Browse comprehensive cybersecurity content spanning threat intelligence, vulnerability management, incident response, and security architecture. These articles help individuals and organizations strengthen their defenses against the full spectrum of digital threats.
posts
Computer security and cybersecurity are often used interchangeably — but they are not the same thing. Understanding the distinction, and the history behind both terms, helps organizations build stronger defenses.
AI-generated phishing emails are nearly indistinguishable from legitimate messages. Here is how to build a phishing awareness training program that gives employees the skills to spot them.
Modern phishing emails look exactly like the real thing. No typos, no suspicious attachments — just a convincing message designed to make you act without thinking. Here is how to spot them.
The Breach That Changed How I Think About Cybersecurity In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was hit by a ransomware attack that disrupted pharmacy operations, delayed patient care, and exposed the protected health information of roughly 100 million individuals. UnitedHealth
The Breach That Didn't Start With You In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — suffered a ransomware attack that disrupted healthcare payment processing across the entire United States for weeks. The threat actor didn't breach UnitedHealth directly. They compromised a vendor system that
The Breach That Didn't Start With You In January 2023, Mailchimp disclosed its second breach in under a year — this time through a social engineering attack on an employee. But the real damage radiated outward. Every company using Mailchimp as a vendor suddenly had a problem they didn&
The Breach That Should Have Changed Everything In March 2022, the Lapsus$ group breached Okta, Microsoft, Samsung, and Nvidia in rapid succession — not by deploying sophisticated zero-day exploits, but by buying stolen credentials, social engineering help desk employees, and exploiting MFA fatigue. A group reportedly led by teenagers embarrassed some
In March 2022, the Lapsus$ group didn't crack some zero-day vulnerability to breach Okta. They bribed an employee. They socially engineered their way into a third-party support provider and pivoted from there. No malware. No exploit kit. Just a human being making a decision. That single incident put
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability didn't just hit Progress Software. It cascaded through thousands of organizations — government agencies, banks, healthcare systems — because those organizations trusted a single vendor's file transfer tool. Over 2,600 organizations and
The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability compromised over 2,600 organizations and exposed the data of more than 77 million individuals — not because those organizations had weak security, but because a single vendor did. Companies like Ernst & Young, the BBC,
