Security Community

October 7th, 2025 ❓What: One week from today on October 14th, Microsoft will end free support for all Windows 10 editions (Home, Pro, Enterprise). This includes all security updates, bug fixes, and technical assistance. If organizations using a Windows environment fail to migrate any existing Windows 10 systems to Windows 11 (or an alternative OS), they're leaving the door open to hackers and adversaries, and make themselves increasingly susceptible to operational failures. ⚠️So What? So what's the risk? Why would this impact my organization? • Windows 10 End of Life (EoL) means that any newly discovered OS vulnerability will go unpatched, making Windows 10 systems easier targets for malware, ransomware, zero-days, etc. A compromised system could lead to loss and/or theft of critical data, loss of capital, service outages, damage to reputation, and fines and/or legal action. • It also means that your organization runs the risk of violating regulatory adherence requirements. PCI DSS for example, mandates the use of supported software. • Over time, third-party applications, drivers, and peripherals may drop Windows 10 support, affecting stability, performance, functionality, and overall compatibility of systems in your environment. 💡The Time to Act is Now: What actions should I take? • Ensure you're familiar with your industries regulatory/compliance requirements for Information Systems. • Inventory and assess all Windows 10 systems. Identify which systems are eligible for upgrade (Windows 11 system requirements), and note any systems that are not eligible. Unless you plan to migrate non-eligible systems to an alternative OS, it might be time to mark those systems for decommission. • For compatible/eligible systems, plan a controlled Windows 11 upgrade path with testing and rollback strategies. • Microsoft will offer a Extended Security Updates (ESU) program for one additional year for consumers (paid option or free enrollment if eligible), and a longer-term ESU for organizations. Any local Windows accounts (an account on a system not linked to a Microsoft account) will not be supported by ESU. If your organization has not already upgraded systems to Windows 11, or is unable to do so before Windows 10 EoL, ESU can be used as a short-term bridge to maintain systems support while getting systems upgraded or migrated. It's highly advised organizations do not use ESU as a long-term strategy. • If your organization accepts the risks of using non-supported software, ensure additional security mechanisms are in place for applicable systems. Implement endpoint protection such as antivirus or EDR, restrict and/or segment network access, and button-up firewall rules, network monitoring and logging. • Don't wait. Start now to avoid the headaches of rushed migrations and IT configuration changes. Allocate budgets, resources, and timelines for full-migration.

September 30th, 2025 ❓What: • KNP Logistics Group (UK, operating 158 years, ~500 trucks) was hit by a ransomware attack by the Akira group after hackers guessed an employee’s weak, internet‑facing password. • Because no multi-factor authentication (MFA) protected that access, the attackers moved laterally, encrypted systems, and destroyed backups and disaster recovery. • The ransom demanded was ~£5 million — far more than KNP could pay. The company lost operations, entered administration, and 700 employees lost their jobs. ⚠️Impact: • Complete operational shutdown (all trucks sidelined) and loss of access to business data. • Destruction of backups meant no fallback recovery route. • Permanent business failure: the company ceased to exist in its prior form. • Broad social/economic harm: 700 jobs lost, local economy affected. • Reputational, legal, and regulatory consequences for survivors or peers (loss of trust, scrutiny over security practices). • Statistical context: 45% of compromised passwords can be cracked within a minute (Kaspersky study) 💡Recommendations: • Enforce strong password policies + breached‑password screening — block weak or commonly used passwords, require long, complex passphrases. • Enable multi‑factor authentication (MFA) for all internet‑facing systems so a guessed password alone is insufficient. • Adopt zero-trust / least privilege models — segment networks, limit lateral movement, verify every request. • Isolate and test backups — ensure backups are segregated, immutable where possible, and regularly restore-tested. • Assume compromise and plan accordingly — build incident response readiness, tabletop exercises, and resilience planning. • Ongoing education and monitoring — continuously review credentials, audit access logs, ensure human error is mitigated. Read the full article HERE

September 17th, 2025 ❓What: • ReversingLabs discovered a self-replicating worm, coined Shai-hulud (named after the giant sand worm in the Dune series) infecting packages on the npm registry. • The worm takes over compromised maintainers’ npm accounts and injects malicious code into their public and private packages so downloads spread the worm further. • It harvests developer/cloud secrets (tokens for npm, GitHub, AWS, GCP) and installs TruffleHog to hunt for hundreds of secret types; it has also made some private GitHub repositories public. ⚠️Impact: • Large blast radius: Hundreds of packages — including widely used download libraries such as ngx-bootstrap and @ctrl/tinycolor — were infected, affecting projects that depend on them (millions of weekly downloads cited). • Credential & IP exposure: Stolen cloud/service tokens risk account takeover, data exfiltration, and unauthorized code publication (private repositories exposed ~700 results observed). • Supply-chain propagation: Because npm dependencies are widely reused, a single compromised package can cascade infections across many projects and CI pipelines. Several packages published by large companies have already been compromised, including CrowdStrike. 💡Recommendations: 1. Rotate and revoke credentials now — revoke any npm/GitHub/AWS/GCP tokens that may have been used from affected accounts; rotate CI/service tokens that touch npm packages. 2. Enable/enforce 2FA & strong access controls on all maintainer and org accounts (npm, GitHub, cloud consoles). 3. Revoke & reprovision leaked keys with least privilege — treat exposed tokens as fully compromised and replace them with scoped, short-lived credentials. 4. Scan CI/CD pipelines and connected systems for persistence or backdoors (build jobs, deployment keys, post-install scripts). 5. Inform and patch maintainers — communicate to contributors/maintainers about account compromise signs; remove malicious code and republish only after verification. 6. Monitor for publicized repo changes — search for repositories that became public unexpectedly and restore privacy or investigate leakage. Read the full article HERE