Retail & Hospitality ISAC
@rhisac.org
📤 101
đź“Ą 66
đź“ť 507
A retail and hospitality-focused cyber intelligence community
https://rhisac.org/
Agentic AI will continue to grow across retail environments, driven by competitive pressure and the need for operational scale. The challenge is to ensure that innovation is matched by appropriate governance, according to insights from Cequence Security:
rhisac.org/risk-managem...
loading . . .
The Missing Security Layer in Agentic AI in Retail - RH-ISAC
Retail organizations are moving quickly to operationalize agentic AI to streamline customer service, create self-serve customer workflows, enable shopping
https://rhisac.org/risk-management/the-missing-security-layer-in-agentic-ai-in-retail/
about 1 hour ago
0
1
0
Infrastructure provider Vercel disclosed a significant security incident, stemming from a compromise of the third-party AI tool Context[.]ai. ShinyHunters has claimed responsibility for the breach.
rhisac.org/threat-intel...
#cybersecurity
#ShinyHunters
loading . . .
Vercel Discloses Unauthorized Access to Internal Systems; ShinyHunters Claims Responsibility - RH-ISAC
Infrastructure provider Vercel disclosed a significant security incident, stemming from a compromise of the third-party AI tool Contextai. A highly
https://rhisac.org/threat-intelligence/vercel-discloses-unauthorized-access-to-internal-systems-shinyhunters-claims-responsibility/
about 17 hours ago
0
1
0
Today’s most disruptive and violent threat actors don’t just exploit systems, they exploit people, culture, and online communities. In this keynote, Unit 221B explores how youth-driven, cybercrime networks organize, recruit, and scale attacks. Read more:
summit2026.rhisac.or...
11 days ago
0
0
0
Modern fraud operations have drastically changed. Kasada offers insights into what this means for retail and hospitality:
rhisac.org/special-inte...
loading . . .
https://rhisac.org/special-interest-resilience/where-retail-and-hospitality-fraud-is-actually-happening-now-and-what-to-do-about-it/
11 days ago
0
0
0
In the opening Summit keynote, Target's CISO, Jodie Kautt will explore how adopting a “never waste a good crisis” mindset—using both internal incidents and industry headlines—can help sharpen focus and strengthen cyber programs. Read more:
summit2026.rhisac.or...
13 days ago
1
2
2
It's almost time for the RH-ISAC Cybersecurity Summit, and we are thrilled to have Kasada as our title sponsor this year! Read more about their keynote session that will dive into fraud and agentic commerce:
rhisac.org/press-rel...
#cybersecurity
#fraud
#protectasone
loading . . .
Kasada Partners with the Retail and Hospitality ISAC as Title Sponsor of 2026 Cybersecurity Summit - RH-ISAC
NEW YORK, NY – April 9, 2026 — Kasada, a leader in protecting digital businesses from automated and human-driven fraud and abuse, today announced it will
https://rhisac.org/press-release/kasada-partners-with-the-retail-and-hospitality-isac-as-title-sponsor-of-2026-cybersecurity-summit/
13 days ago
0
0
0
According to open-source reports, multiple companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen.
rhisac.org/threat-intel...
#cybersecurity
#breach
loading . . .
Active Data Theft Campaign Targeting Snowflake Customers via Anodot Third-Party SaaS Integration Breach - RH-ISAC
On 7 April 2026, reports emerged in open source that multiple companies have suffered data theft attacks after a SaaS integration provider was breached and
https://rhisac.org/threat-intelligence/active-data-theft-campaign-targeting-snowflake-customers-via-anodot-third-party-saas-integration-breach/
13 days ago
1
1
0
Read our latest blog post about a security researcher who publicly released a working proof-of-concept for an unpatched Windows local privilege escalation (LPE) vulnerability named BlueHammer.
rhisac.org/threat-intel...
#cybersecurity
#zeroday
#bluehammer
loading . . .
BlueHammer Windows Local Privilege Escalation Zero-Day Publicly Released - RH-ISAC
On 3 April 2026, a disgruntled security researcher publicly released a working proof-of-concept for an unpatched Windows local privilege escalation (LPE)
https://rhisac.org/threat-intelligence/bluehammer-windows-local-privilege-escalation-zero-day-publicly-released/
13 days ago
0
0
0
We are officially one week out from the 2026 Retail & Hospitality ISAC Cybersecurity Summit! This year's conference promises to be the best one yet, and we couldn't do it without the support of our fantastic sponsors!
