Security news.
Today's security news is dominated by critical vulnerabilities and sophisticated supply chain attacks. Fortinet has issued an emergency patch for an actively exploited zero-day, while North Korean threat actors continue to target developers and maintainers in supply chain campaigns. Additionally, German authorities have identified key figures behind the notorious REvil ransomware group.
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
Fortinet has released an emergency patch for an improper access control bug in FortiClient EMS, allowing unauthenticated attackers to execute arbitrary code remotely.
LiteLLM Supply Chain Attack Exploits Developer Machines
A supply chain attack by TeamPCP on LiteLLM leveraged developer workstations as credential vaults, highlighting the critical risk associated with these machines.
Malicious Strapi NPM Packages Target Guardarian Users
Hackers published 36 NPM packages disguised as Strapi plugins to execute shells, escape containers, and harvest credentials, impacting Guardarian users.
North Korean Hackers Target Node.js Maintainers
The threat actor behind the Axios supply chain attack is now targeting other high-profile Node.js maintainers in an ongoing social engineering campaign.
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable EDR Tools
Qilin and Warlock ransomware operations are employing the "bring your own vulnerable driver" (BYOVD) technique to bypass and disable over 300 EDR security tools.
Germany Doxes "UNKN," Leader of REvil and GandCrab Ransomware
German authorities have identified Daniil Maksimovich Shchukin, known as "UNKN," as the head of the REvil and GandCrab ransomware gangs, responsible for at least 130 attacks in Germany.
$285 Million Drift Hack Traced to DPRK Social Engineering
The $285 million hack of the Solana-based decentralized exchange Drift was the result of a six-month, meticulously planned social engineering operation by North Korean threat actors.
European Commission Confirms Data Breach from Trivy Supply Chain Attack
The European Commission has confirmed a data breach linked to a Trivy supply chain attack, resulting in the theft of over 300GB of data, including personal information, from its AWS environment.