North Korean Hackers Deploy 338 Malicious npm Packages in Supply Chain Attack

Monday, October 13, 2025

Top 5 Cybersecurity Stories You Should Know

1. North Korean Hackers Deploy 338 Malicious npm Packages in Supply Chain Attack — tl;dr: North Korean state-sponsored hackers have launched a supply chain attack targeting software developers, deploying 338 malicious npm packages as part of a campaign named 'Contagious Interview.' This sophisticated operation aims to compromise the development environment of unsuspecting developers, potentially leading to widespread vulnerabilities in software applications. Developers are advised to audit their npm packages and ensure they are using trusted sources to mitigate the risk of infection. Immediate action is crucial to safeguard against potential data breaches and malware deployment.
   ↪ https://cybersecuritynews.com/

2. Critical WordPress Flaw, SonicWall Backup Breach, Oracle Zero-Day Exploited — tl;dr: A serious vulnerability in the Service Finder WordPress theme (CVE-2025-5947) has allowed hackers to hijack administrator accounts, with over 13,800 attacks recorded. SonicWall confirmed a breach exposing firewall backup files for all cloud customers, urging users to reset credentials. Oracle issued an emergency patch for a zero-day flaw (CVE-2025-61882) in its E-Business Suite, exploited by the Cl0p ransomware group. Additionally, Discord reported a breach exposing ID photos of 70,000 users via a third-party vendor. Healthcare organizations, including Doctors Imaging Group, reported breaches affecting over 200,000 patients. Users are advised to update security measures and monitor for unauthorized access.
   ↪ https://www.duocircle.com/announcements/cybersecurity-news-update-week-42-of-2025

3. Albemarle County Ransomware Attack Exposes Sensitive Resident Data — tl;dr: A ransomware attack on Albemarle County, Virginia, has compromised the personal information of local government and public school employees, including names, addresses, Social Security numbers, and other sensitive data. Despite having robust cybersecurity measures in place, the attack exploited vulnerabilities in on-premises servers. The county has activated its incident response plan, isolating affected systems and enhancing defenses while conducting a thorough forensic investigation. Residents potentially impacted are being offered identity protection services to mitigate risks of identity theft. Ongoing investigations may link the attack to known threat actors.
   ↪ https://gbhackers.com/ransomware-attack-on-albemarle-county/

4. Cybersecurity Awareness Month 2025: Building a Cyber Strong America — tl;dr: October marks Cybersecurity Awareness Month, emphasizing the importance of cybersecurity for government entities and small to medium businesses that protect critical infrastructure in the U.S. This year's theme, 'Building a Cyber Strong America,' highlights the need for stronger defenses against cyber threats. CISA urges all organizations to take immediate action to enhance their cybersecurity measures. Resources and toolkits are available for businesses and local governments to bolster their digital defenses, ensuring the safety of sensitive data and operations. Individuals and families can also access tips and tools to stay safe online.
   ↪ https://www.cisa.gov/cybersecurity-awareness-month

5. UK Schools Face Cybersecurity Threats from Students, Study Reveals — tl;dr: A recent study by the UK's Information Commissioner's Office found that 57% of school cyber breaches were caused by students, primarily through stolen passwords. Motivations included dares, revenge, and financial gain. The report highlights vulnerabilities such as unattended devices and improper permissions, urging schools to enhance cybersecurity measures. However, budget constraints may hinder these improvements. Schools are advised to tighten security protocols and limit student access to sensitive systems to mitigate risks and prevent potential pathways to cybercrime.
   ↪ https://news.risky.biz/risky-bulletin-most-uk-school-hacks-are-caused-by-their-own-students/

Featured LufSec Resource

Career Coaching (First Session Free) — Roadmap, portfolio, and interview prep.
Explore →

Connect with LufSec

• YouTube: https://www.youtube.com/@lufsec
• Instagram: https://www.instagram.com/lufsec