Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 2, 1796, a full house packed the Drury Lane Theatre in London, eager to witness the first showing of a newly discovered Shakespeare play. The problem was that William Henry Ireland wrote the play, Vortigern, and the entire production was a hoax. Although there was some controversy before opening day, several experts reviewed the manuscript and supporting documents and confirmed that the play was a long-lost Shakespeare original.

The Digital Statute for Children and Adolescents (Digital Estatuto da Criança e do Adolescente or Lei 15.211/2025) is a new law outlining age assurance (garantia de idade) requirements in Brazil. Also known as the Digital ECA, it was enacted in September 2025 and goes beyond self-attestation, applying to a wider range of online platforms that offer certain services. On March 17, 2026, the Digital ECA will become enforceable.

Hiring has never been easy. But in the last year, it’s taken on an entirely new level of complexity. Fake candidates have become one of the most urgent problems facing HR, talent, and InfoSec teams alike. Today’s recruiters are flooded with AI-generated resumes that are nearly impossible to distinguish from legitimate candidates. When fake candidates make it to interviews, the tactics escalate with deepfakes used to impersonate people and proxy stand-ins for technical assessments.

Traditional detection methods and point solutions often focus on fraud detection at a single point. Identity platforms and orchestration layers help fraud fighters detect patterns and stop scaling attacks. But there’s a growing fraud vector called identity muling that’s particularly difficult for some fraud systems to detect. Below, we’ll explore how identity muling works, what it looks like from a fraud fighter’s perspective, and what you can do to protect your organization.

Physical discs have given way to streaming. You can make a purchase with a tap of your phone. But relying on documents to verify business and individual identities isn't going anywhere. In fact, the opposite is true. Some regulations require document checks during identity verification. Even when that’s not the case, documents are becoming popular and valuable components of identity checks because they provide information that isn’t available elsewhere.

Update (February 24, 2026): @vmfunc has published part two of their series about Persona. You can read it here. We will update this post with part three when it is released. On February 16, 2026, security researchers @vmfunc, @MDLcsgo, and @DziurwaF published a blog post identifying exposed frontend source maps on a non-production subdomain under withpersona-gov.com.

Supplemental document checks are often required for businesses that conduct Know Your Customer (KYC) or Know Your Business (KYB) checks. Even when compliance isn’t required, organizations often collect supplemental documents for their own business purposes, such as risk assessments. In business contexts, a supplemental document is a non-government-issued document that you collect to support a risk assessment.

Audiences around the world may be captivated by dramatic stories of con men like the Tinder Swindler. But this type of fraud is the exception rather than the rule. Most criminals go to great lengths to stay hidden and minimize the risk of getting caught. Sometimes, though, a criminal needs to show their face — or at least, a face — to pass identity checks.

Synthetic identity fraud used to be a specialty fraud job. Bad actors created synthetic identities by modifying personal information, combining multiple real identities, or combining real and fake information. But building up identities convincing enough to pass muster took time, research, and effort. As a result, you typically saw synthetic identity fraud when bad actors targeted organizations that could pay off in a significant way.