Aggregator

本期周报简介：1、 代码安全：如何有效推动开发团队遵守安全规范？交互式应用安全测试工具有哪些推荐？ 2、安全规划：制定网络安全五年规划时，如何确定核心方向与重点内容？ 3、漏洞管理：漏洞扫描如何避免越界？高危漏洞修复时限如何设定？

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Your home network might be part of someone else’s attack. GreyNoise IP Check shows if your IP’s been caught scanning the internet—free and private.

FLUX.2 [dev] by Black Forest Labs is now on Workers AI! This advanced open-weight image model offers superior photorealism, multi-reference inputs, and granular control with JSON prompting.

A common worry for IT and security teams is that, when operating an effective vulnerability manageme

DCS控制系统正朝着更安全、更智能、更自主可控的方向发展。

Key Takeaways Artificial intelligence is becoming a core part of how organizations deliver services, make decisions, and manage operations. But as AI moves deeper into production workflows, leadership teams face a new responsibility: ensuring these systems behave reliably, lawfully, and in support of business objectives. This guide outlines the practical first steps that every organization […]

The post How to Build an AI Governance Program in 2026 appeared first on Centraleyes.

The post How to Build an AI Governance Program in 2026 appeared first on Security Boulevard.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 24th of November 2025

Ransomware Attack Update for the 24th of November 2025

Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours.

The post Shai-Hulud worm returns stronger and more automated than ever before appeared first on CyberScoop.

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages.

A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as "The Second Coming," was observed around Nov. 24 targeting the npm ecosystem. Attackers compromised at least 800 high-profile publisher accounts to upload trojanized versions of legitimate packages. Unlike previous iterations, these versions have new payloads and execute using install lifecycle scripts to compromise developer environments and CI/CD pipelines at scale. This time, the malware is significantly more aggressive than the previous campaign, including attempts to destroy the victim’s home directory and, in some cases, even delete all writable files owned by the user.

Frequently asked questions about Sha1-Hulud: The Second Coming

What is the initial vector of this new campaign?

The attack chain begins when a developer installs a compromised package containing a modified manifest file. The adversary injects a preinstall lifecycle script into package.json that immediately triggers a file named setup_bun.js upon installation.

Unlike typical supply chain attacks that execute malicious logic directly through the Node.js process, this script automatically downloads and installs the Bun runtime, a separate JavaScript environment. Once installed, the malware uses the Bun binary to execute a bundled payload, often named bun_environment.js. This "bring your own runtime" technique effectively allows the malicious code to operate outside the visibility of standard Node.js security tools and static analysis scanners that monitor the primary build process.

What is the impact of this campaign?

The blast radius of this campaign is extensive. Tens of thousands of GitHub repositories are reportedly affected. It extends to high-profile integrations, including ones from Zapier, ENS Domains, and Postman. By hijacking trusted publisher accounts rather than using typosquatting, the attackers successfully poisoned the supply chain at a fundamental level. This forced malicious code into thousands of corporate environments simply through routine dependency updates.

What are the immediate steps cloud security teams can take to address this issue?

• Audit your environment: Use a security scanner to check if you have malicious versions of the affected packages (see list below).
• Remove them by upgrading to a later version.

Which Tenable products can be used to address these malicious packages?

Tenable automatically and proactively detects malicious packages associated with Shai-Hulud campaigns across both on-premises and cloud environments.

This isn't a one-time check. Tenable Nessus and Tenable Cloud Security, our cloud-native application protection platform (CNAPP), continuously monitor for new indicators of compromise (IOCs) and track research associated with this evolving campaign. As Shai-Hulud adapts its tactics, our threat intelligence and risk analysis capabilities update in real-time, ensuring your defense remains current and effective.

Plugin ID 265897 can be used to identify compromised packages affected in the Sha1-Hulud campaigns.

Tenable Cloud Security classifies affected packages as malicious; detected packages will appear in your Tenable Console environment the next time data is synced.

An appendix with a full listing of affected packages is available here.

The post FAQ About Sha1-Hulud 2.0: The “Second Coming” of the npm Supply-Chain Campaign appeared first on Security Boulevard.

Sha1-Hulud malware is an aggressive npm supply-chain attack compromising CI/CD and developer environments. This blog addresses frequently asked questions and advises cloud security teams to immediately audit for at least 800 compromised packages.

A massive resurgence of the Sha1-Hulud malware family, self-titled by the attackers as "The Second Coming," was observed around Nov. 24 targeting the npm ecosystem. Attackers compromised at least 800 high-profile publisher accounts to upload trojanized versions of legitimate packages. Unlike previous iterations, these versions have new payloads and execute using install lifecycle scripts to compromise developer environments and CI/CD pipelines at scale. This time, the malware is significantly more aggressive than the previous campaign, including attempts to destroy the victim’s home directory and, in some cases, even delete all writable files owned by the user.

Frequently asked questions about Sha1-Hulud: The Second Coming

What is the initial vector of this new campaign?

The attack chain begins when a developer installs a compromised package containing a modified manifest file. The adversary injects a preinstall lifecycle script into package.json that immediately triggers a file named setup_bun.js upon installation.

Unlike typical supply chain attacks that execute malicious logic directly through the Node.js process, this script automatically downloads and installs the Bun runtime, a separate JavaScript environment. Once installed, the malware uses the Bun binary to execute a bundled payload, often named bun_environment.js. This "bring your own runtime" technique effectively allows the malicious code to operate outside the visibility of standard Node.js security tools and static analysis scanners that monitor the primary build process.

What is the impact of this campaign?

The blast radius of this campaign is extensive. Tens of thousands of GitHub repositories are reportedly affected. It extends to high-profile integrations, including ones from Zapier, ENS Domains, and Postman. By hijacking trusted publisher accounts rather than using typosquatting, the attackers successfully poisoned the supply chain at a fundamental level. This forced malicious code into thousands of corporate environments simply through routine dependency updates.

What are the immediate steps cloud security teams can take to address this issue?

• Audit your environment: Use a security scanner to check if you have malicious versions of the affected packages (see list below).
• Remove them by upgrading to a later version.

Which Tenable products can be used to address these malicious packages?

Tenable automatically and proactively detects malicious packages associated with Shai-Hulud campaigns across both on-premises and cloud environments.

This isn't a one-time check. Tenable Nessus and Tenable Cloud Security, our cloud-native application protection platform (CNAPP), continuously monitor for new indicators of compromise (IOCs) and track research associated with this evolving campaign. As Shai-Hulud adapts its tactics, our threat intelligence and risk analysis capabilities update in real-time, ensuring your defense remains current and effective.

Plugin ID 265897 can be used to identify compromised packages affected in the Sha1-Hulud campaigns.

Tenable Cloud Security classifies affected packages as malicious; detected packages will appear in your Tenable Console environment the next time data is synced.

An appendix with a full listing of affected packages is available here.

A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.

我喜欢和她一起守望相助、大呼小叫、唉声叹气，喜欢她有一个可以打游戏的童年。

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. [...]