Welcome to the weekly highlights and analysis of the blueteamsec subreddit.

First a thank you for the feedback - it has been terribly nice.

Operationally the focus has been around two things this week:

• first, the compromise of the JavaScript package that is ua-parser-js (CISA advisory | technical details). To give some context this package has around 7.8 million downloads a week and was compromised by what looks like a criminal enterprise to deploy a password stealer and a crypto currency miner. Just goes to show you don’t need state level capability to terrify the world just the right pinch point.

• second was Russia and their continued aggressive supply chain pre-positioning to gain downstream customer access. It appears they have felt emboldened by their SolarWinds successes and later campaigns rather than needing to tone it down and behave like a responsible nation.

In the high-level:

• Arrests of 12 in the Ukraine and Switzerland suspected of being involved in ransomware attacks against 1,…