New Hak5 Video: Weekly Cybersecurity News Summary

In this new video from the @hak5 channel, Alli Diamond presents a weekly summary of cybersecurity news. Several crucial topics are discussed, including recent Cloudflare outages and software supply chain attacks on NPM.

On November 18, 2025, Cloudflare experienced a major outage that lasted approximately six hours, with most issues resolved within three hours. Unlike previous outages, this one was not related to a DNS problem. Cloudflare's CTO explained on Twitter that the incident was due to a bug in the service used for bot migration, caused by a configuration change. This bug led to cascading problems for many of Cloudflare's services. The outage was caused by a change in the permissions of a database system, which generated multiple entries in a feature file used by the bot management system. This file doubled in size and was propagated throughout Cloudflare's network, causing major errors. The bot management system, which assigns scores to incoming requests to control bot access, was particularly affected. Cloudflare's status page was also unavailable, leading many to believe it was a cyberattack, although this was not the case. This outage was the most severe since 2019, raising questions about the overall reliability of the internet.

Meanwhile, NPM was targeted by a new series of critical software supply chain attacks by the same group that had infiltrated NPM packages a few months earlier. The group, named Singularity, introduced a more advanced version of the Shy Halude worm. This worm was first detected in the Async API CLI project repository and spread to more than 36 NPM packages maintained by the Async API team. This new version of the worm used the bun runtime to execute its code, infecting 100 packages at a time instead of 20. If the worm could not authenticate against NPM or GitHub, it would delete all files in the user's personal directory. The repos created to publish secrets were randomly named, making their detection more difficult. As of the publication date, more than 26,000 repos on GitHub matched the search pattern, affecting over 500 packages with a total of more than 132 million monthly downloads. Packages from major companies like Zapier, ENS Domains, Postman, Post Hog, and Voice Flow were affected.

The Watchtower team also highlighted the risks associated with using online code formatting sites. By exploring two popular sites, jsonformatter.org and codebeautify.org, they discovered that sensitive information, including database credentials, repository keys, and PII, was easily accessible through publicly saved pages. This information came from various industries, including governments, MSSPs, and banks. Despite the Watchtower team's attempts to contact the affected organizations, many did not respond.

Alli Diamond concludes by emphasizing the importance of vigilance in cybersecurity and invites viewers to share their thoughts on recent incidents. She also announces that she has accepted a full-time job offer but will continue to produce Threatwire in parallel.

To learn more, watch the full video: https://www.youtube.com/watch?v=fYzMBowlFtQ