Today’s roundup
Medical device maker UFP Technologies warns of data stolen in cyberattack
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
Malicious Next.js Repos Target Developers Via Fake Job Interviews
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries
Untrusted repositories turn Claude code into an attack vector
Critical Zyxel router flaw exposed devices to remote attacks
Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach
Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain
Summary
American medical device manufacturer UFP Technologies reported a cyberattack that compromised its IT systems and resulted in data theft. Details on the specific data impacted were not immediately available.
Researchers discovered 'StripeApi.Net', a malicious NuGet package impersonating Stripe's legitimate library. This package targeted the financial sector to steal API tokens from developers.
The Scattered LAPSUS$ Hunters (SLH) cybercrime group is offering $500–$1,000 per call to recruit women for voice phishing campaigns specifically targeting IT help desks.
North Korean threat actors are using malicious Next.js repositories disguised as fake job interviews to target software developers, aiming to establish persistent backdoor access to their machines.
A critical (CVSS 10.0) zero-day authentication bypass, CVE-2026-20127, in Cisco Catalyst SD-WAN has been actively exploited by a sophisticated threat actor, UAT-8616, since 2023, allowing full administrative control over controllers.
Google and partners disrupted UNC2814 (GRIDTIDE), a China-linked APT, responsible for global espionage targeting 53 telecom and government organizations in 42 countries since 2017, using a novel backdoor with Google Sheets for C2.
Critical flaws (CVE-2025-59536, CVE-2026-21852) in Anthropic's Claude Code AI coding assistant allow remote code execution and API key theft through malicious repository configurations when untrusted projects are opened.
Zyxel patched a critical remote code execution vulnerability (CVE-2025-13942, CVSS 9.8) in over a dozen router models. The flaw, a command injection in the UPnP feature, allows unauthenticated remote attacks if WAN access and UPnP are enabled.
Health insurance tech provider TriZetto reported that a 2024 software breach impacted over 3 million Americans, leading to the compromise of sensitive personal data.
WatchTowr Labs disclosed pre-authentication remote code execution vulnerabilities (CVE-2025-40552, CVE-2025-40553, CVE-2025-40554) in SolarWinds Web Help Desk. The flaws include authentication bypasses and a deserialization RCE, effectively bypassing prior patches by abusing the embedded PostgreSQL database.
Want to dig deeper?
Vulnerabilities
Malware Families