Covers cybersecurity training programs, techniques, and best practices designed to equip employees and individuals with the skills to recognize and respond to cyber threats. Topics include security awareness curricula, simulation exercises, and measuring training effectiveness.
posts
The MGM Breach Started With a Single Phone Call In September 2023, a threat actor called the MGM Resorts help desk, pretended to be an employee, and talked their way into a credential reset. Within hours, the Scattered Spider group had deep access to MGM's systems. The result:
In May 2025, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of fake mail — accounted for over $2.9 billion in adjusted losses in 2023 alone. That number has only grown. I've personally worked cases where a single convincing email
In May 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a category built almost entirely on fake emails — accounted for over $2.9 billion in adjusted losses in a single year. That figure dwarfed ransomware losses by a factor of nearly 50. And those
In March 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call that appeared to feature the company's CFO. The deepfake was convincing, but the attack started with something far simpler — a phishing link embedded
In January 2024, a finance employee at the multinational firm Arup wired $25 million to criminals after a deepfake video call featuring what appeared to be the company's CFO and several colleagues. Every person on that call was fake — AI-generated avatars operated by an organized fraud ring. That
In 2023, a finance employee at a Hong Kong multinational wired $25 million to threat actors after a spear phishing email led to a deepfake video call impersonating the company's CFO. That's not a plot from a thriller — it's a real incident reported by
A $4.88 Million Question Nobody Asks Until It's Too Late In May 2023, the city of Dallas, Texas got hit with Royal ransomware. Emergency services disrupted. Court systems offline. Weeks of recovery. The estimated cost ran into tens of millions. And the entry point? A service account
A $4.88 Million Problem You Can't Solve With a Dictionary In 2024, the average cost of a data breach hit $4.88 million globally, according to IBM's Cost of a Data Breach Report. That number didn't come from sophisticated nation-state hackers exploiting exotic
In May 2023, Progress Software's MOVEit file transfer tool was exploited by the Cl0p ransomware gang, compromising data from over 2,500 organizations and roughly 67 million individuals. Government agencies, hospitals, universities, Fortune 500 companies — none were spared. If you asked any of those organizations whether they had
In March 2025, a mid-size logistics company in the Midwest lost $2.3 million after a single employee clicked a fake DocuSign link. The attacker harvested credentials, pivoted into the company's financial systems, and initiated wire transfers over a long weekend. The employee had never received phishing awareness
