Cyber Security Headlines Scattered Spider, LAPSUS$, ShinyHunters join forces, Nikkei data breach impacts 17k people, React Native NPM flaw leads to attacks
8 snips
Nov 5, 2025 A trio of hacker groups, Scattered Spider, LAPSUS$, and ShinyHunters, has unified into a powerful collective. A significant data breach at Nikkei affects 17,000 individuals, exposing sensitive information. Additionally, a serious flaw in React Native's NPM leaves users vulnerable to remote code execution attacks. Meanwhile, data theft incidents are soaring, with millions of records compromised across various institutions. Cybersecurity remains a pressing concern, as threats evolve and impact organizations globally.
AI Snips
Chapters
Transcript
Episode notes
Crime Groups Merged Into One Collective
- Three cybercrime groups merged into a single collective called Scattered Lapsus Hunters (SLH).
- Trustwave says SLH mixes profit-driven crime with hacktivist theatrics and runs extortion-as-a-service across Telegram.
Respond Quickly After Credential Theft
- Nikkei disclosed a Slack breach after malware stole an employee's credentials, exposing 17,368 people.
- Reset affected passwords and notify regulators promptly to limit fallout and meet legal duties.
Patch React Native CLI Immediately
- A critical React Native CLI NPM flaw allowed unauthenticated arbitrary code execution via crafted POST requests.
- Update the React Native package immediately to apply Meta's patch and protect developer machines running Metro servers.