Why Supply Chain Attacks and TOAD Phishing Are Surging in 2026 [Prime Cyber Insights]

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, [00:03] Announcer: Intelligence for Defenders, Leaders, and Decision Makers. [00:06] Aaron Cole: Today is February 25th, 2026, and the digital landscape is seeing a shift toward these structurally invisible threats that target the actual tools developers use every single day. [00:20] Aaron Cole: Lauren, the sheer volume of supply chain hits we're seeing this morning is just staggering. [00:25] Chad Thompson: It really is, Aaron. [00:27] Chad Thompson: From malicious developer packages to a completely new scale for measuring industrial impacts, we have quite a bit to unpack. [00:34] Chad Thompson: Joining us today is Chad Thompson, a director-level AI and security leader with a deep systems-level [00:42] Chad Thompson: perspective on automation, enterprise risk, and operational resilience. [00:47] Chad Thompson: Chad, it's great to have you on the show. [00:49] Aaron Cole: Chad, let's jump right into today's report from Socket and Tenable. [00:53] Aaron Cole: We're seeing four malicious Nuget packages, including Encrypt Yo, stealing ASPnet identity [01:00] Aaron Cole: data, and an NPM package called Ombar SRC that's dropped malware on over 50,000 systems. [01:07] Aaron Cole: Okay. [01:07] Aaron Cole: How do we defend against something that looks like a legitimate library? [01:11] Lauren Mitchell: It's a massive challenge, Aaron. [01:13] Lauren Mitchell: These actors are using Encrypt Yo as a stage one dropper to install JIT compiler hooks and local host proxies. [01:21] Lauren Mitchell: They aren't just hitting the developer's machine. [01:25] Lauren Mitchell: They're actually backdoring the production applications those developers build. [01:30] Lauren Mitchell: We have to move toward more rigorous automated verification of third-party dependencies [01:36] Lauren Mitchell: before they ever touch a dev environment. [01:40] Chad Thompson: Yeah, and while the supply chain is being poisoned, the front door is being bypassed by simplicity. [01:46] Chad Thompson: Aaron, today's analysis from Strongest Layers shows that telephone-oriented attack delivery, [01:52] Chad Thompson: or TOAD, now accounts for 28% of gateway bypasses. [01:57] Chad Thompson: These emails contain nothing but a phone number, making them nearly impossible for standard rules to flag. [02:04] Aaron Cole: It's the ultimate low-tech, high-impact move, Lauren. [02:07] Aaron Cole: If the payload is just a phone number, the Gateway sees it as a business contact. [02:12] Aaron Cole: Chad, shifting to enterprise risk, we're seeing a report today that over half of national security organizations still rely on manual processes for sensitive data transfers. [02:24] Aaron Cole: Isn't that a massive systemic vulnerability? [02:28] Lauren Mitchell: Absolutely. Manual handling introduces variance, fatigue, and exploitable seams. [02:34] Lauren Mitchell: In my view, the only way forward is the cybersecurity trinity, zero trust, data-centric security, and cross-domain solutions. [02:43] Lauren Mitchell: We need to automate release authorities and content sanitization to maintain operational tempo without sacrificing security. [02:51] Chad Thompson: Right. And speaking of measuring risk, Aaron, the S4 by 26 conference in Miami just unveiled the OT impact score. [03:01] Chad Thompson: Think of that as a Richter scale for OT incidents. [03:04] Chad Thompson: It uses severity, reach, and duration to give a definitive score, like the 3.9 they gave to the colonial pipeline attack back in 2021. [03:15] Aaron Cole: Lauren, that clarity is long overdue for business leaders and insurers. [03:20] Aaron Cole: On the accountability front, we also saw a former trenchant executive sentenced to seven years yesterday for selling zero days to Russian brokers. [03:29] Aaron Cole: CISA is also active today, adding a FileZen command injection flaw to the KEV catalog. [03:36] Aaron Cole: The pressure is mounting on all sides. [03:38] Lauren Mitchell: It's about resilience, Aaron. [03:41] Lauren Mitchell: Whether it's NASA's successful Artemis 1i fueling test we saw last week, or fixing the vulnerabilities in FileZen, [03:50] Lauren Mitchell: the goal is consistent performance under pressure. [03:54] Lauren Mitchell: Automation and clear impact metrics like the OTI score [03:58] Lauren Mitchell: are what will allow us to scale our defenses against these increasingly invisible threats. [04:04] Aaron Cole: That's a perfect note to end on. [04:06] Aaron Cole: Thanks for being here, Chad. [04:08] Chad Thompson: And thank you for listening to Prime Cyber Insights. [04:11] Chad Thompson: For the full briefing and deeper analysis, [04:13] Chad Thompson: visit pci.neurlnewscast.com. [04:17] Chad Thompson: We'll be back tomorrow with more on the risks that matter most. [04:20] Chad Thompson: Stay secure. [04:21] Chad Thompson: Neurl Newscast is AI-assisted, human-reviewed. [04:25] Chad Thompson: View our AI transparency policy at neuralnewscast.com. [04:29] Announcer: This has been Prime Cyber Insights on Neurl Newscast. [04:33] Announcer: Intelligence for Defenders, Leaders, and Decision Makers. [04:36] Announcer: Neural Newscast uses artificial intelligence in content creation, [04:40] Announcer: with human editorial review prior to publication. [04:43] Announcer: While we strive for factual, unbiased reporting, [04:46] Announcer: AI-assisted content may occasionally contain errors. [04:49] Announcer: Verify critical information with trusted sources. [04:52] Announcer: Learn more at neuralnewscast.com.