A service disruption at Kestralyn Solutions, a Canadian company that provides cloud-based software used by businesses to manage supply chains, inventory, and delivery operations, unfolded on New Year’s Day, a period when many staff were on holiday and routine monitoring was operating under reduced coverage.

According to information reviewed by ODTN News, the incident followed a scheduled update to an automated cloud workflow responsible for managing infrastructure scaling and system health. The change was implemented through standard processes late on December 31 and initially appeared to function as expected.

In the early hours of January 1, customers began experiencing intermittent service disruptions and delayed system responses. Internal automation processes behaved inconsistently across regions, but with limited staff on duty, the issue was not immediately recognized as a systemic failure.

Investigators later determined the disruption was not the result of unauthorized access or malicious activity. Instead, a conflict between automated scaling logic and existing resource governance policies caused infrastructure resources to cycle repeatedly. The activity was technically valid and generated no security alerts, allowing the issue to persist longer than it otherwise might have during normal operating hours.

Operations teams on call initially interpreted the issue as a temporary performance fluctuation, a common occurrence during holiday traffic shifts. Without clear indicators of a broader control-plane failure, escalation was delayed until full staffing levels resumed later in the day.

By the time engineers isolated and corrected the automation workflow, multiple customer-facing services had been affected. The company later confirmed there was no data compromise but acknowledged that reduced staffing and limited cross-team visibility contributed to the delayed response.

Industry analysts say incidents occurring during holidays and long weekends are increasingly common, as cloud environments continue to operate at full scale even when organizations do not. Automation, while essential for managing modern infrastructure, can amplify small configuration issues when human oversight is limited.

The New Year’s Day incident at Kestralyn highlights a broader operational challenge facing many organizations. As reliance on cloud automation grows, preparedness can no longer assume full staffing or ideal conditions. Systems fail on holidays, during weekends, and in the early hours often when teams are least equipped to respond quickly.

For organizations entering 2026, the lesson is not simply about improving security controls, but about ensuring resilience during the moments when attention is lowest and systems are expected to run on their own.

Watching the perimeter — and what slips past it. — Ayaan Chowdhury

What began as a city-wide transit outage on December 4th has now become one of the most unsettling closing chapters of 2025.

As systems were gradually restored and commuters returned to platforms across the city, ODTN News received an anonymous message through its secure tip line. The message was brief, unverified, and deeply concerning:

“This isn’t over.”

Authorities have not confirmed the source of the message, nor whether it is directly linked to the transit disruption. But in the context of the past year, the warning has struck a nerve across the cybersecurity and emergency preparedness community.

The transit outage was not an isolated event. Throughout 2025, Canada experienced a string of disruptive incidents affecting critical systems once assumed to be resilient:

• Power grid instability impacting multiple regions

• Supply chain disruptions causing shortages and delays

• Transit shutdowns that stranded thousands of commuters

• Cascading technology failures that blurred the line between cyber and physical risk

Individually, each incident was treated as manageable. Collectively, they tell a different story…one of systems under sustained pressure, probing, and stress.

Several experts have raised concerns that these events resemble testing behaviours, where attackers observe response times, communication breakdowns, and public reaction rather than seeking immediate destruction.

Security analysts warn that the most dangerous outcome is not the attacks themselves, but the normalization of disruption.

“Each time we recover without meaningful reflection or preparation, we signal that disruption is acceptable,” said one crisis response advisor familiar with multiple 2025 incidents. “That’s what invites escalation.”

While investigations continue into the December transit outage, there is growing concern that Canada’s focus has leaned too heavily on response, restoring services quickly without equal investment in training, coordination, and realistic crisis preparation.

Across government agencies, private operators, and critical infrastructure providers, one issue keeps surfacing: many teams are encountering these scenarios for the first time during the crisis itself.

Experts argue that tabletop exercises, simulations, and cross-sector drills are no longer optional. They are essential tools to expose gaps before real-world consequences unfold.

Crisis preparation isn’t about predicting the exact next incident. It’s about ensuring leaders, operators, and communicators know how to function when uncertainty is high, information is incomplete, and public trust is on the line.

The anonymous message sent to ODTN News remains under review. Whether it was a provocation, a bluff, or something more deliberate is still unknown.

What is known is this: 2025 has revealed how interconnected and vulnerable Canada’s systems have become. Power, transit, supply chains, and digital infrastructure no longer fail in isolation. When one stumbles, others feel the impact.

As the country moves into 2026, the question is no longer if another disruption will occur, but whether organizations will be better prepared when it does.

Because if the message is true, if this really isn’t over then training, coordination, and crisis readiness may be the difference between disruption and disaster.

Watching the perimeter — and what slips past it. — Ayaan Chowdhury

TORONTO, ON —

Commuters across the Greater Toronto Area are being urged not to scan a series of unauthorized QR codes that have appeared in and around multiple STS Transit stations this week. The posters, designed to look like official transit communications, promise “real-time train routing” amid ongoing service instability but cybersecurity experts say the codes actually redirect users to a malicious app that harvests personal data.

The flyers began appearing late Tuesday evening at stations in Toronto, Mississauga, Brampton, and Scarborough. Many were placed near ticket machines, station entrances, and shelters along busy commuter corridors. Their design closely mimics the colour scheme and typography of siberX Transit Systems (STS), making them nearly indistinguishable from legitimate service notices.

Security analysts consulted by ODTN say the QR codes lead to a third-party website prompting users to download an app claiming to provide “accurate route paths” during the city’s ongoing transit disruptions.

Once installed, the app immediately requests extensive device permissions — including access to contacts, location, notifications, and in some cases, stored passwords.

“This is deliberate social engineering,” said cybersecurity researcher Dr. Lena Harcourt.

“Attackers are exploiting a moment of public confusion by offering what appears to be a helpful tool. In reality, it’s a data siphon.”

Preliminary analysis shows the app transmits user information to servers registered offshore. Investigators believe the operation is linked to a broader pattern of opportunistic cyber activity that has emerged since the STS outage began.

Several commuters told ODTN they scanned the code assuming it was part of STS’s interim communication strategy.

“It looked real — same colours, same layout,” said one Brampton commuter.

“We’re all desperate for accurate info right now. That’s why people fall for this.”

Others reported seeing younger riders handing out cut flyers outside stations last night, though it remains unclear whether those individuals were aware of the scam.

STS issued a statement early Wednesday condemning the unauthorized signage and urging riders not to scan any QR codes found outside official channels.

“STS does not distribute routing information through QR posters,” the agency’s statement read.

“These materials are fraudulent and are currently under investigation.”

The incident adds another layer of complexity to a transit system already grappling with conflicting service alerts, communication failures, and worsening public mistrust.

“Criminal actors know when a city is vulnerable,” said Harcourt.

“Every gap in information becomes an opportunity for exploitation.”

Authorities are urging anyone who downloaded the suspicious app to delete it immediately, perform a device security scan, and monitor accounts for unusual activity.

What Riders Should Do

• Do not scan any transit-related QR codes found outside official STS channels.

• Confirm updates only through the official STS app, website, or verified social media accounts.

• Report suspicious posters to station staff or authorities.

• Remove any unknown app installed after scanning a QR code.

ODTN will update this story as more details become available.

Watching the perimeter — and what slips past it. — Ayaan Chowdhury