Today’s roundup
WebRAT malware spread via fake vulnerability exploits on GitHub
Critical n8n flaw could enable arbitrary code execution
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Strengthening supply chain security: Preparing for the next malware campaign
More than 22 million Aflac customers impacted by June data breach
US disrupts multimillion-dollar bank account takeover operation targeting Americans
La Poste outage after a cyber attack disrupts digital banking and online services
ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower'
NIST, MITRE Partner on $20m AI Centers For Manufacturing and Cybersecurity
Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers
Summary
WebRAT malware is actively spreading via malicious GitHub repositories. These repositories pose as proof-of-concept exploits for disclosed vulnerabilities, leading users to download and execute the malware.
A critical RCE vulnerability (CVE-2025-68613, CVSS 9.9) in the n8n workflow automation platform allows authenticated attackers to execute arbitrary code. Censys identified 103,476 vulnerable instances, primarily in the U.S., Germany, and France. Patches are available in versions 1.120.4, 1.121.1, and 1.122.0.
Two malicious Google Chrome extensions were found intercepting traffic and stealing credentials from over 170 sites. They were advertised as "multi-location network speed test plug-ins."
GitHub detailed the "Shai-Hulud" campaign, which exploited compromised credentials and malicious package scripts in the JavaScript supply chain. GitHub is enhancing security with OIDC onboarding, expanded provider support, and staged publishing. Recommendations include phishing-resistant MFA and branch protection.
Aflac is notifying regulators and over 22 million customers about a data breach that occurred in June.
U.S. authorities disrupted a multimillion-dollar bank account takeover. Fraudulent search engine ads mimicking banks harvested login credentials, leading to at least $14.6 million in illicit gains.
France's La Poste suffered major online disruptions from a DDoS attack, affecting its website, mobile app, and digital identity services for millions. Essential banking functions were not impacted. The incident follows a recent cyberattack on France’s Interior Ministry.
ServiceNow will acquire OT security specialist Armis for $7.75 billion by mid-2026. This aims to advance ServiceNow's autonomous cybersecurity and strengthen its AI security stack.
NIST and MITRE are launching two new $20 million AI centers to enhance AI security in US manufacturing and critical infrastructure.
Amazon reported fending off approximately 1,800 suspected IT job scammers, believed to be state-sponsored North Korean operatives.
Want to dig deeper?
Vulnerabilities
Malware Families