Computer Security News and Insights
In January 2021, a wave of PayPal phishing attacks hit inboxes so convincingly that even security-savvy professionals did a double take. The emails replicated PayPal's branding pixel-for-pixel, warned of "unusual activity" on the recipient's account, and linked to a login page hosted on a
When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on
In March 2021, the FBI's Internet Crime Complaint Center reported that Americans lost over $54 million to phone spoofing and vishing schemes in the previous year alone. That number was climbing. And it wasn't just grandparents falling for "IRS" calls — it was finance directors
In July 2021, a single phishing link sent to an employee at a Florida IT management company led to the Kaseya ransomware attack — one of the largest supply chain compromises in history. Over 1,500 businesses were affected downstream. That's the reality of what a phishing link can
In July 2020, attackers spoofed internal Twitter tools to hijack 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in hours. The attack didn't rely on some exotic zero-day exploit. It relied on spoofing: making something fake
Last month, a finance director at a mid-sized logistics company received a Gmail message that looked exactly like a Google Workspace security alert. The branding was pixel-perfect. The language was flawless. The sender address passed a casual glance test. She clicked, entered her credentials, and within 90 minutes a threat
A $12 Billion Problem You Can't Ignore In June 2021, Europol dismantled a massive fraud network spanning dozens of countries. The ring had siphoned millions from victims through coordinated romance scams, investment fraud, and business email compromise. This wasn't a lone hacker in a basement. It
Last month, a finance manager at a mid-sized logistics company received what looked like a routine DocuSign envelope — a payment authorization supposedly routed through PayPal. She clicked, entered her PayPal credentials on a pixel-perfect fake login page, and within 90 minutes, the attacker had initiated $38,000 in wire transfers.
In May 2021, a single phishing attack against Colonial Pipeline's legacy VPN account triggered the largest fuel supply disruption in U.S. history. One compromised credential. No multi-factor authentication. Five days of chaos across the Eastern Seaboard. That's what a phishing attack looks like when it
2021's Phishing Landscape Is Unlike Anything We've Seen Before In March, Microsoft reported that a massive phishing campaign had targeted over 10,000 organizations since January 2021, using sophisticated OAuth token theft to bypass multi-factor authentication. That single campaign should have been a wake-up call. Instead,
