This week’s update includes a lot of considerations relevant for those that write and store code. It also includes articles on identity management, alternatives to how to meet an organization’s CISO needs, and (of course) recent attacks of note.
Salesloft GitHub Compromise Linked to Salesforce Attack
SecurityWeek reports that Salesloft’s GitHub account was compromised months before the recent Salesforce breach, with attackers quietly stealing OAuth tokens. The incident underscores how developer platforms can be a hidden weak point in the software supply chain.
Read more on SecurityWeek
Why Don’t We Teach or Require Secure Coding?
KnowBe4 explores one of cybersecurity’s biggest blind spots: why secure coding isn’t taught—or demanded—across the industry. The article argues that developers are rarely trained in security, creating systemic vulnerabilities that ripple into every sector.
Read more on KnowBe4
Popular NPM Packages Poisoned in Supply Chain Attack
SecurityWeek warns that widely used NPM packages have been compromised in a fresh supply chain attack. This development highlights the danger of trusting third-party libraries without rigorous monitoring.
Read more on SecurityWeek
Palo Alto Networks Breach Exposes Support Case Data
BleepingComputer reports that Palo Alto Networks disclosed a data breach exposing some customer information tied to support cases. While the company says no critical systems were affected, the incident raises concerns about vendor security.
Read more on BleepingComputer
Cyberattack Disrupts French Regional Healthcare
Infosecurity Magazine details a cyberattack against healthcare services in France that disrupted regional hospitals. The attack reinforces the vulnerability of critical services and the human impact when systems go offline.
Read more on Infosecurity Magazine
Easier to Log In Than Hack In: The Future of IAM
DarkReading highlights how advances in identity and access management (IAM) are making it easier for legitimate users to log in—while making life harder for hackers. Features like passwordless authentication and adaptive security are becoming mainstream.
Read more on DarkReading
The Rise of Fractional CISOs
HelpNetSecurity interviews Nikoloz Kokhreidze of Mandos on the growing trend of fractional CISOs—part-time security leaders who provide expertise without the full-time cost. This model is particularly valuable for nonprofits and smaller organizations.
Read more on HelpNetSecurity
WordPress Targeted by ClickFix and TDS Attacks
DarkReading reports new attack campaigns against WordPress, exploiting plugin vulnerabilities to redirect users through traffic distribution systems (TDS). With WordPress powering so many nonprofit and small business sites, patching remains critical.
Read more on DarkReading
Microsoft Patches 86 Vulnerabilities
SecurityWeek notes that Microsoft has released fixes for 86 vulnerabilities in its latest update cycle, including multiple critical flaws. Staying current with patching remains one of the most effective defenses.
Read more on SecurityWeek
Fortinet, Ivanti, and Nvidia Issue Security Updates
SecurityWeek also reports that Fortinet, Ivanti, and Nvidia released patches addressing significant vulnerabilities. Organizations should prioritize these updates to avoid exploitation.
Read more on SecurityWeek
This HopeNet Cyber Recap is provided as a free resource for nonprofits, churches, and other organizations of hope. To learn more about cybersecurity services or to subscribe, visit HopeNetCISO.com.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com.