Major Incidents or Breaches

  • A supply chain attack targeting npm and PyPI ecosystems has been identified, affecting over a dozen packages associated with GlueStack. The attack delivers malware via a change to “lib/commonjs/index.js,” potentially impacting millions globally.
  • Over 700 users across Latin America, primarily in Brazil, have been infected since early 2025 through a campaign distributing malicious Chromium-based browser extensions designed to steal user data.

Newly Discovered Vulnerabilities

  • A command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices is being actively exploited by a new Mirai botnet variant, enabling attackers to hijack vulnerable devices.

Notable Threat Actor Activity

  • Cybercriminals are leveraging software supply chain attacks by compromising widely used npm and PyPI packages to distribute malware at scale.
  • Threat actors are targeting Latin American users with malicious browser extensions, focusing on Chromium-based browsers to exfiltrate sensitive information.
  • Mirai botnet operators have adapted their malware to exploit vulnerabilities in digital video recorders, expanding their botnet infrastructure through IoT device compromise.

Trends, Tools, or Tactics of Interest

  • Increased targeting of software supply chains, particularly open-source package repositories (npm, PyPI), as a vector for widespread malware distribution.
  • Use of browser extensions as a method for credential and data theft, specifically targeting users in Latin America.
  • Continued adaptation of IoT botnets (Mirai) to exploit newly discovered vulnerabilities in networked devices, maintaining persistence and expanding reach.