Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline.
The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek.
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises.
The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek.
Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise.
The company, which makes tools and hosts cloud infrastructure for developers, maintains a “small number” of accounts were impacted, but it has yet to share a number or range of known incidents linked to the attack. Vercel created and maintains Next.js, a platform supporting AI agents that’s downloaded more than 9 million times per week, and other popular open-source projects.
Vercel CEO Guillermo Rauch said the company and partners have analyzed nearly a petabyte of logs across the Vercel network and API, and learned malicious activity targeting the company and its customers extends beyond an initial attack that originated at Context.ai.
“Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers,” Rauch said in a post on X.
“Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” he added.
The attack exemplifies the widespread and compounded risk posed by interconnected systems that rely on OAuth tokens, trusted relationships and overly privileged permissions linking multiple services together.
“The real vulnerability was trust, not technology,” Munish Walther-Puri, head of critical digital infrastructure at TPO Group, told CyberScoop. “OAuth turned a productivity app into a backdoor. Every AI tool an employee connects to their work account is now a potential attack surface.”
An attacker traversed Vercel’s internal systems to steal and decrypt customer data, including environment variables it stored, posing significant downstream risk.
The company insists the breach originated at Context.ai, a third-party AI tool used by one of its employees. Researchers at Hudson Rock previously said the seeds of that attack were planted in February when a Context.ai employee’s computer was infected with Lumma Stealer malware after they searched for Roblox game exploits, a common vector for infostealer deployments.
Vercel has not specified the systems and customers data compromised, nor has it described the threat eradicated or contained. The company said it’s found no evidence of tampering across the software packages it publishes, concluding “we believe the supply chain remains safe.”
The company fueled further intrigue in its updated security bulletin, noting that it also identified a separate “small number of customers” that were compromised in attacks unrelated to the breach of its systems.
“These compromises do not appear to have originated on Vercel systems,” the company said. “This activity does not appear to be a continuation or expansion of the April incident, nor does it appear to be evidence of an earlier Vercel security incident.”
It’s unclear how Vercel became aware of those attacks and why it’s disclosing them publicly.
Vercel declined to answer questions, and Mandiant, which is running incident response and an investigation into the attack, referred questions back to Vercel.
Vercel has not attributed the breach to any named threat group or described the attackers’ objectives.
An online persona identifying themselves as ShinyHunters took responsibility for the attack and is attempting to sell the stolen data, which they claim includes access keys, source code and databases. Austin Larsen, principal threat analyst at Google Threat Intelligence Group, said the attacker is “likely an imposter,” but emphasized the risk of exposure is real.
Walther-Puri warned that the downstream blast radius from the attack on its systems remains undefined. “Stolen API keys and source code snippets from internal views are potentially keys to customer production environments,” he said.
The stolen data attackers claim to have “sounds almost boring … but it’s infrastructure intelligence,” Walther-Puri added. “The right environment variable doesn’t just unlock a system — it lets adversaries become that system, silently, from the inside.”
The post Vercel attack fallout expands to more customers and third-party systems appeared first on CyberScoop.
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.
Vercel customers are at risk of compromise after an attacker hopped through multiple internal systems to steal credentials and other sensitive data, the company said in a security bulletin Sunday.
The attack, which didn’t originate at Vercel, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.
An attacker traversed third-party systems and connections left exposed by employees before it hit the San Francisco-based company that created and maintains Next.js and other popular open-source libraries.
Researchers at Hudson Rock said the seeds of the attack were planted in February when a Context.ai employee’s computer was infected with Lumma Stealer malware after they searched for Roblox game exploits, a common vector for infostealer deployments.
Each of the companies are pinning at least some blame for the attack on the other vendor.
Context.ai on Sunday said that breach allowed the attacker to access its AWS environment and OAuth tokens for some users, including a token for a Vercel employee’s Google Workspace account. Vercel is not a Context customer, but the Vercel employee was using Context AI Office Suite and granted it full access, the artificial intelligence agent company said.
“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive,” Vercel said in its bulletin.
The company said a limited number of its customers are impacted and were immediately advised to rotate credentials. Vercel, which declined to answer questions, did not specify which internal systems were accessed or fully explain how the attacker gained access to Vercel customers’ credentials.
Vercel CEO Guillermo Rauch said customer data stored by the company is fully encrypted, yet the attacker got further access through enumeration, or by counting and inventorying specific variables.
“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,” he said in a post on X. “They moved with surprising velocity and in-depth understanding of Vercel.”
A threat group identifying itself as ShinyHunters took responsibility for the attack in a post on Telegram and is attempting to sell the stolen data, which they claim includes access keys, source code and databases.
The attacker “is likely an imposter attempting to use an established name to inflate their notoriety,” Austin Larsen, principal threat analyst at Google Threat Intelligence, wrote in a LinkedIn post. “Regardless of the threat actor involved, the exposure risk is real.”
Vercel also warned that the attack on Context’s Google Workspace OAuth app “was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations.” It published indicators of compromise and encouraged customers to review activity logs, review and rotate variables containing secrets.
