Linn Foster Freedman

Mandiant recently issued its M-Trends 2026 Report, a must read for all cybersecurity professionals. The report provides several conclusions and insights, including that both nation states and run of the mill financially motivated threat actors are “integrating AI to accelerate the attack lifecycle.” These threat actors are “increasingly relying on large language models (LLMs) as a strategic force multiplier to move beyond mass email campaigns toward hyper-personalized, rapport-building, social engineering.”

The Federal Bureau of Investigation (FBI) recently released a FLASH warning highlighting malicious cyber activity conducted by threat actors operating on behalf of Iran’s Ministry of Intelligence and Security.

While a good friend of mine was recently traveling, his flight was cancelled and he was booked on a new flight the next day. He travels a lot and he decided to use some of his hotel loyalty points to stay over at the hotel adjacent to the airport. Checking in, he discovered that more than a million miles had been stolen from his account. It was obviously very distressing, so he asked me to write about it to warn others of this fraud and how it can be prevented.

In a recently released report titled Cybersecurity in Global Sport: Threats, Signals, and Strategic Implications for a Digitized Industry, cybersecurity firm Darktrace has outlined “the current challenges the global sporting sector faces and…forward-looking views on future challenges as AI increasingly becomes adopted across the sector.”

I apologize that this post is not light reading. It’s critically important to know what the threats are so you can avoid becoming a victim. Although disconcerting, it is crucial to know what has happened in the first half of this year. TechCrunch recently issued a report outlining the worst breaches of 2026—so far:

If you are a Signal user, be on the alert for a new phishing campaign that attempts to steal recovery keys used to access cloud backups. If successful, the attackers could have access to entire message archives, conversations, photos and documents shared through the Signal platform. Signal is often used for highly sensitive communications, so the threat is real and could be significant.

On May 27, 2026, Connecticut Governor Ned Lamont signed Senate Bill 5 (“the Bill”) into law, creating a broad framework for artificial intelligence oversight in the state. The Bill reaches beyond any single category of AI use and touches consumer disclosures, employment tools, AI companions, synthetic media, workforce issues, state agency AI use, and privacy-related governance. The law is relevant not only to technology companies, but also to employers and businesses in Connecticut that use AI-enabled tools in their ordinary operations.

A new report by Wired states that customer data from “more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.” According to the report, travelers’ information and booking data may have been stolen from the hotels and are being used by threat actors to launch social engineered phishing schemes.

As you can tell, I am obsessed with Verizon’s Data Breach Investigations Report. It is worthy of full immersion, and I am picking it apart with precision (here and here). I always spend a lot of time delving into it as it informs and confirms strategies to assist others with prevention and resilience.

Verizon recently published its 2026 Data Breach Investigations Report, which is full of helpful information for cybersecurity professionals to implement strategies for protection of systems. For a summary, click here.