Cyber Digests

A widespread supply chain attack, dubbed 'GhostAction,' compromised hundreds of GitHub repositories by injecting malicious workflow files to exfiltrate over 3,325 CI/CD secrets, including publishing tokens and cloud credentials, which led to attempts to access AWS environments and database services. The campaign affected 327 developers across 817 repositories, impacting projects in multiple programming languages and entire SDK portfolios.

A newly identified APT group, Noisy Bear, is conducting a highly targeted campaign against Kazakhstan's energy sector, employing sophisticated social engineering and a multi-stage infection chain, utilizing open-source offensive tools and infrastructure from a sanctioned Russian hosting provider. The group uses spear-phishing from compromised internal accounts to deliver malicious LNK files and inject Meterpreter shellcode.

A zero-day vulnerability in WhatsApp iOS and macOS clients was exploited in a sophisticated zero-click attack chain, allowing remote attackers to deliver spyware without user interaction, and security experts recommend urgent updates and device resets to mitigate the risk. The attack highlights a rising trend of advanced threat actors chaining multiple zero-day vulnerabilities to evade security controls and achieve device compromise.