Major Incidents or Breaches

  • Salt Typhoon, a Chinese state-linked threat actor, maintained unauthorised access to US National Guard systems for nearly a year, according to new reporting.
  • A study has found that at least 750 US hospitals experienced disruptions during last year’s CrowdStrike outage, with over 200 hospitals suffering outages that affected patient care.

Newly Discovered Vulnerabilities

  • A 20-year-old vulnerability in train braking systems has been publicly disclosed, making these systems susceptible to remote attacks.

Notable Threat Actor Activity

  • Threat actors associated with the PoisonSeed phishing campaign are actively bypassing FIDO2 multi-factor authentication by exploiting the cross-device sign-in feature in WebAuthn, tricking users into approving fraudulent authentication requests.
  • Attackers hijacked popular npm linter packages (eslint-config-prettier and eslint-plugin-prettier) through targeted phishing of maintainers, turning the packages into malware droppers in a software supply chain attack.

Trends, Tools, or Tactics of Interest

  • The PoisonSeed phishing campaign demonstrates a technique of downgrading MFA security by leveraging WebAuthn’s cross-device sign-in, undermining FIDO2 protections.
  • Recent npm package hijackings highlight continued targeting of open-source software supply chains through phishing and subsequent malware injection.