The past week has seen a significant number of cybersecurity incidents, underscoring the persistent and evolving nature of global threats. The headlines highlight a diverse range of attacks and vulnerabilities, from the discovery of new and sophisticated malware families like CHILLYHELL and ZynorRAT, to critical supply chain compromises affecting major software ecosystems.
A phishing campaign on npm led to the hijacking of 18 critical JavaScript packages, while a separate GitHub account compromise resulted in a supply chain attack on 22 companies through a Salesloft-Drift integration.
In addition, an urgent alert has been issued for an actively exploited vulnerability in SAP S/4HANA and Microsoft’s September Patch Tuesday addressed a critical SMB flaw along with 80 other vulnerabilities.
The real world impact of these threats was also felt locally, as Blackpool Credit Union confirmed a cyberattack that exposed its members’ personal data.
Let’s unpack these crucial developments and understand what they mean for your digital safety.
Data of Blackpool Credit Union Members Stolen in Cyberattack
Blackpool Credit Union in Cork, has confirmed a cyberattack that exposed members’ personal data, including names, addresses, contact numbers, dates of birth and account details.
While no funds were stolen, the breached information may have been shared on the dark web.
The incident has been reported to authorities and a forensic investigation is underway. Members are advised to remain vigilant for phishing attempts and other fraud.
View SourceMicrosoft Patch Tuesday: September 2025 Fixes Critical SMB Vulnerability and 80 Flaws
Microsoft’s September 2025 Patch Tuesday addressed a total of 80 vulnerabilities, including 8 Critical and 72 Important flaws.
A standout fix was for CVE 2025 55234, an SMB privilege escalation vulnerability (CVSS 8.8) that could allow attackers to bypass authentication in certain configurations.
The patch also fixed a critical Azure Networking issue (CVSS 10.0), a High Performance Compute remote code execution flaw and a Windows NTLM privilege escalation bug.
Administrators are urged to apply these updates immediately and enable SMB hardening to protect their systems from authentication relay risks.
View SourceGitHub Account Compromise Exposes Salesloft-Drift Supply Chain Attack on 22 Companies
An investigation by Mandiant revealed that a supply chain breach impacting Salesloft and Drift, carried out by the threat actor UNC6395, started with a compromise of Salesloft’s GitHub account.
Between March and June 2025, the attacker downloaded code, added guest users and established malicious workflows. This led to the theft of OAuth tokens from the Drift AWS environment, impacting at least 22 organisations.
Salesloft has taken corrective actions, including rotating credentials and implementing tighter security, while Salesforce has temporarily disabled the Drift app pending further security work.
View SourceNew macOS and Windows Malware “CHILLYHELL” and “ZynorRAT” Discovered
Researchers at Jamf Threat Labs have uncovered two new, highly sophisticated malware families that pose a significant threat:
- CHILLYHELL, a modular backdoor for macOS
- ZynorRAT, a cross platform remote access trojan (RAT) targeting Windows and Linux systems.
CHILLYHELL, written in C++ and attributed to the espionage group UNC4487, was even notarised by Apple, highlighting its stealth. It gathers extensive system data, uses multiple persistence methods and can brute force credentials. Meanwhile, ZynorRAT uses a Telegram bot for command-and-control, allowing for file exfiltration and remote command execution.
Both malware families pose a high risk due to their stealth and capabilities.
View SourceExploit for Critical SAP S/4HANA Vulnerability Now Active
An active exploit for CVE 2025 42957, a severe code injection vulnerability in SAP’s S/4HANA platform, is being abused by threat actors in the wild.
The flaw (CVSS 9.9) allows a low privileged user to inject malicious ABAP code, bypassing authorisation checks and enabling a full system takeover. This could grant attackers access to the operating system and all stored data.
Despite a patch being released on August 11th, 2025, many cloud and on premises instances remain unpatched. System administrators are strongly urged to apply the update immediately to mitigate this high-risk threat.
View SourceHow a Phishing Campaign on npm Compromised 18 Critical Packages
On September 8th, a sophisticated phishing campaign successfully compromised a developer’s account, leading to a major supply chain attack on the npm ecosystem.
Attackers injected heavily obfuscated malicious code into 18 widely used JavaScript packages, which were downloaded over 2 billion times weekly.
The malware was designed to act as a browser based interceptor, hijacking Web3 wallets like MetaMask and redirecting cryptocurrency transactions to attacker-controlled addresses.
While the attack was quickly contained, it highlights the severe vulnerabilities within the software supply chain and the urgent need for stronger security measures.
View SourceReady to Secure Your Business?
The threats are real and they are escalating. While a security checklist is a good start, a proactive strategy is essential to defend against sophisticated attacks like those mentioned in this report.
Secora Consulting is a trusted, CREST accredited cybersecurity partner based in Ireland that provides tailored security posture assessments and penetration testing . We help you uncover your vulnerabilities before attackers do.
Take the next step in securing your business. Contact our expert team at Secora Consulting for a free consultation to discuss your specific cybersecurity needs.