The New Breach Supply Chain + OAuth Abuse

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
March 11, 2026

🔑 Why “Log In With X” Keeps Burning You

OAuth abuse has quietly become the phishing technique that slips past your MFA, your “security‑aware” users, and your cloud email filters. Recent campaigns abusing OAuth redirects and malicious apps in Microsoft Entra ID and Google Workspace show that “Log in with X” is now one of the easiest ways into your SaaS estate…

đź’Ą When Your Data Broker Gets Pwned

When your supply chain gets breached, you inherit its chaos, whether you like it or not. The LexisNexis incident and a wave of third‑party breaches in 2026 are a warning shot for every legal, risk, and engineering leader who leans on data brokers to keep their business compliant and fraud‑resistant.…

⚠️ Threat Updates

đź”´ New Morpheus and Ailock Ransomware Activity Highlights Industrial and Extortion Risk (03/05/26)

ASEC’s latest “Ransom & Dark Web Issues” report notes a fresh Morpheus ransomware campaign, including attacks on a South Korean plating firm, along with the resurgence of Ailock ransomware operators, who have begun republishing data from earlier victims to renew extortion pressure and signal a new operational phase. Security teams supporting manufacturing and industrial environments should validate that exposed RDP/VPN services are locked down, ensure recent backups are offline and tested, and increase dark‑web and leak‑site monitoring for their organization’s name or suppliers, treating any Morpheus or Ailock chatter as an indicator to proactively hunt for intrusion footholds and lateral movement. » More Info

🔴 Android Qualcomm Zero‑Day CVE‑2026‑21385 Under Active Exploitation (03/09/26)

Google’s March 2026 Android Security Bulletin patches a critical Qualcomm chipset flaw, CVE‑2026‑21385, that is already being exploited in the wild and affects hundreds of millions of devices across more than 235 chipsets, enabling local privilege escalation and full device compromise on unpatched phones. Organizations with Android in their fleet should immediately verify that corporate and BYOD devices have received at least the 2026‑03‑05 security patch level, push updates via MDM where possible, treat out‑of‑date handsets as high‑risk endpoints, and monitor for signs of device compromise or unusual data exfiltration from mobile clients, especially among high‑value or high‑risk users likely to be targeted by commercial spyware operators. » More Info

🗨️ Parting Words

"Any fool can use a computer. Many do." — Source Unknown

Find the Blacksmith Team…

…on demand with 
Get NIST-y on Spotify!

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!