European Commission Hack Exposes Data of 30 EU Entities — BleepingComputer

The European Commission has suffered a significant data breach impacting 30 EU entities, attributed to a cloud misconfiguration. CERT-EU has linked the breach to the TeamPCP hacking group, exploiting vulnerabilities in the European Commission's cloud infrastructure. Security teams should review cloud configurations and ensure compliance with best practices to prevent similar breaches.

Axios npm Package Compromised via Social Engineering — BleepingComputer

The Axios npm package maintainer confirmed a supply chain attack resulting from a successful social engineering campaign. Attackers gained access to the package, potentially impacting numerous projects relying on Axios. Security teams should audit dependencies and consider implementing stricter access controls and multi-factor authentication for maintainers to mitigate such risks.

• EU cyber agency attributes major data breach to TeamPCP hacking group - The Record from Recorded Future News [Google News Security]
• Hims & Hers warns of data breach after Zendesk support ticket breach - BleepingComputer [Google News Security]
• LinkedIn secretely scans for 6,000+ Chrome extensions, collects data [BleepingComputer]
• Nacogdoches Memorial Hospital Discloses Data Breach Impacting Over 257,000 - nationaltoday.com [Google News Security]
• China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing [The Hacker News]