Last week's threat landscape was dominated by high-profile supply chain attacks and sophisticated social engineering campaigns. Most notably, the Miasma worm compromised 73 Microsoft GitHub repositories across organizations like Azure and MicrosoftDocs, leading to a temporary shutdown of several repositories. Additionally, security researchers highlighted a growing trend in malicious npm and PyPI packages, such as the Epsilon Stealer and Parsimonius backdoor, which leverage post-install hooks to exfiltrate credentials and API keys directly from developer environments.
Global law enforcement and major tech firms also reported significant disruptions and vulnerabilities. The U.S. Department of Justice's 'Disruption Week' successfully targeted Southeast Asian cybercrime syndicates involved in cryptocurrency fraud, while Google patched a critical privilege escalation flaw in the Android Framework (CVE-2025-48595) that is currently under limited exploitation. Furthermore, Meta disabled an AI-powered support tool on Instagram after attackers exploited it to hijack over 20,000 accounts by manipulating email linking processes.
Top comments (0)