WiseTech CargoWise flaw raises global logistics cyber concerns
Security researchers have identified vulnerabilities in WiseTech Global’s CargoWise WebTracker software that they say could be exploited by hackers to compromise logistics companies around the world.
The flaws were found by researchers at Searchlight Cyber, who examined CargoWise WebTracker, a portal used by WiseTech customers to track shipments and related logistics activity. Their findings suggest the tool may expose more risk than a conventional tracking interface, with weaknesses that could allow attackers to gain unauthorised access and impersonate legitimate customers.
CargoWise is WiseTech’s flagship platform and is widely used across the freight forwarding, customs, warehousing and logistics sectors. Because the software is embedded in the operations of many companies, any weakness in its web facing components could have consequences beyond a single organisation.
According to the researchers, the vulnerabilities involve hardcoded master keys and broader design weaknesses. If exploited, these flaws could allow attackers to access systems without a valid password and assume the identity of real users. In a global logistics environment, that kind of access could potentially be used to gather sensitive shipment data, interfere with operations or support further attacks against customers and partners.
Searchlight Cyber researchers Patrik Grobshäuser, Shubham Shah, Adam Kues and Dylan Pindur published the findings and indicated that WiseTech was continuing work on further mitigations. Searchlight Cyber is understood to have been engaging with WiseTech over the issues. WiseTech has been contacted for comment.
The discovery comes at a sensitive time for WiseTech, which is undergoing a major workforce restructure. The company is cutting 2000 roles and replacing some functions with artificial intelligence, with founder and executive chairman Richard White and chief executive Zubin Appoo stating that AI can perform work previously done by people.
The case also highlights growing anxiety about the intersection of AI and cyber security. Security specialists have warned that increasingly capable AI models could help attackers automate reconnaissance, identify weak points and launch more sophisticated campaigns at scale. Those concerns have intensified following the launch of Anthropic’s Mythos model.
For logistics firms, the risks are especially acute. Supply chains rely on large volumes of shared data, interconnected software and time sensitive coordination between companies, ports, warehouses, carriers and customers. A compromised tracking portal could become a foothold for broader cyber activity, particularly if attackers can move from one trusted system into another.
The incident is a reminder that cyber security risk is not limited to internal networks. Third party platforms, customer portals, APIs and software supply chains can all create exposure. Businesses that depend on widely used technology providers need to understand how those systems are secured, how vulnerabilities are reported and how quickly patches or mitigations are applied.
Companies using CargoWise or similar logistics platforms should review access controls, monitor for unusual account activity and ensure staff are trained to recognise signs of credential misuse, phishing and suspicious system behaviour. Security teams should also ask vendors for clear guidance on available mitigations and keep records of any unusual activity linked to customer portals or shipment tracking systems.
As cyber threats become more sophisticated, technical controls alone are not enough. Human awareness remains one of the strongest defences against attacks that exploit trust, routine processes and overlooked weaknesses.
To strengthen your organisation’s cyber resilience, encourage your team to improve their skills with The Hack Academy’s online training programme. Its practical cyber security training can help staff recognise threats earlier, respond with confidence and reduce the risk of becoming the next target.