Retail & Hospitality ISAC

Today’s attacks exploit identity, sessions, and accounts long before checkout. This paper from Accertify explains why CISOs are uniquely positioned to stop fraud earlier - and why owning fraud is now essential to protecting trust, revenue, and brand.
www.accertify.com/wp...

Retail & Hospitality Threat Landscape Briefing - RH-ISAC Join RH-ISAC for a monthly threat briefing webinar series about the latest intel on observed incidents and emerging threats relevant to the retail and hospitality community.

Join us on 13 March at 11:00am ET for a threat briefing presentation with Impera that will explore how bots are exploiting API blind spots.

Register: rhisac.org/event/threat...

#cybersecurity #bots

ShinyHunters Utilize Public Audit Tool to Scan for Vulnerable Salesforce Aura Instances - RH-ISAC The threat group known as ShinyHunters is actively exploiting misconfigurations in Salesforce Experience Cloud and a externally developed security auditing

The threat group known as ShinyHunters is actively exploiting misconfigurations in Salesforce Experience Cloud and an externally developed security auditing tool to exfiltrate sensitive data from hundreds of high-profile organizations. rhisac.org/threat-intel...
#cybersecurity #shinyhunters

We had a packed house for our first Fraud Defense Forum in 2026! Thanks to Costco for hosting this event, which focuses on sharing insights, discussing real-world incidents, and exploring strategies to counter evolving fraud threats.

#FightFraud #ProtectAsOne #Cybersecurity

Middle East Conflict Cyber Threat Landscape and Defensive Options for Retail, Hospitality, and Travel Organizations - RH-ISAC In late February 2026, the United States and Israel launched joint airstrikes against a wide array of facilities in Iran. Retaliatory strikes have followed,

Read the latest blog post for a rundown of cyber threats related to the conflict in the Middle East with potential impact on retail and hospitality organizations: rhisac.org/threat-intel...

#cybersecurity

In this whitepaper, Cequence Security offers insights into agentic AI security:
www.cequence.ai/wp-c...
#cybersecurity
#AI
#agenticsecurity

Headed to RSAC? Join us for an informal meet-up for RH-ISAC members to connect with other members who are in town for the conference.

⏱️ WHEN:
4 pm - 6 pm on 22 March, 24 March, 25 March

📍 WHERE:
Marriott Union Square
480 Sutter Street, San Francisco, CA 94108
Bin480 Bar (lobby level)

Threat Briefing: Tracking the Expansion of ShinyHunters SaaS Data Theft - RH-ISAC Join RH-ISAC and Google Cloud Security for a special threat briefing focused on ShinyHunters SaaS data theft.

Join RH-ISAC and Google Cloud Security for an exclusive threat briefing on Friday, 6 March, that will provide a deep dive into how the threat clusters associated with the ShinyHunters brand are targeting identity providers and SaaS integrations.
rhisac.org/event/exclus...

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) - RH-ISAC On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific

Exploitation of vulnerability (CVE-2026-1731) activity targeting the wholesale and retail sectors, according to research from Palo Alto Networks and Unit 42.
rhisac.org/threat-in...
#cybersecurity
#retailsecurity

Threat Actors Leverage Brand Impersonation for Rewards Fraud, Credential Harvesting Campaigns, and Online Gambling Platforms - RH-ISAC Threat actors increasingly leverage airline brand impersonation to facilitate sophisticated reward fraud and illicit online gambling schemes, according to a

Threat actors increasingly leverage airline brand impersonation to facilitate sophisticated reward fraud and illicit online gambling schemes, according to a report. rhisac.org/threat-intel...
#cybersecurity
#fraud
#brandimpersonation

We're thrilled to share this Hotel Executive article by @rhisac.org President Suzie Squier.

Suzie explains why unity in action is the only path forward for hospitality cybersecurity. You do not want to miss this!

https://f.mtr.cool/fgoyhmaqvk

RSAC 2026 Conference is where the cybersecurity world unites from March 23–26 in San Francisco. Now's your LAST CHANCE to save $300 on an All Access Pass PLUS unlock an exclusive $150 RH-ISAC member discount. Register by March 20.
www.rsaconference.co...

Phishing on the Edge of the Web and Mobile Using QR Codes - RH-ISAC With QR codes having a notable presence in our everyday lives, some people instinctively scan them without hesitation. But QR codes are also a vector for

In the latest blog post from Palo Alto Networks, we examine how attackers are leveraging QR code shorteners, in-app deep links and direct downloads to bypass people’s awareness and security controls.

Malwarebytes Confirms Avast Impersonation Refund Scam Targeting European Users - RH-ISAC A fraudulent website impersonating Avast's visual identity targets French-speaking users by claiming a non-existent €499.99 charge requires a refund,

A fraudulent website impersonating Avast’s visual identity targets French-speaking users by claiming a non-existent €499.99 charge requires a refund. rhisac.org/threat-intel...

