Insights

May 2026 Cyber Threat Brief: Identity, Supply Chains, and the Growing Speed of Risk The cybersecurity landscape continued evolving rapidly throughout May, with several developments reinforcing a trend that has been building for years. Attackers are increasingly targeting trust itself. Rather than relying solely on malware or credential theft, threat actors are focusing on authentication systems, software supply chains, trusted platforms, and the relationships organizations depend on every day. At the same time, advances in AI and automation continue to shorten the time between vulnerability discovery and exploitation, creating additional pressure on security teams. Here are the key themes that emerged during May. Identity Is Becoming the Primary Attack Surface The FBI issued warnings regarding Kali365, a phishing-as-a-service platform designed to target Microsoft 365 environments through token theft and device-code authentication abuse. These attacks reflect a broader shift away from traditional password theft. Instead, attackers are increasingly targeting: Authenticated sessions…

Critical Path Security has announced the development of a new AI-driven OT Digital Twin Engine designed to combine graph-based attack-path analysis, deterministic simulation, and Large Language Model-assisted reasoning to evaluate industrial environments without actively interacting with production systems. The platform was developed in response to a growing problem across Operational Technology and critical infrastructure environments: traditional assessment methodologies were never designed for fragile industrial systems that cannot safely tolerate aggressive scanning, enumeration, or exploitation activity. In many OT environments, a malformed packet can disrupt operations. A vulnerability scan against an aging PLC or RTU can destabilize communications. A failed authentication attempt can interfere with emergency operational access. The consequence of intrusive testing inside industrial infrastructure is fundamentally different than in enterprise IT environments. The new Digital Twin Engine was architected around a different model. Rather than interrogating live systems directly, the platform ingests existing operational and security artifacts already maintained…

This week, news broke that cybercriminals targeted the popular education platform Canvas, impacting schools and universities across the country, including organizations here in metro Atlanta. According to reports, attackers may have accessed user data including names, email addresses, and private messages within the platform. I spoke with WSB-TV Channel 2 Atlanta about the incident and what it means for parents, schools, and students moving forward. The reality is simple: educational platforms have become high-value targets for cybercriminals. Schools hold enormous amounts of sensitive information, and unlike many enterprises, they often operate with limited security staffing and constrained budgets. What makes this incident particularly concerning is not just the exposure of names or email addresses. It's the potential misuse of private communications and student-related information. When attackers gain access to communication platforms used daily by students and teachers, the risks quickly move beyond technology and into personal safety, social engineering, harassment,…

Monthly Threat Brief: What Shaped Cyber Risk in April 2026 Cyber risk in April wasn't defined by a single event, it was shaped by patterns. Across environments, attackers are continuing to shift how they operate - leaning into trusted tools, valid access, and speed. This month's developments highlight a clear reality: the attack surface isn't just expanding, it's blending into normal business activity in ways that are harder to detect and easier to overlook. Here's what stood out. Social Engineering Is Moving Into Everyday Tools Phishing hasn't gone away, it's just changed form. Instead of relying solely on email, attackers are now initiating conversations through platforms employees already trust, like collaboration and messaging tools. By impersonating internal IT or helpdesk personnel, they're able to guide users into launching legitimate remote support tools and granting access themselves. Because these interactions happen in familiar environments and follow what looks like normal workflow,…