WiseTech hacker launch-pad ‘fixed’

By the Editorial Team · Monday, June 29, 2026

Security researchers discovered and helped fix critical security flaws in WiseTech Global’s CargoWise WebTracker that could have allowed hackers to access sensitive data and use the platform to launch broader cyberattacks on logistics companies. WiseTech has retired WebTracker in favor of a more secure platform and is undergoing major workforce reductions while facing ongoing investigations and security challenges amid growing concerns over AI-driven cyber threats.

Security researchers have identified and helped rectify critical vulnerabilities in WiseTech Global’s CargoWise WebTracker software, which potentially could have allowed hackers to exploit the platform as a “launch pad” for cyberattacks targeting thousands of logistics firms worldwide.

The security flaws were uncovered by Searchlight Cyber researchers, who reported that the weaknesses in WebTracker’s design and the presence of hardcoded master keys could enable unauthorized access without a password. This would allow attackers to impersonate legitimate customers and partners, access detailed information about trading relationships, enumerate staff contacts, and download sensitive shipment documents and financial records. In a worst-case scenario, attackers might have been able to execute code on underlying servers, potentially using the logistics system as a gateway into corporate networks across the supply chain.

Searchlight Cyber researchers Patrik Grobshauser, Shubham Shah, Adam Kues, and Dylan Pindur said these vulnerabilities posed a significant risk because WebTracker connects numerous organizations within complex supply chains. By compromising a single portal, attackers could expose data across multiple companies and their customers, making it a lucrative target for cyber criminals interested in logistics and high-value cargo.

WiseTech confirmed the vulnerabilities had been addressed with a security patch and stated there was no evidence that the flaw had been exploited maliciously. The company also noted that WebTracker has been retired and is no longer supported, encouraging customers to migrate to CargoWise Neo, a newer and more advanced platform to replace the older system. WiseTech said nearly all customers had transitioned to this updated software.

Amid these security concerns, WiseTech is undergoing significant operational changes, including cutting approximately 2,000 jobs—around 30 percent of its global workforce—with reductions affecting its Australian, Mexican, and South Korean offices. The company’s founder and executive chairman, Richard White, and CEO, Zubin Appoo, have defended the decision to replace many roles with artificial intelligence (AI), emphasizing the technology’s 24/7 availability and cost efficiency. However, the job cuts have triggered backlash among employees, and the company confirmed that police are investigating violent threats made against Appoo, including a handwritten note containing personal information and offensive remarks directed at his family.

WiseTech’s stock price has declined more than 70 percent over the past year amid ongoing scandals and allegations involving Mr. White. Among these is an Australian Federal Police investigation into claims made by Kathy Phelan, a former executive at a related company, Kyckr. Phelan alleges that White was deceptive about the employment visa status of Caroline Heidemann, who had worked for his family office after being made redundant from WiseTech in 2020. White has denied these allegations, and no conclusions have been drawn by authorities at this stage.

The revelations about the software vulnerabilities come amid broader concerns over AI’s role in escalating the sophistication of cyber threats following recent developments such as the launch of Anthropic’s Mythos model, illustrating the rapidly evolving cybersecurity landscape facing logistics and technology firms alike.

This article was reported by synthesizing coverage from multiple independent news outlets to present a balanced, unbiased account. Read about our editorial standards. Spotted an error? Let us know.