OpenBrief

Key points:

The inetpub folder is linked to a high-severity privilege escalation vulnerability (CVE-2025-21204).
Microsoft warns users against deleting the inetpub folder, even if IIS is not installed.
The provided PowerShell script sets correct permissions to secure the folder and related directories.
Removing the folder can lead to vulnerabilities, as it allows local attackers to escalate permissions.
The script can be executed in PowerShell to recreate the folder with proper access controls.

Sources: Bleeping Computer (1 articles)

Supply chain attack compromises 16 Gluestack NPM packages with 960K weekly downloads
A supply chain attack has affected 16 popular Gluestack NPM packages, injecting malicious code that functions as a remote access trojan. The attack, discovered by Aikido Security, poses significant risks due to the packages' high download volume. 💣 Exploits +

Key points:

The attack began on June 6, with malicious code added to the lib/index.js file of the packages.
The obfuscated code allows attackers to execute commands remotely, including file uploads and directory changes.
The trojan also hijacks the Windows PATH to execute malicious binaries disguised as legitimate Python commands.
Aikido Security has reported the issue to NPM and attempted to contact Gluestack, but has received no response.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

PathWiper Malware Targets Ukraine's Critical Infrastructure for Disruption
PathWiper, a new data wiper malware, is being deployed against critical infrastructure in Ukraine, attributed to a Russia-linked APT. It overwrites essential NTFS files, rendering systems inoperable without financial demands. 🚨 Intrusions +

Key points:

PathWiper is a new strain of wiper malware identified by Cisco Talos.
The malware targets critical infrastructure in Ukraine, indicating advanced tactics.
PathWiper shares similarities with HermeticWiper, previously used in the Russia-Ukraine conflict.
The malware corrupts master boot records and NTFS artifacts, employing sophisticated enumeration methods.
Wiper attacks have surged since the onset of the Ukraine conflict, with multiple strains identified.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Repackaged AT&T data leak links SSNs and DOBs to 49M phone numbers from 2021 breach
A threat actor has repackaged data from a 2021 AT&T breach, linking Social Security numbers and birth dates to 49 million phone numbers. AT&T is investigating the leak, which has resurfaced on dark web forums. 📰 Abuse & Fraud +

Key points:

The leak contains 88 million lines of data, with 86 million unique records after duplicates are removed.
The data includes names, addresses, mobile numbers, encrypted SSNs, and DOBs, now linked to unencrypted values.
This repackaged leak is not new but a cleaned version of the 2021 breach originally conducted by ShinyHunters.
AT&T confirmed the data was stolen from their systems, affecting 73 million customers.
The leak has been made available for sale on dark web forums, prompting AT&T's investigation.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Other Updates

Qilin Ransomware Exploits Critical Fortinet Vulnerabilities for Attacks
Qilin ransomware is leveraging critical Fortinet vulnerabilities to execute attacks on various organizations. 🚨 Intrusions +

Key points:

Qilin ransomware, also known as Phantom Mantis, has exploited Fortinet vulnerabilities since May 2025.
The vulnerabilities allow attackers to bypass authentication and execute malicious code remotely.
CVE-2024-21762 and CVE-2024-55591 are among the flaws being actively exploited.
The campaign has targeted over 310 victims, including high-profile organizations.
CISA has warned federal agencies to secure their Fortinet devices against these vulnerabilities.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Optima Tax Relief Faces Ransomware Attack, Data Compromised
Chaos ransomware gang attacks Optima Tax Relief, leaking sensitive customer data. 🚨 Intrusions +

Key points:

Optima Tax Relief suffered a ransomware attack by the Chaos group, leading to data leaks.
The stolen data includes sensitive personal information such as Social Security numbers and addresses.
This incident is classified as a double-extortion attack, involving both data theft and server encryption.
Chaos ransomware is a newer operation that began in March 2025, claiming multiple victims.
The attack highlights the risks associated with tax-related data and identity theft.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Malicious npm Packages Disguised as Utilities Wipe Project Directories
Malicious npm packages have been found to delete project directories under the guise of useful utilities. 💣 Exploits +

Key points:

The packages 'express-api-sync' and 'system-health-sync-api' were published in May 2025 and contain backdoors for remote data wiping.
The first package executes 'rm -rf *' upon receiving a specific key, deleting all files in the application's directory.
The second package supports both Linux and Windows deletion commands and has multiple backdoor endpoints for destruction.
These incidents highlight a concerning trend in npm, suggesting potential state-level or sabotage motivations behind such attacks.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

FBI Warns of BADBOX 2.0 Android Malware Infecting Millions of Devices
Off-brand IoT devices are vulnerable to the BadBox botnet, prompting FBI warnings. 🚨 Intrusions +

Key points:

BadBox 2.0 targets various IoT devices, including streaming devices and digital projectors.
The malware can be pre-installed or delivered via dubious software updates.
The botnet masks criminal activity by using residential proxies.
Users are advised to disconnect suspicious devices and update firmware.
Signs of compromise include unusual app marketplaces and requests to disable security features.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Kettering Health Confirms Interlock Ransomware Attack Resulting in Data Theft
Kettering Health confirms a ransomware attack by Interlock, leading to significant data theft and operational disruptions. 🚨 Intrusions +

Key points:

Interlock ransomware group breached Kettering Health's network, stealing 941 GB of sensitive data.
The attack disrupted access to electronic health records and forced staff to revert to manual processes.
Kettering Health has secured its systems and is restoring communication channels with patients.
Interlock has been linked to multiple attacks on healthcare organizations and uses advanced tactics for network access.
The group recently claimed responsibility for a breach at DaVita, leaking 1.5 terabytes of data.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

International Operation Leads to Arrest of 20 Suspects for Child Sexual Abuse Material Distribution
20 suspects were arrested in an international operation targeting child sexual abuse material distribution. 📰 Abuse & Fraud +

Key points:

The operation began in late 2024 after Spanish police identified instant messaging groups sharing child sexual exploitation images.
INTERPOL facilitated international cooperation, leading to arrests in Europe, the Americas, Asia, and Oceania.
Seizures included computers and mobile devices used in the distribution of child sexual abuse material.
Previous operations have also targeted large CSAM platforms, resulting in numerous arrests and device seizures.

Sources: Bleeping Computer (1 articles)

Bleeping Computer

Additional Signals

OpenBrief

Top Stories

Key points:

Key points:

Key points:

Key points:

Other Updates

Key points:

Key points:

Key points:

Key points:

Key points:

Key points:

Read More by Category

Additional Signals