15 days ago
0
0
0
Next week on 10 April at 11 a.m. ET, join RH-ISAC, Intel 471, and Kasada for a threat briefing. We’ll be using Scattered Spider activity as a foundation to show how to build a hunt package, taking you from single hypothesis to a fully operationalized workflow. Register:
rhisac.org/event/threat...
loading . . .
Retail & Hospitality Threat Landscape Briefing - RH-ISAC
Join RH-ISAC for a monthly threat briefing webinar series about the latest intel on observed incidents and emerging threats relevant to the retail and hospitality community.
https://rhisac.org/event/threat-landscape-briefing-april-2026/
18 days ago
0
0
0
📊 The 2026 Retail & Hospitality ISAC CISO Benchmark Report is out! Produced in collaboration with IANS, this year’s research captures insights from 200+ CISOs. Download a copy of the report at
rhisac.org/wp-content/u...
20 days ago
0
0
0
Modern fraud is too often an identity-driven attack that spans the entire customer journey, making it a natural extension of the CISO’s security mandate. In our latest blog post, Accertify explains why fraud now belongs on the CISO's desk.
rhisac.org/risk-managem...
loading . . .
Why Fraud Now Belongs on the CISO’s Desk - RH-ISAC
For years, fraud and cybersecurity have been treated as separate problems, owned by different teams and addressed with different tools. Fraud programs focused
https://rhisac.org/risk-management/why-fraud-now-belongs-on-the-cisos-desk/
22 days ago
0
0
0
Drawing on his professional experiences, which include roles at the FBI and the world's largest retailer, Tim Pappa of Walmart Global Tech will introduce 3 practical models of disruptive cyber deception operations during a Summit keynote presentation.
summit2026.rhisac.or...
22 days ago
0
0
0
We're so excited for this keynote presentation featuring Sam Crowther of Kasada and John Byun of Sephora, who will discuss agentic commerce, what Sephora is seeing in this space, & how security teams can get ahead of agentic commerce before it becomes a problem. Read more:
loading . . .
Fireside Chat: Fraud, Abuse, and the Agentic Commerce Reality Check - RH-ISAC Summit
Security teams are facing a growing problem: the automation you're trying to stop and the automation the business wants to enable can look identical.
https://summit2026.rhisac.org/session/fireside-chat-fraud-abuse-and-the-agentic-commerce-reality-check/
25 days ago
0
0
0
Last year,
@paloaltonetworks.com
responded to more than 750 major cyber incidents. This report distills investigations into key trends shaping the threat landscape, revealing how attackers gain access, where organizations fall short, and what defenders can do.
rhisac.org/threat-intel...
loading . . .
2026 Unit 42 Global Incident Response Report - RH-ISAC
In 2025, Unit 42 responded to more than 750 major cyber incidents. Our teams worked with large organizations facing extortion, network intrusions, data theft
https://rhisac.org/threat-intelligence/2026-unit-42-ir-report/
28 days ago
0
0
0
AI adoption in retail and hospitality is happening faster than most security teams can establish visibility, policy, and real-time enforcement. In our latest blog post, SentinelOne offers insights into the AI attack surface and mitigation strategies to consider.
rhisac.org/risk-managem...
loading . . .
The Speed Gap: Why AI in Retail and Hospitality Is Outpacing Security - RH-ISAC
Retail and hospitality organizations are adopting AI wherever speed and scale matter. Employees rely on public AI tools to draft content, analyze data, and
https://rhisac.org/risk-management/ai-in-retail-and-hospitality-is-outpacing-security/
28 days ago
0
0
0
If you're in town for RSAC, join RH‑ISAC for a casual happy hour meet‑up! 📅 When: Stop by anytime between 4 p.m. - 6 p.m. on Tuesday or Wednesday. 📍 Where: Marriott Union Square, Bin480 Bar (lobby level) 🤝 Who: RH-ISAC members + cybersecurity pros who work in retail and hospitality
28 days ago
0
0
0
Make the most of your time at RSAC Conference with this curated list of presentations and networking events featuring sessions from RH-ISAC staff and members, plus opportunities to connect with peers across retail, hospitality, and beyond:
rhisac.org/event/rsac-2...
loading . . .
