by James Cavenaugh | May 15, 2026 | Email Security
The FBI issued a public service announcement a couple of years ago warning about QR code phishing, and the volume has climbed every quarter since. Vendor research from Proofpoint, Barracuda, and others shows QR-based phishing, which the industry has started calling...
by James Cavenaugh | May 13, 2026 | Identity & Access Security
In September 2022, Uber got breached. An 18-year-old attacker bought a contractor’s password on the dark web for a few dollars. The contractor had MFA enabled. Uber’s MFA required pushing “approve” on a mobile app. The attacker couldn’t...
by James Cavenaugh | May 11, 2026 | Ransomware & Data Recovery
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, got hit with ransomware that shut down a big chunk of the U.S. healthcare payment infrastructure for weeks. Pharmacies couldn’t process prescriptions. Medical practices couldn’t...
by James Cavenaugh | May 8, 2026 | Ransomware & Data Recovery
In July 2020, Garmin got hit with WastedLocker ransomware. Their website, their fitness apps, their pilot flight planning tools, their customer service, all of it was offline for about a week. Reuters covered the outage. Users couldn’t sync their watches. Pilots...
by James Cavenaugh | May 6, 2026 | Identity & Access Security
In October 2023, 23andMe disclosed in an SEC filing that attackers had gained access to about 6.9 million customer accounts. The word “breach” got used a lot in the coverage. It’s not really the right word. 23andMe themselves pushed back on it. They...
