✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨

Under Active Attack

Industry Category

Plastics

Breach intelligence, attack campaigns, and threat reports targeting the Plastics sector.

1 threat report

Page 1 of 1

Explore Other Sectors

Aerospace/Aviation

Airlines/Aviation

Apparel/Fashion

Architecture/Planning

Artificial Intelligence

Artificial Intelligence/Machine Learning

Aviation/Aerospace

Banking/Mortgage

Biotechnology/Greentech

Blockchain/Cryptocurrency

Broadcast Media

Broadcasting Media

Broadcasting/Media

Building Materials

Business Supplies/Equipment

Capital Markets/Hedge Fund/Private Equity

Civic/Social Organization

Civil Engineering

Cloud Computing

Cloud Computing/SaaS

Commercial Facilities

Commercial Real Estate

Computer Hardware

Computer Networking

Computer Software/Engineering

Computer/Network Security

Consumer Electronics

Consumer Services

Critical Manufacturing

Cryptocurrencies

Customer Services

Dating/Personal Services

Education Management

Electrical/Electronic Manufacturing

Emergency Services

Energy/Oil/Solar/Greentech

Entertainment/Movie Production

Environmental Services

Events Services

Facilities Services

Fashion/Apparel

Financial Services

Food Production

Fortune 500 companies

Gambling/Casinos

Government Administration

Government Facilities

Government Relations

Graphic Design/Web Design

Health Care / Life Sciences

Higher Education/Acadamia

Human Resources/HR

Individual/Family Services

Industrial Automation

Information Services

Information Technology/IT

International Affairs

International Trade/Development

Investment Banking/Venture

Investment Management/Hedge Fund/Private Equity

Law Enforcement

Law Practice/Law Firms

Legislative Office

Logistics/Procurement

Luxury Goods/Jewelry

Management Consulting

Marketing/Advertising/Sales

Mechanical or Industrial Engineering

Media Production

Medical Equipment

Medical Practice

Military Industry

Museums/Institutions

Newspapers/Journalism

Non-Profit/Volunteering

Oil/Energy/Solar/Greentech

Online Publishing

Outsourcing/Offshoring

Package/Freight Delivery

Pharmaceuticals

Political Organization

Primary/Secondary Education

Professional Training

Public Relations/PR

Publishing Industry

Railroad Manufacture

Real Estate/Mortgage

Recreational Facilities/Services

Religious Institutions

Renewables/Environment

Research Industry

Retail Industry

Rural Healthcare

Security/Investigations

Staffing/Recruiting

Telecommunications

Trucking/Freight

Venture Capital/VC

Water and Wastewater

Water and Wastewater Systems

Water and Wastewater Treatment

Water, Waste, Steam, and Air Conditioning Services

Water/Wastewater Management

Water/Wastewater/Utilities

Showing 1–1 / 1 reports

Impact· medium

Computer Software/Engineering

27 Malicious npm Packages Turn Dev Ecosystem Into Phishing Playground in 2025

In late 2025, security researchers uncovered a sophisticated supply chain attack leveraging the npm package ecosystem to execute a targeted spear-phishing campaign. Over a five-month period, attackers published 27 malicious npm packages via six aliases, using content delivery networks to host and serve browser-based phishing lures. These lures mimicked document-sharing and Microsoft sign-in portals to trick targeted sales and commercial staff at 25 organizations across manufacturing, industrial automation, healthcare, and allied sectors in the US and Europe. The campaign incorporated advanced anti-analysis checks, obfuscated JavaScript, and honeypot detection to evade security tooling, with hardcoded targets likely sourced from trade show and open-sourced company data. This incident exemplifies the growing abuse of public developer ecosystems and infrastructure in credential theft operations, highlighting an urgent need for organizations to monitor software supply chains and enforce modern, phishing-resistant controls. Attackers' use of legitimate distribution services as resilient hosting and focus on regional, non-IT staff illustrate shifting tactics in supply chain and social engineering threats.

5 months ago

Kill Chain

IC

Initial Compromise(high)

PE

Privilege Escalation(medium)

LM

Lateral Movement(low)

C&C

Command & Control(medium)

E

Exfiltration(high)

I

Impact(medium)

Read Report

[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Looking for threats in a different sector?

Browse All Threat Reports