Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Senior Consultant Kevin Lewis has picked out five security and compliance headlines from the past month that you need to know.

Take a look to find out what our consulting team has been reading this September—plus, scroll to see Kevin’s CISO Pick of the Month for his top new resource for security and compliance professionals this month.

Self-Replicating Worm Targets npm Packages

Researchers uncovered “Shai-Hulud,” a first-of-its-kind self-propagating malware in the npm ecosystem, compromising 500+ packages to exfiltrate GitHub, npm, and AWS credentials. The worm spreads automatically by trojanizing downstream dependencies, creating a cascading compromise across the JavaScript supply chain. Developers are urged to rotate npm tokens, audit environments, and update affected packages immediately.

➡️ Read more

Cloudflare DNS Certificates Mis-Issued

Cloudflare confirmed that 12 TLS certificates were wrongly issued for its 1.1.1.1 DNS service, raising fears attackers could intercept encrypted queries. While Fina CA insists the keys never left its control, Cloudflare says the lapse was “unacceptable” and highlighted its own failure to detect the issue sooner. Microsoft is also under scrutiny for continuing to trust the CA despite its poor track record. All mis-issued certificates have now been revoked.

➡️ Read more

Microsoft Warns of Kerberoasting Attacks

Microsoft is urging IT teams to harden Active Directory against Kerberoasting, a brute-force attack on Kerberos service tickets that threat actors are accelerating with GPUs. Weak service account passwords and legacy RC4 encryption make AD environments especially vulnerable. Microsoft recommends migrating to managed service accounts (gMSA/dMSA), enforcing AES encryption, and auditing SPNs to reduce risk.

➡️ Read more

Russian Hackers Target Microsoft Outlook

Russia’s APT28—also known as “Fancy Bear”—is deploying a new Outlook-based backdoor called “NotDoor” that uses malicious VBA macros to exfiltrate data, run commands, and deliver malware. The attack abuses DLL sideloading in OneDrive.exe to bypass defenses and waits for trigger words in attacker-sent emails to activate. Once triggered, NotDoor enables persistent access, covert exfiltration, and file uploads—showing APT28’s continued ability to evolve past traditional security controls.

➡️ Read more

Apple Unveils New Memory Safety Feature

Apple has introduced Memory Integrity Enforcement (MIE), an always-on memory safety feature that blocks memory corruption attacks—the root cause of many recent macOS vulnerabilities. Built into Apple silicon, MIE is designed to stop buffer overflows, use-after-free, and other exploitation techniques before attackers can chain them together. This comes on the heels of Apple’s recent release of macOS Sequoia 15.7, which includes a host of new security updates.

➡️ Read more

Kevin Lewis
Senior Consultant, Cybersecurity Consulting

CISO Pick of the Month:

What Makes a “Great” Penetration Test? Find Out Next Week

If you rely on pentests for compliance, security, or vendor risk management, you don’t want to miss next week’s webinar! BARR’s own Larry Kinkaid and the penetration testing experts at Psicurity will explain how to choose a qualified pentest provider, what makes a pentest report trustworthy, and common red flags seen in low-quality pentests. Register now to save your seat.

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.