Leveraging Knowledge to Manage Your Data Risks
Another recent victim of ShinyHunters is Instructure, the supplier of the Canvas learning management system, which disrupted the login portals of 330 colleges and universities during the critical college exam schedule.
According to Dataminr, ShinyHunters “claimed to have stolen 3.654TB of data affecting about 275 million individuals and 9,000 institutions worldwide.” The stolen data…
According to Cisco Talus researchers, phishing is the primary method threat actors use to gain unauthorized access to networks, accounting for more than one-third of all incidents in the first quarter of 2026. This increase is attributed to threat actors using legitimate AI tools to enhance phishing campaigns, particularly against health care and government sectors.…
On April 15, 2026, the Department of Justice (DOJ) announced that two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced for facilitating a North Korean IT worker scheme that compromised over 80 U.S. identities, with sentences of 108 and 92 months respectively, supervised release, and forfeiture orders.
The scheme involved the defendants operating “laptop…
A new, yet old, scheme has been quite successful and users should beware. If you get an account change message from Apple, be on high alert that it is fake and malicious.
According to Bleeping Computer, the scheme involves a threat actor using an Apple support email (e.g., appleid@id.apple.com) to send phishing emails to…
March was a busy month for former Black Basta affiliates who are using old social engineering techniques to target executives in the manufacturing, professional, scientific, and technical services industries. According to Reliaquest, the activity of the threat actors indicates that these sectors “were likely direct targets.”
According to its report, “Attackers are using automation…
According to Security Week’s recent article, “Stolen Logins Are Fueling Everything from Ransomware to Nation-State Cyberattacks,” cybersecurity firm Ontinue’s 2H 2025 Threat Intelligence Report, showcases that “Attackers aren’t breaking in anymore, they’re logging in.”
According to Ontinue’s Report, in the second half of 2025, “identity became the primary attack surface.” This means…
Mandiant recently issued its M-Trends 2026 Report, a must read for all cybersecurity professionals. The report provides several conclusions and insights, including that both nation states and run of the mill financially motivated threat actors are “integrating AI to accelerate the attack lifecycle.” These threat actors are “increasingly relying on large language models (LLMs) as…
Sophisticated vishing (voice phishing) attacks continue to target and victimize company call centers and help desks. Recently, a large ad tech company reported that customer information had been compromised as a result of a vishing attack. The company warns that the information obtained in the incident can be used by threat actors to conduct phishing…
Figure Lending, LLC, which markets itself as America’s #1 non-bank Home Equity Line of Credit lender, has been named in a proposed federal class action following a reported cyber incident that allegedly exposed customer personal information. Mardikian v. Figure Lending, LLC, 3:26-cv-00135 (W.D.N.C. Feb. 19, 2026). The complaint alleges that the company’s systems were…
On November 24, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert titled “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications,” which outlines how “multiple cyber threat actors” are “leveraging commercial spyware to target users of mobile messaging applications.”
The threat actors “use sophisticated targeting and social engineering techniques to…