Context and Vercel said their separate and coordinated investigations into the attack aided by CrowdStrike and Mandiant remain underway.
The post Vercel’s security breach started with malware disguised as Roblox cheats appeared first on CyberScoop.
OpenAI updated its security certificates and is requiring all macOS users to update to the latest versions after determining its products, along with many others, were impacted by a widespread supply-chain attack that briefly infected a popular open-source library in late March, the company said in a blog post Friday.
The artificial intelligence vendor said it “found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.”
Yet, because a GitHub workflow the company uses to sign certificates for macOS applications downloaded and executed a malicious version of Axios, the company is treating the soon-to-be defunct certificate as compromised.
A North Korean hacking group injected malware into two versions of Axios after it compromised the lead maintainer’s computer via social engineering and took over his npm and GitHub accounts. Jason Saayman, the lead maintainer for Axios, said the malicious versions of the software were live for about three hours before removal.
Google Threat Intelligence Group, which tracks the threat group as UNC1069, said the impact of the attack was broad with ripple effects potentially exposing other popular packages. The JavaScript libraries flow into dependent downstream software through more than 100 million and 83 million downloads weekly.
The attack was discovered just weeks after a series of other open-source tools, including Trivy, were compromised by UNC6780, also known as TeamPCP, resulting in aggressive extortion attempts.
OpenAI insists the malware that infected Axios did not directly impact its certificate, which is designed to help customers confirm they are downloading legitimate software.
“The signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors,” the company said in the blog post. “Nevertheless, out of an abundance of caution we are treating the certificate as compromised, and are revoking and rotating it.”
Older versions of OpenAI’s macOS apps may lose functionality and will no longer be supported when the certificate is fully revoked May 8, the company said.
OpenAI, which hired a third-party digital forensics and incident response firm to aid its investigation and response, pinned the root cause of the security issue on a misconfiguration in its GitHub workflow. The company said it corrected that error and worked with Apple to ensure fraudulent apps posing as OpenAI cannot use the impacted certificate.
The 30-day window is designed to minimize disruption for users, but OpenAI said it will speed up the revocation deadline if it identifies any malicious activity. The company did not immediately respond to a request for comment.
The post OpenAI’s Mac apps need updates thanks to the Axios hack appeared first on CyberScoop.
SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories.
The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on compromises and threatening extortion attempts.
“We know over 1,000 impacted SaaS environments right now that are actively dealing with this particular threat campaign,” Charles Carmakal, chief technology officer at Mandiant Consulting said during a threat briefing held in conjunction with the RSAC 2026 Conference. “That thousand-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000.”
Attackers stole a privileged access token and established a foothold in Trivy’s repository automation process by exploiting a misconfiguration in the tool’s GitHub Actions environment in late February, Aqua Security said in a blog post.
On March 1, the company tried to block an ongoing breach by changing its credentials. They later realized the attempt failed, which allowed the attacker to stay in the system using valid logins. Attackers published malicious releases of Trivy on March 19.
“While this activity initially appeared to be an isolated event, it was the result of a broader, multi-stage supply-chain attack that began weeks earlier,” Aqua Security said in the blog post.
By compromising the tool, attackers gained access to secrets for many organizations, Carmakal said. “There will likely be many other software packages, supply-chain attacks and a variety of other compromises as a result of what’s playing out right now.”
Mandiant expects widespread breach disclosures, follow-on attacks and a variety of downstream impacts to play out over the next several months.
The attackers, which the incident response firm has yet to name, are collaborating with multiple threat groups mostly based in the United States, Canada and United Kingdom. These cybercriminals “are known for being exceptionally aggressive with their extortion,” Carmakal said. “They’re very loud, they’re very aggressive.”
Mandiant is still working to identify the root of the initial attack. “We can’t quite tell how those credentials were stolen, because it is our belief that those credentials were not stolen from that victim’s environment,” Carmakal said.
The credentials were likely stolen from another cloud environment, a business process outsourcer, partner or the personal computer of an engineer, he added.
Aqua said Sygnia, which is investigating the attack and assisting in remediation efforts, identified additional suspicious activity Sunday involving unauthorized changes and repository changes — activity that is consistent with the attacker’s previously observed behavior.
“This development suggests that the incident is part of an ongoing and evolving attack, with the threat actor reestablishing access. Our investigation is actively focused on validating that all access paths have been identified and fully closed,” the company said.
Aqua, in its latest update Tuesday, said it is continuing to revoke and rotate credentials across all environments and claimed there is still no indication its commercial products are affected.
Many attackers are currently weaponizing access and likely targeting additional victims, yielding to potential extortion attempts and the compromise of additional software, Carmakal said.
“It’s going to be a different outcome for a lot of different organizations,” he said. “This will be a very concentrated focus of the adversaries and their expansion group of partners that they’re collaborating with right now.”
The post Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack appeared first on CyberScoop.
Washington has rediscovered consequences. Just not consistently.
