Briefings · Field intelligence

Field notes from the investigation desk.

Practitioner analysis on data brokers, credential leaks, executive exposure, and corporate footprint — written by the team that does the work. Quarterly summary by email: subscribe to the intelligence brief.

Search the archive
127briefings
4intelligence hubs
5formats
Format
★ Featured
Featured · ANALYSIS

Reading the Ransom Note: The 2026 Extortion Economy in the Actors’ Own Words

Read four current ransom notes alongside the ShinyHunters leak site to see how the extortion economy industrialised around named-individual exposure.

17 min read·Corporate Footprint·3 May 2026
Start where you fit

Editor's picks

top by depth · last 60 days
Series
How Investigations Run 3 parts Step-by-step walkthroughs of PI Solutions investigations, from intake to delivery.
Browse by intelligence hub

Executive Privacy

38 briefingsView hub →
ANALYSIS

Can You Audit Your Own Digital Footprint?

You can audit the visible part of your digital footprint yourself. Here is the method, and the four things a self-audit structurally cannot reach.

9 min·Executive Privacy·1 Jul 2026
ANALYSIS

What Protective Intelligence Is, and Why It Starts With Your Profile

Protective intelligence is the discipline of seeing yourself the way an adversary would. Why it starts with your profile rather than the threat, and what it maps.

8 min·Executive Privacy·30 Jun 2026
ANALYSIS

Is Executive Digital Protection Worth It?

Executive digital protection is worth it under specific conditions. When boutique protective intelligence beats standard precautions, and the gap it closes.

7 min·Executive Privacy·28 Jun 2026
ANALYSIS

How Doxxing Became a Physical-Security Threat

Doxxing began as a gaming-feud weapon and now reaches the front door. The real cases, the data-broker fuel behind them, and why exposure reduction is the defence.

9 min·Executive Privacy·27 Jun 2026
ANALYSIS

Cybersecurity Calls It Attack Surface. Criminologists Have Studied It for Fifty Years.

Cybersecurity’s attack surface and criminology’s exposure are the same model, discovered independently fifty years apart — and both point to reducing your footprint.

11 min·Executive Privacy·21 Jun 2026
ANALYSIS

Reputation Analysis vs Reputation Management: Why Diagnosis Comes First

Two services get sold as one. Diagnosing what people actually conclude about you comes before any attempt to change it.

8 min·Executive Privacy·21 Jun 2026
GUIDE

What Can Someone Find From Your Email Address?

An email address is the key a researcher starts from. What your email actually reveals about you, and how to see your own.

4 min·Executive Privacy·20 Jun 2026
ANALYSIS

What a Future Employer Is Allowed to Research About You: The Law, and What Actually Happens

By the time a senior offer is on the table, someone has run a search on you. Here is what an employer may lawfully research under the GDPR, and what actually happens.

8 min·Executive Privacy·16 Jun 2026
ANALYSIS

Why Social Engineers Target the Executive's Family

A protected principal is a locked front door. The behavioural data shows the family is the side door: less defended, more susceptible, and the path attackers take to reach the principal.

6 min·Executive Privacy·4 Jun 2026
GUIDE

How to Protect Your Digital Footprint: What You Can Do Now, and Where It Stops

Most guides on protecting your digital footprint stop at strong passwords and private accounts. The work that actually reduces your exposure is elsewhere — in metadata, identifiers, and device defaults.

10 min·Executive Privacy·4 Jun 2026
ANALYSIS

The Optimal Moment: How Your Digital Footprint Tells an Attacker When to Strike

Sophisticated social engineering attacks are not random. They are timed. The data that reveals when to strike is largely public — and most of it you have already published yourself.

9 min·Executive Privacy·4 Jun 2026
GUIDE

What Does the Internet Know About Me?

Your browser transmits a detailed fingerprint before you do anything on a page. This piece maps five standard data layers and dissects a real fingerprint to show how investigators chain device signals to a single identity.

8 min·Executive Privacy·2 Jun 2026
ANALYSIS

The Structural Doxing Problem: European Executives Face Harder Exposure Than Their US Peers

From Rotterdam to Glasgow, activist campaigns are targeting corporate offices across Europe through supply-chain research. In September 2025, that escalation reached executives' personal residences in the UK. Here is what the research chain looks like — and what you can do about it.

7 min·Executive Privacy·1 Jun 2026
ANALYSIS

When Privacy Becomes a Price Tag: The Three-Tier Problem in Europe’s Data Market Debate

A Bruegel working paper proposes regulated data markets as Europe’s fix for the consent impasse. On examination, the three-tier model makes full privacy available only to those who can pay for it.

11 min·Executive Privacy·27 May 2026
ANALYSIS

EU Facial Recognition: Loud Regulation, Quiet Enforcement

The EU has the strictest facial-recognition rules in any major jurisdiction. It also has Clearview AI, fined more than €110 million across five member states, paying nothing, still indexing EU residents’ faces. The gap between regulation and enforcement is the story.

