It was too cold to take off my mittens and check Google Maps so I put my faith in the trickle of bundled-up people ahead of me. All of them were carrying signs and wearing whistles around their necks on top of layers and layers of winter clothing. At first there were dozens of us walking toward Government Plaza, across the street from Minneapolis City Hall, and within a block it was hundreds. By the time I arrived it was thousands. Some reports said five to ten thousand, but on the ground, it felt like a single vibrating mass that was too large to count.

I made my way through the throng, repeating “excuse me” and “pardon me” despite the din because the people here are above all else unfailingly polite. Someone offered me a “Fuck ICE“ pin. Someone else offered me a chocolate-chip cookie. Another offered me a red vuvuzela. All three declined to be named or interviewed.

Friday, January 30 was the second general strike in the Twin Cities since federal immigration officers killed Alex Pretti. This one was reportedly organized by Somali and Black student groups at the University of Minnesota. Unlike the first strike, held last week and endorsed by local unions, this Friday’s was more hastily organized than the first economic blackout. I heard murmurs of lower turnout this time around, which was difficult to square with the fact that the plaza was so crowded that I didn’t understand how more people could possibly fit. And yet Minnesotans kept coming. The light-rail car pulled in and through the windows I saw the people inside were standing shoulder to shoulder, and they poured out and somehow filled space that wasn’t there.

They chanted: “No more Minnesota nice, Minneapolis will strike.”

Unlike the ongoing protests outside the Whipple Federal Building, the staging area from which ICE agents depart in unmarked cars to hunt down immigrants, the mood at the City Hall rally was almost jubilant, despite the under-current of outrage and terror that is present everywhere here. At Whipple, people jeer and yell at federal agents and local sheriff’s deputies alike, and their taunts are often met with flash bangs and pepper spray. Today, there appeared to be no such danger at the City Hall rally, but if the people of Minneapolis have learned anything over the past few weeks, it’s that danger lurks around every corner. You can be sitting in your car and be killed by a federal agent. You can be doing ICE watch and be killed by a federal agent. You can be protesting that killing and be arrested by federal agents. You can be walking or driving to work and be snatched by a federal agent. You can blow a whistle to alert your neighbors that federal agents are snatching someone off the street, and you’ll end up, at the very least, pepper sprayed by a federal agent. Medics milled about, prepared for the worst.

Helicopters circled overhead. Volunteer marshals in neon vests, stationed at nearly every entrance and street corner, directed the crowd. One warned me about the ice; I didn’t hear her and slipped, but a woman behind me caught my fall.

Cargo theft is no longer just about stolen trucks and forged paperwork. Over the past year, security researchers have been warning that hackers are increasingly targeting the technology behind global shipping, quietly manipulating systems that move goods worth millions of dollars. 

In some cases, organized crime groups use hacked logistics platforms to redirect shipments, allowing criminals to steal goods without ever setting foot in a warehouse. One recent case involving a critical U.S. shipping technology provider shows just how exposed parts of the supply chain have been, and for how long.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter     

A key shipping platform was left wide open

CRIME RINGS, HACKERS JOIN FORCES TO HIJACK TRUCKS NATIONWIDE, FUELING MAJOR HOLIDAY SHIPPING SECURITY FEARS

The company at the center of this incident is Bluspark Global, a New York-based firm whose Bluvoyix platform is used by hundreds of companies to manage and track freight moving around the world. While Bluspark isn’t a household name, its software supports a large slice of global shipping, including major retailers, grocery chains and manufacturers.

For months, Bluspark’s systems reportedly contained basic security flaws that effectively left its shipping platform exposed to anyone on the internet. According to the company, five vulnerabilities were eventually fixed, including the use of plaintext passwords and the ability to remotely access and interact with the Bluvoyix platform. These flaws could have given attackers access to decades of shipment records and customer data.

Bluspark says those issues are now resolved. But the timeline leading up to the fixes raises serious concerns about how long the platform was vulnerable and how difficult it was to alert the company in the first place.

How a researcher uncovered the flaws

Security researcher Eaton Zveare discovered the vulnerabilities in October while examining the website of a Bluspark customer. What started as a routine look at a contact form quickly escalated. By viewing the website’s source code, Zveare noticed that messages sent through the form passed through Bluspark’s servers using an application programming interface, or API.