Agenda - RH-ISAC Summit The RH-ISAC Summit Agenda is Live! Check out our lineup of speakers and topics addressing retail & hospitality cybersecurity challenges.

The 2026 RH-ISAC Cybersecurity Summit agenda is officially out! We’re bringing together the brightest minds in the industry to share insights, solve problems, and build a stronger collective defense. summit2026.rhisac.or...

#CyberSecuritySummit #InfoSec #RHISAC #Networking

A Peek Into Muddled Libra’s Operational Playbook - RH-ISAC During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by

A rogue virtual machine uncovered by @paloaltonetworks.com during an IR investigation provides insight into the operational playbook of Muddled Libra (aka Scattered Spider / UNC3944). This analysis breaks down the TTPs retailers and hospitality orgs need to watch in 2026: rhisac.org/threat-intel...

What separates good security leaders from great ones? 

David Spark @dspark & Jerich Beason @blanketSec sit down with @PamLindemoen, CSO & VP of Strategy @RH_ISAC, to explore this topic. 

https://f.mtr.cool/cseyflejsc

Meet the minds shaping cybersecurity conversations at our @rhisac.org 2026 Summit.

Keynote lineup:

Tim Pappa, Walmart Global Tech
Jodie Kautt, SVP and CISO, Target
@bilyanalilly.bsky.social , Accenture
Allison Nixon & May Chen-Contino, Unit 221B

Register here: https://f.mtr.cool/ldcthffpaa

Save the date! Join @rhisac.org to discuss cybersecurity challenges facing retail + hospitality. 

📆 CISO Forum Americas

21-22 Oct | Scottsdale, AZ

https://f.mtr.cool/snhntghhuw

Pam Lindemoen , @rhisac.org's CSO and VP of Strategy, is on the agenda for Convene, hosted by National Cybersecurity Alliance's staysafeonline.org in FL this 3-4 March 2026. Pam will host the Security Share & Brag Session.

15% off registration here: https://f.mtr.cool/dyetrtixnd

The @rhisac.org  Peer Choice Awards celebrate the security professionals who make our community stronger through collaboration and shared intelligence.

Voting results, data sharing metrics & staff input determine the winners.

Winners announced at the Awards Ceremony at our Summit in Austin!

Join @rhisac.org   and @paloaltonetworks.com for an exclusive deep dive into the Unit 42 Attribution Framework and how organizations can implement it into their CTI program. Presented by Robert Falcone, Distinguished Engineer at Unit 42.

https://f.mtr.cool/gdctirbofe

Time's running out to share your insights! ⌛ Our @rhisac.org annual CISO Benchmark Survey closes 5 Feb.

Your input helps shape the future of cybersecurity in retail & hospitality and it takes just 15 minutes to complete.

https://f.mtr.cool/rpjibsztay

@rhisac.org 's 2025 Year in Review is out!  We showcase how our member community strengthened cyber defense across retail and hospitality through shared intelligence, expert insights, and collective action.

Download the report here!

Join us for an exclusive forum on 5 March at Costco's HQ in WA.

Topics: Costco's fraud team journey, overcoming legal barriers, and return/refund fraud patterns.

Register today: https://f.mtr.cool/luqirpujpd

Ready to shape the future of retail and hospitality cybersecurity? It only takes 15 minutes!

The report provides data-driven insight into the challenges, priorities, and progress of CISOs across retail and hospitality—helping you benchmark against your peers.

https://f.mtr.cool/dviruatoju

Register - RH-ISAC Summit RH-ISAC’s Cybersecurity Summit is the leading event for retail and hospitality information security leaders. This exclusive program, features content curated

🎯 Join us in Austin, April 13-15, 2026!

@rhisac.org's Cybersecurity Summit is THE premier event for retail & hospitality security leaders. Featuring the most pressing topics in our sector, delivered by prominent thought leaders and industry experts.

Join us for a threat briefing from Akamai Technologies on 30 Jan at 11:00am ET. Ryan Gao & Jon Anderson will discuss the state of automation, 2025 industry trends, how they showed during peak periods, & give 2026 recommendations.

https://f.mtr.cool/wushmkypii

@rhisac.org hosts events throughout the year designed specifically for CISOs and information security leaders—including monthly CISO community calls, in-person networking dinners, CISO Forum, and exclusive events.

Learn more: https://f.mtr.cool/wzlhflomuf

#Cybersecurity #CISO

Shared intelligence = stronger defenses. @rhisac.org members share real-time data and tackle challenges together. When one organization identifies a threat, everyone benefits.

Learn more: https://f.mtr.cool/eqkhhkatud

#Cybersecurity #InfoSharing #CyberCommunity #StrongerTogether