11 min·Executive Privacy·4 May 2026
GUIDE

What Traces Do You Leave Online: The Silent Data Trail

Your visible online presence is only the surface. Below it sit contact graphs built by others, location broker pipelines, insurance registers, archive snapshots, and an AI assistant layer that logs and may train on everything you type.

16 min·Executive Privacy·4 May 2026
METHOD

How a Mirror Investigation Runs

What actually happens in 48 hours of a Mirror investigation: the four sequential stages a finding moves through before it appears in the report.

14 min·Executive Privacy·30 Apr 2026
GUIDE

Is Doxxing Illegal? How EU, UK and US Law Treat It in 2026

How doxxing is treated under Dutch, German, French, UK and US law in 2026: dedicated criminal statutes, GDPR overlay, federal-and-state patchwork, and what victims can do.

14 min·Executive Privacy·29 Apr 2026
ANALYSIS

Why Breaches Without Passwords Still Put You at Risk

When a breach notification says no credentials were exposed, the data that was exposed is often exactly what executive targeting is built from.

10 min·Executive Privacy·20 Apr 2026
ANALYSIS

Why CEO Fraud Starts With Data Brokers

BEC and whaling attacks rely on personal data gathered during the reconnaissance phase. Removing that data from brokers and breach databases disrupts the attack before it begins.

9 min·Executive Privacy·7 Apr 2026
ANALYSIS

How AI Search Engines Build Profiles About You

AI search engines build executive profiles by connecting data across brokers, breach databases, and public registries in real time.

8 min·Executive Privacy·7 Apr 2026
GUIDE

Deepfake Detection: A Practical Guide for Executives and Their Teams

How deepfake fraud works, why detection alone is failing, and the verification protocols that actually prevent losses.

10 min·Executive Privacy·3 Apr 2026
METHOD

OSINT Research vs Stalkerware: Where Investigation Ends and Surveillance Begins

The FOUR rubric used by law enforcement — Fixated, Obsessive, Unwanted, Repeated — applied to the line between legitimate OSINT research and stalkerware surveillance, from both the investigator's and target's perspective.

12 min·Executive Privacy·28 Mar 2026
ANALYSIS

How OSINT Tracks Smuggling Networks: The Intelligence Tradecraft Behind Europol’s New Centre

Europol launched ECAMS and named OSINT a core strategic capability. Here is how open-source intelligence actually tracks smuggling networks — from Telegram forwarding chains to satellite change detection.

9 min·Executive Privacy·24 Mar 2026
GUIDE

How Executives Get Doxxed — and What Europe Is Doing About It

From the CEO Database to the Netherlands' first doxxing arrest, executive targeting has become organised. Here is where the data comes from, what the law now says, and what you can do about it.

7 min·Executive Privacy·24 Mar 2026
GUIDE

What Is a Digital Footprint — and How Attackers Use Yours

Your digital footprint is the sum of all data that can be linked back to you online. Here is what it contains — and how attackers exploit each piece.

9 min·Executive Privacy·23 Mar 2026
METHOD

Username and Alias Correlation: Methodology, Tooling, and Likelihood Assessment

A username is not anonymous. It is a behavioural fingerprint dressed as a pseudonym. This is how analysts trace handles to real identities — and why the same process is used against private individuals.

18 min·Executive Privacy·14 Mar 2026
METHOD

The Mosaic Effect: How Harmless Data Combines Into a Complete Profile

Your employer is public. Your general location is public. Your gym, your commute pattern, your lunch spot — all public. None of it is sensitive on its own. But combine them, and something qualitatively different emerges.

8 min·Executive Privacy·9 Mar 2026
ANALYSIS

What Cryptocurrency Transactions Reveal About You — Without You Knowing

Bitcoin transactions do not contain your name — but pseudonymous is not anonymous. The moment a wallet address links to your identity, that link is permanent and retroactive. Covers KYC breach risk, blockchain tracing methodology, Monero's reputational problem, and the Bitfinex and Colonial Pipeline cases.

8 min·Executive Privacy·8 Mar 2026
ANALYSIS

If Dutch Ministers Could Not Stay Out of the Odido Dataset, You Probably Didn't Either

Four ministers. A senior intelligence officer. Three individuals under active government protection. The Odido breach did not distinguish between ordinary customers and people who thought they were managing their exposure. What each data field enables — and why the window for acting is narrowing.

6 min·Executive Privacy·8 Mar 2026
GUIDE

The Accounts You Forgot About Are the Ones That Expose You Most

Most people think about their current online presence. They overlook the usernames, photos, emails, and forum posts from a decade ago — and that is exactly what attackers are looking at.

