Bitwarden CLI Supply Chain Attack: Developer Credentials at Risk — Google News Security

Bitwarden's CLI npm package was compromised in a supply chain attack, with attackers uploading a malicious package to steal developer credentials. This incident is part of a broader campaign targeting open-source tools, highlighting the vulnerabilities in software supply chains. Security teams should ensure their package management systems are secure and consider using tools for detecting malicious packages.

CISA Orders Patch for Microsoft Defender Zero-Day Exploitation — BleepingComputer

CISA has mandated U.S. federal agencies to patch a zero-day vulnerability in Microsoft Defender, exploited for privilege escalation. The flaw, known as BlueHammer, affects multiple versions of Defender and has a CVSS score of 9.8. Security teams must prioritize patching this vulnerability to prevent unauthorized access and potential data breaches.

UK Biobank Data Breach: 500,000 Health Records for Sale — BleepingComputer

A significant data breach at UK Biobank has resulted in the health data of 500,000 individuals being offered for sale online, reportedly in China. This breach exposes sensitive personal and medical information, raising concerns about privacy and data protection. Security teams should assess their data protection strategies and ensure robust incident response plans are in place.

• Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia [Dark Reading]
• Hackers exploit file upload bug in Breeze Cache WordPress plugin [BleepingComputer]
• UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware [The Hacker News]
• UK warns of Chinese hackers using proxy networks to evade detection [BleepingComputer]