Shipping firms are being whipsawed by changing stances and risks as they wait for Hormuz to reopen With hundreds of vessels still stuck in the Persian Gulf and costs piling up, shipping companies are being whipsawed by uncertainty over how and when the Strait of Hormuz might reopen.
Original (en)
With hundreds of vessels still stuck in the Persian Gulf and costs piling up, shipping companies are being whipsawed by uncertainty over how and when the Strait of Hormuz might reopen.
Published
May 7, 2026, 08:13 AM UTC
6d ago
Significance
Entities Detected
· click + to trackGoogle Threat Intelligence reports a sophisticated supply chain attack on axios NPM package versions 1.14.1 and 0.30.4 (March 31, 2026), where attackers injected malicious 'plain-crypto-js' dependency to deploy WAVESHAPER.V2 backdoor across Windows, macOS, and Linux platforms. Attribution to UNC1069 based on malware signatures, infrastructure overlaps, and operational patterns. Remediation guidance includes version pinning, dependency auditing, CI/CD pipeline security, and credential rotation.
A critical remote code execution vulnerability (CVE-2026-1731) has been identified in remote monitoring and management software that could be exploited to deploy ransomware and compromise supply chain integrity. The flaw enables attackers to execute arbitrary code, creating significant risk for downstream organizations and critical infrastructure.
Checkmarx disclosed a supply chain security incident where cybercriminals published company data on the dark web, originating from unauthorized access to Checkmarx's GitHub repository. The repository access was facilitated through an initial supply chain attack on March 23, 2026, highlighting vulnerabilities in development infrastructure security.
35a4ba8c…openwatch.io →