The March 6 executive order rests on a simple, correct idea: cyber-enabled fraud persists because it is profitable, scalable, and too often tolerated. So the government’s answer is to raise the cost. More coordination. More disruption. More prosecutions. More diplomatic pressure on the states that shelter these operations.
Good.
But weeks ago, an OMB Memo rescinded earlier federal software supply chain memos issued during the Biden administration. In practice, that pulled back from the prior attestation-centered model and made tools like the Secure Software Development Attestation Form and SBOM requests optional rather than durable expectations.
Put plainly, we are getting tougher on the people exploiting digital systems while getting softer on the conditions that make those systems so easy to exploit.
The executive order gets something important right. Cyber-enabled fraud is not a collection of random online annoyances. It is an industrialized form of predation: ransomware, phishing, impersonation, sextortion, and financial fraud that’s run as repeatable business models, often transnational and sometimes protected by permissive states. The order responds with a more centralized federal posture built around disruption, coordination, intelligence sharing, prosecution, resilience, and international pressure.
That is directionally correct. Criminal ecosystems do not retreat because we publish better guidance. They retreat when the cost of doing business rises.
But then we arrive at software.
The critique of the old federal assurance regime is not entirely wrong. Compliance can become theater. Bureaucracies are very good at turning legitimate security goals into rituals of form collection and checkbox management. Some skepticism was warranted. OMB says as much explicitly, arguing the prior model became burdensome and prioritized compliance over genuine security investment.
Still, the failure of bad compliance is not proof that accountability itself was the problem.
That is where the logic breaks. The administration is clearly willing to believe that criminal actors respond to deterrence. It is willing to use prosecutions, sanctions, visa restrictions, and coordinated pressure downstream. But upstream, where insecure technology shapes the terrain those criminals exploit, the theory suddenly changes. There, we are told to trust discretion. Local judgment. Flexible, risk-based decisions.
Sometimes that is wisdom. Often it is just a more elegant way of saying no one wants a hard requirement.
This is also why my own position has not changed. In a post I wrote in 2024, I argued that the industry did not need softer expectations or another round of polite encouragement. It needed more concrete action and consequences strong enough to change incentives. The problem was never that we were demanding too much accountability. The problem was that insecure software remained too cheap to ship.
That is the deeper issue. Cybercrime at scale does not thrive only because criminals exist. It thrives because the environment rewards them. Weak identity systems, brittle software, sprawling dependency chains, poor visibility, and diffuse accountability all make predation cheaper. The people who ship avoidable risk rarely absorb the full cost of it. Everyone else does.
So these two policy moves, taken together, reveal something uncomfortable. The government seems to believe in consequences for cybercriminals, but not quite in consequences for insecure production. It wants deterrence for the scammer, but discretion for the supplier.
A coherent cyber strategy would do both. It would aggressively disrupt criminal networks and also create meaningful pressure for secure-by-design production and procurement. It would recognize that punishing attackers matters, but so does changing the terrain that keeps making attack profitable.
The administration is right about one thing: cybercrime will not shrink until the costs of predation rise.
The unanswered question is why that logic should stop at the edge of the scam center.
Brian Fox is the co-founder and CTO of Sonatype.
The post If consequences matter, they should apply to vendors, too appeared first on CyberScoop.
President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce.
Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud.
A little more than half of the five pages of strategy text of the long-anticipated document is preamble, and two of its seven pages are title and ending pages. Administration officials have said the strategy is deliberately high-level, and the White House promised more detailed guidance in the future.
The strategy “calls for unprecedented coordination across government and the private sector to invest in the best technologies and continue world-class innovation, and to make the most of America’s cyber capabilities for both offensive and defensive missions,” the White House said in a statement accompanying its release.
Each of the six “pillars” of the strategy offer some prescriptions.
“Shaping adversary behavior” calls for using U.S. government offensive and defensive capabilities in cyberspace, as well as incentivizing the private sector to disrupt adversary networks.
It also says Trump will “counter the spread of the surveillance state and authoritarian technologies that monitor and repress citizens,” even as administration critics argue that his administration has fostered surveillance and repression against U.S. citizens.
The shortest pillar, “promote common sense regulation,” decries rules that are only “costly checklists.” The Biden administration expanded cyber regulations, spurring some industry resistance. But the Trump pillar does talk about addressing liability, a point of emphasis for the prior administration as well.
“Modernize and secure federal networks” talks about using concepts and technologies like post-quantum cryptography, artificial intelligence, zero-trust and lowering barriers for vendors to sell tech to the government to meet those goals.
To “secure critical infrastructure,” the strategy calls for fortifying not just owners and operators but also the supply chain, in part by focusing on U.S.-made rather than adversary-made products.
“We will deny our adversaries initial access, and in the event of an incident, we must be able to recover quickly,” the strategy reads. “We will galvanize the role of state, local, Tribal, and territorial authorities as a complement to— not a substitute for — our national cybersecurity efforts.” Some critics of the administration’s cybersecurity actions have contended that it has shifted the burden to state and local governments too much.
