This issue: Scattered Spider targets finance, npm worm steals credentials, myths about mobile MitM, why “vibe coding” needs security, eSIM hacks and risks to airline systems
Scattered Spider Resurfaces With Financial Sector Attacks
Scattered Spider may have claimed retirement, but new evidence shows the cybercrime group is very much alive - and now targeting financial services. ReliaQuest reports attackers are using social engineering to hijack executive accounts, escalate privileges through Azure and Veeam, and attempt data theft from cloud platforms like Snowflake and AWS.
Many developers assume TLS alone protects their mobile apps from Man-in-the-Middle attacks, but that’s a dangerous myth. In reality, TLS can be bypassed, static certificate pinning creates operational risks, and on-device MitM can expose APIs at scale. We break down the three most common myths around MitM protection in mobile, explains why they persist, and solutions that work.
AI-driven “vibe coding” delivers software at the speed of a prompt - but is this at the cost of security? This Lawfare article explores how replacing human review with AI agents risks hallucinated dependencies, hidden vulnerabilities, and compliance issues that can leave systems exposed.
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials
A new self-replicating “worm” has shaken the npm ecosystem, trojanizing over 500 packages and stealing secrets from developer machines and CI pipelines. Dubbed Shai-Hulud, this supply chain attack spreads automatically across maintainers’ packages, exfiltrates tokens and cloud keys, and persists via GitHub workflows - making it one of the most severe JavaScript threats to date.
Recent research from AG Security Research reveals a worrying path to eSIM compromise: by extracting keys from widely used eUICC chips via temporary physical access, attackers can install malicious Java Card apps over-the-air that enable profile theft, eSIM cloning, silent eavesdropping, or even bricking devices - and those backdoors can persist undetected by operators.
Airline Cybersecurity: Why Mobile Apps Are the New Frontline
From WestJet to Qantas, recent breaches highlight how vulnerable airlines are to cyberattacks on mobile apps and APIs. Traditional defenses like gateways and firewalls can’t tell genuine apps from malicious clones, leaving systems exposed. We look at the threat landscape and how to block fake clients, prevent reverse engineering, and protect passenger data - ensuring only trusted apps connect to airline systems.
