In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had breached corporate email accounts — not by exploiting some exotic zero-day, but by password spraying a legacy test tenant that lacked multi-factor authentication. One overlooked account. No MFA. Catastrophic access. If a company with Microsoft's resources
The Breach That Made "Trust But Verify" Obsolete In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had compromised executive email accounts — not by exploiting some exotic zero-day, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. One overlooked
The VPN That Let Attackers Walk Right In In January 2024, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Chinese state-sponsored threat actors had exploited Ivanti Connect Secure VPN vulnerabilities to breach multiple U.S. federal agencies. The attackers didn't kick down the door. They walked through
In January 2024, Microsoft disclosed that a Russian threat actor known as Midnight Blizzard breached corporate email accounts — not through some exotic zero-day, but by password-spraying a legacy test account that lacked multi-factor authentication. One forgotten account. No segmentation. No least-privilege enforcement. The result: a nation-state actor reading executive emails
In 2023, a single remote employee at MGM Resorts answered a vishing call — a voice phishing attack impersonating an IT help desk worker. That one conversation led to a social engineering breach that cost MGM an estimated $100 million in losses. The attacker didn't exploit some exotic zero-day.
In March 2024, a single remote employee at a midsize financial firm clicked a link in what looked like a Microsoft Teams notification. Within 72 hours, a threat actor had moved laterally across the company's network, exfiltrated 1.2 million customer records, and deployed ransomware that locked every
In May 2024, Check Point disclosed that threat actors were actively exploiting a zero-day vulnerability in its VPN products — CVE-2024-24919 — to harvest Active Directory credentials and move laterally through enterprise networks. Attackers didn't need a sophisticated exploit chain. They needed one VPN gateway running a default configuration with
Port 3389: The Door You Left Wide Open In January 2024, the FBI and CISA issued a joint advisory warning that the Phobos ransomware group had been exploiting exposed Remote Desktop Protocol (RDP) services to breach organizations across government, healthcare, education, and critical infrastructure. The attackers didn't use
In October 2024, the FTC finalized a settlement with Marriott International and its subsidiary Starwood Hotels over data breaches that exposed the personal information of 344 million customers. Among the FTC's requirements: Marriott had to implement a comprehensive information security program — including mandatory employee training. That wasn'
The Framework Nobody Reads — Until After the Breach In February 2024, Change Healthcare suffered a ransomware attack that disrupted pharmacy operations across the United States for weeks. UnitedHealth Group eventually disclosed that the breach affected roughly 100 million individuals — making it one of the largest healthcare data breaches in history.
