Mini Shai-Hulud Worm Targets npm and PyPI Packages — The Hacker News

A new supply chain attack, attributed to the threat actor TeamPCP, has compromised hundreds of packages across npm and PyPI repositories. The Mini Shai-Hulud worm is self-propagating and capable of stealing credentials, posing a significant risk to developers and organizations relying on these ecosystems. Security teams should review dependency lists and monitor for unusual package behavior to mitigate potential impacts.

Fortinet Alerts on Critical RCE Vulnerabilities in Products — BleepingComputer

Fortinet has issued patches for two critical remote code execution vulnerabilities affecting FortiSandbox and FortiAuthenticator products. These vulnerabilities, with CVSS scores of 9.8, could allow attackers to execute arbitrary code and gain control over affected systems. Organizations using these products should apply the patches immediately to secure their networks and prevent potential exploitation.

• Škoda warns of customer data breach after online shop hack [BleepingComputer]
• Foxconn Ransomware Attack Shows Nothing Is Safe Forever - WIRED [Google News Security]
• RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded [The Hacker News]
• OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation [The Hacker News]