Russian/China/NK intelligence phishing/supply: cPanel/SimpleHelp/PAN-OS + Linux waves
Key Questions
What supply chain attacks are highlighted involving GitHub?
Hackers stole around 3,800 internal repositories via a poisoned VS Code extension from Team PCP. The repos were later offered for sale, prompting GitHub investigations.
Which critical vulnerabilities and tools are targeted by Russian, Chinese, and NK actors?
Attacks include Linux Dirty Frag root exploits, cPanel compromises on 44k servers, and PAN-OS zero-days. Additional threats target MS Phone Link 2FA and Bitwarden npm packages.
What is the impact of AI vibe-coding on data leaks?
Thousands of vibe-coded apps on platforms like Replit exposed 5k PII records due to insecure coding practices. This wave increases risks for sensitive data in development environments.
How are phishing and scams evolving in this context?
QR code and NK-related scams are rising alongside GitHub supply chain attacks. Patches and Have I Been Pwned checks are urged to counter these intelligence-driven operations.
What recommendations are given to mitigate these threats?
Users should apply patches promptly, enable MFA, and monitor HIBP for exposures. Awareness of poisoned extensions and vibe-coding risks is essential for developers and organizations.
Linux Dirty Frag root wave; cPanel Mr_Rot13 44k servers; PAN-OS zero-day; MS Phone Link 2FA/Edge PW; Bitwarden npm; AI vibe-coding leaks (Replit 5k PII); QR/NK scams; GitHub 3800 repos via poisoned VS extension (Team PCP, now linked to Shai-Hulud npm compromising 600 packages); Huawei/Luxembourg telecom link for EU infrastructure. Patches/HIBP.