-
Leader Board: 35 new Portland-area executives you should know (Q1 2025)
Welcome to the latest installment of Leader Board, a quarterly feature in which we introduce Business Journal readers to executives who are new to their positions.
-
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined…
-
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in…
-
GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for…
-
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. “Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial…
-
Portland fast food startup Face Plant wants to dethrone McDonald’s
Portland entrepreneur Matt Plitch’s latest startup, Face Plant, is a fast food concept on a mission to take down McDonald’s by building the most beloved fast food brand in the world.
-
PwC committing to downtown with new office lease
PwC has had a physical presence in downtown Portland for more than 20 years.
-
OHSU names Brian Druker’s interim successor for Knight Cancer Institute CEO
Dr. Shivaani Kummar is taking over the top job at the Knight Cancer Center from Dr. Brian Druker.
-
Portland restaurant specializing in Chinese comfort food to close
The restaurant specializes in steamed xiao long bao soup dumplings and Chinese comfort food. Its owners announced the closing in its customer newsletter Thursday.
-
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. “UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in…
