npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack? - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines — September 11, 2025

Host: Sarah Lane, CISO Series
Episode Theme:
A rapid-fire roundup of major current cybersecurity incidents and vulnerabilities, focusing on critical new attack vectors, recent breaches, and regulatory fallout impacting key players and industries.

Key Discussion Points & Insights

1. The NPM Incident: "Nothing to fret about"

[00:16]
Sarah covers a significant yet quickly contained compromise on NPM, the leading JavaScript package manager:
- Incident Details:
  - Attacker compromised a developer’s NPM account using phishing.
  - Malicious code pushed to 18 popular open source packages, targeting cryptocurrency transaction hijacking.
- Scope and Impact:
  - "Malicious versions were live for about six hours and losses totaled roughly $1,000."
  - Researchers called it “the largest NPM attack to date in potential scope, but its actual impact appears to be minimal.”
Quote:
- "The code attempted to hijack cryptocurrency transactions, but quick detection and response limited the damage."
  — Sarah Lane [00:24]
Takeaway:
Fast community response effectively minimized loss, showcasing both the threat level and the strength of open source vigilance.

2. Cursor Autorun Flaw in Visual Studio Code

[00:37]
Sarah spotlights an alarming vulnerability in the Cursor extension:
- Technical Risk:
  - Cursor extension allows repository code execution when a folder is opened, without developer consent.
  - Could be exploited to steal API keys, modify files, or install persistent malware.
  - “With workspace trust off by default, opening a folder could compromise a developer's machine, experts warn.”
- Wider Implication:
  - “Developer tools are now part of the attack surface.”
Quote:
- "The autorun feature can be exploited to steal API keys, alter files, or install persistent malware."
  — Sarah Lane [00:42]
Takeaway:
Highlights growing risks at the intersection of software development tools and supply chain security.

3. Senator Wyden Urges FTC Probe on Microsoft after Ascension Hack

[00:54]
Details around government oversight following a high-profile healthcare cyberattack:
- Incident Summary:
  - The 2024 ransomware attack on Ascension Hospitals affected 5.6 million patients.
  - US Senator Ron Wyden wants the FTC to investigate Microsoft for “gross cybersecurity negligence.”
  - Allegation: A contractor was compromised via a “malicious Bing link,” and Microsoft’s insecure RC4 encryption protocol enabled the breach.
  - Ascension reported $1.8B in losses and is offering ID protection to victims.
  - Microsoft responds by asserting “RC4 use is minimal and plans to disable it by default in 2026.”
Quote:
- "Wyden alleges the breach started after a contractor clicked a malicious Bing link and that Microsoft's failure to disable the insecure RC4 encryption protocol contributed to the attack."
  — Sarah Lane [01:07]
Memorable Moment:
- The incident underscores mounting regulatory and legislative pressure on major tech vendors to enforce timely deprecation of legacy cryptography.
Takeaway:
Forces a spotlight on vendor liability for persistent old vulnerabilities in critical infrastructure sectors.

4. Apple’s Memory Integrity Enforcement (MIE) Against Spyware

[01:31]
Introduction of Apple’s new hardware/software memory protection:
- Key Points:
  - MIE debuts in iPhone 17, iPhone Air, and A19/A19 Pro chips.
  - Uses “Enhanced Memory Tagging Extension” to check memory usage in realtime, blocking common corruption exploits.
  - Doesn’t eliminate spyware threats “but Apple says it does make attacks much harder and much more costly.”
Quote:
- "Apple says it does make attacks much harder and much more costly."
  — Sarah Lane [01:46]
Takeaway:
Illustrates arms race dynamics in hardware security between vendors and mercenary spyware developers.

5. Eggstream Malware Breaches Philippine Military Systems

[02:37]
Technical breakdown of a Chinese APT operation:
- Threat Details:
  - Bitdefender researcher Bogdan Zavadavsi reveals Chinese APT used a fileless malware framework (“Eggstream”).
  - Leveraged DLL sideloading, multi-stage payload for persistence, reconnaissance, data theft.
  - Core backdoor supports 58 post-exploitation commands, with keylogger and lateral movement tools.
- Quote:
  - "Eggstream operates entirely in memory using DLL sideloading and a multi-stage payload to maintain persistence, steal data and perform reconnaissance."
    — Sarah Lane [02:47]
Takeaway:
Modern state-sponsored threats increasingly rely on stealthy, memory-resident malware and extensive toolkits.

