Svoboda Cybersecurity Brief June 08, 2025
Jun 08, 2025bulletproof VPN - stay anonymous
Major NPM Supply Chain Attack Compromises Popular Gluestack Packages
A supply chain attack targeted 16 popular NPM packages under the Gluestack ‘react-native-aria’ project, with 960,000 weekly downloads. The malicious code acts as a remote access trojan (RAT), executing commands and performing Windows PATH hijacking. The attack began on June 6, with obfuscated code appended to library files.
Impact: Widespread compromise of applications using these packages, enabling remote code execution and data exfiltration.
Mitigation: Audit dependencies, remove compromised versions (0.2.x), and monitor for suspicious activity.
Source: BleepingComputer
Nigerian Hacker Sentenced for $3.6M Tax Fraud and Identity Theft Scheme
Kingsley Uchelue Utulu, a Nigerian national, was sentenced to 63 months for hacking U.S. tax preparation firms, stealing thousands of identities, and filing fraudulent tax returns. The scheme netted $2.5M from the IRS and $819K from SBA loans. Utulu was extradited from the UK.
Source: DataBreaches.net
Texas DOT Reports Breach of 300K Crash Records
The Texas Department of Transportation disclosed a breach of its Crash Records Information System (CRIS), exposing names, addresses, driver licenses, and insurance details. Unauthorized access occurred via a compromised account on May 12.
Source: DataBreaches.net
Miami Hospital Employee Fired for 5-Year Patient Data Breach
A Jackson Health System employee accessed 2,000+ patient records (names, birthdates, medical details) over five years to promote a personal healthcare business. This follows a 2016 incident and a $2.15M HHS settlement for similar failures.
Source: DataBreaches.net
Malicious NPM Packages Pose as Utilities, Delete Directories
Four NPM packages (biatec-avm-gas-station, cputil-node, lfwfinance/sdk, lfwfinance/sdk-dev) were found to delete project directories upon installation. Attributed to the same threat actors behind the Gluestack attack.
Impact: Data loss and project disruption.
Mitigation: Remove affected packages and verify dependencies.
Source: BleepingComputer
Share this brief: https://svo.bz/erwf
If you want to support us, you can donate here: Donate