Critical Alerts

• Axios npm hack: A sophisticated attack has been identified where a fake Microsoft Teams error was used to hijack a maintainer account, leading to potential supply chain risks.
• LinkedIn Chrome extension scanning: LinkedIn has been reported to scan for over 6,000 Chrome extensions, which could lead to privacy and data security concerns.
• Device code phishing attacks: There has been a 37x increase in device code phishing attacks, attributed to new phishing kits circulating online.

CVE Analysis

• CVE-2016-20052: This critical CVE in Snews CMS allows unauthenticated attackers to upload arbitrary files, including PHP executables, posing a severe risk of remote code execution.
• CVE-2018-25254: A critical buffer overflow vulnerability in NICO-FTP that could allow remote code execution.
• CVE-2026-3666: A high-severity vulnerability in the wpForo Forum plugin for WordPress that allows arbitrary file deletion.

Trends & Patterns

• The surge in device code phishing attacks suggests a shift towards exploiting less secure authentication methods.
• The Axios npm hack highlights the ongoing risks in software supply chains, emphasizing the need for robust access controls and monitoring.

Notable Articles

• An article on the implications of LinkedIn's extension scanning raises questions about user privacy and corporate data policies.
• Analysis of the new phishing kits contributing to the rise in device code phishing attacks.

Recommendations

• Patch Management: Prioritize patching of critical vulnerabilities, especially CVE-2016-20052 and CVE-2018-25254, to mitigate risks of remote code execution.
• Phishing Awareness: Increase user training and awareness on phishing tactics, particularly focusing on device code phishing.
• Supply Chain Security: Review and strengthen access controls for npm and other package managers to prevent account hijacking.
• Privacy Audits: Conduct privacy audits in response to LinkedIn's extension scanning to ensure compliance with data protection regulations.