THIS week's threat intelligence briefing highlights a significant increase in software supply chain attacks. Key findings include a spike in vulnerability reports with 2,213 new vulnerabilities detected. The CISA catalog added five critical flaws, particularly focusing on software supply chains. Specific vulnerabilities of note include critical flaws in the Palo Alto Networks PAN-OS, which allows authentication bypass, and multiple vulnerabilities within widely used npm packages.
Active exploits were identified such as in Windows Netlogon and the WP Maps Pro plugin, which can lead to remote code execution and privilege escalation, respectively. Furthermore, JavaScript sandboxes are under threat, with researchers revealing multiple critical vulnerabilities that compromise application security.
Recommended actions for security teams include patching vulnerable systems, auditing npm packages, rotating compromised credentials, and transitioning from software-based isolation to hardware-backed containment.