LinkedIn Phishing Targets Finance Execs With Fake Board Invites
Hackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. The campaign was spotted by Push Security, which says it recently blocked one of these phishing attacks that began with a LinkedIn message containing a malicious link. BleepingComputer has learned that these phishing messages claim to be invitations for executives to join the executive board of a newly created “Common Wealth” investment fund.
Source: BleepingComputer

Malicious NPM Packages Fetch Infostealer for Windows, Linux, MacOS
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The packages were uploaded to npm on July 4 and remained undetected for a long period due to multiple layers of obfuscation that helped escape standard static analysis mechanisms. According to researchers at cybersecurity company Socket, the ten packages counted nearly 10,000 downloads and stole credentials from system keyrings, browsers, and authentication services.
Source: BleepingComputer

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines. The campaign has been codenamed PhantomRaven by Koi Security. The attack stands out for hiding malicious code in dependencies by pointing to a custom HTTP URL that fetches packages from an untrusted site, causing npm to download from a malicious source each time a package is installed.
Source: TheHackerNews

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
Major U.S. energy companies are being impersonated in phishing attacks, with threat actors setting up fake domains masquerading as Chevron, ConocoPhillips, PBF Energy, and Phillips 66. Hunt[.]io said it logged more than 1,465 phishing detections linked to this sector over the past 12 months. Cyber threats are evolving faster than most defenses can adapt, and the line between criminal enterprise and nation-state tactics keeps blurring.
Source: TheHackerNews

Major US Telecom Backbone Firm Hacked by Nation-State Actors
Ribbon Communications, an American company that provides backbone technology for communication networks, has been targeted by hackers. The firm says its systems serve critical infrastructure and telecom providers worldwide. In a recent SEC filing, Ribbon confirmed discovering unauthorized access to its IT network in early September 2025, believed to be conducted by nation-state actors.
Source: SecurityWeek