8 min·Executive Privacy·6 Mar 2026
ANALYSIS

Your Digital Profile Already Exists. You Just Have Not Seen It.

Before anyone searches for you, your profile is already assembled. Three freely available layers — social media, data brokers, and breach data — combine into something far more complete than most people realise.

9 min·Executive Privacy·4 Mar 2026
ANALYSIS

When Does Investigation Become Surveillance?

Sherlock, GHunt, SpiderFoot, Recon-ng, Maltego — the same tools used in legitimate investigations are used in stalking and doxxing. A feature-by-feature ethics map of the most popular OSINT platforms.

22 min·Executive Privacy·2 Mar 2026
GUIDE

Punch the Monkey: OSINT and the Battle of Narratives

A baby spider monkey, three conflicting headlines — and a masterclass in how the same footage can be spun into entirely different stories. Here is how OSINT methodology cuts through viral fiction to find what is actually true.

5 min·Executive Privacy·27 Feb 2026
INTEL

What Investigators See When They Search You: A 2026 OSINT Breakdown

A step-by-step walkthrough of how OSINT analysts build a complete profile on any individual using only public sources in 2026 — and what you can do about it.

10 min·Executive Privacy·26 Feb 2026
INTEL

Why Using ChatGPT for OSINT Leaves a Trail

Using ChatGPT or Perplexity for OSINT research leaves an auditable trace that compromises operational security. Why automation with manual interpretation is the correct methodology.

12 min·Executive Privacy·26 Feb 2026
INTEL

How Criminals Bypass KYC Checks Using Your Leaked Data

KYC identity verification was designed to stop fraud. Here's how criminals use your leaked data to defeat it — and what that means for your exposure.

9 min·Executive Privacy·25 Feb 2026
INTEL

How to Verify Information in the Age of AI: A Zero-Trust Approach

Until verified, everything is both real and fake. Learn how to apply Zero-Trust principles to validate intelligence in an age of AI-generated deepfakes and synthetic content.

5 min·Executive Privacy·1 Feb 2026

Data Brokers

26 briefingsView hub →
ANALYSIS

Search Result Removal Is Not Data Removal

Search engines can hide a result without deleting the source behind it, which is why durable removal starts at the source, not the search box.

11 min·Data Brokers·14 Jul 2026
ANALYSIS

The Security Case for Cleaning Up Your Digital Footprint

Footprint cleanup is not privacy theatre. It improves security when it removes the data attackers use to profile, impersonate, recover accounts, and build credible pretexts.

12 min·Data Brokers·13 Jul 2026
ANALYSIS

Is Your Telecom Operator a Data Broker? Running the Framework on Utiq

Four European telecoms operators built Utiq, an advertising identifier generated from your network connection. Put beside a cookie and run through the data-broker framework, it raises a sharper question than the marketing suggests.

8 min·Data Brokers·6 Jul 2026
ANALYSIS

How to Identify a Data Broker in the EU (When They Don't Call Themselves One)

European data brokers rarely call themselves data brokers, and no EU registry lists them. An EDPB market study offers a reusable framework to identify one by what it does.

9 min·Data Brokers·6 Jul 2026
ANALYSIS

Inside the Data Clean Room: How Your Profile Is Rebuilt Without Being Stored

Data clean rooms merge data about you, build a profile sharp enough to target you, then decline to store it. Here is the mechanism, and where the privacy claim breaks.

12 min·Data Brokers·24 Jun 2026
ANALYSIS

What Two LexisNexis Breaches Reveal About Trusting Data Brokers

LexisNexis was breached twice in fourteen months. What that reveals about trusting data brokers with data you never gave them.

8 min·Data Brokers·18 Jun 2026
ANALYSIS

How Your Digital Footprint Becomes Prices, Scores and Decisions

A single fact about you is worth a fraction of a cent. Refined by brokers, resolvers and scoring vendors, it decides your credit, insurance, rent and the price you pay.

15 min·Data Brokers·14 Jun 2026
METHOD

How an Eraser Engagement Runs

A methodology walkthrough of the Eraser engagement — from the Mirror and Lockdown investigation foundation through active removal, verification, and the 90-day re-scrub.

14 min·Data Brokers·10 Jun 2026
ANALYSIS

Germany’s Data Economy: What the Auskunfteien, Address Traders, and Adtech Platforms Know About You

Germany ranks near the top of European privacy surveys and hosts one of the continent’s most sophisticated data trading ecosystems. This maps the credit bureaus, address traders, and adtech platforms that hold data about German residents — and the legal mechanisms that limit enforcement against each.

10 min·Data Brokers·DE·31 May 2026
GUIDE

Best Data Broker Removal Services in the US: What Actually Works (2026)

Six US data broker removal services tested against the August 2024 Consumer Reports field test — and why the free manual baseline outperformed every paid vendor in the cohort.