RSAC 2026 Conference - RH-ISAC
Join thousands of your peers at RSAC™ 2026 Conference in San Francisco from March 23–26.
https://rhisac.org/event/rsac-2026-conference
29 days ago
0
0
0
We can't wait to see everyone RSAC Conference next week! RH-ISAC's Luke Vander Linden™ and Pam Lindemoen will be presenting "The Shared Perimeter: Turning Threat Intelligence into Sector-Wide Security" on Monday 23 March at 9:40 a.m.
path.rsaconference.com/flow/rsac/us...
about 1 month ago
0
0
0
🇨🇦 Big news out of Toronto! Yesterday at the RCC Retail Secure Conference, a new strategic partnership was announced between the Retail Council of Canada (RCC) and Retail & Hospitality ISAC. Learn more:
rhisac.org/press-releas...
#Retail
#Cybersecurity
#RetailSecurity
#ThreatIntelligence
loading . . .
Retail & Hospitality ISAC and Retail Council of Canada Announce Strategic Partnership to Strengthen Cybersecurity Across Canadian Retail Sector - RH-ISAC
VIENNA, VA (13 March 2026) — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and Retail Council of Canada (RCC) today announced
https://rhisac.org/press-release/rcc-partnership/
about 1 month ago
0
0
0
Today’s attacks exploit identity, sessions, and accounts long before checkout. This paper from Accertify explains why CISOs are uniquely positioned to stop fraud earlier - and why owning fraud is now essential to protecting trust, revenue, and brand.
www.accertify.com/wp...
about 1 month ago
0
0
0
Join us on 13 March at 11:00am ET for a threat briefing presentation with Impera that will explore how bots are exploiting API blind spots. Register:
rhisac.org/event/threat...
#cybersecurity
#bots
loading . . .
Retail & Hospitality Threat Landscape Briefing - RH-ISAC
Join RH-ISAC for a monthly threat briefing webinar series about the latest intel on observed incidents and emerging threats relevant to the retail and hospitality community.
https://rhisac.org/event/threat-landscape-briefing-march-2026/
about 1 month ago
0
0
0
The threat group known as ShinyHunters is actively exploiting misconfigurations in Salesforce Experience Cloud and an externally developed security auditing tool to exfiltrate sensitive data from hundreds of high-profile organizations.
rhisac.org/threat-intel...
#cybersecurity
#shinyhunters
loading . . .
ShinyHunters Utilize Public Audit Tool to Scan for Vulnerable Salesforce Aura Instances - RH-ISAC
The threat group known as ShinyHunters is actively exploiting misconfigurations in Salesforce Experience Cloud and a externally developed security auditing
https://rhisac.org/threat-intelligence/shinyhunters-sf-aura/
about 1 month ago
0
1
1
We had a packed house for our first Fraud Defense Forum in 2026! Thanks to Costco for hosting this event, which focuses on sharing insights, discussing real-world incidents, and exploring strategies to counter evolving fraud threats.
#FightFraud
#ProtectAsOne
#Cybersecurity
about 2 months ago
0
2
0
Read the latest blog post for a rundown of cyber threats related to the conflict in the Middle East with potential impact on retail and hospitality organizations:
rhisac.org/threat-intel...
#cybersecurity
loading . . .
Middle East Conflict Cyber Threat Landscape and Defensive Options for Retail, Hospitality, and Travel Organizations - RH-ISAC
In late February 2026, the United States and Israel launched joint airstrikes against a wide array of facilities in Iran. Retaliatory strikes have followed,
https://rhisac.org/threat-intelligence/middle-east-conflict/
about 2 months ago
0
0
0
In this whitepaper, Cequence Security offers insights into agentic AI security:
www.cequence.ai/wp-c...
#cybersecurity
#AI
#agenticsecurity
about 2 months ago
0
0
0
Headed to RSAC? Join us for an informal meet-up for RH-ISAC members to connect with other members who are in town for the conference. ⏱️ WHEN: 4 pm - 6 pm on 22 March, 24 March, 25 March 📍 WHERE: Marriott Union Square 480 Sutter Street, San Francisco, CA 94108 Bin480 Bar (lobby level)
about 2 months ago
0
0
0
Join RH-ISAC and Google Cloud Security for an exclusive threat briefing on Friday, 6 March, that will provide a deep dive into how the threat clusters associated with the ShinyHunters brand are targeting identity providers and SaaS integrations.
rhisac.org/event/exclus...
loading . . .
