One of the World's Largest Real Estate Firms Was Breached by a Phone Call. No Malware. No Exploit. Just Someone Picking Up.
Breaking News Voice Phishing May 2026 · 8 min read In early May 2026, an employee at Cushman & Wakefield — a $10 billion global real estate firm with 52,000 staff — answered a phone call from someone who sounded like IT support. That call led to 500,000 Salesforce records stolen, 50 gigabytes dumped publicly, a class action lawsuit filed within a week, and two ransomware groups claiming the same company simultaneously. The attack didn't require a single line of malicious code. The 2026 Verizon DBIR documented it. The CISA GitHub leak illustrated it. The McDonald's chatbot confirmed it. Every post in this series has circled the same truth from a different angle: the most dangerous attack vector in 2026 is not a technical exploit — it's a human being who trusted something they shouldn't have. The Cushman & Wakefield breach is the clearest version of that story yet. No malware was deployed. No zer...