14 min·Data Brokers·US·22 May 2026
ANALYSIS

Why Data Brokers Make Opt-Outs Hard: The Economics of Friction

Broker opt-out URLs break for a structural reason: working opt-outs lower subscription revenue. The SEC-anchored math behind the friction.

11 min·Data Brokers·18 May 2026
GUIDE

How to Delete Your Personal Information from the Internet — The Practitioner’s Sequence

Removing your personal information from the internet is four problems, not one. Each layer has its own legal mechanic and its own DIY ceiling.

12 min·Data Brokers·8 May 2026
GUIDE

Data Brokers in the UK: Your Rights Under UK GDPR and the DUAA 2025

Who the UK's data brokers are, what the Data (Use and Access) Act 2025 changed, and why individual GDPR action now does what the ICO no longer can.

11 min·Data Brokers·UK·24 Apr 2026
GUIDE

Do Data Broker Removal Services Actually Work? A Practitioner’s Answer

A practitioner’s answer on how data broker removal works under GDPR and CCPA, and when a subscription service, DIY, or full OSINT investigation is the right fit.

12 min·Data Brokers·24 Apr 2026
GUIDE

Is Data Broker Removal Legal in Europe Under GDPR?

Data broker removal is legal across the EU under GDPR Articles 17 and 21 — but the "legitimate interest" argument brokers rely on usually does not survive a proper balancing test.

7 min·Data Brokers·EU·23 Apr 2026
GUIDE

Best Data Broker Removal Services in Europe: Country-by-Country (2026)

A verified, country-by-country comparison of data broker opt out services in France, Germany, Netherlands, Spain and the UK — using Consumer Reports 2024 results and direct pricing checks, not vendor marketing.

14 min·Data Brokers·EU·14 Apr 2026
GUIDE

Data Broker Removal in Europe: What a Professional Engagement Actually Looks Like

Automated removal services average a 48 per cent success rate. Here is what a professional, human-led data broker removal engagement in Europe involves — from discovery through deletion, suppression, and ongoing monitoring.

9 min·Data Brokers·EU·29 Mar 2026
GUIDE

GDPR Data Subject Access Request: Template and Complete Guide

A complete guide to GDPR Data Subject Access Requests — what the law says, what you are entitled to receive, enforcement case law, and a ready-to-use template.

12 min·Data Brokers·EU·22 Mar 2026
GUIDE

How to Disappear from the Internet

A practitioner’s guide to reducing your digital footprint. What you can remove yourself, what persists regardless, and where DIY efforts reach their structural limit.

10 min·Data Brokers·20 Mar 2026
GUIDE

Why Data Broker Opt-Outs Don't Stick: The Bounce-Back Problem Explained

A realistic framework for data broker removal: how broker tiers work, why deletions bounce back, and how to use GDPR/CCPA leverage effectively.

9 min·Data Brokers·12 Mar 2026
GUIDE

Data Brokers in the United States: No Federal Law, 25 Brokers, and How to Opt Out

The US has no comprehensive federal privacy law. Data brokers hold vast quantities of personal data on Americans with almost no legal obligation to stop. What the FCRA and state patchwork cover, 25 brokers with opt-out links, and why California's DELETE Act in 2026 changes everything.

11 min·Data Brokers·US·4 Mar 2026
GUIDE

Data Brokers in Europe: GDPR, UK Law, Germany, France — and the US Surveillance Risk Nobody Warned You About

GDPR gives Europeans powerful rights over their data. But data brokers exploit legitimate interest loopholes, US surveillance law undermines every EU-US transfer framework, and a third Schrems ruling may invalidate the current system again. A complete guide to EU privacy law, major fines, and how to use your rights.

12 min·Data Brokers·EU·3 Mar 2026
GUIDE

Data Brokers in Australia and New Zealand: What They Hold, What the Law Allows, and How to Get Out

Australia has had some of the world's largest data breaches. But most Australians don't realise data brokers legally hold and sell their personal data every day — with few legal obligations to stop. What the law says, who the 25 biggest brokers are, and how to opt out.

15 min·Data Brokers·AUS-NZ·3 Mar 2026
ANALYSIS

All Odido Data Is Now Online. Here Is What Happens Next.

When stolen data moves from 'for sale' to 'free for anyone', the real damage begins. Here is what typically happens next — illustrated with real Dutch and European cases.

7 min·Data Brokers·EU·3 Mar 2026
INTEL

The Right to Delete Your Data Exists. Data Brokers Are Ignoring It.

35 brokers hid their opt-out pages from Google. 43% ignored deletion requests entirely. California's new DROP tool changes everything. Here is the evidence — and how to fight back.

16 min·Data Brokers·EU·1 Mar 2026
GUIDE

15 Major Data Brokers: Direct Opt-Out Links (2026)

A practical guide to identifying data brokers holding your personal information and the most effective removal strategies available — including what they won't tell you.

