Threat-Intelligence

Every year, Verizon publishes the Data Breach Investigations Report, and every year the security community either over-indexes on a single headline or buries the thing in a drawer. The 2026 edition — the 19th — deserves neither treatment. Based on 31,000+ incidents and 22,000+ confirmed breaches across 145 countries, this is the largest dataset the DBIR has ever analyzed, and the findings have real operational implications for defenders at every level. ...

When most people think about phishing, they picture a fake login page harvesting credentials. Device code phishing doesn’t work that way. There’s no spoofed domain. No credential harvesting. No malware. The victim authenticates against real Microsoft infrastructure, completes their MFA challenge, and hands an attacker a fully valid Bearer token — all without knowing anything unusual happened. ...

ShinyHunters didn’t hack Salesforce. That distinction matters. Across three separate campaigns spanning mid-2025 through early 2026, the group — tracked by security researchers as UNC6040 and UNC6395 — systematically exploited how organizations configure, connect, and authenticate into Salesforce. The platform’s infrastructure was never the vulnerability. The integrations, the OAuth flows, and the guest user permissions were. ...

When I published my original piece on the Canvas breach back on May 9th, Instructure was publicly claiming the situation was contained. It wasn’t. Since then, ShinyHunters hit Canvas a second time through the same unpatched vulnerability, defaced login pages at hundreds of institutions, and ultimately extracted a ransom payment from Instructure, the amount of which has never been disclosed. As of May 12th, 2026, the story is closed. Sort of. Here’s everything that happened and what it means. ...

What I Built and Why Most threat intelligence dashboards are either expensive enterprise platforms or simple embeds pulling from someone else’s API. Neither felt right for a portfolio — one costs money, the other doesn’t demonstrate anything about your actual capabilities. ...