Tata Electronics confirms cyberattack as data leak claims emerge

Tata Electronics has confirmed it was targeted by a cyberattack that affected parts of its IT infrastructure, although the company says operations continued as normal and were not disrupted.

In a statement, the company said it identified a cybersecurity incident on some of its systems “a few weeks ago” and deployed its response protocols immediately. Tata Electronics added that the incident had no impact on operations across its businesses.

The confirmation follows claims from the World Leaks threat group, which has allegedly leaked data stolen from Tata Electronics. The leaked files are said to include directories and documents related to Apple product manufacturing, including component schematics, PCB designs, material specifications and SDK files.

World Leaks is believed to be a rebrand of Hunters International and operates as a data extortion group, stealing information and threatening to publish it online.

FortiBleed campaign used custom sniffers to steal credentials

New research has revealed that the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls.

The campaign has targeted more than 430,000 FortiGate firewalls worldwide and has been active since at least February 2026. Researchers say the threat actor is operating as an initial access broker, using credential stuffing, brute-force attacks, credential harvesting and offline password cracking to gain access to corporate networks.

Researchers allege the attackers deployed a Golang-based tool called FortigateSniffer, which abuses FortiOS’s built-in diagnose sniffer packet functionality to capture authentication traffic moving through compromised devices. The tool reportedly monitors protocols including RADIUS, NTLM, Kerberos and LDAP, before extracting credentials, password hashes and authentication secrets.

Organisations using FortiGate devices are advised to investigate whether any systems were targeted.

New Cordyceps CI/CD weakness threatens open-source supply chains

Cybersecurity researchers have identified a new class of CI/CD workflow weakness that could allow attackers to hijack repositories and compromise open-source software supply chains.

The issue, codenamed Cordyceps by Novee Security, affects weak CI/CD configurations that give pull requests more permissions than they should have. According to Novee, an unauthenticated user with a free account could potentially exploit these workflows to run code, steal credentials, forge approvals or push malicious changes.

After scanning around 30,000 high-impact repositories, Novee found more than 300 to be fully exploitable, with potential impact across major organisations including Microsoft, Google, Apache and Cloudflare.

Examples included flaws affecting Azure Sentinel, Google’s AI Agent Development Kit samples, Apache Doris, Cloudflare Workers SDK and Python’s Black project. Following responsible disclosure, Microsoft and Google confirmed impact, while Cloudflare, Python and Apache applied hardening or patches.

Klue supply chain attack exposes Salesforce customer data

Market intelligence platform provider Klue is investigating a supply chain attack that led to the mass exfiltration of Salesforce customer relationship management data belonging to hundreds of customers, including several cybersecurity firms.

According to Klue and researchers at ReliaQuest, a threat actor used a compromised Klue Battlecards app to access OAuth tokens used to connect Klue with third-party integrations, including Salesforce. Salesforce has since disabled connections through the app and said there is no indication of a vulnerability in its own platform.

The threat actor, tracked as Icarus, has reportedly posted stolen data from several victims and begun contacting affected companies. Huntress, LastPass, Recorded Future and Tanium have all confirmed exposure, while stressing their internal systems, products and core platforms were not affected.

The incident highlights how compromised third-party integrations can expose sensitive CRM data even when primary platforms remain secure.

Five Eyes cyber agencies issue call to action regarding AI threats

The leaders of the Five Eyes cybersecurity agencies have issued a joint call to action, warning that artificial intelligence is rapidly transforming cyber risk and that organisations must move quickly to strengthen resilience.

The agencies said AI will improve cyber defence over time, but is already increasing the speed, scale and sophistication of attacks. They warned that frontier AI models could reshape offensive and defensive cyber capabilities within months rather than years.

The statement urges business leaders to treat cyber resilience as a board-level issue, not just an IT concern. Key priorities include reducing attack surfaces, accelerating patching, addressing legacy systems, strengthening identity and access controls, and testing incident response plans before attacks happen.

The agencies also encouraged organisations to use AI defensively to identify weaknesses earlier, improve software quality, monitor unusual behaviour and respond faster to incidents. Those that delay risk growing operational and strategic exposure.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.