Breaks down the techniques, tools, and procedures used by cybercriminals, nation-state hackers, and insider threats. Covers attack frameworks like MITRE ATT&CK and helps readers recognize and defend against evolving adversary behaviors.
posts
In January 2023, a journalist walked into a government building in the Netherlands, plugged a small device into an exposed network port under a conference room table, and had access to the internal network within seconds. No hacking. No malware. No phishing email. Just a physical door that was unlocked
When Trusted Software Becomes Your Biggest Threat In March 2022, researchers confirmed that threat actors had compromised the update mechanism for Asus software, ultimately pushing malware to nearly a million machines. The attackers hadn't built anything from scratch. They had removed legitimate code from a trusted update pipeline
In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is
The Breach That Exposed a Missing Plan In December 2021, a vulnerability in Apache Log4j sent every security team on the planet into a tailspin. Organizations that had practiced cyber incident response steps mobilized in hours. Those that hadn't? They scrambled, pointed fingers, and lost precious time while
The Attack That Hit 18,000 Organizations at Once In December 2020, security firm FireEye disclosed that it had been breached — and that the attack vector traced back to a routine software update from SolarWinds, a trusted IT management vendor. Within days, the scope became staggering: up to 18,000
When Trusted Tools Become Trojan Horses In April 2021, security researchers at Kaspersky documented a campaign where threat actors took software that had been removed legitimate from vendor websites — discontinued, deprecated, or pulled due to vulnerabilities — and repackaged it with embedded malware. The attackers then hosted these poisoned versions on
They Don't Just Send One Email — They Run a Phish Tour In 2023, the FBI's IC3 received over 298,000 phishing complaints, making it the most reported cybercrime category for the fifth consecutive year. But here's the part that doesn't make the
The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions
In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee
In February 2024, Change Healthcare — one of the largest health payment processors in the United States — suffered a ransomware attack that disrupted pharmacy operations, delayed insurance claims, and exposed the protected health information of roughly 100 million people. One set of stolen credentials. No multi-factor authentication on a critical system.
