ThreatBrief

In early 2026, the University of Pennsylvania confirmed that attackers had accessed donor data and internal systems after a phishing campaign compromised Graduate School of Education email accounts, with the ShinyHunters group later claiming the breach and threatening to release over a million records. Weeks later, the international law firm Jones Day disclosed that hackers had accessed some client data through a breach of a third-party file transfer vendor.

Neither institution was reckless. Both had in-house IT and established security policies. The failures were in places that sit outside typical security budgets: exposed subdomains, aging SSL configurations, misconfigured email authentication (SPF, DKIM, DMARC), leaked employee credentials from unrelated breaches, and third-party vendors whose security posture was never independently verified.

Private colleges, law firms, and mid-sized professional services organizations typically can't justify a $20K+ penetration test or a $180K/year security hire. They also can't afford a breach. The Penn incident alone will cost millions in remediation, regulatory response, and reputational recovery.

ThreatBrief delivers an automated external security posture assessment designed specifically for organizations that need professional-grade intelligence without the cost or timeline of traditional auditing. The assessment scans the external attack surface, including domain reconnaissance, subdomain enumeration, SSL/TLS configuration, DNS and email authentication, exposed services, and leaked credential databases, and interprets the results into a prioritized, business-readable report.

For a private college, a typical report surfaces aging SSL certificates on forgotten athletic subdomains, DMARC records set to "none" that let attackers spoof the advancement office email, and faculty credentials circulating in credential-stuffing databases from unrelated breaches. For a law firm, reports have flagged third-party file transfer portals with default configurations and partner email domains missing basic authentication, the exact vectors behind recent high-profile breaches. Quarterly monitoring keeps the assessment current as the attack surface changes.

The intelligence of a professional penetration test, delivered in 72 hours, with optional quarterly monitoring.