April 2026
NMFTA Cyber Intelligence Newsletter
The National Motor Freight Traffic Association, Inc.® (NMFTA)® has designed this monthly e-newsletter to arm you with intelligence, tools, and defense tactics. Each month we cover enterprise system and rolling asset security, trending reports, and more.
Fleets Overlooking Drivers in Cyber Training Face Growing Risks
Fleets that overlook drivers in cybersecurity training are leaving a critical gap, one that attackers are increasingly exploiting. NMFTA's very own, Ben Wilkens share his advice on why your drivers are a frontline defense and what’s at risk if they’re left out in this article from trucknews.com.
NMFTA Launches Freight Fraud Prevention Hub to Help Industry Combat Rising $6.6B Freight Fraud
NMFTA announced the launch of the Freight Fraud Prevention Hub, a new industry resource designed to help carriers, shippers, third-party logistics providers (3PLs), brokers, technology providers, and other logistics stakeholders better educate, detect, and prevent the growing threat of freight fraud. Join your peers in a collective effort to strengthen the industry—this free resource empowers organizations to stay informed, contribute as partners, and play an active role in advancing freight fraud awareness and prevention. Read the press release and learn more about the initiative.
Unite With Your Peers to Stop Freight Fraud
.png "IT ArchiTeks Logo")
.png?width=250&name=Untitled%20design%20(11).png "Fraud Girl Logo")
.png "Truckstop.com Logo")
.png "TAT Logo")
.png "Untitled design (13)")
Beyond Vetting: The Open-Source Future of Freight Fraud Prevention!
NMFTA's Joe Ohr is back on The Freight Coach Podcast, and he’s joined by Todd Florence from Estes Express Lines to discuss the current state of cybersecurity in logistics!
In this episode they dive into the launch of the NMFTA Threat Portal and the Freight Fraud Prevention Hub, essential tools designed to help carriers and brokers share real-time data on everything from double brokering to advanced social engineering attacks.
Connected Trucks Bring Connected Risk
What’s really happening in fleet cybersecurity right now? Joe Ohr and Estes Express Lines Todd Florence join this episode of the Fleet Equipment: On the Road podcast to unpack the trends, risks, and realities shaping the trucking industry.
Replay the Freight Fraud Prevention Hub Quarterly Webinar Series, Q1 offering.
Rewatch the opening webinar of the Freight Fraud Prevention Hub Quarterly Series, NMFTA staff and founding partner, Truckstop explore freight fraud at a macro level, explaining why fragmented, siloed approaches fall short. This recording provides a practical, real-world look at how identity misuse, impersonation, and information gaps enable cargo theft and fraudulent pickups.
Operational Security is Organizational Security
Operational security plays a critical role in protecting organizations from cyber-enabled threats and freight fraud. Learn how everyday operational patterns and shared information can unintentionally expose vulnerabilities, and how stronger operational awareness can help reduce risk.
Cybersecurity: Not Just a Technical Choice, a Legal Obligation
Cybersecurity is becoming a legal obligation for organizations across the supply chain. Read how evolving regulations are changing the way companies must approach cyber risk and compliance.
Your Monthly Webinar Delivered
Stop Clicking On...Stuff!
April 16, 2026 | 1:00-2:00 pm ET
Join NMFTA experts and James McQuiggan, a cybersecurity veteran with 25+ years of experience, as they walk through the dramatic rise of several new social engineering groups who have been attacking our industry and discuss what you can do to defend against them.
Stay Updated on This Year's Conference
.png?width=1200&height=600&name=Email-1200x600%20-%20CSC%20EB%20(1).png "Email-1200x600 - CSC EB (1)")
"One of the Best Conferences I've Attended"
Hear directly from your peers—last year’s attendees praised the smaller, more intimate setting that made room for meaningful, high-value conversations you won’t find at larger events. Don’t miss your chance to experience it yourself—register now and take advantage of early bird pricing before it’s gone.
-
“I like the small size of the conference and the opportunity for more focused conversations."
- “This was one of the best conferences I’ve attended. The smaller size created a more intimate environment and allowed for meaningful, high-value conversations.”
Sign Up for 2026 Conference Updates
Enter your email below to join the 2026 #NMFTACyber Conference mailing list to get early access to news on registration, speakers, sessions, cyber insights, and more.
In This Month's Report...
Citrix NetScaler Products Confirmed to be Under Exploitation
Threat actors are actively exploiting a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway, and at least one research firm warns the threat activity could involve multiple flaws, Cybersecurity Dive has learned.
Citrix disclosed an insufficient input validation vulnerability, tracked as CVE-2026-3055, which leads to memory overread. The vulnerability has a severity score of 9.3.
Government authorities and security researchers have warned the vulnerability could lead to a new wave of exploitation that rivals the 2023 CitrixBleed campaign, when a series of major companies were hacked by LockBit 3.0 and other groups.
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog. Federal Civilian Executive Branch agencies were required to take remediation measures against the vulnerability by Thursday, April 2.
Researchers from watchTowr and Defused said hackers are exploiting the vulnerability, and watchTowr warned in a post that multiple flaws could be involved.
Researchers told Cybersecurity Dive that exploitation has been happening. Netscaler ADC and NetScaler Gateway users should check for prior infections.
“Given that there is now evidence of in-the-wild exploitation since at least March 27, organizations that leverage a vulnerable configuration must check for signs of prior exploitation and/or signs of prior compromise, and if found, trigger their incident response process,” Benjamin Harris, founder and CEO of watchTowr, told Cybersecurity Dive.
Appliances configured as a Security Assertion Markup Language identity provider [SAML IdP] are the ones vulnerable.
