Security Bulletin September 25

September 24, 2025

By Rodrigo Luna

NPM Compromises Expose Critical Weakness in the Software Supply Chain

In September 2025, two major NPM compromises exposed the fragility of the software supply chain—from phishing-driven credential theft to the wormable Shai-Hulud attack. This bulletin details how open-source trust was exploited and the risks for defenders.

June 5, 2025

By Anna Balabushko

Revolver Rabbit and the Rise of RDGAs

May 20, 2025

By Bruce Skillern

OttoKit WordPress Plugin Vulnerability, CVE-2025-27007

May 8, 2025

By Anna Balabushko

Magecart Campaign Evolution: From Third-Party Supply Chains to 404 Hijacking

May 6, 2025

By Anna Balabushko

Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise

April 28, 2025

By Daniel Rogers

CVE Program Funding Concerns and Emerging Alternatives

April 23, 2025

By Daniel Rogers

ClickFix and the New Era of Social Engineering

April 17, 2025

By Anna Balabushko

Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence

March 26, 2025

By Anna Balabushko

Critical Vulnerabilities in Kubernetes Ingress NGINX Controller

March 25, 2025

By Bruce Skillern

GitHub Action Supply Chain Attack; reviewdog/action-setup

Previous

1 2 3 4 5

Next