A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patched in Firefox, a ransomware fine was issued to a UK company, and numerous vulnerabilities were identified in solar inverters. Affected: npm packages, Firefox, UK healthcare sector, enterprises, solar inverter manufacturers, Serbian journalists, Russian cybercriminals
Keypoints :
- Ten npm packages were updated with malicious code to compromise environment variables.
- Mozilla released Firefox 136.0.4 to fix a critical sandbox escape vulnerability.
- The ICO imposed a £3.1 million fine on Advanced for a ransomware attack in 2022.
- Browser extensions can be bought and repurposed, posing risks to enterprises.
- Researchers identified 46 vulnerabilities in solar inverters that can impact power grids.
- CrushFTP CEO faced criticism over handling of a critical unauthenticated access vulnerability.
- Serbian journalists were targeted with NSO Group’s Pegasus spyware.
- Russian authorities arrested suspects behind the Mamont malware, an Android banking trojan.
- Resecurity infiltrated the BlackLock ransomware gang, relaying data to authorities.