Technology & SaaS supply chain — the week's busiest victim class

The most active victim class was technology and SaaS, reflecting the week's supply-chain theme (§ 6). Klue/Icarus (§ 2) cascaded through a SaaS integrator's customer base; Nintendo employee data was stolen from third-party HR-survey SaaS TinyPulse, not Nintendo's own systems (BleepingComputer, 2026-06-20; daily 06-20); a WordPress supply-chain compromise via Awesome Motive's CDN backdoored ~1.2M sites (Sansec, 2026-06-16; daily 06-16); and the Mastra npm scope compromise was attributed to North Korea (§ 6). The cross-cutting lesson: the breach increasingly enters through a vendor's plumbing, not the victim's perimeter.