Blog – Page 49 – Cyber Mike

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment within a span of 72 hours.
The attack started with the theft of a developer’s GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data.
“The threat actor, UNC6426, then used this

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below –

chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-sync

The crates, per Socket, impersonate timeapi.io and were published between late February and early March

Cyber News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

New ‘BlackSanta’ EDR killer spotted targeting HR departments

New BeatBanker Android malware poses as Starlink app to hijack devices

New ‘Zombie ZIP’ technique lets malware slip past security tools

Microsoft Patches 83 Vulnerabilities

Microsoft releases Windows 10 KB5078885 extended security update

Adobe Patches 80 Vulnerabilities Across Eight Products

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP