CISA's Busy Week: Microsoft SCCM Under Attack While Supply Chain Security Gets a Mixed Report Card
CISA’s Busy Week: Microsoft SCCM Under Attack While Supply Chain Security Gets a Mixed Report Card
If you’ve been following CISA’s advisory feed this week, you might have noticed they’ve been particularly active. We’re seeing active exploitation of several critical vulnerabilities, including a Microsoft Configuration Manager flaw that’s been flying under the radar since October, plus some sobering reminders about just how far-reaching data breaches can be when basic security controls aren’t in place.
The Microsoft SCCM Problem That Won’t Go Away
Let’s start with the big one: CISA just flagged a critical Microsoft Configuration Manager vulnerability that’s now being actively exploited in the wild. This is particularly frustrating because Microsoft actually patched this remote code execution flaw back in October 2024. We’re now in February, and attackers are still finding unpatched SCCM instances to compromise.
For those of us managing enterprise environments, this hits close to home. SCCM (now called Configuration Manager) is everywhere in corporate networks, often with elevated privileges needed to push software updates and manage endpoints. When these systems get compromised, attackers essentially get the keys to your entire infrastructure.
The timing of CISA’s emergency directive tells us that federal agencies are probably seeing active compromise attempts, which means the rest of us should assume we’re targets too. If you’re running Configuration Manager in your environment, this needs to be your top priority patch this week.
Supply Chain Security: Progress with Asterisks
On a somewhat more positive note, npm has been working to strengthen their supply chain security following the Sha1-Hulud incident from late 2025. Their recent authentication overhaul represents a solid step forward, but as the security community knows all too well, there’s no silver bullet for supply chain attacks.
What’s encouraging is seeing npm take proactive steps rather than just responding to incidents. The authentication improvements should make it harder for attackers to inject malicious packages or compromise existing ones. But we still need to remember that supply chain security is fundamentally about trust, and no single platform change can solve that completely.
For development teams, this is a good reminder to keep those dependency scanning tools updated and to actually review what’s in your package.json files. I’ve seen too many projects pulling in hundreds of dependencies without anyone really knowing what they all do.
The Broader Attack Picture
CISA’s warnings this week weren’t limited to Microsoft. They’re also tracking active exploitation of SolarWinds and Notepad++ vulnerabilities, with the SolarWinds issue particularly concerning since it was likely being exploited as a zero-day since December 2025 before being disclosed at the end of January.
This pattern should sound familiar by now. We keep seeing vulnerabilities that get exploited for months before they’re discovered and patched. It’s a stark reminder that our detection capabilities still have significant blind spots, especially when it comes to sophisticated attackers who know how to stay quiet.
When Basic Security Fails Spectacularly
Sometimes the most sobering security news comes from breaches that didn’t require any sophisticated zero-days or supply chain attacks. The recent breach of Senegal’s national biometric database exposed personal records and biometric data for nearly 20 million residents - essentially the entire population.
The group behind this, calling themselves Green Blood Group, managed to steal incredibly sensitive data that includes biometric information. This isn’t just about credit card numbers that can be replaced - biometric data is permanent. Once it’s compromised, there’s no issuing new fingerprints.
What makes this particularly troubling is that it highlights the “security maturity” gap that exists in many organizations and governments worldwide. When you’re handling biometric data for an entire nation, the security controls need to be bulletproof. The fact that this breach happened suggests some fundamental security practices weren’t in place.
Justice Delayed but Not Denied
On the accountability front, we’re seeing some movement on older cases. A 29-year-old Polish hacker was just charged in connection with a data breach that hit Morele.net and exposed 2.5 million customer records. The interesting part? This breach happened seven years ago.
While it’s good to see law enforcement following through on cybercrime cases, the timeline here shows just how long these investigations can take. For organizations dealing with breaches today, this is a reminder that the legal and regulatory consequences can stretch out for years, even after you think you’ve moved past the incident.
What This Means for Our Day-to-Day Work
Looking at this week’s news as a whole, a few themes stand out. First, patch management remains absolutely critical, especially for infrastructure components like SCCM that have broad network access. Second, supply chain security is improving but still requires vigilance from development teams. And third, basic security hygiene becomes exponentially more important when you’re handling sensitive data like biometric information.
The reality is that while we’re seeing some positive developments in areas like npm’s security improvements, attackers are still finding plenty of success with relatively straightforward approaches: exploiting unpatched systems, compromising supply chains, and targeting organizations with weak security foundations.
Sources
- CISA flags critical Microsoft SCCM flaw as exploited in attacks
- npm’s Update to Harden Their Supply Chain, and Points to Consider
- CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities
- Senegalese Data Breaches Expose Lack of ‘Security Maturity’
- Polish hacker charged seven years after massive Morele.net data breach