Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.
posts
In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% increase from the year before. The uncomfortable truth? Most of those losses trace back to failures in basic security practices, not sophisticated zero-day exploits. A
The Breach That Didn't Start With You In January 2023, Mailchimp disclosed its second breach in under a year — this time through a social engineering attack on an employee. But the real damage radiated outward. Every company using Mailchimp as a vendor suddenly had a problem they didn&
In March 2022, Lapsus$ breached Okta, Microsoft, and Nvidia — three companies with enormous security budgets — partly by exploiting weak or absent multi-factor authentication. The attackers used social engineering, SIM swapping, and MFA fatigue attacks to bypass single-layer defenses. Had stronger two-factor authentication been uniformly enforced, several of those breaches could
In February 2022, a teenage hacker tricked a T-Mobile employee into performing a SIM swap, then used that hijacked phone number to intercept SMS verification codes and breach Lapsus$ targets including Nvidia and Microsoft. The attack wasn't sophisticated. It didn't require zero-day exploits. The threat actor
A hospital employee clicked a link in what looked like a routine password reset email. Within 72 hours, CommonSpirit Health — one of the largest U.S. health systems — was battling a ransomware attack that disrupted operations at over 140 facilities. The investigation report cited "lack of basic security awareness&
In 2022, the FBI's Internet Crime Complaint Center received over 800,000 complaints totaling losses exceeding $10.3 billion — a 49% increase over 2021. When I talk to the people behind those numbers, a pattern emerges fast: they didn't understand what was happening to them because
In February 2023, the FBI's Internet Crime Complaint Center reported that malware-related complaints had surged again, with losses running into the hundreds of millions. Buried in those numbers is a distinction most people get wrong: adware vs spyware. I've watched organizations treat adware as a minor
A 20-Year-Old Attack Still Dominating the Headlines In late 2022, the FBI and CISA issued a joint advisory warning about ongoing exploitation of a SQL injection vulnerability in a widely used healthcare software platform. The flaw had been known for years. The patches existed. And yet, threat actors kept walking
Twilio, a company with a sophisticated security team and a tech-savvy workforce, got phished in August 2022. Attackers sent SMS messages to employees pretending to be the IT department, directing them to a fake login page. The result: compromised credentials, unauthorized access to customer data, and a breach that rippled
In March 2022, the FBI warned that threat actors were spoofing caller IDs of financial institutions and government agencies to steal millions from unsuspecting victims. The Bureau's Internet Crime Complaint Center (IC3) received over 18,000 complaints related to spoofing in 2021 alone, with adjusted losses exceeding $82