Threat Briefing: Tracking the Expansion of ShinyHunters SaaS Data Theft - RH-ISAC
Join RH-ISAC and Google Cloud Security for a special threat briefing focused on ShinyHunters SaaS data theft.
https://rhisac.org/event/exclusive-threat-briefing-march-2026-google/
about 2 months ago
0
1
0
Exploitation of vulnerability (CVE-2026-1731) activity targeting the wholesale and retail sectors, according to research from Palo Alto Networks and Unit 42.
rhisac.org/threat-in...
#cybersecurity
#retailsecurity
loading . . .
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) - RH-ISAC
On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific
https://rhisac.org/threat-intelligence/vshell-and-sparkrat-cve-2026-1731/
about 2 months ago
0
0
0
Threat actors increasingly leverage airline brand impersonation to facilitate sophisticated reward fraud and illicit online gambling schemes, according to a report.
rhisac.org/threat-intel...
#cybersecurity
#fraud
#brandimpersonation
loading . . .
Threat Actors Leverage Brand Impersonation for Rewards Fraud, Credential Harvesting Campaigns, and Online Gambling Platforms - RH-ISAC
Threat actors increasingly leverage airline brand impersonation to facilitate sophisticated reward fraud and illicit online gambling schemes, according to a
https://rhisac.org/threat-intelligence/threat-actors-leverage-brand-impersonation-for-rewards-fraud-credential-harvesting-campaigns-and-online-gambling-platforms/
about 2 months ago
0
0
0
We're thrilled to share this Hotel Executive article by
@rhisac.org
 President Suzie Squier. Suzie explains why unity in action is the only path forward for hospitality cybersecurity. You do not want to miss this!
https://f.mtr.cool/fgoyhmaqvk
about 2 months ago
0
0
0
RSAC 2026 Conference is where the cybersecurity world unites from March 23–26 in San Francisco. Now's your LAST CHANCE to save $300 on an All Access Pass PLUS unlock an exclusive $150 RH-ISAC member discount. Register by March 20.
www.rsaconference.co...
about 2 months ago
0
0
0
In the latest blog post from
Palo Alto Networks
, we examine how attackers are leveraging QR code shorteners, in-app deep links and direct downloads to bypass people’s awareness and security controls.
loading . . .
Phishing on the Edge of the Web and Mobile Using QR Codes - RH-ISAC
With QR codes having a notable presence in our everyday lives, some people instinctively scan them without hesitation. But QR codes are also a vector for
https://rhisac.org/threat-intelligence/phishing-on-the-edge-of-the-web-and-mobile-using-qr-codes/
about 2 months ago
1
0
0
A fraudulent website impersonating Avast’s visual identity targets French-speaking users by claiming a non-existent €499.99 charge requires a refund.
rhisac.org/threat-intel...
loading . . .
Malwarebytes Confirms Avast Impersonation Refund Scam Targeting European Users - RH-ISAC
A fraudulent website impersonating Avast's visual identity targets French-speaking users by claiming a non-existent €499.99 charge requires a refund,
https://rhisac.org/threat-intelligence/avast-impersonation-refund-scam/
about 2 months ago
0
0
0
The 2026 RH-ISAC Cybersecurity Summit agenda is officially out! We’re bringing together the brightest minds in the industry to share insights, solve problems, and build a stronger collective defense.
summit2026.rhisac.or...
#CyberSecuritySummit
#InfoSec
#RHISAC
#Networking
loading . . .
Agenda - RH-ISAC Summit
The RH-ISAC Summit Agenda is Live! Check out our lineup of speakers and topics addressing retail & hospitality cybersecurity challenges.
https://summit2026.rhisac.org/agenda/
about 2 months ago
0
0
0
A rogue virtual machine uncovered by
@paloaltonetworks.com
during an IR investigation provides insight into the operational playbook of Muddled Libra (aka Scattered Spider / UNC3944). This analysis breaks down the TTPs retailers and hospitality orgs need to watch in 2026:
rhisac.org/threat-intel...
loading . . .
