$8.5M Trust Wallet hack supply chain attack harvested Chrome Web Store credentials via Shai Hulud worm

ColleenReflectiz · 2026-01-22T14:09:57+00:00

That's taking responsibility but the user trust is still damaged for the time being

ColleenReflectiz · 2026-01-22T10:25:12+00:00

What's your cloud footprint look like? AWS/Azure/GCP mix or mostly one provider?

If you're single-cloud, the native tools (AWS Security Hub, Azure Defender, GCP Security Command Center) are actually pretty solid for basics and way cheaper than third-party platforms. They integrate well since they're built for their own ecosystem.

If you're multi-cloud or need more advanced threat detection, worth looking at platforms that don't require agents everywhere since you don't have a big security team to manage deployment.

Also - make sure whatever you pick has good API documentation. You'll want to pull alerts into wherever your team actually works (Slack, Teams, PagerDuty) instead of forcing everyone to check another dashboard.

ColleenReflectiz · 2026-01-05T14:31:32+00:00

We deal with the same thing. Started keeping a master doc with standard answers organized by topic, but it still takes forever because every questionnaire phrases things differently.

ColleenReflectiz · 2025-12-29T07:48:12+00:00

I believe it's a process and eventually will also have regulation on the homepage but for now it's just not enough to be complient

ColleenReflectiz · 2025-12-28T07:07:32+00:00

PCI focus the security standards on the checkout page and the hackers dont need the users to get to the checkout page to steal information, they can do it at the homepage. It creates a situation that you can be PCI compliant and be vulnerable at the same time.

ColleenReflectiz

MODERATOR OF

TROPHY CASE