8 min·Data Brokers·1 Feb 2026

Credential Leaks

14 briefingsView hub →
ANALYSIS

Why Cybercrime Isn't About You: Motivation, Opportunity, and How Victims Are Surfaced

In most cyber incidents no human selected the victim. Exposure did. Why motivation is not the bottleneck, and what that changes about defence.

11 min·Credential Leaks·19 Jun 2026
GUIDE

What to Do After a Data Breach: A Step-by-Step Playbook

A step-by-step playbook for the moment you learn you have been breached: secure your accounts, triage by data class, work the four-wave attack timeline, and use your EU rights.

12 min·Credential Leaks·10 Jun 2026
GUIDE

What Is Account Takeover: The Full Attack Anatomy

A practitioner-level anatomy of account takeover — the credential supply chain, MFA bypass mechanics, post-access exploitation, and a layered defence that maps to each attack class.

19 min·Credential Leaks·10 Jun 2026
ANALYSIS

From Gamble to Calculation: How Your Exposure Decides Who Gets Attacked

An intrusion told backwards from a single email address, and why a findable digital footprint turns a target from a gamble an attacker takes into a calculation they can run.

11 min·Credential Leaks·25 May 2026
ANALYSIS

How Modern Infostealers Work: Execution, Telemetry, and the 2026 Log Economy

How RedLine, Lumma, and Vidar execute on the host, what they harvest, what is visible on the wire, and how stolen credentials flow through 2026 log markets.

17 min·Credential Leaks·10 May 2026
METHOD

How a Lockdown Investigation Runs

The Lockdown is the credential-and-account-takeover tier of our investigation work. Five business days, fixed €995, the full Mirror foundation plus seven Lockdown-specific deliverables. This article walks the methodology stage by stage: discovery, cross-reference, verification, report.

14 min·Credential Leaks·6 May 2026
ANALYSIS

How Crypto Anonymity Breaks at the Endpoint

Crypto privacy was designed against chain analysis, not against the endpoint. The Fowler 2026 database showed why that gap is now the dominant threat.

13 min·Credential Leaks·3 May 2026
GUIDE

Dark Web Monitoring: What It Actually Does and When It’s Worth Paying For

What dark web monitoring actually catches, what it misses on stealer logs and live session cookies, and when bundled, standalone, or human-led options each make sense.

18 min·Credential Leaks·27 Apr 2026
INTEL

Stealer Logs: Inside The Credential Market HIBP Doesn't See

Stealer logs are the credential exposure vector most organisations cannot see — per-device snapshots containing passwords and live session cookies, sold in underground markets within hours of infection.

11 min·Credential Leaks·20 Apr 2026
GUIDE

If You Were in the Odido Breach — What to Do Now

The Odido dataset is public. If you were a customer — even a decade ago — your data is likely in it. This is what the exposure enables, and what closes it.

7 min·Credential Leaks·14 Mar 2026
INTEL

Odido: One Month After Disclosure, the Breach Is Still Expanding

One month after Odido disclosed the breach, every dimension has escalated. The full dataset is public. Ministers and protected persons are in it. Former customers who left a decade ago are in it. And the fraud is doubling.

8 min·Credential Leaks·13 Mar 2026
INTEL

The Odido Breach: 30 Days of Criminal Activity, Documented

The Odido breach was confirmed February 12. Within 19 days, the full dataset was published on criminal infrastructure. Within 20 days, active phishing campaigns were running. This is not a prediction — it is a documented sequence.

7 min·Credential Leaks·10 Mar 2026
ANALYSIS

Synthetic Identity Fraud Is Becoming an Identity-Bypass Chain

MFA was supposed to solve password theft. KYC was supposed to solve identity fraud. Both assumptions are now broken — defeated not by nation-states but by criminal groups using free software, breach data as raw material, and OSINT to source every component.

12 min·Credential Leaks·6 Mar 2026
INTEL

Odido Breach: How ShinyHunters Stole 6.2M Records

ShinyHunters is publishing stolen Odido customer data daily — names, IBANs, ID numbers, sensitive account notes. The attack used a phone call, not a zero-day. Here is exactly how it unfolded.

7 min·Credential Leaks·27 Feb 2026

Corporate Footprint

49 briefingsView hub →
ANALYSIS

Dutch NIS2 Compliance: The Exposure Gap Boards Still Need to Map

From 15 August 2026 the Dutch Cyberbeveiligingswet makes boards accountable for cyber-risk management, and a controls checklist alone cannot show the exposure that makes those controls bypassable.

9 min·Corporate Footprint·9 Jul 2026
ANALYSIS

Do Phishing Simulations Work? Only If the Threat Model Does

Generic security-awareness training barely moved failure rates in the large studies; the realism of the lure moved them far more. That makes a simulation only as good as the attack surface behind it.

