Daily Security Briefing 005

September 10, 2025 | Read Online
NPM supply chain malware, CyberVolk ransomware hits critical sectors, Kikimora’s AI security platform launch.

Executive Summary

Today’s cybersecurity landscape reveals escalating threats to supply chains and critical infrastructure, exemplified by the largest npm ecosystem attack and the targeted CyberVolk ransomware campaign against government and research entities. Attackers increasingly rely on fileless malware techniques for stealthy persistence and remote access across multiple platforms. Meanwhile, new defenses are emerging with AI-powered tools for small and medium enterprises aiming to reduce security workloads. Security concerns over software distribution channels and social engineering-based breaches also regained focus, prompting discussions on organizational best practices and regulatory oversight.

Top Articles

The Great NPM Heist – September 2025
A sophisticated phishing attack compromised an npm maintainer account, injecting cryptocurrency-stealing malware into over 18 widely used JavaScript packages. These packages have a combined weekly download count exceeding 2 billion, impacting millions of applications worldwide—from personal projects to enterprise systems. The incident marks the largest supply chain attack in npm’s history, raising significant concerns about open-source ecosystem security.
BleepingComputer

CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
Since its emergence in May 2024, CyberVolk ransomware has intensified attacks on government agencies, critical infrastructure, and scientific institutions across Japan, France, and the UK. With pro-Russian affiliations, it specifically targets adversarial states employing advanced encryption methods that prevent data recovery. This ongoing campaign highlights the geopolitical dimension of ransomware threats to essential national sectors.
GBHackers

Kikimora Announces Launch of Kikimora Agent: Accessible AI-Powered Cybersecurity Platform for SME Security
Kikimora released the Kikimora Agent, an AI-driven cybersecurity platform designed to simplify vulnerability detection, asset monitoring, and security management for small to medium-sized enterprises, individuals, and students. The platform integrates conversational AI with automated security workflows, aiming to reduce the operational burden on limited IT teams while enhancing proactive defense capabilities.
GBHackers

AsyncRAT Employs Fileless Loader to Evade Detection and Secure Remote Access
Researchers uncovered a new fileless malware campaign deploying AsyncRAT through a multi-stage in-memory loader that bypasses traditional disk-based defenses. By abusing legitimate system tools, attackers maintain long-term persistence entirely within memory, complicating detection and remediation efforts, and securing covert remote access to infected systems.
CyberPress

Malicious Facebook Ads Exploit Meta Verified to Steal User Accounts
A malvertising campaign utilized fake video tutorials and a malicious browser extension promising access to the Meta Verified blue checkmark, targeting content creators and businesses on Facebook. At least 37 coordinated ads hosted on Box.com distributed the malicious extension installer, aiming to steal user credentials through social engineering.
CyberPress

Microsoft Store and WinGet: Security Risks for Corporate Environments
While convenient for individual users, the Microsoft Store and WinGet pose risks in corporate settings, where attackers or malicious insiders could exploit these channels to install unauthorized software. This vulnerability underscores the need for strict controls around software distribution to prevent policy violations and potential breaches.
Black Hills Information Security

Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
An advanced persistent threat group attributed to China utilized a new fileless malware called EggStreme to infiltrate a Philippine military company. The multi-stage framework operates stealthily by injecting malicious code into memory and leveraging DLL sideloading to execute payloads, supporting prolonged espionage activities.
The Hacker News

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Two newly discovered malware families threaten multiple operating systems: CHILLYHELL, a modular macOS backdoor written in C++ for Intel architectures, and ZynorRAT, a Go-based remote access trojan targeting Windows and Linux environments. These developments highlight persistent multi-platform risks requiring cross-OS defenses.
The Hacker News

Can I have a new password, please? The $400M question.
Scattered Spider exploited social engineering by convincing help desk agents to reset passwords and MFA without proper verification, breaching Clorox and causing roughly $380 million in damages. This case emphasizes the critical importance of strict caller verification processes and audit trails to mitigate human factor vulnerabilities.
BleepingComputer

Pixel 10 fights AI fakes with new Android photo verification tech
Google’s Pixel 10 integrates C2PA Content Credentials in its camera and Google Photos app, enabling users to verify the authenticity of images and distinguish AI-generated or altered photos. This technology aims to combat misinformation and improve trust in digital media.
BleepingComputer

Wyden calls on FTC to investigate Microsoft for ‘gross cybersecurity negligence’ in protecting critical infrastructure
Senator Ron Wyden urged the Federal Trade Commission to probe Microsoft’s default security settings, which he links to enabling ransomware attacks against critical infrastructure, such as the 2024 incident involving the Ascension hospital system. The call raises accountability and regulatory questions over vendor security practices.
CyberScoop

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.