Issue 3 | June 2026
This month: A Chinese cyber threat group revs up its attacks on a global scale, AI defense takes a “fight fire with fire” approach, and discover what our team learned at the Trust Without Borders Summit 2026.
Plus: Is someone secretly hiding in your inbox? Learn how unknown attackers spent months quietly draining a stock exchange executive’s entire mailbox without triggering a single alert, and how your organization can protect high-value communications.
Recent News: The Latest from the Digital Trust Landscape
Company pays criminals after sensitive data was hacked – A ransomware group breached Canvas, the learning platform used by millions of students worldwide, stealing terabytes of sensitive data and holding institutions hostage during final exams. The company ultimately paid the attackers to delete it, a decision that runs counter to law enforcement advice. Full story
China’s TA4922 expands cyber threat reach – A Chinese threat group that began targeting Japanese organizations with phishing campaigns has expanded its reach to Europe, Southeast Asia, and beyond, deploying an unusually broad and unpredictable mix of tactics that makes it one of the most distinctive and adaptable threat actors currently active. Full story
Fighting fire with fire: How AI protects critical infrastructure from AI attacks – Nation-state attackers are increasingly targeting hospitals, power grids, and utilities with AI-assisted tools. The World Economic Forum argues that only AI-driven network defense can match the speed and scale of emerging AI threats. Full story
Is your Board ready for cyber risk? – Despite years of high-profile breaches, most corporate boards still treat cybersecurity as a technical issue rather than a strategic one, and a persistent inability to quantify ROI means cyber investments remain underfunded and under-prioritized at the leadership level. Full story
SSL Now Offers Matter IoT Standard Certificates — SSL.com now offers Matter standard certificates for IoT devices. Learn how our PKI expertise helps manufacturers secure smart home products across ecosystems. Full story
Implementation Spotlight: Practical Solutions for Real-World Challenges
Five Months Inside a Stock Exchange Executive’s Inbox
A senior executive at a major global stock exchange had their Outlook mailbox systematically stolen over five months by unknown attackers, who exfiltrated the contents in small, incremental batches through Dropbox and OneDrive Personal to keep the traffic indistinguishable from legitimate activity. The operation was not a smash-and-grab. It was a slow, methodical intelligence harvest, the kind designed to build a near-complete picture of an organization’s internal deliberations, deal activity, and market-sensitive decisions without ever triggering an alert.
For an espionage actor, a senior executive’s mailbox is a high-value intelligence target. An Outlook profile may yield details of external negotiations, internal deliberations, the executive’s calendar, travel patterns, and their contacts. Organizations such as exchanges and regulators may hold non-public information about listings, enforcement actions, and market-moving events.
The business impact: The attackers maintained a dwell time of five months, a significant period for an attacker to maintain persistent access without anybody knowing. Over that window, the stolen data likely included deal discussions, regulatory correspondence, and personnel communications that no organization would want in an adversary’s hands. The financial and legal exposure from such a loss of intelligence is difficult to quantify, but for an institution whose value depends on the integrity of non-public information, the damage goes well beyond any single leaked document. The reputational consequences of a breach at this level, had it become public, could have been severe.
What would have prevented it: The attackers used a variety of publicly available tools and cloud infrastructure, leaving few clues about their identities and keeping their traffic indistinguishable from legitimate activity. The entry point and persistence mechanisms, however, depended on compromised credentials and unchallenged endpoint access. SSL’s S/MIME certificates verify the originator of the signed email and encrypt the email so that only the recipient can view it. In cases such as this, its layer of cryptographic identity verification and confidentiality to executive email communications helps ensure that sensitive correspondence can only be read by its intended recipients. For organizations operating at this level of sensitivity, S/MIME provides a layer of security in which the attacker can’t extract the emails without the user’s private key. This defense makes silently harvesting an executive’s inbox a substantially harder proposition.
The broader lesson: The attackers’ focus throughout was on a single objective: long-term, incremental theft of the contents of a single Outlook mailbox, broken into archives small enough not to draw attention from security software. The sophistication here was not technical. It was patience. Attackers increasingly understand that slow, quiet, and targeted operations against high-value individuals are more rewarding and harder to detect than broad intrusions. Organizations in financial services, infrastructure, and regulated industries need to treat executive communications as a critical asset class, one that deserves the same protection as the systems and data those executives oversee.
Source: https://www.security.com/threat-intelligence/stock-exchange-espionage
Past and Upcoming Events: Conferences, Standards Meetings, and more
Our key takeaway: Shift from detection to prevention
SSL attended the Online Trust & Safety (OTS) Forum 2026: Content Authenticity Summit, held in Singapore. Content creators, manufacturers, and other C2PA adopters have moved past asking what the standard is about and are progressing into the next phase.
Policymakers, platforms, media organizations, and implementers attended from around the world, focusing on the detection and prevention of online harms while building long-term resilience and practical approaches to content authenticity.
Read the full article about what else our team learned and why C2PA is more important than ever in the AI era.
The CSC Trust Without Borders Summit 2026: What the Summit built
Our team’s key learnings from the CSC Trust Without Borders Summit in Bogotá include:
- Trust is not a tech problem
- A shift from signing to verifying
- Compliance is not enough
Discover additional key learnings and the latest insights focusing on digital trust across regions, jurisdictions, and regulatory frameworks. How do these vital findings impact the future of global interoperability? Read here.
Upcoming:
Wednesday, July 22, 2026 – Upcoming webinar, “Beyond the spec: Building real trust into C2PA,” hosted by Dominique Guinard, SSL Director of Product – Content Authenticity and IoT, and Tony Rodriguez, Digimarc Chief Technology Officer. This webinar explores what production-grade trust requires and how reaching those standards will meaningfully impact the protection of your organization’s digital assets.
We’ll focus on how to make Content Credentials more trustworthy, durable, and interoperable in practice, drawing on SSL.com’s trust-anchor work (certificate roots, trusted timestamps, durable provenance chains) and the practitioner perspectives of teams shipping on C2PA today.
Register here
Quick Links: Guides, Articles, and Industry Resources
- eSigner Payment Policy Update — eSigner is introducing a new payment policy to help you maintain uninterrupted access to signing. Learn how to keep your credentials secure and active.
- SSL Certificate Changes: What You Need to Know — SSL/TLS certificate validity is now 200 days. Learn what changed, what it means for your annual plan, and what to expect from SSL’s reissuance process.
- Troubleshooting Validation Delays for SSL Certificate Orders — This guide combines all major validation workflows, troubleshooting steps, and best practices into one comprehensive reference to help you understand the validation process, how to speed up issuance, and more.
- CA/Browser Forum Ballot SC099: Improve Recording of Validation Method — The full ballot improves validation recording by replacing ambiguous BR requirements with specific audit log requirements. It requires CAs to log exact validation methods used, with compliance effective July 15, 2026.
Have questions about any of these topics or want to discuss your digital trust solutions with our experts? Reach out to us below: