Klue Supply Chain Attack Exposes CRM Data Across Major Firms

Salesforce OAuth Breach

A sweeping supply chain attack against Klue, the Vancouver-based competitive intelligence platform, has triggered cascading data breaches at more than a dozen major technology and cybersecurity firms, including Huntress, Recorded Future, Jamf, and Tanium. The Icarus extortion group compromised a legacy integration credential at Klue on June 11, 2026, planted malicious code to harvest customer … Read more

Gentlemen RaaS Uses SYSTEM Scheduled Task to Encrypt Drives

The Gentlemen Ransomware Abuses Windows SYSTEM Tasks to Encrypt Entire Networks The Gentlemen ransomware is a growing and technically sophisticated threat that Canadian organizations in healthcare, finance, education, and transportation cannot afford to overlook. Published in a new analysis by Microsoft Threat Intelligence, this ransomware-as-a-service (RaaS) platform combines self-propagation, SYSTEM-level privilege abuse, and double extortion … Read more

GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks

GreyVibe Hackers Weaponize ChatGPT and Gemini in Attacks A threat group tracked as GreyVibe is actively using commercial AI platforms, including ChatGPT and Google Gemini, to build convincing attack lures and develop a custom suite of malware tools targeting military, government, civilian, and business organizations. Cybersecurity firm WithSecure identified and reported the campaign in January … Read more

Toronto Sextortionist Gets 33 Years for Targeting 145 Kids

Toronto Man Sentenced to 33 Years in U.S. for Sextortion Scheme Targeting 145 Children A sextortion scheme originating from Toronto has resulted in one of the most significant child exploitation sentences in recent North American legal history. Ramanan Pathmanathan, 40, was handed a 33-year federal prison term by a U.S. District Court in Washington, D.C. … Read more

GHOST STADIUM Phishing Targets FIFA World Cup Fans in Canada

GHOST STADIUM: Chinese-Linked Phishing Operation Deploys 300+ Fake FIFA Domains to Defraud World Cup Fans A large-scale, financially motivated phishing campaign has been uncovered targeting fans of the 2026 FIFA World Cup, with researchers identifying over 300 fraudulent domains engineered to steal credentials, payment information, and ticket access. The operation, attributed to a threat actor … Read more