Computer Security News and Insights
A Single Stolen W-2 Cost This Company $1.6 Million In 2023, a mid-size manufacturing firm in Ohio lost control of every employee's W-2 data after one payroll clerk fell for a CEO impersonation email. The threat actor filed fraudulent tax returns before anyone noticed. The cleanup — credit
In 2019, Microsoft published a study that changed how I talk to every client about security: enabling multi-factor authentication blocks 99.9% of automated account compromise attacks. That single stat should end every debate about whether two-factor authentication benefits are worth the minor inconvenience. Yet here we are in 2026,
When the Colonial Pipeline attack shut down fuel distribution across the U.S. East Coast in 2021, news anchors fumbled through terms like "ransomware," "threat actor," and "zero trust" as if reading a foreign language. Millions of viewers had no idea what any of
During a breach investigation last year, I watched a CFO stare blankly at an incident responder who kept saying "the threat actor used credential stuffing to pivot laterally after compromising an MFA-gapped endpoint." The CFO's response: "Can someone please speak English?" That moment cost
In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year before. A massive share of those incidents started with a single piece of malicious software landing on someone's machine.
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — and malware was the engine behind a staggering number of those incidents. I've worked incident response cases where a single malware infection spiraled into a multi-million-dollar
In 2023, a barcode scanner app on the Google Play Store — used by over 10 million people — pushed a malicious update that turned a legitimate tool into an aggressive adware delivery mechanism overnight. Users were flooded with pop-ups and redirected to shady websites. Within weeks, researchers discovered the same app
The Fake Invoice That Cost a Hospital System $28 Million In 2024, Ascension Health — one of the largest healthcare systems in the United States — suffered a devastating ransomware attack that disrupted operations across 140 hospitals. The initial entry vector? A malicious file that an employee downloaded, believing it to be
In 2023, the FBI dismantled a cybercrime ring that used a commercial keylogger called Snake Keylogger to steal credentials from over 10,000 victims across 50 countries. The malware recorded every keystroke — banking passwords, email logins, private messages — and quietly exfiltrated the data to attacker-controlled servers. The victims had no
Your Employees Think They're on Your Bank's Website. They're Not. In April 2022, researchers at Avast documented a campaign where threat actors compromised home routers to execute a DNS spoofing attack that redirected users trying to visit legitimate banking sites to near-perfect credential theft
