This past week shares a single theme: attackers are not breaking in through a frontal assault on your company, but through something or someone you already trust. The D1R group used an older Synopsys data leak as a map to reach Bosch and ARM, actors linked to ShinyHunters spent a year pulling data out of Salesforce through legitimate OAuth connections, and 148 npm packages abused the trust placed in a package registry.
On top of that came a new type of attack on AI assistants that plants a persistent false memory with a single email, and here at home three Czech companies showed up on the leak site of the Titan ransomware group. For the period covered, the source data held 43 articles, 258 vulnerabilities, 20 ransomware victims, and 11 dark web items.