The cyber threat landscape continues to evolve, with attackers leveraging supply chain vulnerabilities to breach critical platforms. The Nomic Foundation and Hardhat fell victim to a supply chain attack involving 20 malicious npm packages created by three main authors. Researchers have developed a proof-of-concept UEFI bootkit that exploits a critical firmware function. Insecure mail servers remain a significant weak point in cybersecurity. Over three million POP3 and IMAP servers lack TLS encryption, leaving users' data exposed to interception and network sniffing attacks. Read on for the top 10 highlights from cyberspace.
01
A supply chain attack targeted the Nomic Foundation and Hardhat using malicious npm packages to compromise these platforms. This attack involved 20 packages created by three main authors.
02
Security researchers created a new proof-of-concept UEFI bootkit that exploits a critical firmware function to compromise the Windows kernel during the boot process.
03
Researchers unveiled SysBumps, the first successful KASLR break attack targeting macOS systems running on Apple Silicon processors, highlighting vulnerabilities in speculative execution.
04
ShadowServer warned that over three million POP3 and IMAP mail servers lack TLS encryption, exposing users' information to network sniffing attacks.
05
Threat hunters have identified a new vulnerability called DoubleClickjacking that uses a double-click sequence to conduct clickjacking attacks and gain access to accounts on many major websites.
06
The DOJ implemented a final rule in line with Executive Order 14117 to prevent the mass transfer of citizens' personal data to countries of concern, including China, Cuba, Iran, North Korea, Russia, and Venezuela.
07
The HHS proposed updates to HIPAA cybersecurity requirements for healthcare organizations to protect patient data from cyberattacks, including conducting technology asset reviews and implementing encryption and multi-factor authentication.
08
SafeBreach Labs developed a zero-click PoC exploit that crashes unpatched Windows Servers by leveraging a vulnerability (CVE-2024-49112) in the Lightweight Directory Access Protocol (LDAP).
09
A sophisticated phishing attack targeted Chrome extension developers, compromising at least 35 extensions with malicious code to steal Facebook user data.
10
iTerm2 patched a critical security vulnerability (CVE-2025-22275) in versions 3.5.6 through 3.5.10. The flaw allowed unauthorized access to sensitive user data by logging input and output to a file on the remote host.
