Shai‑Hulud 2.0 Worm Hits npm Ecosystem

Massive Supply‑Chain Compromise
Shai‑Hulud 2.0 is a worm that infected npm packages, including PostHog SDKs like posthog-node, posthog-js, and posthog-react-native.

A malicious script in these packages automatically ran when installed, scanning for credentials and sending them to public repositories.

Within three days, over 25,000 developers had secrets exposed, including cloud keys and CI/CD tokens.

How the Attack Spread
The worm exploited CI/CD workflow automation.

A malicious pull request executed scripts with full privileges, allowing the attacker to steal bot tokens and GitHub secrets.

These stolen credentials were then used to push trojanized packages to npm, creating a self‑propagating worm in developer dependencies.

PostHog Response
PostHog revoked compromised tokens, removed infected package versions, and released clean updates.

They are also adopting a trusted publisher model, tightening workflow review processes, and disabling automatic install-script execution to prevent similar incidents.

Key Takeaway
Even trusted open‑source packages can carry major risks if CI/CD pipelines are not carefully secured.

Developers and security teams need to monitor dependencies, audit workflows, and limit automated script privileges to prevent credential theft and supply‑chain attacks.

Temu Faces Arizona Lawsuit Over Alleged Data Theft.

Alleged Data Collection
Arizona’s Attorney General sued Chinese retailer Temu and its parent company, PDD Holdings, claiming the app collects sensitive user data without consent.

This includes GPS locations and lists of other apps on users’ phones. Officials say the app deceives customers about product quality while secretly tracking them.

Security and Privacy Concerns
Investigators found portions of Temu’s code resemble malware or spyware.

The app is alleged to exfiltrate user data while hiding its activity.

Some of the code comes from a previous banned version, raising further concerns about user safety.

Legal and Business Implications
The lawsuit highlights potential conflicts with Chinese laws that may require companies to share data with the government.

It also claims Temu copied intellectual property from local brands.

Other states like Kentucky, Nebraska, and Arkansas have filed similar lawsuits against Temu.

Consumer Advice
Officials advise users to delete Temu accounts, uninstall the app, and scan devices for malware to protect their privacy.

The case signals a growing focus on cross-border data protection and the need for vigilance against apps that may compromise user information.

In this inspiring episode of the Women in Cybersecurity Podcast, we sit down with Andra-Irina Vasile, a dynamic cybersecurity strategist, senior leader, and passionate mentor who has built an impressive career at the intersection of cloud security, cyber defense strategy, and human-centric leadership.

From hands-on technical roles to shaping enterprise cyber defense visions, Andra-Irina shares how curiosity, resilience, and a willingness to embrace change fueled her growth across global organizations and diverse cultural environments.

We explore her journey through security engineering, incident recovery, cloud security, and strategic leadership—along with her deep commitment to mentoring, coaching, and empowering the next generation of cybersecurity professionals.

She also shares practical advice for navigating career transitions, building confidence in high-impact roles, and using cybersecurity as a force for positive change.

This is a must-listen episode for anyone looking to grow, pivot, or lead with authenticity in cybersecurity and technology.

AI in Cybersecurity: Questions Every CISO Should Ask

Rising Threats
Cyber attackers are using AI to create deepfakes, craft clever phishing, and launch new attacks.

They also target AI systems with prompt injection attacks and exploit careless use of AI to get sensitive data.

Benefits of AI Defenses
Organizations that deploy AI in cybersecurity can respond faster to breaches.

IBM reports that AI reduces recovery time by 80 days and cuts breach costs by $1.9 million. Shadow AI—uncontrolled AI use—can add $670,000 to breach costs.

Choosing the Right Tools
Security vendors and startups now offer AI solutions for detection, response, and cloud or endpoint protection.

Applications include threat detection, alert triage, automated reporting, log analysis, malware analysis, and predicting attacker behavior.

Key Considerations
CISOs should evaluate vendor reliability, tool accuracy, integration with workflows, and data privacy safeguards.

Shadow AI usage should be monitored to prevent hidden risks.

Implementing AI effectively requires careful planning, rigorous evaluation of vendors, and ongoing monitoring to ensure AI strengthens defenses without creating new vulnerabilities.

Four Cybersecurity Moves to Make Now

Strong Logins and Modern Standards
Old systems and weak logins are easy bait for attackers.

Use robust multi‑factor authentication (MFA) like passkeys instead of passwords.

Use secure DNS, close old email systems that let unauthenticated mail, and drop outdated API protocols such as legacy Exchange Web Services.

If your network routing uses old BGP or other legacy tools, replace them or lock them down to avoid takeover risks.

Spot Fake Users by Fingerprinting Devices
Blocking bad IP addresses alone no longer works. Attackers often use real‑user devices or laptops after stealing credentials.

Add “fingerprinting” to track devices, browsers, and user habits. This helps detect when something sneaky is happening even if the IP looks safe.

Share Threat Info and Work Together
Security isn’t solo work anymore. Teams should share lessons and signals about attacks openly with peers and partners.

Joining sharing groups and building connections with other defenders helps everyone react faster to new threats.

Keep It Simple and Strong
Old tools, weak passwords, blind trust — those are the first things attackers try. Cleaning up old tech and using modern controls reduces most risks.

These four steps give a strong base. They help prevent common attacks and keep teams ready for clever threats.

Manufacturing companies are prime targets for cyberattacks in 2025.

Ransomware Hits Hard
About half of manufacturers hit by ransomware paid the ransom, with costs averaging $1 million.

Recovery expenses often added another $1.3 million.

Exploited vulnerabilities overtook phishing emails as the main cause of breaches for the first time in three years.

Why Manufacturers Are at Risk
Experts point to three main weaknesses: a lack of security experts, previously unknown security gaps, and missing protections.

Attackers know that any downtime can be costly, making these companies attractive targets.

Notable Attacks This Year
Jaguar Land Rover faced a ransomware attack in September, shutting down production for weeks and losing up to $2.4 billion.

Japanese brewery Asahi also suffered a similar disruption, affecting product availability.

Global Impact
Ransomware on manufacturing firms outside North America could have caused more than $18 billion in losses, according to Kaspersky.

Operational technology companies are particularly at risk, with 42% of attacks targeting industrial sectors.

Looking Ahead
Experts warn that attacks will continue if geopolitical tensions and industrial investments rise.

Transportation and energy sectors are also vulnerable, while automation and AI adoption present both new efficiencies and security challenges.

Manufacturers need stronger cybersecurity strategies and tested incident response plans to reduce financial and operational damage.