Researchers discover new wave of malicious npm (Node Package Manager) packages planted by North Korean state-sponsored actors.

Researchers discover new wave of malicious npm (Node Package Manager) packages planted by North Korean state-sponsored actors.

Cybersecurity researchers have recently identified a new wave of malicious npm (Node Package Manager) packages tied to the ongoing “Contagious Interview” operation, which is attributed to North Korean state-sponsored threat actors. This campaign specifically targets software developers who are actively seeking employment, leveraging the trust and routine practices of the tech hiring process.
Researchers find old OAuth vulnerabilities continue to threaten thousands of SaaS applications.

Researchers find old OAuth vulnerabilities continue to threaten thousands of SaaS applications.

Recent research reveals that despite being disclosed in June 2023, the nOAuth vulnerability continues to threaten thousands of SaaS applications. Semperis’s June 2025 findings indicate that over 15,000 enterprise SaaS apps remain exposed to this authentication flaw in Microsoft Entra ID, enabling attackers to hijack user accounts with minimal effort.
Newly emerged ransomware group, Dire Wolf, has already claimed 16 victims in just one month.

Newly emerged ransomware group, Dire Wolf, has already claimed 16 victims in just one month.

Dire Wolf is a newly emerged ransomware group first observed in May 2025, already making a significant impact with targeted attacks against organizations worldwide. As of late June 2025, the group has claimed at least 16 victims across 11 countries, with the United States, Thailand, and Taiwan among the most affected nations. The group’s primary targets are in the manufacturing and technology sectors, but its reach is global and expanding.
G DATA researchers observe surge in malware infections via Authenticode stuffing originating from ConnectWise clients.

G DATA researchers observe surge in malware infections via Authenticode stuffing originating from ConnectWise clients.

Since March 2025, cybersecurity researchers—most notably from G DATA—have observed a surge in malware infections originating from ConnectWise clients. These infections are linked to a sophisticated technique called Authenticode stuffing, which allows attackers to trojanize legitimate software and deploy malware while bypassing traditional security checks.
WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.

WinRAR releases patch to address a directory transversal vulnerability that enabled attackers to execute arbitrary code.

WinRAR has recently addressed a critical directory traversal vulnerability identified as CVE-2025-6218, which could allow attackers to execute arbitrary code on affected systems. The vulnerability was discovered by security researcher “whs3-detonator” and reported through Trend Micro’s Zero Day Initiative.
SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.

SAP has patched two critical vulnerabilities in its SAP GUI input history feature, which could potentially expose sensitive data.

SAP has addressed two significant vulnerabilities in its Graphical User Interface (SAP GUI) input history feature, affecting both the Windows and Java versions of the client. These flaws, tracked as CVE-2025-0055 and CVE-2025-0056, posed a risk of sensitive data exposure due to insecure local storage of user input history.
Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.

Mainline Health Systems and Select Medical Holdings disclose breaches impacting more than 200,000 customers.

Mainline Health Systems, a nonprofit healthcare provider based in Arkansas, disclosed a major data breach affecting 101,104 individuals. The incident occurred on or about April 10, 2024, but was only confirmed after a detailed investigation concluded on May 21, 2025. The breach involved unauthorized access to the organization’s network, resulting in the exposure and potential theft of sensitive personal and health information.
US Department of State will require all visa applications to set the privacy settings of their personal social media accounts to “public”.

US Department of State will require all visa applications to set the privacy settings of their personal social media accounts to “public”.

As of June 2025, the U.S. Department of State has introduced a new rule requiring all applicants for F, M, and J nonimmigrant visas to set the privacy settings of their personal social media accounts to “public” before submitting their visa applications. This policy is now in effect globally and impacts students, vocational trainees, and exchange visitors seeking to travel to the United States.
French authorities arrest five operators of the notorious BreachForums hacking forum.

French authorities arrest five operators of the notorious BreachForums hacking forum.

French authorities have arrested five individuals believed to be operators of the notorious BreachForums hacking forum, a major online marketplace for trading and leaking stolen data. The arrests were carried out by the cybercrime unit (BL2C) of the Paris police department on June 23, 2025, with simultaneous raids conducted in the regions of Hauts-de-Seine (Paris), Seine-Maritime (Normandy), and Réunion (overseas).