This Week in Cybersecurity: Software Supply Chain Attacks & Identity Leaks

Cybersecurity news this week highlights once again that software supply chains, widely used tooling, and critical infrastructure remain top targets for sophisticated threat actors. From a major supply chain compromise involving a popular open-source editor to actively exploited zero-day vulnerabilities and critical patch advisories, defenders are being tested on multiple fronts. Below is a roundup of the most significant cybersecurity developments from the past seven days.

🛠️ Zero-Day RCE flaws in Ivanti EPMM under active exploitation

Security researchers confirmed that two critical remote code execution (RCE) zero-day vulnerabilities in Ivanti Enterprise Mobility Management (EPMM) are being actively exploited in the wild. These flaws, now listed in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, can allow attackers to execute arbitrary code on vulnerable systems — making immediate patching essential.

Read more at The Hacker News

📉 Department of Homeland Security employee data leak

A data leak affecting approximately 4,500 employees of the U.S. Department of Homeland Security (DHS), including Border Patrol and ICE agents, was reported after personal information was posted online by a whistleblower. The dataset included names, email addresses, and phone numbers — raising concerns about privacy and personal security for federal personnel.

Read more at NewsNation

🧪 High-severity issues discovered in n8n workflow automation

Researchers disclosed two high-severity vulnerabilities affecting n8n, a popular open-source workflow automation platform. One of the flaws permits authenticated users to trigger remote code execution, potentially compromising connected systems and workflows if exploited — highlighting the importance of securing automation tools.

Read more at The Hacker News

✍️ Notepad++ supply chain breach compromises update system

In one of the most serious open-source supply chain incidents in recent memory, developers of the widely used text and source code editor Notepad++ confirmed that its update infrastructure was compromised for roughly six months between June and December 2025. Attackers out of China hijacked the shared hosting environment and selectively redirected some update requests to malicious servers, delivering tainted installers to targeted users rather than legitimate updates. The breach did not involve a flaw in the Notepad++ code itself but exploited an insecure update mechanism that lacked strict certificate and signature verification in older versions. The project has since migrated to a new hosting provider and hardened its update process, and users are urged to update to the latest version.

Read more at Reuters

⚠️ Microsoft patches critical office security flaw exploited in the wild

Microsoft issued an emergency update to address a critical Office vulnerability (CVE-2026-21509) that was actively exploited by threat actors. The flaw allowed specially crafted documents to bypass built-in protections and execute malicious code, with the potential for credential theft or broader system compromise. This patch underscores the importance of applying updates promptly, especially for software that is deeply embedded in enterprise workflows.

Read more at Tech Radar

🧬 OpenSSL libraries receive high-severity patch update

A new OpenSSL release patched a series of vulnerabilities, including a high-severity remote code execution issue. OpenSSL is foundational to secure networking protocols such as HTTPS, and this update, which fixes a dozen flaws, should be applied quickly to reduce exposure in servers and embedded systems relying on it for cryptographic functions.

Read more at Security Week

Final thoughts

This week’s cyber news emphasizes the diversity and persistence of modern threats — from supply chain compromises and zero-day exploits to legacy protocol exposures and critical infrastructure risks. The Notepad++ breach, in particular, is a stark reminder that even trusted open-source tools can become vectors for sophisticated attacks if update and distribution channels are not rigorously protected.

For defenders, the key takeaways remain consistent: maintain timely patching practices, enforce strong authentication and update validation, and adopt robust monitoring to detect anomalous activity. Keeping software up to date — especially components that operate at the heart of secure communications or daily workflows — is essential to reducing risk.