Supply Chain Attack

Security Alert: Iberia Airlines Reports Customer Data Breach Iberia Airlines, part of the International Airlines Group (IAG) along with British Airways and Aer Lingus, has notified its customers about a security incident that compromised personal information. The data breach originated through an Iberia supplier, underscoring the inherent risks to supply chain security. The airline began sending notifications to customers over the weekend, revealing that the incident involved unauthorized access to a supplier’s systems. ...

Multiple security companies have warned of a second wave of attacks affecting the npm registry, reminiscent of the Shai-Hulud attack of September 2025. This new campaign, called Sha1-Hulud, has compromised hundreds of npm packages between November 21 and 23, 2025. According to Wiz researchers, the new variant of the attack executes malicious code during the preinstall phase, significantly increasing exposure in build and runtime environments. The Evolution of the Sha1-Hulud Attack The Sha1-Hulud attack shares similarities with the previous wave, which also posted stolen secrets on GitHub under the description “Sha1-Hulud: The Second Coming.” The previous wave was characterized by compromising legitimate packages to search for secrets on developer machines using the TruffleHog credential scanner and propagate in a self-replicating manner. ...