Computer Security News and Insights
In December 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning that Russian military-linked threat actors were systematically using brute force attacks to compromise Microsoft 365 accounts across government agencies and critical infrastructure. These weren't sophisticated zero-day exploits. They were automated password-guessing scripts
23andMe Filed for Bankruptcy. Account Takeover Was the Starting Gun. In October 2023, genetic testing company 23andMe confirmed that threat actors had compromised roughly 6.9 million user accounts. The attack method wasn't some exotic zero-day exploit. It was credential stuffing — attackers used previously leaked username and password
In January 2024, a single compromised employee credential at a mid-size financial services firm led to the theft of 4.3 million customer records. The breach cost the company $18 million in remediation, legal fees, and regulatory fines — and their brand reputation still hasn't recovered. That's
In February 2024, a threat actor compromised a single employee's account at Change Healthcare, triggering the largest healthcare data breach in U.S. history — affecting roughly 100 million people. The entry point? An account that lacked multi-factor authentication entirely. UnitedHealth Group CEO Andrew Witty confirmed this during congressional
When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast in May 2021, millions of people suddenly needed to understand words like "ransomware," "threat actor," and "critical infrastructure." But most glossaries online read like they were written by
The Vocabulary Gap That Costs Millions In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a phone call to the help desk. The attacker didn't exploit a software flaw. They exploited a human who didn't fully understand what
A Single Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider used social engineering to trick an MGM Resorts help desk employee into resetting credentials. Within hours, they deployed malware across MGM's network — crippling hotel check-ins, slot machines, and digital room keys
In September 2023, MGM Resorts watched helplessly as its systems went dark — slot machines frozen, hotel check-ins offline, operations paralyzed for ten days. The estimated cost exceeded $100 million. The attack vector? Social engineering that led to credential theft, which opened the door for malware deployment across the enterprise. That&
In March 2024, security researchers at Fortinet uncovered a campaign distributing Snake Keylogger through phishing emails disguised as payment remittance notices. The malware silently captured credentials from over 280 banking and email applications before exfiltrating everything to attacker-controlled Telegram bots. The victims had no idea. Every password, every credit card
In January 2024, security researchers at Sekoia documented a massive adversary-in-the-middle campaign that used phishing kits to intercept Microsoft 365 credentials and session tokens in real time — bypassing multi-factor authentication entirely. The attack wasn't theoretical. It hit thousands of organizations across multiple industries. And it reminded every security