AI usage makes up the bulk of the pillar entitled “sustain superiority in critical and emerging technologies,” in addition to reflecting earlier parts of the strategy on the topics of quantum cryptography and privacy protection. That includes the protection of data centers, the subject of localized fights across the country over their location and resource costs.
The final pillar says the United States must “build talent and capability,” after a year of the administration cutting a significant number of cyber positions in the federal government. “We will eliminate roadblocks that prevent industry, academia, government, and the military from aligning incentives and building a highly skilled cyber workforce,” it states.
Some positive reviews rolled in about the strategy despite the late-Friday afternoon release, traditionally the time of week when an administration looks to publish news it hopes will garner little attention.
“As new and more sophisticated threats emerge, America needed a new national cyber strategy that captures the urgency of this moment,” USTelecom President and CEO Jonathan Spalter said in a news release. “The President’s strategy rightly recognizes that harnessing America’s unique mix of private-sector innovation with public-sector capacity is the best deterrence.”
Frank Cilluffo, Director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, was struck by the focus on deterrence: “This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn’t be more timely.”
The Business Software Alliance cheered the call for streamlining cyber regulations, in particular.
A number of cyber vendors took note of the passages on AI. “Redirecting resources from paperwork to AI-powered security capabilities is the only way to keep pace with modern threats and adversaries who operate at great speed,” said Bill Wright, global head of government affairs at Elastic. “This strategy appears to recognize that fundamental truth.”
Not all the reviews were flattering, however, including from the top Democrat on the House Homeland Security Committee, Bennie Thompson, who said the strategy’s “underachieving” was the only thing impressive about it.
“What little ‘substance’ does exist in this pamphlet is a mishmash of vague platitudes, a long catalogue of ‘we will’ statements that may or may not match the Administration’s current behavior, and, mercifully, an apparent extension of some Biden-era policies,” he said. “Completely lacking is even the most basic blueprint for how the Administration will go about achieving any of its cybersecurity goals — an objective possibly hamstrung by the hemorrhage in cyber talent across all Federal agencies since Trump took office.”
The executive order Trump signed Friday coincides with the release of the strategy but there’s little overlap between the subject matter; the strategy makes one mention of cybercrime.
The order directs the attorney general to prioritize prosecution of cybercrime and fraud, orders agencies to review tools that they could use to counter international criminal organizations and gives the Department of Homeland Security marching orders to improve training, in addition to other steps, according to a fact sheet.
“President Trump is unleashing every available tool to stop foreign-backed criminal networks that exploit vulnerable Americans through cyber-enabled fraud and extortion,” the fact sheet states.
The post The long-awaited Trump cyber strategy has arrived appeared first on CyberScoop.
Moody’s recently reported that global investment in data centers will surpass $3 trillion over the next five years, driven by AI capacity growth and hyperscaler demand. As big tech companies, banks, and institutional investors pour capital into these projects, data center developers and their financial sponsors must prioritze cybersecurity.
Moody’s said that data center investments made by the six largest U.S. cloud computing providers — Microsoft, Amazon, Alphabet, Oracle, Meta, and CoreWeave — approached $400 billion last year. The firm anticipates that annual global investment will grow by $200 billion over the next two years.
Real estate firm Jones Lang LaSalle forecasted similar investment flows in a separate report published earlier this year, projecting that “nearly 100 GW of new data centers will be added between 2026 and 2030, doubling global capacity.” JLL said that this infrastructure investment “supercycle,” one of the largest in the modern era, will result in $1.2 trillion in real estate asset value creation and the need for roughly $870 billion of new debt financing.
In concert, these reports reflect a growing reality: Data centers are strategic, interconnected infrastructure supporting our manufacturing, national security, and communication systems. Cyber disruptions, whether through ransomware, supply-chain compromise, or operational technology (OT) compromises, can cascade beyond a single facility, threatening grid stability, cloud services, economic activity, and public safety.
Data centers are now critical hubs of energy demand and digital dependency. Their cybersecurity posture is directly tied to the resilience of the industrial and energy ecosystem that support them. For investors and stakeholders, cybersecurity should be fundamental to asset value and risk management. Strong cybersecurity directly affects uptime guarantees, regulatory exposure, insurance coverage, financing terms, and long-term valuation.
The most significant cybersecurity risks now center on three critical areas: data center-grid convergence, supply-chain vulnerabilities, and secure-by-design considerations. Data center operators and their financial backers must address these interconnected threats to protect both individual facilities and the broader system they support.
The cybersecurity challenge facing the data center supercycle stems from how these campuses are tightly coupled with both the public power grid and their own industrial control systems. As hyperscale and AI‑optimized facilities proliferate, their constant demand for high‑quality electricity shapes grid planning and reliability. These large campuses function less like traditional real estate and more like critical energy infrastructure nodes.
This shift comes as grid capacity tightens. The North American Electric Reliability Corporation (NERC) has warned that demand from new data centers will outpace energy supply growth in the coming years. A cyber incident that disrupts a major data center or degrades its industrial control systems can propagate into regional grid reliability issues, contract penalties, and broader economic disruption.
