Security · 1h ago
KDDI Zero-Day Supply Chain Attack Hits 12M ISP Email Users
A zero-day vulnerability in a third-party email system allowed attackers to breach KDDI's ISP infrastructure, compromising 12 million customer accounts. The attack exploited legacy software integration gaps, enabling lateral movement and data exfiltration of billing records and credentials. This incident underscores persistent risks in telecom supply chains where third-party systems operate under different patch cycles.
Meridian48 take
The breach is a textbook supply chain attack, but the real story is how telecoms continue to neglect isolation of legacy third-party systems despite repeated warnings.
supply-chain-attackzero-day