Today's cybersecurity landscape is dominated by escalating supply chain threats and evolving ransomware tactics. NPM v12 has been released, disabling automatic script execution by default to bolster supply chain security against incidents like the recent 'Mini Shai-Hulud' worm. However, the Injective Labs SDK on npm and RubyGems have both been compromised by malicious packages, with RubyGems halting new signups due to hundreds of malicious gems. The SimpleHelp RMM flaw (CVE-2026-48558) continues to be exploited, now by a separate ransomware campaign targeting utility providers, in addition to the Djinn Stealer.
Ransomware gangs are also adopting more extreme measures, with reports indicating a shift to physical threats against employees and their families as digital resilience increases. Microsoft has uncovered 'GigaWiper,' a destructive Windows backdoor capable of wiping disks or deploying fake ransomware, attributed to an Iranian-backed actor. Meanwhile, a sophisticated vishing campaign is tricking Microsoft 365 users into enrolling attacker-controlled passkeys for persistent account access.
In other news, the Canadian Armed Forces reported a breach by the 'Bavaqai' threat actor, part of a wave of attacks affecting international organizations. A former ransomware negotiator has been sentenced for acting as a 'double agent' for the BlackCat gang. Finally, a new 'ChocoPoC' malware campaign is targeting cybersecurity researchers by embedding a RAT within trojanized GitHub exploits.
Help others stay informed about cybersecurity threats
Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.
Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.
Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.