Nationwide Emergency Alert System Crippled by Ransomware

INC Ransom attacked OnSolve’s CodeRED emergency notification platform, forcing the company to permanently retire the legacy system and cutting off alerting capabilities for hundreds of US municipalities. The incident also involved exposure of personal data for a large number of residents whose information was stored in the service. It shows how a single service provider can become a critical weak point for public safety communications.

Shai-Hulud worm returns stronger and more automated than ever before

A new wave of Shai-Hulud supply chain attacks has trojanized almost 500 npm packages, putting more than 26,000 GitHub repositories at risk of compromise. The worm spreads by abusing developer tooling and dependency chains, making it easy for malicious code to reach many projects at once. The campaign illustrates how automated attacks against software ecosystems can have wide, hard-to-track impact.

Malicious Blender model files deliver StealC infostealing malware

Attackers are distributing StealC V2 infostealer malware through malicious Blender .blend files uploaded to 3D asset marketplaces. The files use Blender’s Python scripting and Auto Run capabilities to fetch and execute additional payloads once opened. This approach targets creative professionals and studios that routinely download third-party models into production environments.

Attackers are Using Fake Windows Updates in ClickFix Scams

ClickFix scams display a full screen fake Windows Update window that instructs users to open the Run dialog and execute a command, leading to the installation of LummaC2 and Rhadamanthys information-stealing malware. The technique uses social engineering and obfuscated loaders to bypass basic defenses and gain access to credentials and browser data. It shows how simple prompts to run system tools can be abused to gain deep access to a device.

Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications

A recent advisory describes how various actors are using commercial spyware to target users of messaging applications such as Signal and WhatsApp. Infection methods include phishing links, malicious device-linking QR codes, zero-click exploits, and fake versions of popular apps. Once installed, the spyware can access messages, calls, and other sensitive data on the device, raising privacy and safety concerns for high-profile and at-risk users.

Delta Dental notifies customers of data breach

Delta Dental of Virginia is notifying affected individuals after a compromised email account allowed unauthorized access to emails and attachments for about a month. The exposed data may include names, Social Security numbers, government ID numbers, and protected health information. The incident underscores how a single mailbox compromise can lead to significant disclosure of personal and medical data.