Multiple Supply Chain Attacks Rattle Tech Sector as Ransomware and Credential Abuse Campaigns Continue
Summary
This intelligence brief for June 22, 2026, covers a surge in sophisticated supply chain attacks, with North Korean actors targeting the Mastra AI framework and the Icarus group breaching Klue to access customer Salesforce data. Concurrently, the 'FortiBleed' campaign is exploiting weak credentials on Fortinet devices globally, while 'The Gentlemen' ransomware group disrupts critical infrastructure in Australia. These incidents highlight a landscape dominated by identity-based attacks and exploitation of the software supply chain, demanding urgent review of third-party risk and access controls.
Today New Articles
North Korea's Sapphire Sleet Blamed for Mastra AI Framework Supply Chain Attack on NPM
Microsoft has attributed a major software supply chain attack targeting the Mastra open-source AI framework to Sapphire Sleet, a North Korean state-sponsored threat actor also known as APT38. On June 17, the attackers compromised an NPM maintainer's account an...
New 'OXLOADER' Malware Uses Malicious Google Ads to Distribute CastleStealer Infostealer
A malvertising campaign (REF8372) is abusing Google Ads to distribute a new, sophisticated malware loader named OXLOADER. Users searching for legitimate software like 'node.js' are tricked into downloading a script from a fraudulent website. The script execute...
'AryStinger' Botnet Enslaves Thousands of Outdated D-Link Routers
A newly discovered botnet named AryStinger has compromised at least 4,300 end-of-life D-Link routers and some NAS devices across the globe. The botnet exploits vulnerabilities that were disclosed 13 years ago, highlighting the persistent danger of unsupported...
Massive Malware Campaign Spreads via Compromised WhatsApp Accounts, Abusing User Trust
Kaspersky's research team has uncovered a widespread malware campaign targeting users of WhatsApp Desktop and Web. Attackers are using compromised WhatsApp accounts to send malicious VBScript files to the victims' contacts. The files are disguised as business...
Qilin Ransomware Group Claims Attack on U.S. Telecom Provider Q Link Wireless
The Qilin ransomware group (also known as Agenda) has claimed responsibility for a cyberattack against Q Link Wireless, a major U.S. telecommunications provider. On June 16, 2026, the group added the company to its dark web leak site, employing a double extort...
Armis Proposes 'Release-Age Policy' to Defend Against Zero-Day Supply Chain Attacks
Cybersecurity firm Armis has proposed a new defensive strategy called 'release-age policy enforcement' to combat the increasing speed of software supply chain attacks. The approach aims to close the critical 48-72 hour window where malicious packages can be wi...
Article Updates
U.S. Governments Brace for Sophisticated AI-Driven Cyber Threats
Update:A joint warning from the Five Eyes intelligence alliance, including the NSA and CISA, states that advanced AI hacking models will be publicly available 'within months,' not years. This significantly accelerates the timeline for AI-driven cyber threats, with sp...
Ransomware Attack by 'The Gentlemen' Shuts Down Major Australian Sugar Producer
Update:Further analysis of 'The Gentlemen' ransomware attack on Mackay Sugar reveals the group's advanced tactics. They utilize a custom Go-based encryptor with worm-like capabilities for rapid network propagation and an EDR-evasion suite called 'GentleKiller' to dis...
Texas Data Breach Exposes Personal Info of 3 Million Hunting & Fishing License Holders
Update:The Texas Parks and Wildlife Department data breach, stemming from a third-party vendor, now confirms 3,087,721 affected individuals, a more precise figure than initially reported. In addition to driver's license and passport numbers, email addresses have been...
FortiBleed Carnage: 86,000+ Fortinet Devices Exposed in Massive Credential Leak
Update:International cybersecurity agencies, including CISA, have issued a joint advisory regarding the ongoing FortiBleed campaign. This update reinforces the widespread nature of the threat, emphasizing that attackers are leveraging credential stuffing (T1110.004)...
WordPress Supply Chain Hit Again: ShapedPlugin Update Mechanism Compromised
Update:New analysis by Check Point Research reveals that the supply chain attack on ShapedPlugin distributed a hidden, fake WooCommerce plugin. This malicious payload is specifically designed to steal critical credentials, including WordPress administrator logins, da...
New 'Icarus' Extortion Group Hits Klue, Steals Customer Salesforce Data via OAuth Attack
Update:New details reveal the Klue supply chain breach originated from a compromised legacy credential, allowing attackers to inject malicious code and harvest OAuth tokens. The Icarus group used these tokens to access not only Salesforce but also Gong environments o...