From open-source trust failures to mobile surveillance and Chrome token theft on Linux, todayโs threat landscape shows how the weakest link isnโt always obscure โ itโs just overlooked. And thatโs where adversaries thrive.
๐ฆ Over 70 Malicious NPM and VS Code Packages Discovered
Attackers pushed more than 70 packages into NPM and the VS Code Marketplace, leveraging typosquatting and obfuscated payloads to deliver credential stealers. When the dev environment is the entry point, youโre already behind.
๐ https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html
๐ฒ GhostSpy: New Android RAT Steals Banking Info, Bypasses Protections
A new Android remote access trojan (RAT) called GhostSpy has been discovered stealing banking credentials and evading modern security frameworks. It uses accessibility abuse and clever overlays to remain invisible.
๐ https://securityonline.info/ghostspy-advanced-android-rat-steals-banking-info-bypasses-security/
๐งช Chrome Zero-Day Leaks Login Tokens on Linux Systems
A newly disclosed Chrome flaw on Linux could allow attackers to extract stored session tokens, exposing everything from email access to SSO sessions. The flaw has been patched โ but browser trust is once again in question.
๐ https://linuxsecurity.com/news/security-vulnerabilities/chrome-zero-day-flaw-exposes-login-tokens-on-linux
๐งท Weekly Recap: APT Campaigns, Browser Exploits, and App Store Deceptions
From recent zero-days to a spike in deceptive app store listings, The Hacker Newsโ recap shows a steady climb in APT campaigns targeting public-facing platforms and personal endpoints alike.
๐ https://thehackernews.com/2025/05/weekly-recap-apt-campaigns-browser.html
๐ Nova Scotia Hit by Ransomware Attack, Public Services Affected
A ransomware attack disrupted multiple systems across Nova Scotiaโs digital infrastructure, impacting services from healthcare to transit. This isnโt a story of high-value targets โ itโs a story of wide blast radius.
๐ https://cybersecuritynews.com/nova-scotia-ransomware-attack/
๐งฌ Security Culture Still Lags in Critical Sectors, Study Finds
New research shows that while awareness of threats is growing, practical implementation of cyber hygiene in critical industries like energy and healthcare remains inconsistent and fragmented.
๐ http://www.securitymagazine.com/articles/101646
๐งฑ AlmaLinux Patches Security Flaws โ Package Management Still Core Attack Vector
AlmaLinux released ALSA-2025-7425, addressing several low-to-medium severity issues โ a reminder that package managers are not passive tools. They are core to trust and threat propagation.
๐ https://errata.almalinux.org/9/ALSA-2025-7425.html
๐ญ Reflection
Day 146 is a tapestry of access points:
A poisoned package A browser leak A fake login screen A mobile rat A neglected Linux patch
None of them alone is shocking โ but together, they remind me that cybersecurity isnโt about single points of failure. Itโs about the accumulation of blind spots.
As I keep building momentum through CISSP prep and practical analysis, Iโm shifting how I think:
โIs this secure?โ is no longer enough.
Now itโs: โWhere is trust assumed โ and why?โ
Thatโs where the breach begins.
Or where resilience can be rebuilt. ๐ง ๐งฑ๐
