-cyber...
Article Updates
Tax Season Phishing Frenzy: Scammers Use IRS and W-2 Lures to Spread Malware
Update:A new report from Proofpoint reveals a significant escalation in tax season cyber threats, with over 100 distinct campaigns observed. Attackers are increasingly using legitimate Remote Monitoring and Management (RMM) tools for persistent access, a shift from t...
Ransomware Attack on Spain's Port of Vigo Disrupts Cargo Operations, Forces Manual Processes
Update:This update provides a deeper technical analysis of the Port of Vigo ransomware attack, detailing likely initial access vectors (T1133, T1566), execution, lateral movement, and impact techniques (T1486, T1490). It also outlines cyber observables for detection...