In January 2023, the FBI's Internet Crime Complaint Center (IC3) continued to flag business email compromise — often powered by man in the middle attack techniques — as the costliest cybercrime category, responsible for over $2.7 billion in reported losses in 2022 alone. That number isn't inflated
In April 2018, attackers hijacked the DNS servers used by MyEtherWallet and redirected users to a phishing site hosted in Russia. The entire attack lasted roughly two hours. In that window, victims lost around $17 million in cryptocurrency — simply because their browsers resolved a legitimate domain name to a malicious
A 20-Year-Old Attack Still Dominating the Headlines In late 2022, the FBI and CISA issued a joint advisory warning about ongoing exploitation of a SQL injection vulnerability in a widely used healthcare software platform. The flaw had been known for years. The patches existed. And yet, threat actors kept walking
British Airways Lost $230 Million Because of a Script In 2018, British Airways disclosed a breach that exposed the payment card details of roughly 380,000 customers. The attack vector? A malicious script injected into the airline's payment page — a textbook cross-site scripting exploitation. The UK's
In October 2022, a Medibank employee's credentials were stolen through a single compromised login — no multi-factor authentication in place. The breach exposed the personal health data of 9.7 million Australians and became one of the most damaging incidents of the year. The attack didn't start
In 2022, a single employee at Twilio clicked a phishing link embedded in a fake IT notification. That one click gave threat actors access to internal systems and exposed data tied to over 130 organizations. The root cause wasn't a firewall failure or a zero-day exploit — it was
In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your
A Single Email Cost This Company $121 Million In 2017, a Lithuanian man orchestrated a phishing scheme that tricked both Google and Facebook into wiring him over $121 million combined. He sent fake invoices from a spoofed email address impersonating a legitimate hardware vendor. Employees at two of the most
A Ransomware Gang That Starts With Your Inbox In 2022, the Medusa ransomware gang emerged as one of the most aggressive threat actors targeting organizations through phishing campaigns. They don't kick down the front door — they walk through it with stolen credentials, harvested from carefully crafted phishing emails
A Single Phish Cost Twilio 163 Million User Records In August 2022, Twilio — a company that powers authentication for thousands of apps — confirmed that attackers used SMS-based phishing to compromise employee credentials. That single phish gave threat actors access to data from 163 customer accounts, which cascaded into a breach