7 min·Corporate Footprint·8 Jul 2026
ANALYSIS

The Consultant as an Exposure Surface

A consultant expands your attack surface before they get a login. What an attacker can infer, and weaponise, from a visibly trusted third-party relationship.

8 min·Corporate Footprint·5 Jul 2026
ANALYSIS

Business Email Compromise Defence: How to Break the Attack Chain Before the Payment Request

CEO fraud rarely begins in the inbox. By the time the payment-change email arrives, the attacker has already mapped the people, timing, and relationships behind it.

9 min·Corporate Footprint·5 Jul 2026
ANALYSIS

Attack Surface Management vs Exposure Management: What's the Difference?

ASM and exposure management are not rivals, and even the vendors define the words inconsistently. The one definition that holds, and the human layer no scanner reaches.

9 min·Corporate Footprint·28 Jun 2026
ANALYSIS

Do Exposure Audits Actually Work?

Security exposure audits reduce risk only under three conditions. What they are, when an audit is theatre, and where they fit within exposure management.

8 min·Corporate Footprint·27 Jun 2026
ANALYSIS

The Evidence Standard Problem in OSINT: When Findings Are Intelligence, Not Evidence

Most open-source findings are intelligence, not evidence. What separates the two, and why the difference matters even when a case never reaches court.

7 min·Corporate Footprint·22 Jun 2026
ANALYSIS

What Stealer-Log Monitoring Actually Prevents — and What It Misses

Stealer-log monitoring catches the crowd reusing commodity credentials, not the operator who bought your specific access while the log was still private.

9 min·Corporate Footprint·18 Jun 2026
ANALYSIS

The Data Broker in Your Sales Stack: What AI Sales Tools Do With the Data You Feed Them

Some AI sales and enrichment tools take a licence to absorb the contacts you upload into a dataset they resell, your competitors included. Here is the exposure under the GDPR and NIS2, and how to check before you connect your CRM.

12 min·Corporate Footprint·17 Jun 2026
INTEL

Scattered Spider: A Social-Engineering Threat Profile

Scattered Spider (UNC3944) breaks into Fortune 500 networks with a ten-minute call to the help desk. A profile of its method, its ransomware partners, the arrests, and the defence.

13 min·Corporate Footprint·5 Jun 2026
ANALYSIS

What "The Com" Actually Is: One Word, Thousands of People, Three Kinds of Crime

In 2019 ‘The Community’ named nine indicted SIM-swappers. By 2025 ‘The Com’ meant thousands. We trace the drift and isolate the one layer that belongs on a corporate risk register.

14 min·Corporate Footprint·5 Jun 2026
ANALYSIS

Why People Fall for Phishing

A 21-day field experiment sent simulated phishing to 158 people. 43% clicked, older users never improved, and the lures that worked show the limits of training.

6 min·Corporate Footprint·4 Jun 2026
ANALYSIS

The Six Phases of a Social Engineering Attack

Social engineering runs in six phases, but the dominant security frameworks map only the technical ones. The Arup $25M deepfake fraud shows where defences actually need to sit.

9 min·Corporate Footprint·4 Jun 2026
ANALYSIS

Threat Surface vs Attack Surface: The Half That ASM Tools Miss

Attack surface is what you own; threat surface is that exposure plus the adversary capability pointed at it. ASM tools measure the first half well and the second half not at all.

6 min·Corporate Footprint·4 Jun 2026
INTEL

DragonForce Ransomware: Threat Actor Profile

DragonForce ransomware cartel: public RaaS registration, the RansomHub infrastructure episode, Suppliers marketplace, SINBON and Co-op UK breaches.

15 min·Corporate Footprint·4 Jun 2026
ANALYSIS

One GitLab Instance, 800 Clients: The Credential Risk Hidden in Your Consulting Relationships

One breach of a consulting firm's self-managed GitLab instance exposed client engagement data across hundreds of organisations. The Nissan downstream disclosure three months later confirms the pattern.

9 min·Corporate Footprint·3 Jun 2026
ANALYSIS

Why Family Office Succession Creates a Recurring Cybersecurity Window

Professional management cycles create a recurring cybersecurity window in family offices — resetting every seven years and compounding across CEO, CFO, and COO roles.

10 min·Corporate Footprint·3 Jun 2026
INTEL

The Gentlemen Ransomware: Threat Actor Profile

The #2 ransomware group globally in Q1 2026, built from a Qilin affiliate dispute. A 14,700-device FortiGate access inventory, a self-propagating encryptor with no bulk-decrypt path, and a supply-chain pivot from an Atlassian partner into a $12B manufacturer.

