• Software supply chain hacks trigger wave of intrusions, data theft
• OpenSSH 10.3 patches five security bugs and drops legacy rekeying support
• New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
• NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
• Apple Expands iOS 18 Security Updates Amid DarkSword Threat
• Researchers Observe Sub-One-Hour Ransomware Attacks
• GitHub Used as Covert Channel in Multi-Stage Malware Campaign
• DarkSword exploit forces Apple to loosen its patching policy
• TrueConf zero-day vulnerability exploited to target government networks
• Most CNI Firms Face Up to £5m in Downtime from OT Attacks
• Trust, friction, and ROI: A CISO’s take on making security work for the business
• Tracking drones with the 5G tower down the street
• Microsoft adds high-volume email sending to Exchange Online
• Cybercriminals take aim at Hasbro, weeks of recovery ahead
• Google Introduces Android Dev Verification Amid Openness Debate
• New Venom Stealer MaaS Platform Automates Continuous Data Theft
• Chinese Hackers Target European Governments in Espionage Campaigns
• Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year
• Hackers Hijack Axios npm Package to Spread RATs
• Maryland Man Charged Over $53m Uranium Finance Crypto Hack
• Phantom Project Bundles Infostealer, Crypter and RAT For Sale
• ChatGPT Security Issue Enabled Data Theft via Single Prompt
• TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply chain attacks (linked to TeamPCP). “This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term,” …