Today’s roundup

• Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
• Internet-wide Vulnerability Enables Giant DDoS Attacks
• Chinese APT Group Targets Web Hosting Services in Taiwan
• Colt Customers Face Prolonged Outages After Major Cyber Incident
• Human Resources firm Workday disclosed a data breach after attackers accessed a third‑party CRM platform via social engineering
• DoJ seizes $2.8M linked to Zeppelin Ransomware
• Xerox fixed path traversal and XXE bugs in FreeFlow Core

Summary

Recent cybersecurity events underscored the continuing threat of supply‑chain, web‑server, and enterprise software vulnerabilities. A malicious package called termncolor (PyPI) used a dependent colorinal module to persist and execute code, exposing developers worldwide. An undisclosed Internet‑wide vulnerability has placed a large portion of web services at risk of massive DDoS attacks, leveraging a flaw that existed since 2023. In East Asia, a new Chinese APT group compromised a Taiwanese web hosting provider, enabling a broad range of malicious activities. The UK telco Colt suffered a ransomware‑driven incident, with the Warlock gang claiming credit and users experiencing prolonged outages since August 14. Human Resources software company Workday disclosed that attackers accessed its third‑party CRM system through a social‑engineering campaign, potentially exposing customer contact details; the breach may be linked to the ShinyHunters campaign. The U.S. Department of Justice seized over $2.8 million in cryptocurrency from a former Zeppelin ransomware operator, illustrating law‑enforcement success against this threat actor. Finally, Xerox patched CVE‑2025‑8355 (XXE) and CVE‑2025‑8356 (path traversal) in its FreeFlow Core platform, fixing unauthenticated remote code execution vulnerabilities that could let attackers deploy web shells. Each incident highlights the importance of patch management, supply‑chain validation, and robust incident response.