17 min·Corporate Footprint·31 May 2026
ANALYSIS

When Someone Else's Security Becomes Your Breach: Third-Party Risk and Supply Chain Attacks Are Not the Same Problem

Third-party risk and supply chain risk describe opposite threat models — understanding the direction of trust changes what an organisation investigates and what it finds.

9 min·Corporate Footprint·27 May 2026
ANALYSIS

The Silent Market: How Stolen Corporate Data Is Quietly Bought and Sold

The loud ransomware economy is the part you can measure. A priced, brokered market for stolen corporate access and data runs in silence beside it, and this is how we map it.

18 min·Corporate Footprint·26 May 2026
ANALYSIS

The Attack Surface You Don't Own: How Personal Devices and Lives Extend Corporate Risk

Attack surface management maps what a company owns and can see. A growing share of corporate access lives on personal devices and accounts it owns neither, and the gap widens with seniority.

11 min·Corporate Footprint·25 May 2026
INTEL

CoinbaseCartel: A Data-Theft Extortion Profile

A profile of CoinbaseCartel, the data-theft extortion group that breaks into companies using years-old infostealer credentials instead of encryption.

16 min·Corporate Footprint·24 May 2026
INTEL

Qilin Ransomware: The Most Active Threat Group of 2025-2026

Qilin posts more new victims to its leak site than any other ransomware operation in 2026. Who they are, how they work, the September 2025 cartel with LockBit and DragonForce, and why disruption has not slowed them.

27 min·Corporate Footprint·21 May 2026
ANALYSIS

Ransomware Negotiation: Four Response Modes Law Firms Have Actually Used

What the HWLE court record and four leaked transcripts reveal about how ransomware operators negotiate with law firms, and the four ways firms have actually responded when a ransom demand lands.

16 min·Corporate Footprint·20 May 2026
ANALYSIS

Reporting Cybersecurity to Your Board: What NIS2 Requires, What Most Packs Miss

Most cybersecurity board packs were built for the audit committee, not the directive. A look at what NIS2 Article 20 actually asks the board to evidence, how the SEC and UK CSR Bill compare, and what a defensible six-section quarterly pack looks like in practice.

15 min·Corporate Footprint·18 May 2026
ANALYSIS

Cybersecurity for Executives: Four Threat Models Most Buyers Don't Distinguish

Most executive cybersecurity products address one of four threat models. The other three are where the Arup, MGM, Coinbase and M&S losses landed.

17 min·Corporate Footprint·15 May 2026
ANALYSIS

RIA cybersecurity in 2026: where training-first programs miss the actual attack surface

Six RIAs breached by ShinyHunters in 90 days exposed a structural gap: firms train for phishing but leave principal data wide open to the attacks attackers actually used.

17 min·Corporate Footprint·13 May 2026
ANALYSIS

Law Firm Data Breaches: What They Expose About the Client Side

When outside counsel is breached, the data exposed is the client’s. Six verified incidents, a 27-day ransomware leak-site cohort of 19 firms, and the questions principals can ask their counsel.

17 min·Corporate Footprint·12 May 2026
ANALYSIS

Identity Attack Surface: What Infrastructure ASM Vendors Don’t See

Infrastructure ASM, CAASM, and exposure-assessment platforms map machines. They do not map the people-shaped surface that the most expensive intrusions of 2023–2025 actually turned on.

14 min·Corporate Footprint·9 May 2026
ANALYSIS

Why Ransom Notes Read Like Demand Letters

Ransom-extortion text borrows the recognisable forms of demand letters, litigation pleadings, and PR holding statements. The form is a legitimation tool the corporate audit needs to read.

11 min·Corporate Footprint·9 May 2026
ANALYSIS

Reading the Ransom Note: The 2026 Extortion Economy in the Actors’ Own Words

Read four current ransom notes alongside the ShinyHunters leak site to see how the extortion economy industrialised around named-individual exposure.

17 min·Corporate Footprint·3 May 2026
ANALYSIS

Family Office Cybersecurity: The Principal’s Exposure Surface

Deloitte’s 2024 family office report shows phishing at 93% prevalence. The IT layer cannot reach the surface that makes those attacks plausible.

12 min·Corporate Footprint·1 May 2026
ANALYSIS

Right of Access as Reconnaissance: The Article 15 Verification Gap

GDPR Article 15 was designed to protect data subjects. It also creates a pre-authenticated data exfiltration channel at understaffed controllers — and NIS2 will close the gap.

15 min·Corporate Footprint·25 Apr 2026
INTEL

Why Executive Digital Exposure Is a NIS2 Compliance Risk

Article 21 of the NIS2 directive names supply-chain and human-factor risk. Executive digital exposure fits both — and sits in the half of compliance that most programmes under-audit.

7 min·Corporate Footprint·24 Apr 2026
ANALYSIS

How to Verify AI Voice Scam Claims

Abnormal's ATHR vishing disclosure is sole-sourced, IOC-free, and invisible on the underground after a full verification window. A framework for reading AI threat marketing.

