Nov 26, 2025

Subject: Risky Bulletin: Sha1-Hulud npm Worm Returns with Destructive Behaviors

Sender: risky-biz@ghost.io

Summary:

The Sha1-Hulud npm worm has made a second appearance, infecting over 800 npm libraries. Unlike the first wave, this iteration features destructive behavior that activates if it fails to steal credentials or establish persistence, escalating from data theft to punitive sabotage. Other key cybersecurity news includes a Salesforce breach through Gainsight affecting 200+ customers, CrowdStrike terminating a malicious insider who leaked information to a hacker group, and a hack impacting real estate finance firm SitusAMC affecting banks and loan platforms. Additional reports include various breaches at Dartmouth College, Comcast fined for third-party breach, and ongoing cyber espionage and malware activity from multiple APT groups targeting governments and industries globally.

Key highlights:

– Sha1-Hulud worm now performs destructive sabotage if credential theft fails.

– Salesforce customers impacted by breaches via Gainsight integrations by the Scattered Lapsus$ Hunters group.

– CrowdStrike identifies and fires insider collaborating with hackers.

– SitusAMC suffers breach impacting Wall Street finance customers.

– Numerous cybersecurity advisories, malware reports, APT activities, and legal/policy developments.

For technical details and ongoing updates, visit the full briefing or related security databases.

Subject: The Future of the Software Developer in the Age of AIs

Sender: news@securityweek.com

Summary:

AI-driven coding tools are reshaping software development, prompting a reevaluation of the software engineering role. A new white paper delves into how developers must adapt by focusing less on coding and more on maintainability, security, and managing risks introduced by AI-generated code. It highlights vital skills such as prompt engineering and navigating complex AI systems, and the importance of AI trust platforms centered on developer experience.

Key insights include:

– Adapting to AI-driven code generation and the evolving developer landscape.

– Shifting developer focus towards code security and long-term maintainability.

– Managing AI-generated risks through emerging AI trust management platforms.

The white paper provides a roadmap for navigating challenges and opportunities in AI-assisted software craftsmanship.

Subject: The CyberWire 11.25.25: Real Estate Finance Firm SitusAMC Investigates Breach

Sender: editor@newsletter.n2k.com

Summary:

SitusAMC, a real estate finance technology vendor, discovered a breach on November 12th that compromised corporate and client data, impacting accounting records, legal agreements, and customer information. The FBI is investigating, and major banks including JPMorgan Chase, Citi, and Morgan Stanley may have affected client data.

Other important news covered:

– Russia-linked malware campaign targeting Blender 3D users with malicious files embedding infostealer malware.

– CISA issues advisory on spyware targeting messaging app users, emphasizing threats via phishing and zero-click exploits against high-value targets worldwide.

– Dartmouth College discloses breach from zero-day Oracle E-Business Suite attacks affecting nearly 1,500 Maine residents, with data posted by Clop ransomware gang.

– Multiple upcoming webinars and sponsored events focused on cybersecurity strategies, AI risk management, and agentic access.

The briefing emphasizes awareness around evolving cyber threats to finance, education, and messaging platforms.

Subject: Major US Banks Impacted by SitusAMC Hacks

Sender: news@securityweek.com

Summary:

SecurityWeek reports that multiple major U.S. banks have been impacted by a cyberattack on SitusAMC, a real estate finance technology company. The attack led to client data compromises, with repercussions on corporate and customer information. Investigations by the FBI and notifications to banks have confirmed the seriousness of the breach.

Other critical updates in the issue include:

– CISA warning about spyware targeting users of popular messaging applications.

– AI’s role in augmenting phishing threats and approaches to counter them.

– Oracle Identity Manager zero-day exploitation and ongoing attacks on enterprise software.

– CrowdStrike insider aiding hackers and latest ransomware campaigns targeting major organizations.

– Emerging threats from dark LLMs enhancing cybercrime capabilities.

– Various cybersecurity events, expert insights on AI risks, and important patch announcements across widely used software and infrastructure.

This edition underscores the growing complexity of cybersecurity challenges affecting finance, enterprise software, and emerging AI-driven risks.

Stay Well!