Breaks down the techniques, tools, and procedures used by cybercriminals, nation-state hackers, and insider threats. Covers attack frameworks like MITRE ATT&CK and helps readers recognize and defend against evolving adversary behaviors.
posts
A Trusted Software Update Became the Biggest Backdoor in History In December 2020, FireEye disclosed that threat actors had compromised SolarWinds Orion — a network monitoring platform used by 33,000 organizations, including multiple U.S. federal agencies. The attackers embedded malicious code into a routine software update. Every organization that
When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on
They Don't Just Send One Email — They Run a Phish Tour In 2023, the FBI's IC3 received over 298,000 phishing complaints, making it the most reported cybercrime category for the fifth consecutive year. But here's the part that doesn't make the
The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions
In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — suffered a ransomware attack that disrupted pharmacy operations, delayed insurance claims, and exposed the protected health information of roughly 100 million people. One set of stolen credentials. No multi-factor authentication on a critical system.
