Cameron Montemayor reports: Multiple sources and documents obtained via public records requests indicate the city suffered a significant cyberattack in early June, an incident that crippled network services for an extended period of time and potentially exposed the personal data of thousands of residents, city officials confirmed Monday. The City of St. Joseph has been…
Massive NPM Supply Chain Attack Hits Crypto Wallets
Ashutosh reports: The recent npm supply chain breach shows just how fragile open source ecosystems can be when trust in a single maintainer account is abused. Hackers tricked the maintainer of chalk, debug, ansi-styles, and several other popular npm packages with a phishing email disguised as official support. Once they gained access, they pushed malicious…
Vietnam’s national credit registration and reporting agency hacked; most of the population affected (2)
Some data breaches make headlines for the number of people affected globally, such as a Facebook scraping incident in 2019 that affected 553 million people worldwide. Then there are breaches that affect a country’s entire population or much of it, such as a misconfigured database that exposed almost the entire population of Ecuador in 2019,…
CISA Delays Cyber Incident Reporting Rule for Critical Infrastructure
Ashden Fein, Micaela McMurrough, Caleb Skeath, and John Webster Leslie of Covington and Burling write: The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) plans to delay the publication of its much-anticipated cybersecurity incident reporting rule implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). According to an entry on the Spring 2025 Unified Agenda…
Salesloft+Drift Update on Investigation Results
There’s an update to the Salesloft+Drift portal with results from the Mandiant Drift and Salesloft application investigations: Mandiant’s investigation has determined the threat actor took the following actions: In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories,…
CISA orders federal agencies to patch Sitecore zero-day following hacking reports
Jonathan Greig reports: Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company’s products. A key issue with the bug is the use of…