Coinbase experienced a sophisticated supply chain attack affecting 218 GitHub repositories due to a compromised GitHub Action. Although sensitive assets were not exploited, the breach highlights vulnerabilities in open-source repositories. Meanwhile, the FBI warns of malicious online file converters that steal information and spread malware. Users should verify sources and maintain cyber hygiene.

A phishing campaign targeting around 12,000 GitHub repositories employs fake “Security Alert” messages to deceive developers into authorizing a malicious OAuth app, risking full account compromise. Simultaneously, a newly disclosed Apache Tomcat vulnerability (CVE-2025-24813) is being exploited for remote code execution, threatening multiple versions. Immediate vigilance and updates are essential.

Security researchers have identified hidden commands in the widely used ESP32 Bluetooth chip, posing threats like device impersonation and unauthorized data access. Concurrently, U.S. cities are experiencing a surge in phishing scams related to parking tickets, urging vigilance among residents to avoid falling victim. Comprehensive security measures and awareness are essential.

Microsoft has revealed the Storm-2139 cybercrime network, exploiting Azure OpenAI services for malicious activities. The group uses stolen credentials to generate harmful content, prompting Microsoft to pursue legal action. Additionally, a Chinese hacking group exploited a VPN vulnerability to breach operational technology organizations globally, highlighting a critical need for enhanced cybersecurity measures.

Google Cloud has introduced quantum-safe digital signatures in its Cloud KMS, addressing post-quantum cryptographic security. This move, alongside Microsoft’s Majorana 1 chip advancement, highlights the urgency for organizations to adopt quantum-resistant encryption. Experts warn that the potential of quantum computing necessitates immediate migration to post-quantum cryptography to safeguard critical data.