Vercel Supply Chain Attack, Actively Exploited Microsoft Defender Zero-Days, and Iranian Threats to US Infrastructure Dominate Headlines
Summary
This period's cybersecurity landscape is marked by high-stakes incidents, including a sophisticated supply chain attack on Vercel via a third-party AI tool, active exploitation of multiple Microsoft Defender zero-days, and a stark warning from U.S. agencies about escalating Iranian cyberattacks on critical infrastructure. Other major events include a massive Patch Tuesday from Microsoft addressing 164 CVEs, a supply chain compromise of the popular Axios NPM package by North Korean actors, and significant data breaches at McGraw Hill and Amtrak, highlighting persistent threats across software development, cloud services, and public sectors.
Today New Articles
Vercel Hit by Supply Chain Attack; ShinyHunters Claims Responsibility, Demands $2M
Cloud platform Vercel has confirmed a security breach stemming from a supply chain attack involving the compromise of a third-party AI tool, Context.ai. Attackers exploited a Vercel employee's Google Workspace account via a compromised OAuth token, gaining acc...
New 'ZionSiphon' Malware Specifically Targets Israeli Water Infrastructure for Sabotage
Security researchers have analyzed ZionSiphon, a new malware strain specifically engineered to target Israeli water infrastructure. The malware, which explicitly references Israel's national water company and major desalination plants, combines data exfiltrati...
UAC-0247 Espionage Campaign Targets Ukrainian Government and Healthcare with Data-Stealing Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing cyber-espionage campaign by the threat actor UAC-0247. Active since March 2026, the campaign targets Ukrainian government bodies and healthcare facilities with phishing emails....