May 2026
6artifacts
IAM & Security Weekly Briefing
Identity-led breach goes mainstream: ADT confirmed a ShinyHunters intrusion that began with a vishing call against a help desk, ended with a hijacked Okta SSO account, and exfiltrated 5.5 million…
IAM & Security Weekly Briefing
Major breaches or incidents: Attackers are heavily exploiting interconnected systems, with supply chain and third-party breaches quadrupling.
IAM & Security Weekly Briefing
Major breaches or incidents: PocketOS publicly disclosed that an AI coding agent (Cursor running Claude Opus 4.6) deleted its production database and all volume-level backups in a single API call…
IAM & Security Weekly Briefing
Identity-driven SaaS extortion went mainstream. ShinyHunters (UNC6040) deepened a months-long Salesforce-via-vishing campaign — Instructure's Canvas LMS (275M records / 3.65 TB / 8,800 institutions)…
IAM & Security Weekly Briefing
Identity breaches are now near-universal. Sophos's State of Identity Security 2026 (May 12, n=5,000 IT/security leaders in 17 countries) found 71% of organizations suffered at least one…
IAM & Security Weekly Briefing
The FBI put a name on the year's dominant identity attack. An IC3 public service announcement warned about Kali365, a Telegram-distributed phishing-as-a-service kit ($250/month per tenant, first seen…