Category: Incidents & Breaches

Novee Security’s discovery of the Cordyceps CI/CD flaw exposes a widespread misconfiguration in GitHub Actions workflows where excessive permissions granted to pull requests enable unauthenticated attackers to hijack build systems, steal credentials, and compromise software supply chains across major technology organizations, highlighting critical gaps in trust boundary enforcement in automated development environments. Read more

A coordinated international law enforcement operation, conducted between June 15–19, 2026, dismantled the criminal infrastructure supporting the Amadey and StealC malware-as-a-service networks, recovering 27 million stolen credentials, identifying and restricting $47 million in cryptocurrency assets, seizing 326 servers and 142 domains, and severing control over 18,000+ infected computers identified by Microsoft telemetry. The takedown targeted the initial access 'assembly line' used to launch ransomware, financial fraud, and critical infrastructure attacks across Belgium, Canada, Denmark, France, Germany, the Netherlands, the UK, and the US. Read more

ASEC’s May 2026 APT report identifies supply chain, developer environment, and runtime abuse as dominant trends, with Lazarus exploiting Git hooks and CI/CD pipelines, Famous Chollima poisoning npm/Packagist branches, and MuddyWater leveraging Microsoft Teams and Quick Assist for credential theft. Groups like Gamaredon and UAC-0010 abused WinRAR CVE-2025-8088 against Ukrainian entities, while Chinese APTs targeted Azerbaijani energy firms via Exchange zero-days. The report underscores credential and session theft, cryptocurrency wallet targeting, and persistent remote access as common objectives across government, defense, diplomacy, energy, education, and telecom sectors. Read more

A Practical Workflow for Monitoring Singapore CSA advisories for SaaS and managed-service risk helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims. Read more

A Practical Workflow for East Asia AI model abuse signals that should stay monitor-only helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims. Read more

A Practical Workflow for How to turn East Asia signals into a board-safe risk update helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims. Read more

A Practical Workflow for A Korea supply-chain compromise rumor spreads — how to avoid chasing noise helps security, cloud, and supplier-risk teams keep an East Asia cyber or AI-risk signal under review when there is no fresh publish-ready news item. It explains how to preserve the original link, separate visible evidence from assumptions, and route unclear findings without inventing unsupported claims. Read more