Blog – Page 235 – Cyber Mike

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry.
The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload “bun_environment.js.”
“

Multiple London councils’ IT systems disrupted by cyberattack

The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. […]

Microsoft: Security keys may prompt for PIN after recent updates

Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. […]

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist

South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware.
“This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)

Clover Security Raises $36 Million to Secure Software by Design

The cybersecurity startup embeds AI agents into widely used tools to identify design flaws and eliminate them early.

The post Clover Security Raises $36 Million to Secure Software by Design appeared first on SecurityWeek.

Microsoft to secure Entra ID sign-ins from script injection attacks

Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. […]

Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes.

The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

Thousands of Secrets Leaked on Code Formatting Platforms

JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets.

The post Thousands of Secrets Leaked on Code Formatting Platforms appeared first on SecurityWeek.

Cybersecurity Is Now a Core Business Discipline

Boardroom conversations about cyber can no longer be siloed apart from strategy, operations, or geopolitics.

The post Cybersecurity Is Now a Core Business Discipline appeared first on SecurityWeek.

When Your $2M Security Detection Fails: Can your SOC Save You?

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors.
As a result, most organizations’ security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,

Cyber News