December 2025
NMFTA Cyber Intelligence Newsletter
The National Motor Freight Traffic Association, Inc. (NMFTA)™ has designed this monthly e-newsletter to arm you with intelligence, tools, and defense tactics. Each month we cover enterprise system and rolling asset security, trending reports, and more.
.png?width=400&height=400&name=3PageSpread-2026%20Cyber%20Report%20(1).png "3PageSpread-2026 Cyber Report (1)")
Introducing the 2026 Transportation Industry Cybersecurity Trends Report
Cyber threats no longer stop at the carrier’s door; they now extend across the entire transportation ecosystem. That’s why NMFTA’s annual Trucking Cybersecurity Trends Report has evolved into the 2026 Transportation Industry Cybersecurity Trends Report. This expanded edition reflects a critical reality: every stakeholder who touches freight movement—carriers, shippers, brokers, 3PLs, logistics platforms, and technology providers—is now part of the attack surface.
This year’s report provides a first look at the risks, tactics, and threat shifts that will define 2026. From AI-driven fraud schemes to the blending of physical and digital compromise, the findings are designed to help both executives and practitioners strengthen resilience before threats escalate.
Download the 2026 report and get the insights you need to stay ahead of next year’s cyber and freight-fraud landscape.
NMFTA Talks Freight Fraud, Cyber Risks with the CDL Files Podcast
In a new episode of The CDL Files, host Marilyn Surber sits down with NMFTA’s Executive Director Debbie Sparks and Senior Cybersecurity Research Engineer Ben Wilkens. Together, they unpack NMFTA’s mission, the fast-evolving cybersecurity landscape in trucking, and the growing vulnerabilities facing small and mid-sized fleets. Listen to the conversation and learn what every fleet needs to know about emerging cyber and freight fraud threats.
Your Monthly Webinars Delivered
Watch on Demand
The NMFTA cybersecurity team hosted guest speaker Melanie Padron, the vice president of strategic growth from IT ArchiTeks, and uncovered the top 10 cybersecurity gaps most frequently identified in fleet security assessments. Plus, they discussed how outdated assumptions about IT, managed service providers (MSPs), and cloud security are putting your company at risk.
2025 Conference Rewind & What's on the Horizon for 2026
Miss the Cybersecurity Event Everyone’s Still Talking About?Let’s Catch You Up
Cybersecurity isn’t a solo mission—it’s a full team effort. The latest recap from NMFTA 2025 Cybersecurity Conference dives into how industry leaders came together in Austin to tackle threats, build collaboration, and bring freight security into the spotlight.
Watch the Moments You Missed at This Year's Cybersecurity Conference
Get Ready 2026: Cybersecurity Conference Call for Abstracts Opens Soon
We’re gearing up for the 2026 NMFTA Cybersecurity Conference—the only event dedicated exclusively to cybersecurity in trucking and transportation. Our call for abstracts will open in early 2026, and we’re looking for impactful, practitioner-driven, real-world sessions that help fleets and industry partners strengthen resilience.
Stay tuned for the official announcement and start thinking about the insights, case studies, or research you may want to submit.
Interested in Attending in 2026?
Enter your email below to join the 2026 #NMFTACyber Conference mailing list to get early access to news on speakers, sessions, cyber insights, and more.
In This Month's Report...
Salesforce Discloses Unauthorized Access to Customer Data Via Compromised Gainsight-Published Applications
On November 19, 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their advisory, Salesforce indicated that they had notified affected customers directly, and that an investigation is ongoing. Salesforce has not yet provided details about the full scope of the malicious activity.
According to Salesforce, there is no evidence that this issue resulted from a vulnerability in the Salesforce platform itself. Instead, the source of the malicious activity is believed to be tied to Gainsight-published applications that are installed and managed by customers directly. In response, Salesforce revoked all active access and refresh tokens linked to these applications and temporarily removed them from the company’s AppExchange marketplace.
On November 20, 2025, Gainsight acknowledged on their status page that there had been connection failures for the Gainsight SFDC Connector in relation to this incident but has not provided any additional details at this time.
