ctipilot.ch

Home · Live brief · Weekly 2026-W27

Technology & SaaS supply chain — the week's busiest victim class

notable synthesis discovered 2026-06-29 00:21 UTC

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

The dominant pattern of the week was the third party as entry vector: Klue/Icarus (Salesforce OAuth, ~24 firms), ShapedPlugin (WordPress build pipeline), the npm worm wave, 8x8's SEC-disclosed Salesforce theft, and the BadBlocker Chrome extension (§ 6). In nearly every case the victim organisation patched nothing wrong of its own — the compromise rode in through a trusted vendor, integration token, package or browser extension.

supply-chain data-breach identity global europe