At the same time, the OT running these sites — building management, systems, cooling controls, battery and generator management — create dense cyber‑physical exposure. Global insurer Marsh notes that events in these systems, whether from human error or cyberattack, can cause physical damage and significant business interruption. The 2021 OVHcloud data center fire in Strasbourg, France destroyed an entire facility and disrupted services for thousands of customers, showing how failures in fire protection and cooling systems rapidly escalate. into catastrophic loss. Those safety functions now run through interconnected, remote-access-enabled OT systems.
Secure‑by‑design architectures for both grid‑side interfaces and on‑site OT are prerequisites for preventing this rapidly expanding energy–data infrastructure from becoming a single, converged point of failure.
AI‑optimized campuses depend on massive volumes of GPUs, high‑density servers, network appliances, OT controllers, and edge devices. Many of these components are designed, manufactured, or assembled in jurisdictions at the center of great‑power competition, particularly China. Reports warn that state-aligned actors could introduce backdoors, malicious firmware, or weaponize delivery timelines to create strategic outages.
Secure‑by‑design must start at procurement. Security-conscious procurement requires stringent vendor due diligence, diversification away from single‑country dependencies, hardware and firmware validation before deployment, and alignment with export controls and national‑security guidance on high‑risk equipment. The bill of materials (BoM) for a modern data center must be treated like a living threat surface, with traceability from chip manufacture through installation, including approved vendor lists, tamper‑evident logistics, and mandatory firmware attestation.
Procurement teams need escalation paths for opaque supply chains, unexplained cost changes, or “gray‑market” alternatives, plus playbooks for rapidly substituting vendors when geopolitical shocks or sanctions make a product line unacceptable.
Governance around supply‑chain risk must reach the same level as power, cooling, and uptime guarantees in contracts with hyperscalers and large tenants. Secure‑by‑design campuses will embed requirements for hardware provenance, firmware update hygiene, and ongoing vulnerability disclosure into master service agreements and construction/operations contracts, with clear accountability when a supplier is implicated in espionage or sabotage.
Data center sponsors who cannot prove supply‑chain integrity will face growing pressure from regulators, insurers, and investors who see hardware trust as a prerequisite for AI and cloud infrastructure resilience.
Engineering secure-by-design campuses begins with assuming adversaries will target internet‑exposed and OT edge devices. Security architects must design environments that prevent any foothold at the edge from escalating into grid‑scale disruption or safety‑critical failure.
Geopolitically motivated campaigns against energy infrastructure are accelerating. Recent Russia-nexus attacks on the Polish power system and Romania’s national oil pipeline demonstrate that state‑linked and criminal groups see energy and digital infrastructure as leverage points. Last December, actors linked to Russia’s Sandworm APT compromised remote terminal units (RTUs), firewalls, and communications gateways at Polish substations and distributed energy facilities.
This precedent-setting cyberattack—the first to directly target distributed energy resources in a NATO member’s power system—is indicative of the current threat landscape. Sandworm’s campaign underscores how fragile edge devices are and how vital it is to harden the gateways at the OT boundary. The first pillar of secure-by-design campuses is disciplined network segmentation that treats OT as a distinct, high‑consequence domain.
OT networks should be carved into functional and geographic zones—separating building management from generator controls, from battery systems, from grid‑interconnection protection—with tightly controlled conduits between them, enforced by OT‑aware firewalls and protocol‑constrained paths.
Hardware‑enforced unidirectional gateways and data diodes offer uniquely strong protection at key boundaries. Data diodes allow telemetry and process data to flow outward from OT to IT and monitoring systems while physically blocking any return path, sharply reducing the chances that a web-based intrusion can reach OT systems.
Data diodes should be placed at key demarcation points—between the data center’s OT and corporate IT, between on‑site generation controls and the broader campus, and at interfaces with utility systems—so operators preserve visibility without exposing those domains to bidirectional network risk.
A second foundational element of secure‑by‑design campuses is a clear, continuously maintained OT asset inventory capturing every PLC, RTU, relay, drive, building controller, gateway, sensor, and engineering workstation, along with its network location, firmware version, vendor, and criticality. Effective segmentation depends on knowing what you have and how it communicates.
Operators cannot isolate critical power and cooling functions, or confidently place diodes and firewalls, without understanding which devices participate in those functions and which paths they rely on. This inventory must fully cover the same class of gateways and field devices abused in the Polish grid attack.
When asset inventories are linked to configuration and vulnerability management, operators can quickly identify exposed OT devices when they are approaching end of life or when new flaws are disclosed. A comprehensive OT asset inventory also enables security teams to quickly locate high‑risk remote access paths and prioritize segments for additional hardening.
Secure‑by‑design engineering mandates the mitigation of accelerating cyber risks posed by remote access gateways and the mass-automation of industrial functions. Every orchestration platform, management API, and remote session is a potential high‑impact attack vector. This threat model requires consolidating OT access through hardened jump hosts with strong authentication and just‑in‑time privileges; sharply limiting what automation tools can change on OT networks, enforcing strict segregation between automation platforms and safety‑critical functions, continuously monitoring automated and remote actions, and hardening configuration‑management workflows.
