Everything Old Is New Again
7–13–2026 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, July 13, 2026, and the theme for the week is, apparently, that everything old is new again. The US and Iran have given up their ceasefire, the Strait of Hormuz is closed, unclear who is going to collect tolls (but pretty clear they’ll be collected), and attackers are taking all sorts of new angles on old schemes to compromise their victims. Let’s dig in.
Everything Old Is New Again
Lots of little news items last week that, taken as a whole, serve to give us a reminder that we need to stay brilliant at the basics. First, a piece from Bill Toulas at Bleeping Computer about a new twist on Microsoft 365 phishing that targets passkeys.
If you haven’t been deploying them, passkeys are a newer, more robust authentication method that you’re probably familiar with in the guise of Windows Hello, FaceID, or other local / linked biometric authenticators.
The article details how attackers are “taking advantage of a new capability Microsoft opened to administrators in May, allowing them to run “passkey registration campaigns” to entice users to enroll passkeys for more secure authentication.
The campaign has been running since April and involves calling targeted users and trying to convince them to register a new passkey under the attacker's control.”
This process looks like a legitimate enrollment process, and - what’s likely far worse - once compromised, users are likely unaware that they’re giving up access, since the attacker can simply use their passkey to log in without prompting for the second factor that might be a giveaway to an end user that something’s not quite right.
In other “close copy” news, the Guardian had a piece about how attackers are using legitimate looking copies of news sites - including their own - to manipulate users to make fraudulent investments on fraudulent websitesthe Guardian had a piece about how attackers are using legitimate looking copies of news sites - including their own - to manipulate users to make fraudulent investments on fraudulent websites, a double look-alike.
In a similar vein, the Wall Street Journal ran a piece that hacking groups are looking at rebranding themselves to “in a bid to throw off cybersecurity and law enforcement efforts by re-emerging with new identities—and often more menacing names.”
Meanwhile, the number of ransomware and data-extortion attacks jumping from 1,363 in the first three months of year to 1,885 in the first quarter of 2026, the report said, citing cybersecurity firm ZeroFox.
Our friends at CISA published a good post-mortem on their own recent credential leak, including some good ways to identify and prevent these issues in your own deployments - almost all of which are basic hygiene and operational concerns that you should be implementing every time, everywhere.
Finally, Microsoft put out a blog post outlining how they’re planning to adapt “Windows vulnerability management to meet the speed of AI-powered discovery.” They outline a bit of those technical details, which are worth reading if you spend a lot of time in the Microsoft world, but they also specifically said “the increased use of AI for vulnerability discovery means customers are likely to see more security updates to address newly discovered vulnerabilities in each monthly Patch Tuesday release.”
So, as we close by bookending the two Microsoft items, and like all of the things we’ve covered today, everything old is new again.
Fundraising
From a fundraising perspective, very strong week, with $21.7B in newly committed capital, led by Arctos, a unit of KKR, raised $6.2b for a new GP solutions fund.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com.
We’ll see you next week for another edition of the Intentional Brief.
Links
https://www.wsj.com/pro/cybersecurity/hackers-rebrand-to-thwart-cyber-defenses-50ff537d
https://www.cisa.gov/news-events/news/lessons-cisas-cyber-incident