Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scammers are using legitimate hotel booking details to craft targeted phishing attacks, WIRED reports. Victims are far more likely to fall for a phishing attack if a message contains real information that they wouldn’t expect a scammer to know. According to researchers at Norton, this phishing campaign is targeting customers of at least 350 hotels and vacation rentals across 50 countries.

Scammers are taking advantage of the conflicts in the Middle East and Ukraine to exploit people’s emotions, according to researchers at ESET. “Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings,” ESET says. “Legitimate charities may solicit donations to help their efforts to support innocent citizens caught in the crossfire.

Scammers are increasingly targeting athletes with advanced social engineering attacks, the Guardian reports. The Guardian cites a recent report from Ernst & Young that found that athletes and teams have lost nearly $1 billion to fraud over the past twenty years, and more than 40% of these losses were reported in the past six years.

Mobile devices are becoming the highest‑trusted endpoints that are the least protected. They approve logins. They hold authentication apps. They carry email, collaboration, and business applications. And they travel everywhere your workforce travels: across corporate networks, home Wi‑Fi, airports, hotels, and cafés. That combination (high trust plus constant movement) is why mobile has become such a reliable entry point for credential theft and account takeover.

The pace is not slowing down. Between May 18 and June 1, 2026, four distinct supply chain campaigns swept through npm, PyPI, Crates.io, GitHub Actions, and Composer.

Picture this: Your payments team starts the week with what looks like a routine performance review. Authorization rates are slightly off. A handful of merchants are seeing more retries than usual. Declines are climbing in one segment of the portfolio. But nothing looks catastrophic…yet. Then the warning signs start stacking up. An AI-driven BIN attack has quietly pushed enumeration activity higher. A few merchants are generating abnormal dispute patterns.

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

I recently wrote about how today’s cyber risk is defined less by breakthrough innovation and more by the industrialization of existing weaknesses. Given this, I wanted to dig a little deeper. Over a weekend I conducted some analysis on a longitudinal Aggregate Cyber Risk Index that scores six core threat vectors daily for 1,000 days on a 0–100 scale, drawing on six macro categories.

Every company has a version of the same thing. Sometimes it’s a security wiki. Sometimes it’s a Confluence page. Sometimes it’s a PDF nobody wants to update.

According to Bitsight Threat Intelligence, NoName057(16) remains one of the most visible pro-Russian hacktivist groups conducting distributed denial-of-service (DDoS) attacks against countries and organizations perceived as supporting Ukraine. This matters because the risk can extend beyond direct business ties to Ukraine, and the group may also target organizations that do business with vendors, suppliers, partners, or service providers perceived as supporting Ukraine.