Identity is the perimeter now — a founder's take on the breach wave

A hand holding a brass padlock, illustrating identity and access security. Photo by Nathan Thomas on Pexels

CYBERSECURITY · 1 Jun 2026 —

Two things happened this week that I want to put side by side. The extortion crew ShinyHunters talked its way into a company through a phone call and walked out with millions of customer records, which our Cyber Team reported in detail. Around the same time, attackers were exploiting a flaw in Palo Alto's firewall software to slip past the edge of corporate networks, a bug serious enough that the US cyber agency set a hard patch deadline. Different methods. Same lesson.

Two attacks, one shift

Neither of these needed a zero-day or a genius exploit. One was a confidence trick over the phone that ended in someone approving a login. The other was a flaw on the box that is supposed to keep attackers out. What they share is the target: the thing that decides who is allowed in. We spent years treating the network edge as the wall to defend. The attackers have moved on. They go after identity now — the sign-on, the help desk, the firewall that grants access — because that is where the keys are kept.

Why small outfits feel it hardest

A large enterprise can afford a security team that watches for exactly this. A ten-person company cannot. It runs on a handful of cloud accounts, an outsourced help desk, and the quiet assumption that a logged-in user is a safe one. That assumption is the whole attack. The vishing call that fooled a big telco works just as well on a small firm in Singapore, and the small firm has fewer people watching the logs. The tools that defend against this are not exotic, but someone has to turn them on, and at a small business that someone is usually also doing payroll.

What I tell people to actually do

The defences are unglamorous and they work. Use phishing-resistant multi-factor authentication — passkeys or hardware keys — because the one-time codes sent by text are exactly what a real-time phishing page is built to steal. Give your help desk a verification step that a smooth caller cannot talk around. Treat a bulk export from your customer database as a privileged action that raises an alert, not a routine click. And patch the device at your edge the day a fix lands, because a firewall with a known hole is worse than no firewall, since you trust it. None of this is new. The week is a reminder that the basics are precisely where these crews expect us to be weakest.

Note: This is a defensive commentary for awareness, not a how-to. No exploit detail is reproduced here.

Tags: #Cybersecurity #Singapore #Social-Engineering #Data-breach #Identity-Security

Jeffrey Tan

Founder & Architect, RECATOOLS · Singapore

Jeffrey Tan is the Founder & Architect of RECATOOLS, a Singapore-based technology initiative focused on free tools, AI-curated news, cybersecurity intelligence, and ASEAN-ready digital utilities.

View author profile → · Editorial policy

Two attacks, one shift

Why small outfits feel it hardest

What I tell people to actually do

Related articles

No Zero-Day Required: ShinyHunters' Salesforce Vishing Spree Snares Charter and Carnival in One Week

CISA orders agencies to patch an actively exploited Palo Alto firewall flaw by 1 June

Nova Ransomware Claims Indonesia's National Food Agency in Latest Government Sector Hit