36 Malicious npm Packages Target Guardarian Infrastructure via Strapi Plugins

A coordinated supply chain attack involving 36 malicious npm packages targeted the cryptocurrency platform Guardarian to steal database credentials and wallet keys. The campaign exploited Redis and Docker vulnerabilities to deploy persistent, fileless backdoors on production Strapi CMS servers.

**If you use Strapi, immediately audit your node_modules for any of these 36 malicious packages: legitimate Strapi plugins are always scoped under @strapi/, so any unscoped strapi-plugin-* package should be treated as suspicious and removed. If any were installed, assume full compromise: rotate all credentials, secrets, and keys, revoke database and API tokens, and investigate your environment for reverse shells or unauthorized cron jobs.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/36-malicious-npm-packages-target-guardarian-infrastructure-via-strapi-plugins-0-y-5-g-3/gD2P6Ple2L

ByteBreach 2026.1 challenge is live!

https://challenge.beyondmachines.net/

The awards are very local, but one can do the challenge for fun and for bragging rights. (hint, it's a numbers station)

https://challenge.beyondmachines.net

DocketWise Data Breach Exposes Sensitive Information of 116,000 Immigration Clients

DocketWise, a cloud-based immigration case management provider, disclosed a data breach affecting 116,666 individuals after unauthorized actors used stolen credentials to clone third-party repositories containing sensitive client data.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/docketwise-data-breach-exposes-sensitive-information-of-116000-immigration-clients-7-g-q-h-f/gD2P6Ple2L

Hong Kong Hospital Authority Data Breach Exposes 56,000 Patient Records

The Hong Kong Hospital Authority reported a data breach affecting at least 56,000 patients after unauthorized data retrieval occurred during contractor maintenance.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/hong-kong-hospital-authority-data-breach-exposes-56000-patient-records-y-v-l-1-4/gD2P6Ple2L

Fortinet Issues Emergency Hotfix for Actively Exploited FortiClient EMS Zero-Day

Fortinet has released emergency hotfix for an actively exploited critical zero-day vulnerability (CVE-2026-35616) in FortiClient EMS that allows unauthenticated attackers to bypass API security and run arbitrary commands.

**If you use FortiClient EMS versions 7.4.5 or 7.4.6, apply Fortinet's emergency hotfix ASAP. It's being actively exploited andcan give attackers full control of your endpoint management server. While you're at it, check your EMS API logs for any signs of unauthorized access or unusual command execution that might indicate you've already been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/fortinet-issues-emergency-hotfix-for-actively-exploited-forticlient-ems-zero-day-p-2-q-w-2/gD2P6Ple2L

Northern Ireland School IT System C2K Hit by Cyber Attack Ahead of Exams

The Education Authority of Northern Ireland's C2K school system suffered a cyber attack that forced the entire network offline and triggered a mandatory password reset for all students and staff. The incident disrupted access to critical learning platforms like Google Classroom and OneDrive during the peak exam revision period.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/northern-ireland-school-it-system-c2k-hit-by-cyber-attack-ahead-of-exams-i-d-v-s-c/gD2P6Ple2L

Uffizi Galleries Targeted in Cyberattack and Ransomware Extortion Attempt

The Uffizi Galleries in Italy suffered a cyberattack on February 1, 2025, involving an alleged infiltration of IT systems and a ransom demand sent to the director.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/uffizi-galleries-targeted-in-cyberattack-and-ransomware-extortion-attempt-e-i-l-w-7/gD2P6Ple2L

Cornick, Garber & Sandler, LLP Reports Data Breach Affecting Over 5,800 Individuals

Cornick, Garber & Sandler, LLP disclosed a data breach affecting 5,864 individuals after unauthorized actors accessed its network for over a month in early 2025. The incident exposed sensitive personal information, including Social Security numbers, taxpayer IDs, and health insurance details.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/cornick-garber-sandler-llp-reports-data-breach-affecting-over-5800-individuals-y-d-l-w-d/gD2P6Ple2L

Progress Software Patches Critical RCE Chain in ShareFile Storage Zones Controller

Progress Software patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in ShareFile Storage Zones Controller that allow unauthenticated attackers to bypass authentication and execute remote code.

**If you manage your own ShareFile storage zones, update to version 5.12.4 or move to version 6 to prevent full system takeover. File transfer tools are high-value targets for ransomware groups, so treat this patch as a top priority. If you can't patch, isolate the instances until they are patched. General isolation doesn't work since these systems are designed to be accessible from the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/progress-software-patches-critical-rce-chain-in-sharefile-storage-zones-controller-6-f-a-f-n/gD2P6Ple2L