A Peek Into Muddled Libra’s Operational Playbook - RH-ISAC
During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by
https://rhisac.org/threat-intelligence/muddled-libras-operational-playbook/
2 months ago
1
0
0
What separates good security leaders from great ones? David Spark @dspark & Jerich Beason @blanketSec sit down with @PamLindemoen, CSO & VP of Strategy @RH_ISAC, to explore this topic.Â
https://f.mtr.cool/cseyflejsc
2 months ago
0
0
0
Meet the minds shaping cybersecurity conversations at our
@rhisac.org
 2026 Summit. Keynote lineup: Tim Pappa, Walmart Global Tech Jodie Kautt, SVP and CISO, Target
@bilyanalilly.bsky.social
 , Accenture Allison Nixon & May Chen-Contino, Unit 221B Register here:
https://f.mtr.cool/ldcthffpaa
2 months ago
0
0
0
Save the date! Join
@rhisac.org
 to discuss cybersecurity challenges facing retail + hospitality. 📆 CISO Forum Americas 21-22 Oct | Scottsdale, AZ
https://f.mtr.cool/snhntghhuw
2 months ago
0
0
0
Pam Lindemoen ,
@rhisac.org
's CSO and VP of Strategy, is on the agenda for Convene, hosted by National Cybersecurity Alliance's staysafeonline.org in FL this 3-4 March 2026. Pam will host the Security Share & Brag Session. 15% off registration here:
https://f.mtr.cool/dyetrtixnd
2 months ago
0
0
0
The
@rhisac.org
 Peer Choice Awards celebrate the security professionals who make our community stronger through collaboration and shared intelligence. Voting results, data sharing metrics & staff input determine the winners. Winners announced at the Awards Ceremony at our Summit in Austin!
2 months ago
0
0
0
Join
@rhisac.org
  and
@paloaltonetworks.com
 for an exclusive deep dive into the Unit 42 Attribution Framework and how organizations can implement it into their CTI program. Presented by Robert Falcone, Distinguished Engineer at Unit 42.
https://f.mtr.cool/gdctirbofe
3 months ago
0
1
0
Time's running out to share your insights! ⌛ Our
@rhisac.org
 annual CISO Benchmark Survey closes 5 Feb. Your input helps shape the future of cybersecurity in retail & hospitality and it takes just 15 minutes to complete.
https://f.mtr.cool/rpjibsztay
3 months ago
0
0
0
@rhisac.org
 's 2025 Year in Review is out! We showcase how our member community strengthened cyber defense across retail and hospitality through shared intelligence, expert insights, and collective action. Download the report here!
loading . . .
https://f.mtr.cool/llvjrjhxfh
3 months ago
0
1
0
Join us for an exclusive forum on 5 March at Costco's HQ in WA. Topics: Costco's fraud team journey, overcoming legal barriers, and return/refund fraud patterns. Register today:
https://f.mtr.cool/luqirpujpd
3 months ago
0
0
0
Ready to shape the future of retail and hospitality cybersecurity? It only takes 15 minutes! The report provides data-driven insight into the challenges, priorities, and progress of CISOs across retail and hospitality—helping you benchmark against your peers.
https://f.mtr.cool/dviruatoju
3 months ago
0
0
0
🎯 Join us in Austin, April 13-15, 2026!
@rhisac.org
's Cybersecurity Summit is THE premier event for retail & hospitality security leaders. Featuring the most pressing topics in our sector, delivered by prominent thought leaders and industry experts.
loading . . .
Register - RH-ISAC Summit
RH-ISAC’s Cybersecurity Summit is the leading event for retail and hospitality information security leaders. This exclusive program, features content curated
https://f.mtr.cool/sncbxbxuxq
3 months ago
0
0
0
Join us for a threat briefing from Akamai Technologies on 30 Jan at 11:00am ET. Ryan Gao & Jon Anderson will discuss the state of automation, 2025 industry trends, how they showed during peak periods, & give 2026 recommendations.
https://f.mtr.cool/wushmkypii
3 months ago
0
0
0
@rhisac.org
 hosts events throughout the year designed specifically for CISOs and information security leaders—including monthly CISO community calls, in-person networking dinners, CISO Forum, and exclusive events. Learn more: https://f.mtr.cool/wzlhflomuf
#Cybersecurity
#CISO
3 months ago
0
0
0
Shared intelligence = stronger defenses.Â
@rhisac.org
 members share real-time data and tackle challenges together. When one organization identifies a threat, everyone benefits. Learn more: https://f.mtr.cool/eqkhhkatud
#Cybersecurity
#InfoSharing
#CyberCommunity
#StrongerTogether
3 months ago
0
0
0
Load more
feeds!
log in