Lastly, secure‑by‑design architecture demands OT‑aware visibility that can actually see and understand what is happening on control networks. This means instrumenting OT segments with monitoring tuned to industrial protocols and behaviors, correlating alerts with asset context, and wiring those insights into playbooks that can quickly isolate, triage, and physically replace compromised edge devices before an intrusion escalates.
The threat modeling, procurement, and design best practices detailed here directly constrain the blast radius of geopolitically charged campaigns that threaten data center reliability and safety. Data center developers, operators, and investors need this systems‑level blueprint for building AI‑era campuses that remain resilient as the energy and threat landscape becomes more contested.
Banks and institutional sponsors are deploying trillions of dollars in construction, fit‑out, and power capacity on the assumption that AI demand will translate into durable, high‑availability cash flows. Underinvesting in cybersecurity directly threatens covenants, refinancing options, insurance coverage, and asset valuation. Outages, safety incidents, or regulatory findings will capsize the investment thesis.
The campuses that will secure the best financing over the next decade will be those that can point to their secure‑by‑design architectures, campus-wide OT governance, and defensible supply‑chain practices. In this intertwining infrastructure supercycle and macro OT threat environment, power usage efficiency (PUE) metrics and fast build schedules will matter less that proven security safeguards.
The stakes are escalating rapidly. Developers and utilities are pairing energy‑hungry data centers with small modular reactors (SMRs) and other non‑traditional power generation. These campuses will converge with the security and risk profile of nuclear and high‑hazard industrial facilities, bringing heightened regulations and adversary interest.
SMR data centers fundamentally change the threat model. When nuclear systems sit alongside AI clusters, secure-by-design takes on a new dimension. Operators, investors, regulators, and security professionals must prepare for this convergence. The integration of compute and power generation creates a dynamic that demands the security rigor of both digital and infrastructure and nuclear facilities. The window to build these protections into design is closing.
Jeffrey Knight is Director of Global Critical Infrastructure Services at InfraShield. Jeff brings more than 35 years of experience in nuclear engineering and cybersecurity across the Department of Defense (DoD), SWIFT, the NRC, and the Department of Energy (DOE) National Laboratory complex.
The post Why ‘secure-by-design’ systems are non-negotiable in the AI era appeared first on CyberScoop.
An independent forensic investigation is underway to determine the extent of the intrusion into customer management software Gainsight’s systems and whether the breach has spread beyond Salesforce to other third-party applications. Despite this ongoing analysis, the company maintains that the impact on customer data stored within connected services is limited and largely contained.
“While Salesforce has identified compromised customer tokens, we presently know of only a handful of customers who had their data affected,” Gainsight CEO Chuck Ganapathi wrote in a blog post Tuesday. “Salesforce has notified the affected customers and we have reached out to each of them to provide support and are working directly with them.”
Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised. Information is fragmented, in part, because Gainsight and Salesforce are sharing updates independent of each other and respective to their own systems.
Gainsight is relying on Salesforce and Mandiant, its incident response firm, to identify victims of the attack and provide detailed indicators of compromise.
Salesforce identified three impacted customers in the immediate aftermath of the attack, and has since found more confirmed victims, Gainsight said in an update on its community page. Neither company has provided a specific number of known victims.
“There is a distinction between the number of customers who Salesforce identified as having compromised tokens and the handful of customers we presently know had their data affected,” a company spokesperson told CyberScoop Tuesday.
Google Threat Intelligence Group, which is affiliated with Mandiant under Google Cloud’s security apparatus, said it was aware of more than 200 Salesforce instances potentially affected by the Gainsight breach last week. Google hasn’t provided an updated figure since then.
Inconsistencies are common in supply-chain attacks that flow downstream.
Meanwhile, Mandiant is continuing to sift through logs and analyze token behavior and connector activity to provide Gainsight with a more complete view of what occurred and how far attackers were able to use Gainsight customers’ access tokens to breach additional systems.
Gainsight previously said Hubspot, Zendesk and revenue intelligence platform Gong.io also temporarily revoked Gainsight customers’ access tokens “out of an abundance of caution.” The company hasn’t reported any confirmed impact on other systems and Salesforce maintains that the issue did not involve a vulnerability in the Salesforce platform.
The breach and its root cause is strikingly similar to an expansive downstream attack spree that impacted more than 700 customers who integrated Salesloft Drift into Salesforce two months ago.
While Gainsight and Salesforce are both communicating directly with customers, publicly available threat hunting guidance and information about the attacks exist in multiple places.
Salesforce has shared the most comprehensive IOCs, including dates and observed activities for each malicious IP address. The earliest malicious activity linked to the campaign occurred Oct. 23, according to Salesforce.
The company advised customers to review all available logs for potential compromise and noted that the revocation of Gainsight OAuth tokens does not delete a customers’ logs or hinder their ability to investigate the incident.
Gainsight, however, said its logs are of less use. “Based on the nature of the logs we retain, many of our clients have not found them to be material in assessing any risk to their organization,” Brent Krempges, chief customer officer at Gainsight, said on its community page.
