21 May Security Report – 22 May 2026
Ransomware and other cyber threats have become an ongoing and unavoidable risk for modern organisations, making both effective recovery and timely incident reporting essential components of cybersecurity management. Once a breach is identified, strict regulatory reporting timelines begin immediately, leaving little room for delay or uncertainty. This highlights the importance of being prepared in advance, as organisations cannot rely on ad hoc responses during an incident. Instead, they must establish clear and structured incident response processes, ensuring that roles and responsibilities are well defined and that reporting obligations are understood across the business.
In addition, maintaining accurate and comprehensive documentation is critical, not only during an incident but also in the period leading up to it. This includes recording actions taken, decisions made, and the overall approach to managing risks and systems. Such documentation supports compliance requirements and ensures organisations can demonstrate their response if reviewed by regulatory authorities. By adopting a proactive, organised, and well-documented approach to incident response and reporting, businesses can improve their ability to respond quickly, minimise potential damage, and strengthen their overall resilience to cybersecurity threats.
Recent Breaches
United States – Microsoft – Technology
Exploit: Phishing
Risk to Business: Moderate: Microsoft disclosed details of a large-scale credential theft campaign that targeted more than 35,000 users across 13,000 organisations in 26 countries. The campaign used code-of-conduct-themed phishing lures, combined with legitimate email services, to redirect users to attacker-controlled domains and steal authentication tokens. The phishing emails featured polished, enterprise-style HTML templates with structured layouts and authenticity statements, making them appear more credible and convincing than typical phishing attempts. Most of the phishing emails targeted organisations in the health care and life sciences, financial services, professional services and technology sectors. The disclosure comes just a month after Microsoft revealed another large-scale phishing campaign using device code authentication flows to compromise organisations worldwide.
United States – Opexus – Government & Public Sector
Exploit: Malicious Insider
Risk to Business: Moderate: A software company that handles sensitive data for nearly every U.S. federal agency was reportedly the victim of an insider threat earlier this year. Opexus, a software services provider used for processing U.S. government records, disclosed that two employees improperly accessed sensitive documents and compromised or deleted dozens of databases, including systems containing data from the Internal Revenue Service and the General Services Administration. The incident is now under investigation by the FBI and other federal law enforcement agencies. According to reports, the two individuals, identified as twin brothers Muneeb and Suhaib Akhter, allegedly destroyed more than 30 databases and removed over 1,800 files tied to a government project. The incident also reportedly caused outages in key government software systems and, in some cases, permanent data loss.
Talk to a TCT team member today about implementing Cyber Security strategy plan for your business.
Robert Brown
22/5/2026
Related Articles:
5-Minute Browser Extension Security Check
LinkedIn Recruitment Scams