Daily Recap, Threat activity highlighted targeting of a Pakistani police force by China- and India-linked hackers, new Helix SharePoint-related vishing theft tactics, and GigaWiper’s Windows backdoor that blends disk wiping, fake ransomware, and spyware. Patch and response updates included Zimbra’s critical XSS fix, Palo Alto Networks’ 13 vulnerability updates, Microsoft’s additional Windows security expectations plus OWA Light retirement, and npm supply-chain hardening via Injective SDK and npm 12’s install-script changes, while BlackCat and DigitalMint cases progressed through sentencing. #China #India #Pakistani #Helix #SharePoint #Okta #Microsoft365 #Forg365 #GigaWiper #GitHub #InjectiveSDK #Zimbra #XSS #PaloAltoNetworks #Microsoft #OWALight #ExchangeServer #npm12 #BlackCat #DigitalMint #INTERPOL #NSA #TailoredAccessOperations
Threats & Attacks
- China– and India-linked hackers both targeted the same Pakistani police force in a likely intelligence-driven campaign. – Police Targeting
- A new Helix vishing group is using SharePoint theft tactics, while Okta warned of voice-phishing against Microsoft 365 customers and the Forg365 phishing platform is using AI to harvest accounts. – Helix Vishing, Okta Warning, Forg365 Phish
- GigaWiper has surfaced as a Windows backdoor that combines disk wiping, fake ransomware, and spyware capabilities. – GigaWiper
- Attackers are abusing dormant GitHub accounts to blend in while mapping corporate organizations and planning intrusions. – GitHub Blend-In
- A compromised npm package, Injective SDK, was found infected with a cryptocurrency wallet stealer, reinforcing ongoing supply-chain risk. – npm Stealer
Vulnerabilities & Patching
- Zimbra urged customers to patch a critical web client XSS flaw affecting email infrastructure. – Zimbra XSS
- Palo Alto Networks patched 13 vulnerabilities across its product line as enterprises face a steady stream of security updates. – PAN Patch
- Microsoft said more Windows security updates are expected as AI-discovered flaws continue to surface, and it is also retiring the OWA Light client in Exchange Server. – AI Flaws, OWA Light
- npm 12 will disable install scripts by default to reduce software supply-chain exposure. – npm 12
Ransomware & Cybercrime
- A former ransomware negotiator received 4 years for helping with BlackCat attacks, while another ex-DigitalMint negotiator was sentenced to 70 months for duping clients. – BlackCat Case, DigitalMint Case
- Latvia‘s state-owned forestry company is still restoring systems weeks after a ransomware attack disrupted operations. – Forestry Ransomware
- INTERPOL‘s crackdown led to 5,800 arrests across 97 countries, and a separate police anti-fraud operation also netted 5,800 suspects worldwide. – Interpol Crackdown, Anti-Fraud Raid
- The leader of the 764 splinter group was sentenced to 40 years in prison. – 764 Sentence
Government, Policy & Industry
- The NSA revived the Tailored Access Operations name for its elite hacking unit, signaling a return to a historic brand. – NSA TAO
- The EU is taking member states to court over failure to implement cybersecurity law requirements. – EU Court Case
- The UK rolled out an agentic AI defense plan alongside an industry pledge to strengthen cyber resilience. – UK AI Plan
- QIZ Security raised $17 million for a cryptographic governance platform aimed at improving key and certificate management. – QIZ Funding
- OpenMandriva Linux said a contributor tried to sabotage the project, highlighting insider-risk concerns in open-source development. – OpenMandriva
- Security teams are being reminded that reduced summer IT coverage can create blind spots and slow response times. – Summer IT Risk