“We strongly recommend that you focus your investigation on the Salesforce logs that show authentication attempts and API calls originating from the Gainsight Connected App,” he added. “These Salesforce-side logs are the authoritative source of information for identifying any anomalous access patterns.”
Gainsight also recommended that customers configure IP restrictions for API calls to ensure only legitimate requests are allowed. This security control is manual and requires cooperation from every vendor in the supply chain. Okta said IP restrictions kept its Drift integrations secure and successfully blocked an attempted attack on its Salesforce environment during the widespread incidents in August.
Ganapathi, who was named CEO in August, acknowledged that Gainsight is critical to its customers’ daily operations and said the company is personally responsible for ensuring access to its products. The company is helping customers manage their Gainsight Customer Success (CS) instances while its Salesforce connected app is offline, he said.
“The only way we beat these threats is by working together and sharing information and strategies,” Ganapathi said. “That is why I am committing to sharing what we learn from this experience to help everyone in the SaaS community strengthen their defenses and, we hope, avoid going through something similar themselves.”
The post Gainsight CEO downplays impact of attack that spread to Salesforce environments appeared first on CyberScoop.
Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks that could pose long-term consequences downstream.
F5, which became aware of the attack Aug. 9 and disclosed Oct. 15, said “a highly sophisticated nation-state threat actor” stole segments of BIG-IP source code and details on 44 vulnerabilities the company was addressing internally at the time.
F5 maintains it’s not aware of any undisclosed or remote code vulnerabilities, nor is it aware of active exploitation of any vulnerabilities accessed during the attack.
“I don’t want to jinx myself here, but I’m not terribly concerned about any of these as is,” Caitlin Condon, vice president of research at VulnCheck, told CyberScoop. “We may see exploitation of one of the medium vulnerabilities, for instance, in a chain or from an adversary who got credentials or access some other way, but I’m not super concerned about mass exploitation of any of these, especially remotely.”
Himaja Motheram, security researcher at Censys, agrees with that assessment, adding that none of the undisclosed vulnerabilities accessed during the attack are critical, necessitating an immediate emergency response.
The researchers noted that most of the F5 defects, especially those marked as high-severity, are denial-of-service vulnerabilities. More broadly, the majority of the vulnerabilities affect protocols, which are not easy to reach without internal system access.
Flashpoint analysts identified four vulnerabilities with CVSS ratings of 8.5 as the most potentially impactful, including CVE-2025-59483, CVE-2025-61958, CVE-2025-59481 and CVE-2025-59868. All four of the defects require authentication, so an attacker would need an existing foothold to achieve exploitation.
External risk assessments would benefit from additional information, including details about potential proof-of-concept exploit code or methods that could allow attackers to evade detection, particularly if that information was also stolen from F5’s systems, Condon said.
F5 said indicators of compromise and a general threat hunting guide prepared by CrowdStrike are available to customers upon request.
Nearly a month after F5 first reported the attack, fallout appears to be contained but concerns linger, in part, because of the significant role the vendor plays across enterprise and government.
“In general, F5 systems are business critical — they do get targeted by attackers, and F5 hasn’t had a major critical vulnerability that got hit really hard in a while,” Condon said. “They do a good job of keeping up with vulnerabilities” and maintain a “very robust vulnerability disclosure and response program.”
Customers and defenders might be relatively unconcerned about the undisclosed vulnerabilities the nation-state attacker nabbed, but theft of BIG-IP source code could create substantially more serious problems.
The source code theft is most concerning because attackers can comb through it to identify or develop zero-day exploits, Motheram said.
“This aspect of the breach is a longer term and more significant supply chain risk that we might only understand the consequences of further down the line,” she added. “Proactively securing the most publicly discoverable assets will be important.”
Authorities described the attack’s potential impact in similar terms, framing it as part of a broader campaign targeting key elements of technology supply chains. Cyber espionage attacks on vendors extend the potential downstream effect to federal agencies, critical infrastructure providers and government officials, Nick Andersen, executive assistant director for cybersecurity at Cybersecurity and Infrastructure Security Agency, said during a media briefing last month.
Nation-state attackers primarily seek to maintain persistent access within the targeted victim’s network to hold those systems hostage, launch a future attack, or gather sensitive information, Andersen said.
Threat groups can weaponize source code in many ways, but at a high level it also helps them understand how a particular piece of software is built and how it works, according to Condon.
“This wasn’t a smash-and-grab type attack. I don’t think we necessarily know what their motivation is in doing that, but certainly having access to the source code would help them develop attacks better,” Condon added.
F5 said it’s continuing to work with NCC Group and IOActive to investigate potential misuse of the stolen BIG-IP source code, but insists it hasn’t found anything of concern thus far.
“We have no evidence of modification to our software supply chain, including our source code and our build and release pipelines,” Christopher Burger, chief information security officer at F5, said in a blog post.
Persistent, deep-rooted attacks on vendors’ systems are a long play with consequences often lasting years. This makes it a challenge to know what customers should worry about, and requires some imagination to fully grasp the repercussions.
