Threat Intelligence Executive Report – Volume 2025, Number 4
This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and June
Similar Posts
Integrated Oncology Network victim of phishing attack; multiple locations affected
Bys sHHS added ten listings to its public leak site today, all of which are part of the Integrated Oncology Network (“ION”). According to its substitute notice, on May 9, ION concluded an investigation of a phishing incident that occurred between December 13 and December 16, 2024. The incident resulted in “unauthorized access to patient information…
Two years after an audit highlighted significant concerns, North Salem Central School District leaves sensitive student data at risk
Bys sFrom the Office of NYS Comptroller Thomas P. DiNapoli: North Salem Central School District – Audit Follow-Up (2022M-140-F) Issued Date September 26, 2025 [read complete report – pdf] | [read complete 2022 report – pdf] Purpose of Review The purpose of our review was to assess the North Salem Central School District’s (District’s) progress, as of May……
Versus Project Marketplace Creator and Operator Extradited from Colombia to the United States
Bys sThe Department of Justice had a pretty good day today in terms of cybercrime. In addition to two men being sentenced for using BlackCat ransomware to try to extort U.S. entities, a German national living in Colombia has now been extradited to the United States on charges that he owned and operated “The Versus Project,”……
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Bys sCybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. “The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1…
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Bys sMicrosoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Bys sSeveral malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,