6. Sales Loft Drift Hack: Tenable and Qualys Compromised

[03:17]
Supply chain attack exposes enterprise contact data:
- Incident Summary:
  - Attackers exploit OAuth tokens via compromised Sales Loft GitHub, pivot to Drift AI integration, and impact Tenable and Qualys.
  - Gained unauthorized Salesforce access, customer contact, and support data exposed.
  - Linked to UNC 6395, deficiencies in GitHub security led to incident.
- Quote:
  - "Attackers apparently accessed Sales Loft's GitHub account between March and June, then used the tokens to gain unauthorized access to Salesforce data, including customer contact information and support requests."
    — Sarah Lane [03:28]
Takeaway:
Demonstrates fragility of SaaS integrations as a soft underbelly for enterprise data, even at the largest security vendors.

7. Jaguar Land Rover (JLR) Confirms Data Compromise

[03:53]
Automotive sector breach:
- Highlights:
  - Cyberattack halts JLR production, c. 1,000 vehicles daily affected.
  - Unclear if customer/supplier/internal data was exposed; investigation ongoing.
  - Attack claimed by Scattered Lapsus Hunters; UK National Cyber Security Centre (NCSC) is involved.
- Quote:
  - "Jaguar Land Rover or JLR has confirmed some data may have been compromised in a cyber attack that halted production at UK plants affecting around 1,000 vehicles daily."
    — Sarah Lane [03:54]
Takeaway:
Industrial espionage/attacks increasingly disrupt both IT and physical operations.

8. Chile Hell macOS Malware—Active for Four Years?

[04:20]
Deep-dive into a stealthy MacOS backdoor:
- Key Findings:
  - Modular MacOS backdoor, dubbed “Chile Hell,” used by UNC4487.
  - Passed Apple Notarization in 2021, indicating sophistication.
  - Maintains persistence via launch agents, daemons, and shell modifications; evades detection with time-stomping and modular C2.
  - Capable of updates, brute force, exfiltration, and payload delivery.
  - Apple has revoked affected developer certs following exposure.
Quote:
- "A developer signed version passed Apple's notarization back in 2021 and was publicly hosted on Dropbox."
  — Sarah Lane [04:33]
Takeaway:
Even “secure” platforms like macOS remain lucrative and vulnerable targets for long-term, modular APT frameworks.

Notable Quotes & Timestamps

NPM Incident Mitigation:
"Malicious versions were live for about six hours and losses totaled roughly $1,000." — Sarah Lane [00:19]
Developer Tool Risk:
"With workspace trust off by default, opening a folder could compromise a developer's machine, experts warn." — Sarah Lane [00:44]
Microsoft Under Government Scrutiny:
"Wyden alleges the breach started after a contractor clicked a malicious Bing link and that Microsoft's failure to disable the insecure RC4 encryption protocol contributed to the attack." — Sarah Lane [01:04]
Apple Memory Security Progress:
"It doesn't fully eliminate spyware risk, but Apple says it does make attacks much harder and much more costly." — Sarah Lane [01:46]
Supply Chain Complexity:
"Both affected companies said their services remain operational and disabled the Drift integration to contain the breach." — Sarah Lane [03:37]
Persistence of macOS Threats:
"The malware persists via launch agents, launch daemons or shell profile modifications and evades detection..." — Sarah Lane [04:34]

Episode Takeaways

Supply chain and SaaS integration attacks continue to be a critical weak point, affecting even security vendors and automotive manufacturers.
Regulatory pressures mount as legislators demand greater accountability from software giants (Microsoft, Apple).
Advanced persistent threats (China, UNC4487) are raising their game in stealth and persistence — often going undetected for years.
New defensive technologies (Apple MIE) show promise, but no silver bullets exist.
Developers' everyday tools are increasingly becoming high-value attack vectors.

For Further Information

Visit cisoseries.com for links to full stories and the latest updates.