Aqua's Trivy Vulnerability Scanner Hit by Supply Chain Attack
On March 1, Trivy’s maintainers announced that the scanner’s GitHub repository had been compromised in an attack involving a GitHub Actions workflow issue. Some releases were deleted, and malicious versions of the application’s VS Code extensions were published to the Open VSIX marketplace.
The attack was part of a larger, automated attack campaign that hit multiple open source repositories via GitHub Actions workflows and resulted in a large natural-language prompt being injected into two malicious versions of Trivy’s VS Code extension.
Credentials exfiltrated during the initial incident were used last week in a new supply chain attack that targeted not only the Trivy package but also trivy-action and setup-trivy, Trivy’s maintainers have confirmed in a March 21 advisory.
“Following the initial disclosure on March 1, credential rotation was performed, but was not atomic (not all credentials were revoked simultaneously). The attacker could have used a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days),” the maintainers explain.
The attackers used the compromised credentials to push a malicious Trivy release (version v0.69.4) that was distributed across all regular channels, including GitHub Container Registry, Amazon ECR Public, and Docker Hub.
They also force-pushed 76 of 77 trivy-action version tags to malicious commits, leading to infections with an information stealer designed to dump the Runner.Worker process memory and extract all secrets from it.
The malware was also designed to encrypt the harvested data and send it to a remote server. If the exfiltration failed, it created a public GitHub repository and uploaded the data to it.
Additionally, the attackers targeted the setup-trivy releases, force-pushing all tags to malicious commits, leading to the same infostealer. Socket and Wiz published technical details on the attack and the malware.
No Safe Distance: The Business Impact of Recent Global Developments
The US-Israel-Iran conflict has moved beyond the kinetic battlefield. It is already disrupting the commercial systems and digital services that global businesses rely on.
Since the start of the conflict in late February, it has expanded well beyond governments and militaries, with real consequences now being felt by private companies and the everyday digital infrastructure that underpins global commerce.
That changes who is exposed. When Iran physically struck commercial cloud data centers in the UAE and Bahrain with drones, it sent a clear message that the digital platforms businesses rely on are no longer being treated as separate from strategic targets.
When the pro-Iranian group “Handala” claimed to have destroyed more than 200,000 computers, servers, and mobile devices at a US medical technology firm, it showed that an organization does not need to be directly involved in the conflict to be pulled into it. Handala’s targeting of a major point-of-sale (POS) provider reinforces the same point.
And when hacktivist groups such as “NoName057(16)” and “Keymous+” began announcing distributed denial-of-service (DDoS) targets in protest against Western support of Israel, the objective was not just technical disruption. It was also to create pressure, generate attention, and add a constant stream of noise and reputational risk to an already volatile environment.
Taken together, these developments point to a threat environment that is becoming broader, less predictable, and more willing to use the private sector as a pressure point. It's clear that geopolitical conflict can affect business operations. The question now is how far that pressure spreads across cloud platforms, supply chains, customer relationships, and brand reputation. Business leaders should be preparing not only for attempted intrusions, but for disruption, third-party fallout, and fast-moving incidents that can create operational and reputational consequences at the same time.
Combating Freight Fraud with New Verification Tools
Freight fraud is on the rise, but new tools are helping the industry fight back. Learn how NMFTA's latest verification solutions are helping to reduce freight fraud and strengthen trust across the industry. Read more in this month's CCJ recurring article written by NMFTA's Joe Ohr.
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
As vehicles become more connected and autonomous, cyberthreats are creating new risks for the entire transportation ecosystem. Read this break down from DarkReading about what’s emerging and what it means for your organization.
How Cybercrime is Reshaping Cargo Theft and Fleet Risk in 2026
Artificial intelligence is changing how cybercriminals and cargo thieves target trucking fleets—and how fleets defend themselves. As phishing, impersonation, and cargo theft converge, cybersecurity is becoming a core part of fleet safety and operations. Read more in this month's Heavy Duty Trucking recurring article written by NMFTA's Ben Wilkens.
Cyberattack Turns Breathalyzer Company Into the World's Biggest Car Immobilizer
A recent incident highlighted by Technology.org shows how a cyberattack on a vehicle breathalyzer provider left drivers unable to start their cars—turning a safety tool into an unexpected disruption. It’s a powerful reminder that as transportation systems become more connected, even routine technologies can become critical points of failure.
M-Trends 2026: Data, Insights, and Strategies From the Frontlines
Read a rundown of today’s most sophisticated threats with insights in Google Cloud’s M-Trends report. Read how attackers are evolving, from AI-driven tactics to credential theft, and what organizations can do now to protect themselves.
Shop Talk with James McQuiggan
On this episode of Shop Talk, edutainer, social engineering expert, CISO advisor, James has worn too many hats in this industry to count, Through it all he's gained invaluable insights and experience that he's ready to share.
Welcome to Shop Talk, Hosted by NMFTA's Own Ben Wilkens
Ben "The Trucking Cyber Guy" Wilkens brings a depth of experience and a unique perspective to trucking cybersecurity that few can claim. Having served in the industry from steering wheel, to server room, to boardroom, and now at the front lines of transportation cybersecurity research and education, he brings unique insights with a wholistic view on the industry. On Shop Talk, he brings in guests from across trucking and cybersecurity for candid conversations, hot takes, and plenty of side quests. Grab a coffee and pull up a chair. Welcome to Shop Talk!
Refer a Colleague
Would you like others at your company to be added to the NMFTA Headline Newsletter email distribution list? Send them this link or fill out the form for them on their behalf below!