9 min·Corporate Footprint·17 Apr 2026
ANALYSIS

NIS2 Personal Liability: What the Directive Actually Says About Board Members

The NIS2 Directive requires management bodies to approve, oversee, and bear liability for cybersecurity risk management. Twenty-two EU member states have transposed it into law. The directive sets the standard of care; national company law supplies the personal claim — and the gap most boards leave open is their own digital exposure.

13 min·Corporate Footprint·17 Apr 2026
ANALYSIS

Basic-Fit, Booking.com, and the SEPA Direct Debit Fraud Kit

Two major EU breaches disclosed on the same Sunday, two different attack patterns, one downstream consequence: targeted fraud built on real data. How SEPA Direct Debit fraud actually works after an IBAN leak, and what closes the window.

9 min·Corporate Footprint·13 Apr 2026
ANALYSIS

Canada Goose: Two Extortion Claims and the Vendors Nobody Named

ShinyHunters published 581,877 Canada Goose customer records in February 2026. Twenty-four days later, Coinbasecartel listed the same brand claiming supply chain data — on the same day as Lacoste.

9 min·Corporate Footprint·13 Apr 2026
ANALYSIS

How a Security Scanner Breached the European Commission

CERT-EU confirmed the European Commission was breached through a poisoned Trivy vulnerability scanner. The supply chain attack exposed DKIM signing keys, military financing data, and 52,000 email files — at the institution drafting Europe's cybersecurity laws.

10 min·Corporate Footprint·7 Apr 2026
GUIDE

Corporate Breach Response Checklist: The First 72 Hours

A structured 72-hour breach response checklist covering GDPR and US state notification laws, with phase-by-phase guidance for DPOs, CISOs, and board members.

10 min·Corporate Footprint·1 Apr 2026
ANALYSIS

RaaS Inc.: The Business Plan Nobody Asked For

Eighty-five ransomware groups competed for an $820 million market in 2025. Forty-seven of them claimed fewer than ten victims. The unit economics explain why.

12 min·Corporate Footprint·24 Mar 2026
INTEL

Corporate Credential Leak Assessment: What to Check After Credentials Surface

Google shut down its Dark Web Report because alerts without context are noise. Here is what stealer logs actually contain, why free scans miss most of it, and what a professional assessment covers.

6 min·Corporate Footprint·24 Mar 2026
ANALYSIS

The EDPB Work Programme 2026–2027 and the Digital Omnibus: Is GDPR Quietly Shifting?

The EDPB is building compliance tools for a GDPR framework the European Commission may be in the process of dismantling. Here is what both documents change — and where they contradict.

12 min·Corporate Footprint·23 Mar 2026
METHOD

How a 10-Minute Phone Call Took Down a $34 Billion Company

How Scattered Spider used LinkedIn, breach databases, and a 10-minute helpdesk call to compromise MGM Resorts and Marks & Spencer. Both attacks dissected stage by stage.

11 min·Corporate Footprint·21 Mar 2026
METHOD

LinkedIn OSINT: What Your Staff Profiles Reveal to Attackers

LinkedIn profiles reveal far more than most understand—timing patterns, role signals, public networks, business-context posts, and document metadata all become intelligence for phishing and vishing. This is what attackers actually see.

6 min·Corporate Footprint·12 Mar 2026
METHOD

How the FBI Traced $3.6B in Bitcoin — Tool by Tool

The Bitfinex hack moved $3.6 billion through 2,000 addresses across six years. This is a step-by-step reconstruction of how investigators followed the trail — using Blockchair, 3xpl, and WalletExplorer, the same open-source tools anyone can access today.

10 min·Corporate Footprint·8 Mar 2026
ANALYSIS

What ShinyHunters Learns Before They Target Your Company

ShinyHunters called Wynn Resorts. Before that call was placed, they already knew who managed IT access, which SSO platform the company used, and which employees had credentials in breach databases. The call was the end of the intelligence phase, not the beginning.

8 min·Corporate Footprint·6 Mar 2026
ANALYSIS

After LockBit: The Ransomware Market Never Shrinks

Every major takedown — LockBit, ALPHV, RansomHub — was followed by a larger, more capable successor. 680 victims across 54 groups in February 2026 alone. A market analysis of who fills every vacuum, and what comes next.

10 min·Corporate Footprint·6 Mar 2026
INTEL

ShinyHunters: Inside the Threat Group

From Tokopedia to Charter Communications, ShinyHunters has stolen data from hundreds of millions of people. Updated June 2026: Carnival (5.99M confirmed), Charter (42M claimed), BCD Travel, DentaQuest, Baker — and the FBI PSA on LMS targeting.

26 min·Corporate Footprint·1 Mar 2026
No briefings match that search or filter.
Reset filters