Daily Security Briefing #084

November 25, 2025 | Read Online

Shai-Hulud 2.0 npm attack, Russia-North Korea cyber collaboration, OnSolve CodeRED emergency alert disruption…

Executive Summary

Today’s cybersecurity landscape highlights the growing complexity and geopolitical dimensions of cyber threats. The Shai-Hulud 2.0 campaign marks one of the most aggressive supply chain attacks, compromising thousands of npm packages and GitHub repositories in just days. Meanwhile, evidence of collaboration between Russian and North Korean threat actors signals a concerning escalation in coordinated state-aligned cyber operations. Additionally, significant disruptions targeting emergency alert systems across the U.S. emphasize vulnerabilities in critical public safety infrastructure. Amid these threats, advancements in digital forensics platforms and offensive security tools illustrate ongoing efforts to strengthen defense and response capabilities.

Top Articles

Shai-Hulud 2.0: Inside The Second Coming, the Most Aggressive NPM Supply Chain Attack of 2025
Between November 21 and 23, the Shai-Hulud 2.0 campaign compromised hundreds of npm packages and over 25,000 GitHub repositories. This supply chain attack rapidly spread malware through trusted development tools, highlighting the increasing risk in software dependency ecosystems. Organizations are urged to review their pipelines and enhance security measures against such fast-moving threats.
CheckPoint Blog

Hackers from Russia and North Korea Join Forces in Global Attacks
Recent findings reveal that Russian and North Korean hacking groups are sharing command-and-control infrastructure, signaling a new era of state-aligned cyber collaboration. This joint operation could amplify the scale and sophistication of cyberattacks worldwide, reflecting deeper geopolitical ties between the two nations. Security professionals should prepare for more complex, coordinated threats linked to governmental agendas.
Cyberpress

OnSolve CodeRED Cyberattack Disrupts Emergency Alert Systems Nationwide
The OnSolve CodeRED emergency notification platform suffered a cyberattack affecting state and local governments, police, and fire departments across the U.S. This disruption underscores the vulnerability of critical public safety communications infrastructure to cyber threats, raising concerns about the resilience and security of emergency alert technologies.
BleepingComputer

Four Ways AI Is Being Used to Strengthen Democracies Worldwide
Despite fears of AI undermining democracy, this analysis presents a positive perspective on how AI technologies can support political systems. Insights from the recent World Forum on Democracy and the new book Rewiring Democracy explore AI’s potential to enhance governance, citizen engagement, and public policy through transparency and data-driven decision-making.
Schneier on Security

The 2026 Tech Tsunami: AI, Quantum, and Web 4.0 Collide
2026 is set to redefine technology with the convergence of AI, quantum computing, and next-generation web technologies. This fusion will create unprecedented challenges and opportunities for cybersecurity, emphasizing resilience against emerging threats posed by autonomous systems and quantum-powered cryptography. Organizations must anticipate and adapt to this transformative wave.
CheckPoint Blog

Detego Global Launches Case Management Platform for Digital Forensics and Incident Response Teams
Detego Global has released a new dedicated platform for DFIR teams to streamline investigations and incident handling. The tool supports evolving demands in digital forensics, enabling better collaboration and case management for cybersecurity professionals worldwide.
GBHackers

Cobalt Strike 4.12 Adds New Injection, UAC Bypasses & C2 Features
Fortra’s latest version of Cobalt Strike delivers a modernized GUI and a variety of new capabilities including advanced process injection, new UAC bypass techniques, and customizable command-and-control frameworks. These updates strengthen red team operations and offensive research, reflecting continual development in penetration testing tools.
GBHackers

Rogue Prettier Extension on VSCode Marketplace Drops Anivia Stealer Malware to Steal Login Credentials
A fake Prettier VSCode extension was found distributing Anivia stealer malware targeting developers’ login credentials. Rapid detection and removal by security researchers and Microsoft prevented wider impact, underscoring the ongoing risks posed by malicious tools in trusted software marketplaces.
Cyberpress

The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals
Early Black Friday deals are live for cybersecurity software, VPNs, and online training courses. Limited-time discounts offer an opportunity to upgrade security tools and skills at a reduced cost ahead of 2026. Interested users should act promptly as offers vary by provider.
BleepingComputer

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
Research reveals widespread insecure handling of sensitive credentials by organizations using online formatting tools like JSONFormatter and CodeBeautify. Over 80,000 files were leaked containing passwords and API keys, exposing critical risks in operational security practices across multiple sectors.
TheHackerNews

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
The JackFix campaign exploits fake Windows update prompts on cloned adult websites to trick victims into executing multiple credential stealing malware payloads. Distributed likely via malvertising, this attack combines social engineering with targeted phishing, posing a significant threat to unwary users.
TheHackerNews

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.