Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Friday, August 29, 2025. I'm Steve Prentiss. Malicious NX packages leak GitHub, Cloud and AI credentials a warning from the maintainers of the NX build system of a supply chain attack that allowed threat actors to publish malicious versions of the popular NPM pack. Other auxiliary plugins with data gathering capabilities. Specifically, the packages containing the name singularity with a digit 1 representing the first I in singularity, contained code that could scan the file system, collect credentials and post them to GitHub as a repo under the user's accounts. This was announced by the maintainers in an advisory published on Wednesday. According to researchers at Wiz, 2,349 distinct credentials were leaked, quote most of them for GitHub, OAuth keys and personal access tokens, followed by API keys and credentials for Google AI, OpenAI, Amazon Web Services, Openrouter, Anthropic, Claude and Datadog North Korean Remote Worker scheme boosted by Generative AI the US Department of the Treasury's Office of Foreign Assets Control has announced new sanctions against two individuals and two entities for their role in the North Korean Remote Information Technology Technology Worker scheme, in which overseas IT workers embed malware, steal data and credentials and demand ransoms. A report published Wednesday from Anthropic shows how this operation uses generative AI powered tools like CLAUDE to create convincing professional backgrounds and technical portfolios, tailor resumes to specific job descriptions, and even deliver actual technical work. Further to this last point, Anthropic stated, the most striking finding is the actor's complete dependency on AI to function in technical roles. They continue, these operators do not appear to be able to write code, debug problems, or even communicate professionally without Claude's assistance. Yet they are successfully maintaining employment at Fortune 500 companies, according to public reporting, passing technical interviews and delivering work that satisfies their employers. End quote the Netherlands announces SALT Typhoon Penetration the Ministry of Defence of the Netherlands announced yesterday that it has been targeted by a Chinese cyber espionage campaign tracked as Salt, Typhoon and Red Mike. The attacks were not large scale as compared to other countries, but focused on smaller Internet service and hosting providers. Dutch investigators said that the Chinese hacking organization had access to routers belonging to the Dutch targets. End quote SISA helps Nevada get back in the game following up on a story we covered on Wednesday, CISA has announced that it has been working with the FBI and other agencies to help get the state of Nevada back online while investigating the origins of the attack and rebuilding systems. End quote. The state asked CISA to send its threat hunting teams to assist in mitigating any ongoing threats and identify the full scope of the incident, the agency said. It also helped Nevada access incident response grants offered by the Federal Emergency Management Agency fema. There is no further update as to whether this was a ransomware attack or who was responsible. Huge thanks to our sponsor Profit Security Security teams are drowning in alerts. Many companies generate upwards of 1000 or more alerts a day and nearly half go ignored. That's where Profit Security comes comes in. Their AI SoC platform automatically triages and investigates alerts so your team can focus on real threats instead of busy work. Faster response, less burnout and lower risk to your business. Learn more at ProphetSecurity AI that is P R O P H E T Security AI TransUnion announces data breach Consumer credit reporting company TransUnion has announced that it suffered a data breach exposing the personal information of over 4.4 million people in the United States. It is one of the three major credit bureaus in the United States alongside Equifax and Experian, collecting and maintaining credit information on over 1 billion consumers worldwide, with approximately 200 million of those based in the US end quote. The breach occurred on July 28 and was discovered two days later, the company states. The incident involved a third party application serving the company's consumer support operations. Data stolen was, in the company's words, limited and did not include credit reports or core credit information. Healthcare Services Group announces 2024 breach this US based company that provides housekeeping, laundry, dining and nutritional services to healthcare facilities, primarily nursing homes, assisted living centers and hospitals, has stated in a filing to the main Attorney General's Office that the breach affects more than 620,000 people and occurred between September 27th and October 3rd of last year. Data stolen includes Social Security numbers, driver's license numbers, state identification numbers, financial account information and full access credentials. No further details about the attack have been disclosed. South Korea Telecom punished for Security Bungle following up on a story we covered In May, South Korea's SK Telecom has been fined the equivalent of $97 million after the country's Privacy commission found that the mobile giant had left its network wide open to hackers through a catalog of bungles. The breach had been announced in April. Hackers had gained access to data belonging to the universal subscriber identity model USIM for almost 27 million subscribers. South Korea's Personal Information Protection Commission said that the country's biggest carrier did not even implement basic access controls between its Internet facing systems and internal management network. It added that SKT failed at almost every layer of defense. This includes dumping thousands of server credentials in plain text on a management network server. A more complete accounting of this incident is available as a link in the show notes to this episode. CrowdStrike makes acquisitions to Boost Autonomous Threat Detection capabilities On Wednesday, CrowdStrike announced plans to acquire data pipeline management provider Onum. This, it says, forms part of its goal to enhance the Falcon next gen SIEM platform with autonomous detection capabilities, given that traditional siems cannot keep up with a large volume of data. CrowdStrike President Michael Santonis, announcing the acquisition in a blog post, says the move will help analysts who must currently sift through the noise manually, as well as security teams who must decide between options such as shrinking data retention windows or leaving out certain data sources in order to reduce data storage costs. Just a reminder, there is no Super Cyber Friday happening today, but don't go anywhere yet. Join us later today at 3:30pm Eastern for our Week in Review show. Jonathan Johnson, CEO and founder of Nemertis and author of an excellent newsletter by the way, will be our guest providing her always insightful commentary on the the news of the week and we encourage participation and comments through our YouTube live channel. Just go to the events page@cisoseries.com to register. And if you have any thoughts on the news from today or about the show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.