Akira Ransomware's SonicWall Campaign Creates Enterprise M&A Risk
The “Akira” ransomware group has been weaponizing vulnerabilities in SonicWall secure sockets layer (SSL) virtual private network (VPN) devices, revealing an overlooked threat for larger enterprises navigating mergers and acquisitions (M&A). These devices, widely used by small- and medium-sized businesses due to their affordability and ease of use, have become launchpads for Akira’s fast-spreading attacks.
ReliaQuest analyzed a series of Akira attacks between June and October 2025 that targeted SonicWall SSL VPN devices to uncover a troubling trend. In every incident, Akira operators gained a foothold in larger, acquiring enterprises by compromising SonicWall devices inherited from smaller, acquired business during M&A. In these cases, the acquiring enterprises were unaware that these devices existed in their new environments, leaving critical vulnerabilities exposed.
This isn’t just the usual story of hidden technologies slipping through the cracks during M&A. These attacks were part of a deliberate and targeted campaign against SonicWall devices, which are rare in larger organizations but common in smaller ones. Standard M&A due diligence is not enough. Security teams must proactively secure inherited technologies, prioritizing early visibility into new environments, like remote access tools, to address risky configurations and outdated credentials before attackers exploit them.
FortiWeb Authentication Bypass Vulnerability Exploited in the Wild
A relative path traversal vulnerability in Fortinet FortiWeb may allow an attacker to execute administrative commands on the system via crafted Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) requests. The vulnerability exists due to a flaw in the validation checks in the HTTP requests used to authenticate application programming interface (API) callers. By supplying a handcrafted HTTP_CGIINFO header, an attacker can impersonate any user, including the built-in admin, and inherit their full privileges. Fortinet has observed this to be exploited in the wild. Fortinet recommends disabling HTTP or HTTPS for internet facing interfaces until an upgrade can be performed. If the HTTP/HTTPS Management interface is internally accessible only as per best practice, the risk is significantly reduced.
HashJack—Novel Indirect Prompt Injection Against AI Browser Assistants
A newly discovered technique called HashJack shows how attackers can hide malicious commands inside a URL fragment—and trick AI-powered browsers into doing their bidding. That means any legitimate website, even one you trust, could be weaponized. Read the article below and learn how this threat works and why anyone using AI assistants needs to stay alert.
5 Ways Cybercrime Has Become a Subscription Business
Cybercrime is evolving—and now, attackers are running businesses much like legitimate “as-a-service” companies. The new “subscription model” of phishing, data theft, and access-sharing makes securing your systems more critical than ever. Read how this shift increases risk and what you can do to fight back.
.png?width=486&height=486&name=Pen%20Test%20Logo%20(1).png "Pen Test Partners Logo")
Exploiting AgTech Connectivity to Corner the Grain Market
As farming goes digital, so do the risks—attackers could exploit connected ag-tech to manipulate yield data and game the grain market. Read how those vulnerabilities work and why security matters not just for farms, but for the entire supply chain.
Cybercrime Groups Team with Organized Crime in Massive Cargo Theft Campaign
Cybercrime rings are teaming up with organized theft gangs to hijack huge volumes of cargo using remote-access tools against trucking and freight firms. Read as NMFTA's Artie Crawford sounds off in this recent article which uncovers startling numbers, undercover tactics, and real danger for your supply chain.
The State of Cybersecurity in the Supply Chain | Check Call
Watch as NMFTA's Joe Ohr chats all things cybersecurity with FreightWaves Check Call's Mary O'Connell. Tune in as they discuss how to vet vendors, demand pen test results and avoid weak links; why AI is both the threat and the solution; the importance of creating a culture of cybersecurity across the supply chain, and much more.
Cybersecurity & Cargo Crime: Reducing Risk for Carriers | NMFTA's Ben Wilkens
Don’t miss this discussion as NMFTA cybersecurity expert Ben Wilkens joins on-air personalities Dave Nemo and Jimmy Mac to explore real-world cargo crime risks and proactive strategies to protect your fleet. Watch now and learn how to strengthen your defenses against evolving threats.
Refer a Colleague
Would you like others at your company to be added to the NMFTA Headline Newsletter email distribution list? Send them this link or fill out the form for them on their behalf below!