Security Bulletin

November 7th, 2025

❓What:

On November 6, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) released four Industrial Control Systems (ICS) advisories covering major vulnerabilities.

• Adv. ICSA-25-310-01 (Advantech DeviceOn/iEdge ): Devices from Advantech (DeviceOn/iEdge version ≤ 2.0.2) have vulnerabilities that allow someone to upload or manipulate configuration files, traverse directories, or execute commands.

• Adv. ICSA-25-310-02 (Ubia Ubox ): The Ubox (edge/IoT device) fails to adequately protect API credentials, meaning an attacker could connect to backend systems via the device.

October 23rd, 2025

❓ What:

• A massive set of stolen credentials — ~183 million unique username/password combinations — has been added to the free breach-checking service Have I Been Pwned (HIBP).

• These credentials were harvested via infostealer malware (software that secretly steals data from infected machines).

• From that set, ~16.4 million email addresses had never appeared in any prior leak.

September 30th, 2025

❓What:

• KNP Logistics Group (UK, operating 158 years, ~500 trucks) was hit by a ransomware attack by the Akira group after hackers guessed an employee’s weak, internet‑facing password.

• Because no multi-factor authentication (MFA) protected that access, the attackers moved laterally, encrypted systems, and destroyed backups and disaster recovery.

• The ransom demanded was ~£5 million — far more than KNP could pay. The company lost operations, entered administration, and 700 employees lost their jobs.

September 17th, 2025

❓What:

• ReversingLabs discovered a self-replicating worm, coined Shai-hulud (named after the giant sand worm in the Dune series) infecting packages on the npm registry.

• The worm takes over compromised maintainers’ npm accounts and injects malicious code into their public and private packages so downloads spread the worm further.

• It harvests developer/cloud secrets (tokens for npm, GitHub, AWS, GCP) and installs TruffleHog to hunt for hundreds of secret types; it has also made some private GitHub repositories public.