Loading summary

Transcript1 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Thursday, September 11, 2025. I'm Sarah Lane. The NPM Incident Nothing to fret about In Wednesday's show, we passed along the story that an attacker compromised a developer's NPM account through a phishing email and and pushed malicious updates to 18 popular open source packages. The code attempted to hijack cryptocurrency transactions, but quick detection and response limited the damage. Malicious versions were live for about six hours and losses totaled roughly $1,000. Researchers called it the largest NPM attack to date and potential scope, but its actual impact appears to be minimal. Cursor Autorun flaw lets repositories execute code without consent A flaw in the cursor extension allows repositories to automatically execute code when a folder is opened in Visual Studio code. Even without developer consent. The Autorun feature can be exploited to steal API keys, alter files, or install persistent malware. With workspace trust off by default, opening a folder could compromise a developer's machine, experts warn. The show's developer tools are now part of the attack. Surface Senator Wyden urges FTC to probe Microsoft over Ascension hack US Senator Ron Wyden has urged the Federal Trade Commission to investigate Microsoft for gross cybersecurity negligence after the 2024 Ascension Hospital ransomware attack affected 5.6 million patients. Wyden alleges the breach started after a contractor clicked a malicious Bing link and that Microsoft's failure to disable the insecure RC4 encryption protocol contributed to the attack. Ascension reported $1.8 billion in operating losses and offered two years of identity protection to victims. Microsoft says RC4 use is minimal and plans to disable it by default in 2026. Apple's memory integrity Enforcement system thwarts spyware development Apple launched Memory integrity enforcement, or MIE, in its new iPhone 17, iPhone Air and A19 A19 Pro chips meant to block memory corruption exploits used by mercenary spyware. MIE combines hardware and OS checks via Enhanced Memory tagging extension or emte, verifying memory usage in real time to prevent unauthorized access. It doesn't fully eliminate spyware risk, but Apple says it does make attacks much harder and much more costly. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? I'm talking right this second. We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point end time checks. More than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get security questionnaires done five times faster with AI. Now that is the new way to GRC. Get started today at vanta.com headlines eggstream malware breaches Philippine military systems bitdefender researcher Bogdan Zavadavsi said in a report shared with the Hacker News that Chinese state sponsored APT Group used a new fileless malware framework called Eggstream to compromise a Philippine military contractor. Eggstream operates entirely in memory using DLL sideloading and a multi stage payload to maintain persistence, steal data and perform reconnaissance. Its core backdoor eggstream agent includes a keylogger and supports 58 commands for lateral movement, privilege escalation and exfiltration. The malware also uses secondary implants and proxy tools to maintain access. Sales Loft Drift hack claims Tenable Qualys A supply chain attack on Sales Loft Drift AI Chat agent exposed OAuth tokens affecting multiple companies, including Tenable and Qualys. Attackers apparently accessed Sales Loft's GitHub account between March and June, then used the tokens to gain unauthorized access to Salesforce data, including customer contact information and and support requests. The attacks linked to the UNC 6395 group, exploited weak controls and tore exit notes. Both affected companies said their services remain operational and disabled the Drift integration to contain the breach. Jaguar Land Rover admits possible stolen data Jaguar Land Rover or JLR has confirmed some data may have been compromised in a cyber attack that halted production and at UK plants affecting around 1,000 vehicles daily. JLR's parent company, Tata Motors, hasn't said whether the data involved customers, suppliers or internal records. The attack was claimed by the Scattered Lapsus Hunters group and forced JLR to shut down IT networks while the National Cybersecurity center assists with recovery. Chile Hell macOS malware may have been live from for four years Chile Hell A modular Mac OS backdoor may have infected computers undetected for four years. This was first reported by Mandiant in 2023 and linked to the UNC4487 group. A developer signed version passed Apple's notarization back in 2021 and was publicly hosted on Dropbox Jamf Threat Labs. Researchers found that the malware persists via launch agents to launch daemons or shell profile modifications and evades detection using time stomping, multiple command and control protocols and a modular design. It can download updates, brute force passwords, exfiltrate data and execute additional payloads. Apple has revoked the associated developer certificates since we started CISO series, we've understood that selling cybersecurity products and is quite difficult. But it's compounded by the trend that large companies, not smaller ones, are often the first to adopt new solutions. But that adoption rate is also hampered by the risk averse nature of enterprise businesses. How can and do small startups cross that chasm? That's what we're trying to answer in our latest episode of Defense In Depth. Look for the episode the pattern of early adoption of security tools which Wherever you get your podcasts, if you have any thoughts from the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO series and you take care. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. It.