ShinyHunters Claims Cushman & Wakefield Breach

ShinyHunters claims Cushman & Wakefield breach, 500k Salesforce records at risk

ShinyHunters claims commercial real estate giant Cushman & Wakefield, alleging it stole a trove of sensitive corporate data as part of its widespread Salesforce hacking campaign.

The global real estate services firm was listed on ShinyHunters' victim blog on Sunday, alongside the ransomware gang’s typical pay-or-leak threats.

“Over 500k Salesforce records containing PII and other internal corporate data have been compromised,” the hackers wrote, without providing any proof samples of its handiwork.

The group gave Cushman & Wakefield three days to make contact and pay an undisclosed ransom demand, again following a fairly standard victim script.

Thousands of Facebook accounts stolen by phishing emails sent through Google

Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts.

The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control.

The attackers found a way to send phishing emails that come “through Google,” making them look legitimate at first glance. The emails are sent via Google’s AppSheet platform, so they pass the usual technical checks (SPF, DKIM, DMARC), and many email filters treat them as trusted.

Google AppSheet is a development platform that lets people build mobile and web apps without writing code. It can automate workflows and notifications, typically used to send app-driven alerts and internal updates.

And that’s where the phishers abused it. The sender name can be customized, and the sending address may look something like [email protected], delivered through appsheet.bounces.google.com. To the average user, it looks like a perfectly normal notification, in these cases often about Facebook policy violations, copyright complaints, or verification issues.

AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed

AI has become embedded in organizations, yet fewer than half have any form of AI safety or security policies in place, potentially leaving them exposed to data breaches, privacy failures and other cyber threats.

According to new research published by ISACA on May 5, 90% of digital trust professionals believe that employees in their organization use AI tools.

However, only 38% said their organization has a formal, comprehensive AI policy in place to manage use of AI tools, while 30% said they have a limited policy in place.

Despite the rise of AI in the workplace, 25% of organizations said they don’t have any policies in place around AI at all.

The lack of solidified policies around appropriate AI usage has resulted in the rise of Shadow AI, as employees use tools like LLMs to aid their day-to-day work. This, however, could lead to them sharing sensitive company information with AI models.

Have You Taken Steps to Prepare Your Privacy and Cyber Compliance for Quantum?

Quantum computing is on the near horizon. While leaders may have begun to prepare for the increase in computing capacity, many are not considering the very real – and very significant – privacy and data security law issues.

Quantum capabilities will change how businesses need to think about a host of legal issues in this space. Whether it is the potential to reidentify previously anonymous data, the creation of massive datasets to protect, or the threat to today’s encryption and identity systems, there are decisions to be made. And the decisions made today will be the story told tomorrow to regulators, boards and courts.

For senior leaders each privacy and security risk brings in three core questions. What, factually, is likely to occur? What are the legal risks and obligations? And how can those risks be mitigated?

Proofpoint’s 2026 report exposes disconnect between rapid AI rollout and weak security assurance

Cybersecurity and compliance company Proofpoint released its 2026 AI and Human Risk Landscape report 2026 AI and Human Risk Landscape report, which explores the widening gap between how quickly organizations are operationalizing AI and how prepared they are to secure and investigate the risks that follow. The global study examines how rapid AI adoption is transforming enterprise collaboration and exposing structural weaknesses in security controls and incident response.

AI is increasingly permeating organizations and is now operational across most functions, with deployments spanning customer support, internal messaging, email workflows, and third-party collaboration. 87% of organizations have deployed AI assistants beyond the pilot stage, and 76% are actively piloting or rolling out autonomous agents.

Yet while organizations are investing in AI tools and controls, many cannot confirm that those controls are effective, with 52% are not fully confident that their AI security controls would detect a compromised AI, and half of those with controls in place have already experienced a confirmed or suspected AI-related incident.

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security.

In the wake of the ClawdBot fiasco — the viral self-hosted AI assistant that’s averaging an eye-watering 2.6 CVEs per day — the Intruder team wanted to investigate how bad the security of AI infrastructure actually is.

To scope the attack surface, we used certificate transparency logs to pull just over 2 million hosts with 1 million exposed services. What we found wasn’t pretty. In fact, the AI infrastructure we scanned was more vulnerable, exposed, and misconfigured than any other software we've ever investigated.