posts
A Single Phishing Attack Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider impersonated an MGM Resorts employee during a help desk call. That single social engineering interaction led to a ransomware deployment that shut down slot machines, hotel key cards, and reservation systems across
In January 2024, a single phishing attack against Framework Computer exposed customer names, emails, and outstanding balances — all because one employee at an external accounting partner clicked a link in a convincing impersonation email. The attacker didn't hack a firewall. They didn't exploit a zero-day vulnerability.
In March 2022, threat actor group Lapsus$ breached Okta by compromising a single support engineer's laptop — an attack chain that started with social engineering and credential theft. One employee. One set of stolen credentials. And suddenly, a company trusted by thousands of organizations to manage authentication was scrambling
In May 2021, a single phishing attack against Colonial Pipeline's legacy VPN account triggered the largest fuel supply disruption in U.S. history. One compromised credential. No multi-factor authentication. Five days of chaos across the Eastern Seaboard. That's what a phishing attack looks like when it
