Three Things You Need To Know: May 4, 2026

U.S.-Iran Ceasefire Under Severe Strain as Iran Launches Strikes and Tensions Escalate:

The U.S. and Iran are at risk of reigniting a new phase of war as the April 8 ceasefire comes under pressure. United Arab Emirates (UAE) officials stated its air defenses intercepted 19 Iranian ballistic and cruise missiles and drones on May 4, activating its air defense systems for the first time since the truce. A drone attack caused a large fire at the Fujairah Oil Industry Zone, a critical oil storage and pipeline hub, injuring three Indian nationals. The strikes follow President Donald Trump’s announcement of “Project Freedom” on May 4, a Navy-escorted operation to reopen the Strait of Hormuz by creating a defensive umbrella to guide commercial ships through. U.S. Central Command confirmed it has since eliminated six Iranian small boats after they threatened commercial shipping. Renewed escalation is likely to have immediate impacts on regional travel and global energy markets. UAE airspace has been partially closed through at least May 11. Brent crude hit its highest closing price of 2026 on May 4 at $114.4 a barrel, a single-day jump of nearly six percent, before pulling back 1.4 percent the following day, a pattern likely to continue if the Strait of Hormuz stays contested.

We advise businesses to prepare for immediate resumption of volatility in the region, including the disruption to shipping routes and rising energy costs. Organizations with regional exposure should review contingency plans, diversify supply routes where possible, and monitor developments closely.

Vehicle-Ramming Attack in Leipzig Kills Two, Highlights Continuing Pattern of Low-Tech Violence in Urban Centers:

A car drove into a crowd of pedestrians on Grimmaische Strasse, a busy shopping street in central Leipzig, Germany on May 4, killing two people and injuring 22 others. The suspect, a 33-year-old German national already known to police, was arrested near St. Thomas Church shortly after the attack. Authorities deployed approximately 40 firefighters, 40 paramedics, and two helicopters to the scene, describing it as a mass casualty incident. No motive has been established, however the prime minister of the state of Saxony said the ​suspect had possible mental health issues, and the attack is being investigated as a suspected deliberate act.  Germany has witnessed a spate of vehicle-ramming and stabbings in recent years, including similar incidents in Berlin in 2016, Magdeburg in 2024, and in Mannheim and Munich in 2025, some of which were perpetrated by those with religious or political motivations, while others by individuals with mental health problems. This highlights the difficulty of preventing low-tech, high-impact attacks in open public spaces. The frequency of similar incidents raises the risk of heightened public anxiety and is likely to increase pressure on authorities to strengthen preventative measures and expand security infrastructure in pedestrian zones across Europe.

We advise executives and business travelers to remain aware of their surroundings in crowded urban areas, particularly pedestrian zones and shopping districts. Organizations should brief staff on personal safety protocols and emergency response procedures when operating in European cities.

Large-Scale Phishing Campaign Bypasses MFA to Compromise 35,000 Users Across 13,000 Organizations:

A sophisticated phishing campaign targeting over 35,000 users across more than 13,000 organizations in 26 countries was identified by Microsoft Defender researchers this week, with the United States accounting for 92 percent of affected users. The campaign ran between April 14 and 16, 2026, with healthcare and life sciences, financial services, professional services, and technology firms among the most heavily targeted sectors. The phishing emails were crafted to resemble internal compliance or regulatory notices, with display names including “Internal Regulatory COC,” “Workforce Communications,” and “Team Conduct Report,” and subject lines warning recipients a code of conduct review had been opened against them. The attackers did not just steal passwords, going a step further by hijacking active authentication sessions through an adversary-in-the-middle (AiTM) technique, largely neutralizing standard nMFA protection. The campaign’s use of polished enterprise-style email layouts, multi-stage CAPTCHA filtering to evade automated security tools, and spoofed branding from legitimate services marks a significant step up from conventional phishing, and reflects the growing use of artificial intelligence (AI)-assisted tooling to produce highly convincing social engineering at scale. Standard MFA alone is no longer sufficient protection against this class of attack.

We recommend organizations enable phishing-resistant MFA methods and conduct regular phishing simulation exercises to help staff recognize social engineering tactics.

Related Posts