Computer Security News and Insights
In March 2025, a mid-size logistics company in the Midwest lost $2.3 million after a single employee clicked a fake DocuSign link. The attacker harvested credentials, pivoted into the company's financial systems, and initiated wire transfers over a long weekend. The employee had never received phishing awareness
A Single Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee with a phone call. That single interaction — not a sophisticated zero-day exploit, not a nation-state supply chain attack — led to a ransomware incident that cost the
The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number one reported cybercrime by volume, with over 298,000 complaints in a single year. But here's the part that should keep
In March 2025, the FBI's Internet Crime Complaint Center reported that phishing remained the number one reported cybercrime for the fifth consecutive year. That stat alone should tell you everything about where threat actors are focusing their energy. But raw numbers don't teach your employees what
The Attack That Cost MGM Resorts $100 Million Started With a Phone Call In September 2023, a threat actor called the MGM Resorts IT help desk, impersonated an employee they found on LinkedIn, and talked their way into a password reset. Within hours, the attackers had deployed ransomware across MGM&
A $37 Million Wire Transfer Started with One Email In 2024, a finance employee at a multinational firm joined what appeared to be a legitimate video call with the company's CFO. It was a deepfake. The attackers had spent weeks gathering intelligence — org charts, communication styles, ongoing projects
In March 2025, a mid-size accounting firm in the Midwest lost $2.1 million after a single employee clicked a spoofed DocuSign link during tax season. The firm had antivirus software. They had a firewall. What they didn't have was phishing simulation training — the one layer of defense
In January 2025, a finance director at a mid-sized manufacturing firm received an email from what appeared to be the company's CEO. The domain was off by one character. The request was urgent — wire $220,000 to a new vendor before end of day. She complied. The money
In May 2025, the FBI's Internet Crime Complaint Center reported that phishing and its variants remained the number-one reported cybercrime for the fifth consecutive year, with losses tied to business email compromise alone exceeding $2.9 billion annually in recent reports. I've spent over two decades
In March 2025, a mid-size healthcare provider in the Midwest lost 1.4 million patient records because one employee in accounts payable clicked a link in a fake DocuSign email. The organization had antivirus software, a firewall, and an email gateway. What they didn't have was a phishing