From there, things unraveled fast. The API’s documentation was publicly accessible and included a built-in feature that allowed anyone to test commands. Despite claiming authentication was required, the API returned sensitive data without any login at all. Zveare was able to retrieve large amounts of user account information, including employee and customer usernames and passwords stored in plaintext.

Worse, the API allowed the creation of new administrator-level accounts without proper checks. That meant an attacker could grant themselves full access to Bluvoyix and view shipment data going back to 2007. Even security tokens designed to limit access could be bypassed entirely.

Why it took weeks to fix critical shipping security flaws

One of the most troubling parts of this story isn’t just the vulnerabilities themselves, but how hard it was to get them fixed. Zveare spent weeks trying to contact Bluspark after discovering the flaws, sending emails, voicemails, and even LinkedIn messages, without success.

With no clear vulnerability disclosure process in place, Zveare eventually turned to Maritime Hacking Village, which helps researchers notify companies in the shipping and maritime industries. When that failed, he contacted the press as a last resort.

Only after that did the company respond, through its legal counsel. Bluspark later confirmed it had patched the flaws and said it plans to introduce a formal vulnerability disclosure program. The company has not said whether it found evidence that attackers exploited the bugs to manipulate shipments, stating only that there was no indication of customer impact. It also declined to share details about its security practices or any third-party audits.

10 ways you can stay safe when cyberattacks hit supply chains

Hackers can break into a shipping or logistics platform without you ever realizing your data was involved. These steps help you reduce risk when attacks like this happen.

1) Watch for delivery-related scams and fake shipping notices

After supply chain breaches, criminals often send phishing emails or texts pretending to be shipping companies, retailers, or delivery services. If a message pressures you to click a link or “confirm” shipment details, slow down. Go directly to the retailer’s website instead of trusting the message.

2) Use a password manager to protect your accounts

If attackers gain access to customer databases, they often try the same login details on shopping, email, and banking accounts. A password manager ensures every account has a unique password, so one breach doesn’t give attackers the keys to everything else.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

3) Reduce your exposed personal data online

Criminals often combine data from one breach with information scraped from data broker sites. Personal data removal services can help reduce how much of your information is publicly available, making it harder for criminals to target you with convincing scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Run strong antivirus software on your devices

Strong antivirus software can block malicious links, fake shipping pages, and malware-laced attachments that often follow high-profile breaches. Keeping real-time protection enabled adds an important layer when criminals try to exploit confusion.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

HUGE DATA LEAK EXPOSES 14 MILLION CUSTOMER SHIPPING RECORDS

5) Enable two-factor authentication wherever possible

Two-factor authentication (2FA) makes it much harder for attackers to take over accounts, even if they have your password. Prioritize email, shopping accounts, cloud storage and any service that stores payment or delivery information.

6) Review your account activity and delivery history

Check your online shopping accounts for unfamiliar orders, address changes, or saved payment methods you don’t recognize. Catching changes early can prevent fraud from escalating.

7) Consider identity theft protection

Identity theft protection services can alert you to suspicious credit activity and help you recover if attackers access your name, address or other personal details. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

8) Place a free credit freeze to stop new fraud

If your name, email, or address was exposed, consider placing a credit freeze with the major credit bureaus. A freeze prevents criminals from opening new accounts in your name, even if they obtain additional personal data later. It’s free, easy to lift temporarily, and one of the most effective steps you can take after a breach. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

9) Lock down your shipping and retailer accounts

Review the security settings on major shopping and delivery accounts, including retailers, grocery services and shipping providers. Pay close attention to saved delivery addresses, default shipping locations and linked payment methods. Attackers sometimes add their own address quietly and wait before making a move.

10) Businesses should review third-party logistics access

If you run a business that relies on shipping or logistics platforms, incidents like this are a reminder to review vendor access controls. Limit administrative permissions, rotate API keys regularly, and confirm vendors have a clear vulnerability disclosure process. Supply chain security depends on more than just your own systems.

Kurt’s key takeaway

Shipping platforms sit at the intersection of physical goods and digital systems, making them attractive targets for cybercriminals. When basic protections like authentication and password encryption are missing, the consequences can spill into the real world, from stolen cargo to supply chain disruption. The incident also highlights how many companies still lack clear, public ways for researchers to report vulnerabilities responsibly.

Do you think companies that quietly power global supply chains are doing enough to protect themselves from cyber threats?  Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.