Daily Recap, Microsoft 365 users are facing new phishing kits that evade MFA, and Microsoft Entra ID is moving toward passkeys as the default authentication method starting in September. In other reporting, macOS users should watch for CrashStealer impersonation tactics, supply-chain backdoors were found in Jscrambler npm packages via infostealer, and CISA flagged actively exploited Joomla RCE flaws while agencies warned of Russian targeting of critical-infrastructure routers. #Microsoft365 #MicrosoftEntraID #Passkeys #EvadeMFA #PhishingKits #CrashStealer #Gatekeeper #Jscrambler #npm #infostealer #SAP #NetWeaver #CommerceCloud #CISA #Joomla #RCE #Russian #Cisco #CriticalInfrastructureRouters
Identity & Phishing
- Microsoft 365 users are being hit by new phishing kits that evade MFA, while Microsoft Entra ID will make passkeys the default authentication method starting in September β Phishing Kits, Passkeys Default
- ModHeader, a Chrome extension with 1.6 million installs, was pulled by Google and Microsoft after a dormant data collector was discovered β ModHeader
Malware & Supply Chain
- CrashStealer macOS malware is abusing a notarized dropper and posing as an Apple crash-reporting tool to bypass Gatekeeper checks β CrashStealer, Apple Impersonation
- Attackers backdoored multiple Jscrambler npm packages with infostealer malware in a supply-chain compromise that also affected related packages β Supply Chain, Jscrambler Backdoor
Vulnerabilities & Exploitation
- SAP warned of critical flaws in NetWeaver and Commerce Cloud, while CISA flagged actively exploited RCE bugs in Joomla extensions β SAP Flaws, Joomla RCE
- A new guide shows how to tell if you are vulnerable without launching an exploit, offering a safer way for defenders to validate exposure β Check Vulnerability
Nation-State & Government
- U.S. and allied agencies warned that Russian hackers are targeting critical-infrastructure routers, as separate advisories and sanctions also aimed at Russia-linked cyber operations β Router Warning, Device Targeting, EU Sanctions
- The U.S. sanctioned VPN and malware providers tied to ransomware gangs, while the Pentagon paused CMMC Phase 2 as it reevaluates contractor cybersecurity rules β Sanctions, CMMC Pause
Breaches & Disruptions
- Japanβs largest taxi operator shut down systems after a cyberattack, and Lidl disclosed an online-shop breach tied to a compromised service provider β Taxi Outage, Lidl Breach
- States are building their own election-defense networks as federal support wanes, signaling a shift in how U.S. election security is being staffed and funded β Election Defense
Platform & Security News
- Microsoft started testing a cleaner Windows Search experience without ads, while a separate Entra ID CTF highlighted identity security training around breach scenarios β Windows Search, Entra CTF
- Valarian raised $50 million to build a sovereign infrastructure control layer, reflecting continued investment in secure infrastructure platforms β Valarian Raise