“At this stage we don’t know how the F5 breach will pan out or stack up to prior incidents,” Motheram said. “It’s not paranoid to anticipate that the stolen code will be leveraged in some sort of strategic exploitation that we must proactively monitor for.”
The post What’s left to worry (and not worry) about in the F5 breach aftermath appeared first on CyberScoop.
Congressional leaders are pressing federal agencies to provide more information on their plans to compete with China on a range of tech and cybersecurity issues, including a strategy for promoting American 6G telecommunications infrastructure and limiting Chinese tech in US supply chains.
Representative Raja Krishnamoorthi, D-Ill., ranking member on the House Select Committee on the Chinese Communist Party, wrote to Secretary of State Marco Rubio last week asking for an update on the department’s work building international coalitions around 6G.
In the letter, dated Oct. 30 and shared exclusively with CyberScoop, he called for the department to share details on how its is fighting to shape international norms, global technical standards and supply chains in favor of U.S. and non-Chinese companies and technologies, saying “diplomacy can, and must, play a key role in this strategy.”
“While it remains essential that we continue to address the threats posed by the Chinese Communist Party’s efforts to dominate 5G, we must also look forward to how we can outcompete the CCP in the next frontier of wireless competition,” he wrote.
In an interview with CyberScoop, Krishnamoorthi called on Rubio to build on the work that prior administrations have done marshalling international consensus around 5G security and technical standards, while also learning from past mistakes, which allowed Chinese telecom companies like Huawei and ZTE to gain significant global influence.
“We have underestimated the impact of 5G and didn’t invest enough in our own innovative capacity, or push for domestic and trusted partners to produce that technology and be able to purchase from them,” he said.
Further, he said the U.S. failed to match Chinese efforts to shape international technical standards around 5G implementation, which allowed China to increase its global influence and set technology standards that benefit its own industries.
The country is already laying a similar groundwork to influence the 6G space: Krishnamoorthi noted that a group promoting Chinese technical standards has already signed an agreement with European industry associations to research 6G networks and services, while this past May an annual 6G global summit was, for the first time, hosted in China and sponsored by major Chinese entities like China Mobile, ZTE and the Hong Kong Communications Authority.
With 5G, “we didn’t recognize the power of…taking leadership in organizations that set standards with regard to our technology,” he said, something the U.S. can’t afford to repeat with 6G.
Further, Krishamoorthi said Congress was able to come to a consensus on banning Chinese the use of tech from Huawei, ZTE and other Chinese telecoms in U.S. networks, but criticized the body for failing to properly set aside fund the replacement of that equipment, which Chinese companies often sold at far cheaper prices than domestic alternatives.
The U.S. government created a regulatory environment where they “allowed everyone to buy whatever the heck they wanted to buy,” which often led US networks to opt for much cheaper Chinese equipment.
“We came back and said you have to rip it all out, and we, the federal government, will try to provide resources to replace it,” he said. “We never came up with the resources to replace it, they ended up having to rip it out and now there are patches to the country without access to the type of broadband coverage that they deserve.”
Last year, Congress did approve $3 billion to fund rip-and-replacement of Chinese technologies, but industry groups have long complained that the government’s initial tranche of funding for the initiative was insufficient.
Under the Biden administration, the U.S. reached international agreements with nine other countries – The United Kingdom, Australia, Canada, Czechia, France, Japan, South Korea, Sweden and Finland – on a set of principles for “Secure, Open and Resilient by Design” technologies and infrastructure around 6G.
The National Telecommunications and Information Administration also invited experts from the public to help map out a long-term strategy to support U.S. advancements in 6G telecommunications infrastructure.
The responses from industry, academia and tech experts emphasized the importance of fostering US growth in Open Radio Access Network technologies, a critical gap in U.S. and western supply chains, robust security and privacy frameworks and AI-integration.
Congressional Republicans are also scrutinizing how federal agencies are accounting for Chinese technology lobbying efforts on the world stage. A joint letter Wednesday from House Republican leaders on the House Homeland Security, CCP, Foreign Affairs and Intelligence Committees requested a briefing with Secretary of Commerce Howard Lutnick and pressed the department to “investigate and restrict adversary products in other critical and emerging industries to protect the U.S. market from technology threats,” particularly from China.
The members wrote that connected critical infrastructure has “whittled away geographic borders” and created new threats of foreign sabotage or control that US policy must account for, including Chinese made technologies in artificial intelligence, automated machinery and robotics, IOT devices, semiconductor cores and industrial SCADA software.
“We have already seen through a variety of cyber-attacks against the United States that China views information technology as a battlefield,” wrote Reps. Andrew Garbarino, R-N.Y., John Moolenaar, R-Mich., Bill Huzienga, R-Mich., Rick Crawford, R-La., and Brian Mast, R-Fl. “A compromised power grid, an infiltrated telecommunications network, or a manipulated industrial control system can pose as great a threat as a kinetic military strike.”
The post Congressional leaders want an executive branch strategy on China 6G, tech supply chain appeared first on CyberScoop.
Login