Miasma Worm Spreads Through npm; CISA Warns on Fuel Systems; HTTP/2 Bomb Threatens Web Servers

CISA & NSA Warn of Ongoing Attacks Targeting Critical Fuel Monitoring Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released a joint advisory concerning active cyberattacks targeting internet-exposed Automatic Tank Gauge (ATG) systems. These systems, vital for monito...

"Miasma" Worm Spreads Through npm via "Phantom Gyp" Technique, Stealing Dev Secrets

A sophisticated, self-replicating worm named "Miasma" is actively compromising the npm registry in a widespread software supply chain attack. The malware utilizes a novel technique dubbed "Phantom Gyp," which abuses `binding.gyp` files to execute malicious cod...

Phishing Campaign Impersonates SendGrid Support, Leverages Compromised Account for High Authenticity

A convincing phishing campaign is targeting organizations by impersonating support notifications from the email delivery service SendGrid. The emails, which create urgency by claiming account permissions are insufficient, are being sent from a compromised Send...

Sandhills Medical Foundation Discloses Ransomware Breach Affecting 169,000 Patients

Sandhills Medical Foundation, Inc. has announced it was the victim of a ransomware attack in May 2025 that has compromised the sensitive data of 169,017 individuals. The breach involved an unauthorized third party gaining access to a server and potentially exf...

"Disruption Week" Crackdown Takes Down 1.4M+ Accounts Tied to Southeast Asia Scam Networks

A major international law enforcement operation, dubbed "Disruption Week," has successfully dismantled significant infrastructure belonging to cybercriminal scam networks in Southeast Asia. The coordinated effort, involving the US, Thailand, and major tech com...

New 'HTTP/2 Bomb' Exploit Can Crash NGINX, Apache, and Other Major Web Servers in Seconds

Security researchers have unveiled a new, highly effective denial-of-service (DoS) exploit named the "HTTP/2 Bomb." The attack chains together known vulnerabilities in the HTTP/2 protocol to rapidly overwhelm and crash major web servers, including NGINX, Apach...

Fake Claude Code and OpenAI Codex Installers on Google Sites Distribute ACRStealer Malware

A malware campaign is targeting software developers by hosting fake installer pages for popular AI coding assistants, such as Anthropic's Claude Code and OpenAI's Codex, on Google Sites. The use of the `sites.google.com` domain adds a veneer of legitimacy, hel...

Akira Ransomware Claims Attack on Medenet, Exposing Patient SSNs and Medical Records

Medenet Inc., a Florida-based medical billing and records company, has disclosed a data breach originating from a cyberattack on December 26, 2025. The Akira ransomware group has since claimed responsibility, alleging on a dark web forum that they exfiltrated...

Phishing Attack on Bozeman School District Exposes SSNs of Over 2,600 Staff

Bozeman School District #7 in Montana is notifying 2,617 current and former staff members of a data breach that exposed their names and Social Security numbers. The incident stemmed from a social-engineered phishing campaign that gave an unauthorized party acc...

Russia Ramps Up Cyber Espionage to Steal Western Tech Amid Sanctions, EU Officials Warn

Update:Germany's BND has issued a direct warning to German businesses regarding escalated Russian cyber threats. This follows a recent sophisticated phishing campaign by Russian state-sponsored actors that successfully compromised a senior BND official's device. The...