Skip to main content

Tag: supply chain compromise

13 articles

Phone on a desk in a customer service setting with a person working at a computer in the background.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics

A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Analyst 207
Office worker sits at desk with laptop, showing subtle concern on face.

Ransomware Attacks Surge Through Compromised Logins

Ransomware attacks are surging, with a staggering 79% of incidents linked to compromised identities and legitimate user logins, making it the most common entry point for hackers. This marks a significant shift away from traditional software flaw exploitation, now accounting for just 18% of initial attacks.

Analyst 207
Person working on laptop with smartphone nearby in a casual setting.

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft

Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

Analyst 207
Rows of rack-mounted servers and equipment in a brightly-lit server room or data center interior.

FortiBleed Campaign Tied to Lynx Ransomware Operators

Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

Analyst 207
Cluttered computer workstation with laptop and cables in a small, cramped business office setting.

Hackers Exploit Tailscale for Persistent Access After C2 Takedown

Meet Poisson, a French-speaking hacker who left a digital trail of 339 commands over 33 days, revealing a clever exploit that allowed them to maintain persistent access to a small French automotive business even after a C2 takedown. The intruder's step-by-step playbook was surprisingly left in an open storage bucket, giving Cato Networks researchers a glimpse into their tactics.

Analyst 207
Water utility industrial setting with computer systems in background.

UK Water Utility Exposed: Hackers Hid Undetected for 20 Months

In a shocking revelation, hackers secretly lurked on South Staffordshire Water's corporate network for 20 months, evading detection until a performance issue sparked an investigation in July 2022. The stealthy attackers gained unauthorized access via a September 2020 phishing attack, harvesting credentials and even attempting to deploy ransomware before being finally uncovered.

Analyst 207
US government office with row of laptops, hinting at tech industry crackdown.

US Crackdown Targets 'Laptop Farms' Aiding North Korea's Illicit IT Schemes

The US has cracked down on "laptop farms" helping North Korea's illicit IT schemes, sentencing two US nationals to 18 months in prison for enabling North Korean IT workers to remotely work at nearly 70 American companies. This move is part of a federal initiative to shut down North Korea's revenue generation schemes.

Analyst 207
Cracked NHS ID badge lies on hospital trolley amidst tangled cables and a smartphone displaying illicit content in a dimly…

Scottish Healthcare Domains Hijacked, Redirect to Illicit Content

Imagine visiting a trusted healthcare website, only to be redirected to explicit content or illegal streams - that's the alarming reality for some Scottish healthcare domains that have been hijacked. Patients and staff are left with unanswered questions and growing concern after researchers uncovered the breach affecting NHS Scotland-linked sites.

Analyst 207
Jackpotting Surge: Stunning, Costly $20M Hit to Banks

Jackpotting Surge: Stunning, Costly $20M Hit to Banks

An FBI alert reveals ATM jackpotting cost banks $20M in 2025—criminals are now turning cash machines into programmable paydays by exploiting unpatched systems, weak credentials, and supply‑chain gaps. It’s a wake‑up call that security isn’t just about tech—people and processes matter too.

Analyst 207
AI Coding Assistants Exclusive: Alarming Exports to China

AI Coding Assistants Exclusive: Alarming Exports to China

Imagine every line of code you type being quietly copied and sent overseas — researchers now allege two popular AI coding assistants used by 1.5 million developers may be transmitting source code, environment variables and credentials to servers in China.

Analyst 207
Russian Hackers Massive 4.3K Fake Sites Costly Hotel Breach

Russian Hackers Massive 4.3K Fake Sites Costly Hotel Breach

Think twice before clicking that booking confirmation — a Russian-speaking group has spun up more than 4,300 fake hotel and travel sites this year, using spam, AI-tuned lures and compromised booking plugins to mimic confirmations and steal payment and ID details.

Analyst 207
HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy exposes a dangerous VPN invoice backdoor in Korea. Find out how attackers are slipping into billing systems and what you can do to stay protected.

Analyst 207
Cyberattack Disrupts Airports: Exclusive Severe Response

Cyberattack Disrupts Airports: Exclusive Severe Response

What happens when the screens go dark? The recent cyberattack that wiped out kiosks and flight displays forced airport teams to improvise, lengthened queues and sparked a fast, cross‑border scramble to contain the damage and shore up fragile systems.

Analyst 207