Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

2025 has been a summer of high-profile breaches. This post will focus on four notable and high-profile victims: Chanel, Google, Air France, and KLM. Although the companies and exact data sets differ, these breaches share a clear pattern: attackers compromised third-party CRM / customer-service platforms as part of a wider Salesforce-focused vishing/social-engineering campaign. From there, they exfiltrated customer-care records such as contact details, loyalty IDs, and customer-service email content.

This research explores an unconventional malware delivery vector, demonstrating how trusted creative software tools can be repurposed to deliver payloads in ways that bypass common defences, user expectations, and AI-based analysis. The work concludes with the creation of a successful Proof-of-Concept (PoC) for code execution and AV/EDR evasion using the open-source 3D software suite Blender.

‍ ‍Cyber risk quantification (CRQ) is the process of attributing numerical values to a cyber event's impact on an organization. When defined in financial terms, these values enable enterprises to assess and manage their cyber risks at the operational level.

‍Cyber risk quantification (CRQ) is the process of translating cyber intelligence, both organization-specific and external, into measurable business terms. Typical high-level outputs include Average Annual Loss (AAL), or a business's expected financial loss from cyber events, and the Annual Events Likelihood. With CRQ, cyber governance, risk, and compliance (GRC) leaders can also drill down into more granular metrics for additional, scenario-specific context.

Financial institutions face a harsh reality. As cyberattacks have become more sophisticated and move with greater velocity, a single incident can ripple across IT systems, payment networks, and customer accounts long before the organization can respond. The problem? Most security, fraud, IT operations, and risk teams still operate in silos. Each team monitors their own consoles, works from its own data, and follows its own playbooks.

In our recent webinar featuring Enterprise Strategy Group Principal Analyst, Tyler Shields, we discussed the widening gap between vulnerabilities organizations know about and what they can realistically fix. Most teams are swamped. Too much data, too many tools, and not enough people. Naturally, automation and AI come up as potential solutions. One comment from Tyler has stuck with me since watching and subsequently reviewing the webinar recording.

Today, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business.