In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is
In 2020, a teenager convinced a Twitter employee he was a co-worker from the IT department. That single phone call led to the compromise of 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and a Bitcoin scam that netted over $100,000 in hours. The attack wasn'
The 82% Problem Nobody Wants to Own The 2022 Verizon Data Breach Investigations Report found that 82% of breaches involved a human element — phishing, stolen credentials, misuse, or simple error. That number has barely budged in years. And yet most organizations still treat cybersecurity awareness training as a checkbox exercise:
In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Microsoft, Nvidia, Samsung, and Okta. They didn't use sophisticated zero-day exploits. They used social engineering. They bought credentials. They tricked employees. And they walked through the front door of some of the most well-resourced security
In March 2022, Lapsus$ — a threat actor group largely composed of teenagers — breached Okta, Microsoft, Samsung, and Nvidia in rapid succession. Their primary weapon wasn't a sophisticated zero-day exploit. It was employee cybersecurity training failures: stolen credentials, SIM swapping, and social engineering attacks that targeted the humans sitting
One Click Cost This Company Everything In March 2022, a single employee at Nvidia clicked something they shouldn't have. The Lapsus$ threat actor group walked away with over a terabyte of proprietary data, including employee credentials and source code. Nvidia isn't a small shop with weak
Last October, while organizations across the country were hanging "Think Before You Click" posters in their break rooms, the FBI's Internet Crime Complaint Center was logging over 847,000 complaints representing nearly $7 billion in losses for 2021. That's roughly a 7% increase in
In 2020, a 10-person insurance agency in Oregon lost $285,000 in a single business email compromise attack. The threat actor spoofed the owner's email address, sent a wire transfer request to the bookkeeper, and the money was gone in 47 minutes. No malware. No Hollywood hacking. Just
In December 2021, a 35-person accounting firm in Ohio paid a $150,000 ransom after one employee clicked a link in a fake DocuSign email. The firm had no cybersecurity training program. No phishing simulations. No written security policy. The threat actor was inside their network for eleven days before
A $4.24 Million Problem That a Browser Tab Could Fix In 2021, IBM's Cost of a Data Breach Report pegged the global average cost of a breach at $4.24 million — the highest in 17 years. Here's the part that should keep you up at
