惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
N
News and Events Feed by Topic
P
Privacy International News Feed
The Hacker News
The Hacker News
Schneier on Security
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA
Security Latest
Security Latest
L
LINUX DO - 最新话题
阮一峰的网络日志
阮一峰的网络日志
Cisco Talos Blog
Cisco Talos Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
The Cloudflare Blog
博客园 - 【当耐特】
博客园 - Franky
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
月光博客
月光博客
D
Docker
Webroot Blog
Webroot Blog
The GitHub Blog
The GitHub Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
W
WeLiveSecurity
S
Security Affairs
Martin Fowler
Martin Fowler
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Archives - TechRepublic
Security Archives - TechRepublic
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
B
Blog
L
Lohrmann on Cybersecurity
T
Threatpost
量子位
S
Schneier on Security
V
Visual Studio Blog
S
Securelist
T
The Exploit Database - CXSecurity.com
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
I
Intezer
Stack Overflow Blog
Stack Overflow Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
小众软件
小众软件
罗磊的独立博客
雷峰网
雷峰网
Recorded Future
Recorded Future

BH Consulting

Ireland's EU Presidency Will Put Cyber Risk in the Spotlight. Are Irish Boards Ready? ‘Fighting Back’ Against AI Audits EU Cybersecurity Act 2.0: When good regulation goes bad People, Psychology, and Privacy Principles: Cybercrime, Scams, and AI Through a Human Lens Tell me a Story: How to Prepare a Cybersecurity Programme for Mythos Lessons for Irish Organisations from the Verizon 2026 Data Breach Investigations Report (DBIR) Embarking on a digital transformation journey is rarely without cyber risk Hiring – Data Protection Consultant Security Roundup April 2026 An expert guide to removing the blame game in cyber security Why I’m done calling humans the weakest link Security Roundup March 2026 How an Iranian-backed group crippled Stryker’s Irish HQ with a ‘wiper’ cyberattack
Security Roundup May 2026
admin · 2026-05-26 · via BH Consulting

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Verizon DBIR spotlights software vulnerabilities

For the first time in the history of Verizon’s Data Breach Investigations Report, exploiting software vulnerabilities has surpassed stolen credentials as the leading cause of breaches. Based on analysis of 31,000 incidents, it found organisations had only fixed 26 per cent of the CISA “known exploited” flaws. Verizon analysts noted a “considerable drop” from 38 per cent fixes the previous year. Security Boulevard’s headline neatly summed up the change: ‘slower vulnerability remediation meets faster exploitation’. Help Net Security expanded on this point. “The problem is that organisations aren’t patching known vulnerabilities quickly (and sometimes not thoroughly) enough,” wrote Zeljka Zorz.

Other key findings were: confirmed breaches nearly doubled compared to last year’s 12,195. Third-party supply chain breaches jumped 60 per cent, now representing 48 per cent of all incidents. Employee use of unapproved “shadow AI” tripled to 45 per cent of the workforce, which brings greater risk of data leakage. 

SecurityWeek’s coverage focused on threat actors’ increasing use of generative AI for targeting, initial access, and malware development. Tenable Research, a report contributor, warned that the median time to patch has grown by 11 days in a single year, leaving organisations exposed. Qualys, another research partner, described the situation as a treadmill picking up speed: defenders are running harder than ever, and still falling behind. Brian Honan applied an Irish lens to the findings, noting that security is a business issue, not a technology problem. The full report is available free at verizon.com/dbir.

Europol outlines internet organised crime trends

It’s been a busy few weeks for major security reports, with Europol releasing the latest edition of its annual Internet Organised Crime Threat Assessment (IOCTA). Titled ‘How encryption, proxies, and AI are expanding cybercrime’, the 2026 report covers trends across cybercrime enablers, online fraud schemes, cyber-attacks, and online child exploitation. Not surprisingly, the report identifies cryptocurrencies as facilitating criminal activity: privacy coins and offshore exchange services are helping to launder ransomware payments.

Despite ongoing crackdowns, dark web marketplaces and forums remain active, with criminals frequently shifting platforms to avoid detection. Encrypted messaging services and anonymised networks are increasingly connecting surface and dark web environments. According to the report, generative AI tools are enabling highly targeted phishing campaigns, with caller ID spoofing and SIM farms allowing attackers to send thousands of fraudulent messages simultaneously. Europol identified more than 120 active ransomware variants in 2025 alone. It also pointed to the growing trend of criminals threatening to leak stolen data rather than just encrypting it. The report is free to download here.

Data protection and privacy roundup: Fast fashion, PTSB punished, GDPR-niversary

The Data Protection Commission launched an inquiry into fast fashion retailer Shein Ireland’s transfers of personal data from EU users to China. The regulator will examine whether Shein has complied with its GDPR obligations in relation to those transfers. Separately, the Commission fined the bank Permanent TSB over a series of personal data breaches. The watchdog found that malicious actors were able to exploit inadequate security protocols at the bank’s contact centre to access and amend customer accounts, leaving account holders exposed to additional fraud risk. Meanwhile the Commission’s €530 million fine against TikTok is on hold after the Supreme Court issued a unanimous ruling dismissing a procedural appeal by the DPC. According to ComplianceHub, The ruling has precedent implications for Meta, Google, and other major tech firms headquartered in Ireland. 

Turning to the EU, the European Data Protection Board marked the 10th anniversary of the GDPR’s adoption, noting it was the first comprehensive data protection framework spanning an entire continent. The board has also launched a consultation on a harmonised DPIA template to promote greater consistency in data protection impact assessment practices across Europe. Separately, the EDPB opened a public consultation on draft guidelines on how GDPR applies to scientific research.

Links we liked

Microsoft is phasing out SMS MFA for personal accounts. MORE

AI-assisted hackers are waiting to strike, no skills required. MORE

Mat Honan’s thoughtful essay for MIT Technology Review on AI malaise. MORE

SANS’ free framework helps security pros build a mature AI adoption plan. MORE

The death has occurred of Ask Jeeves, beloved natural language search engine. MORE

Rustinel is an open source endpoint detection tool for Windows and Linux. MORE

A live index of security incidents disclosed in United States SEC filings. MORE

Gaps have emerged in Irish organisations’ readiness for NIS2. MORE

The HIPAA cybersecurity rule (23 this year) is getting an upgrade. MORE

Plan, run and evaluate cybersecurity exercises with this ENISA tool. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here