Computer Security News and Insights
In 2023, the MOVEit Transfer vulnerability — a SQL injection flaw — led to the compromise of over 2,600 organizations and exposed data on more than 77 million individuals. One vulnerability. One injection point. Billions in damage. And here's what should keep you up at night: SQL injection has
In 2018, British Airways disclosed a breach that exposed the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting exploit. The UK's Information Commissioner's Office initially proposed a
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way
Most Quiz Questions Are a Waste of Everyone's Time I recently reviewed a Fortune 500 company's annual security awareness program. Their quiz had 20 multiple-choice questions. One of them asked employees to define the word "malware." Another asked which year the first computer virus
In May 2021, a single phishing email led to the shutdown of Colonial Pipeline — the largest fuel pipeline in the United States. One compromised credential. One employee who didn't catch the red flags. The result: fuel shortages across the East Coast, a $4.4 million ransom payment, and
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 phishing complaints — making it the most reported cybercrime for the fifth consecutive year. Yet every week, I still talk to business owners who think phishing is just "those obvious Nigerian prince emails." It'
In March 2025, CISA and the FBI issued a joint advisory warning that the Medusa ransomware gang had compromised over 300 organizations across critical infrastructure sectors — healthcare, education, legal, insurance, and manufacturing. The attack vector wasn't some exotic zero-day exploit. It was phishing. Specifically, carefully crafted Medusa ransomware
A Single Phish Email Cost One Company $37 Million In 2024, Orion SA disclosed that a single employee fell for a business email compromise scheme and wired approximately $60 million to a threat actor's accounts. The company recovered some funds, but the net loss still exceeded $37 million.
That Gmail Notification Might Be Real — Or It Might Be the Attack Itself In January 2024, Google reported blocking over 99.9% of phishing emails from reaching Gmail inboxes. That sounds impressive until you realize that the remaining fraction still amounts to millions of malicious messages daily. Among the most
A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million to a single business email compromise attack. Facebook and Google collectively lost over $100 million to a Lithuanian man who sent fake invoices via email over a two-year period. These weren't sophisticated
