https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.aikido.dev%2Fblog%2Fmini-shai-hulud-antv-npm-supply-chain-attack&data=05%7C02%7Ckimberly.kaleta%40sra.io%7Cdd52318a082b4e986c8d08deb83486d8%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639150732908655853%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qOWF%2Fm0izFh07Cs%2B0AyDNT6sxdN%2B6Svq5U9B4IpTsiw%3D&reserved=0#new_tab 2026-05-22T19:31:53Z Security Risk Advisors en Mini Shai-Hulud supply chain worm compromises hundreds of npm packages and forges valid Sigstore provenance to evade trust controls. 2026-05-22T19:31:53Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fwebworm-new-burrowing-techniques%2F%23iocs&data=05%7C02%7Ckimberly.kaleta%40sra.io%7C78460625de9d4dbe810a08deb8347b1f%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639150732703845136%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=R7fI7IoewAEKJhbwY%2BunGuymk1kQNIGWZQXFfsxI5Hc%3D&reserved=0#new_tab 2026-05-22T19:30:42Z Security Risk Advisors en 🚩 China-aligned Webworm expands espionage operations with Discord and Microsoft Graph API malware plus stealth proxy infrastructure. 2026-05-22T19:30:42Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ox.security%2Fblog%2Fnorth-korean-npm-infostealer-rat%2F&data=05%7C02%7Ckimberly.kaleta%40sra.io%7Ce287724e32554fd5b18908deb83478da%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639150732671509078%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=1dgHVePnevZhYwxykcv6mXdLzEXEMtmD86KUzuOpEAQ%3D&reserved=0#new_tab 2026-05-22T19:29:19Z Security Risk Advisors en 🚩 North Korean-linked npm malware targets developers with Telegram theft, SSH key harvesting, and full remote access capabilities. 2026-05-22T19:29:19Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.verizon.com%2Fbusiness%2Fresources%2FT23f%2Freports%2F2026-dbir-data-breach-investigations-report.pdf&data=05%7C02%7Ckimberly.kaleta%40sra.io%7C1fa6940e492940e8e6fa08deb76d63d5%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639149877607257270%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=y94DmOcwROW%2FiMMpMRbS5HU9%2FmsOvAYM7Z%2BU4uu9beU%3D&reserved=0#new_tab 2026-05-21T19:58:12Z Security Risk Advisors en Verizon Releases 2026 Data Breach Investigations Report, Highlighting Vulnerability Exploitation, Ransomware, and Third-Party Risk as Top Drivers of Breaches 2026-05-21T19:58:12Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F26%2Fe%2Fbanana-rat.html&data=05%7C02%7Ckimberly.kaleta%40sra.io%7C7df30420d0664b29504908deb76d62d2%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639149877588660572%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FyoMjCq8nm6HWftewV%2F2OqNUkwior8iQ5xYrB7poQL8%3D&reserved=0#new_tab 2026-05-21T19:57:06Z Security Risk Advisors en 🚩 Banana RAT Banking Trojan Targets 16 Brazilian Financial Institutions With Real-Time Fraud, QR Hijacking, and Polymorphic Payload Delivery 2026-05-21T19:57:06Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Ftracking-tampered-chef-clusters%2F&data=05%7C02%7Ckimberly.kaleta%40sra.io%7Cfe6aa407b979474cb05f08deb76d61d9%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639149877578608437%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Ke3olFODQTFB%2FK0PhOaK%2BuaBMfHecU4IXljEDJl9obI%3D&reserved=0#new_tab 2026-05-21T19:56:00Z Security Risk Advisors en 🚩 TamperedChef malware ecosystem abuses fake productivity apps, malvertising, and signed binaries to silently deploy stealers and RATs at global scale. 2026-05-21T19:56:00Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.levelblue.com%2Fblogs%2Fspiderlabs-blog%2Fyellowkey-and-greenplasma-two-new-windows-zero-days-unveiled&data=05%7C02%7Ckimberly.kaleta%40sra.io%7C1ffee221092d4b49d14708deb69c70f3%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639148980183149298%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FLIcl22QRvjO7V7MBo0Vu1S4zv4u5kzv4gS5DTSGg0M%3D&reserved=0#new_tab 2026-05-20T19:24:41Z Security Risk Advisors en Microsoft Publishes Mitigation Guidance for YellowKey, a Publicly Disclosed BitLocker Bypass Tracked as CVE-2026-45585 2026-05-20T19:24:41Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F05%2F18%2Fstorm-2949-turned-compromised-identity-into-cloud-wide-breach%2F&data=05%7C02%7Ckimberly.kaleta%40sra.io%7Cf27d3935672c4d04ccc308deb69c6fce%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639148980173205086%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=uQgO8YjJto5dfBllQiNYCAcTzOHYxnKF0AsALdt%2FG0c%3D&reserved=0#new_tab 2026-05-20T19:23:32Z Security Risk Advisors en 🚩 Microsoft Details Storm-2949 Cloud Intrusion Leveraging SSPR Abuse, Azure RBAC, and Key Vault Compromise to Exfiltrate Data Across Microsoft 365 and Azure Environments 2026-05-20T19:23:32Z Blog https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2026%2F05%2F19%2Fexposing-fox-tempest-a-malware-signing-service-operation%2F&data=05%7C02%7Ckimberly.kaleta%40sra.io%7Cb3dca4fb8b5d472473c608deb69c6ed4%7C9bdee6ea21c54c1ca6c941dc3d08c310%7C0%7C0%7C639148980158814134%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=CJJ%2Fb6o6SxCUpzPwhoM1IQllLX%2FDm9iUWT3mUojFjpY%3D&reserved=0#new_tab 2026-05-20T19:21:59Z Security Risk Advisors en 🚩 Microsoft Disrupts Fox Tempest, a Malware-Signing-as-a-Service Operation Abusing Microsoft Artifact Signing 2026-05-20T19:21:59Z Blog https://sra.io/blog/navigating-the-npm-attack-surface-defending-against-open-source-supply-chain-compromises/ 2026-05-21T15:54:29Z Security Risk Advisors en Navigating the npm Attack Surface: Defending Against Open-Source Supply Chain Compromises 2026-05-20T14:27:45Z Blog