The Veriti Spottr Cybersecurity Brief

Case Study Third-Party Risk May 2026  ·  8 min read On July 16, 2025, attackers used a phone call to social engineer access to a third-party CRM system used by Allianz Life. They never touched Allianz's internal networks. They didn't need to. The vendor had the data. The vendor had the access. And the vendor was the open door. Allianz Life Insurance Company of North America has 1.4 million customers. On July 16, 2025, threat actors accessed the personal data of the majority of those customers — names, addresses, Social Security numbers, dates of birth, policy numbers, and financial information. Allianz's internal systems were never breached. Its policy administration platform remained secure throughout the entire incident. No attacker ever penetrated Allianz Life's own network infrastructure. They didn't need to. Allianz used a third-party cloud-based CRM system to manage customer relationships. Th...

Breaking News Voice Phishing May 2026  ·  8 min read In early May 2026, an employee at Cushman & Wakefield — a $10 billion global real estate firm with 52,000 staff — answered a phone call from someone who sounded like IT support. That call led to 500,000 Salesforce records stolen, 50 gigabytes dumped publicly, a class action lawsuit filed within a week, and two ransomware groups claiming the same company simultaneously. The attack didn't require a single line of malicious code. The 2026 Verizon DBIR documented it. The CISA GitHub leak illustrated it. The McDonald's chatbot confirmed it. Every post in this series has circled the same truth from a different angle: the most dangerous attack vector in 2026 is not a technical exploit — it's a human being who trusted something they shouldn't have. The Cushman & Wakefield breach is the clearest version of that story yet. No malware was deployed. No zer...

Case Study AI Security May 2026  ·  7 min read Security researchers spent 30 minutes reviewing McDonald's AI hiring chatbot. They typed "123456" into the admin login. It worked. They now had access to 64 million job applications — names, addresses, phone numbers, chat transcripts, personality test results. This wasn't a sophisticated attack. It was the most predictable failure in security. And it's happening in small businesses every day. Ian Carroll had been using McDonald's AI hiring chatbot — a system called McHire, built by Paradox.ai, featuring an AI recruiter named "Olivia" — when he noticed something odd about the platform's backend. He mentioned it to fellow researcher Sam Curry. Together they spent about 30 minutes looking around. At some point one of them tried the most obvious thing possible. They typed "123456" as the username and "123456" as the passwo...

Breaking Research Threat Intelligence May 2026  ·  8 min read The 2026 Verizon Data Breach Investigations Report dropped this week — the 19th edition, analyzing 22,000 confirmed breaches across 145 countries. For the first time in the report's history, unpatched software vulnerabilities have overtaken stolen credentials as the leading way attackers get in. Here's what that means for every small business. Every year in May, Verizon publishes the Data Breach Investigations Report — the most widely cited primary source in cybersecurity, built from real breach data contributed by law enforcement agencies, incident response firms, and security organizations worldwide. This year's 19th edition analyzed over 31,000 security incidents and more than 22,000 confirmed data breaches across 145 countries. It is the largest dataset in the report's history. The headline finding will surprise anyone who's been following...

Product Action Guide May 2026  ·  8 min read A single number that tells you where you stand. Not what your IT provider thinks. Not what you hope. What an objective, three-component assessment of your actual security posture says — based on what attackers can see from outside, what your policies look like from inside, and how your business profile affects your real-world risk. Every post in this series has described a piece of the cybersecurity problem — credential exposure, MFA bypass, attacker timelines, breach costs, human error, clean scan results. This post describes the tool that puts all of those pieces together into a single number and tells you exactly where to start fixing them. The Veriti Spottr CyberScore is a 0–100 score that reflects your organization's overall cybersecurity health. Not a guess. Not a checklist with boxes ticked. A weighted assessment drawn from three distinct data sources — each measu...