Security Communinty

October 7th, 2025

❓What:

One week from today on October 14th, Microsoft will end free support for all Windows 10 editions (Home, Pro, Enterprise). This includes all security updates, bug fixes, and technical assistance. If organizations using a Windows environment fail to migrate any existing Windows 10 systems to Windows 11 (or an alternative OS), they're leaving the door open to hackers and adversaries, and make themselves increasingly susceptible to operational failures.

⚠️So What?

So what's the risk? Why would this impact my organization?

September 30th, 2025

❓What:

• KNP Logistics Group (UK, operating 158 years, ~500 trucks) was hit by a ransomware attack by the Akira group after hackers guessed an employee’s weak, internet‑facing password.

• Because no multi-factor authentication (MFA) protected that access, the attackers moved laterally, encrypted systems, and destroyed backups and disaster recovery.

• The ransom demanded was ~£5 million — far more than KNP could pay. The company lost operations, entered administration, and 700 employees lost their jobs.

September 17th, 2025

❓What:

• ReversingLabs discovered a self-replicating worm, coined Shai-hulud (named after the giant sand worm in the Dune series) infecting packages on the npm registry.

• The worm takes over compromised maintainers’ npm accounts and injects malicious code into their public and private packages so downloads spread the worm further.

• It harvests developer/cloud secrets (tokens for npm, GitHub, AWS, GCP) and installs TruffleHog to hunt for hundreds of secret types; it has also made some private GitHub repositories public.
  

September 8, 2025

❓What:

• Security firm ESET uncovered a novel ransomware variant dubbed PromptLock, believed to be the first AI-powered ransomware.

• Researchers at NYU Tandon confirmed they authored the code as part of a research project named Ransomware 3.0 ("Self-Composing and LLM-Orchestrated"), with intent to expose potential future threats. PromptLock is considered to be Proof-of-Concept (PoC), and while it has yet to be observed in real world attacks, it is theoretically capable of autonomously scanning files, deciding which to exfiltrate or encrypt, and can even destroy data altogether.
  

⚠️Impact:

August 21st, 2025

🔍 What:

• On Friday August 15th, Human Resources giant Workday disclosed a data breach targeting their third-party Customer Relationship Management (CRM) platform.

• Attackers gained access using social engineering techniques, most prominently impersonation via. vishing and smishing. Most likely, attackers impersonated HR or IT and tricked users into linking a malicious OAuth application to their CRM instance.

• Workday is just the latest company to have their CRM platform breached in an on-going campaign targeting companies that utilize Salesforce as their CRM platform. The group behind the attack, ShinyHunters, has conducted several successful attacks targeting major companies like Adidas, Qantas, Allianz Life, and Louis Vuitton, to name a few.

August 15th, 2025

❓What:

• The city of Saint Paul confirmed the cyber attack they experienced in late July to be a ransomware attack carried out by ransomware gang Interlock. Threat intel company PRODAFT reports that the actors were able to access the city's systems via custom SystemBC Remote Access Trojan (RAT) malware.

• After the incident exceeded city response capacity, the state of Minnesota activated the National Guard's Cyber Protection Unit to work jointly with the city and the FBI in a recovery effort the Mayor has named Operation Secure St. Paul.

• Interlock claims it stole ~66,000 files / 43 GB and has begun leaking data. The mayor said residents’ personal/financial info was "not impacted".

July 31, 2025

❓What:

• On July 16, 2025, a threat actor used a social engineering technique to compromise a third-party, cloud-based CRM (Salesforce) platform used by Allianz Life Insurance of North America.

• The breach exposed personally identifiable information of the majority of Allianz Life’s ~1.4 million U.S. customers, as well as financial professionals and select employees.

• Allianz discovered the intrusion on July 17, responded promptly, and notified the FBI and regulators including Maine’s Attorney General.

July 25th, 2025

❓What:

• Between October 2020 and October 2023, North Korean state-sponsored actors posed as U.S. based IT workers and were able to infiltrate over 300 U.S. companies, including Fortune 500 firms, a major TV network, an aerospace manufacturer, and Nike.

• This was made possible in part by Arizona woman, Christina Marie Chapman, whose house was found to have 90 laptops that the actors were able to operate remotely from North Korea. Consequently, she was sentenced to 102 months (8½ years) in federal prison today.

• The operation generated more than $17 million in illicit revenue for the North Korean regime. Chapman earned approximately $176–177K, and was ordered to forfeit $284K and pay a $175K–$176K fine.

July 14th, 2025

🔍 Key Takeaways

• What happened? Paradox.ai’s AI chatbot “Olivia,” used in McDonald’s McHire hiring platform, contained basic yet critical security flaws. An administrator login was protected by the credentials 123456/123456, and a sequential applicant ID allowed Insecure Direct Object Reference (IDOR) access.

• Scope of exposure: This enabled access to all of the platforms historical chat records, approximately 64 million records, including names, emails, phone numbers, physical addresses, and application data.

• Researchers findings: In 30 minutes, two cybersecurity professionals (Ian Carroll & Sam Curry) accessed a dormant Paradox.ai test admin account and used ID manipulation to review multiple applicants’ chat logs.