When customers hand over their personal and financial data, they are trusting that institution with their livelihoods. That trust was shattered when Fairmont Federal Credit Union (FFCU) disclosed a breach — two years after it happened — that compromised the complete financial identities of 187,038 people. The attack itself took place in late 2023. The Black Basta ... View Post
News
Google Panic Spreads Faster than Facts: Best Practices for Password Management in 2025
Why Password Security Matters In late August 2025, alarming reports spread online claiming that Google had issued urgent warnings to all 2.5 billion Gmail users to change their passwords. Headlines suggested a massive Gmail breach, sparking panic worldwide. Google clarified on September 1, 2025, that these reports were entirely false. Gmail accounts were never ... View Post
From PayPal to Your Platform: How Credential Stuffing Spreads Risk
Attacks don’t stop at one company. Reused credentials and phishing domains make every business a target. The PayPal “Hack” That Shook Confidence In May 2025, headlines screamed that nearly 16 million PayPal accounts had been hacked. Hackers claimed to be selling a massive dataset of email and password pairs on a dark-web forum. The news rattled PayPal’s users and ... View Post
114 Brands Impersonated: Is Your Business Ready for the Next Phishing Wave?
114 major brands. Thousands of spam emails. One sophisticated phishing operation. These numbers point to the rise of a new phishing-as-a-service (PhaaS) platform known as “Morphing Meerkat.” Cybersecurity researchers say it represents a leap forward in how attackers deceive victims and steal credentials. Businesses worldwide need to understand both the risk and the ... View Post
Inside the Coinbase Phishing Breach: What Every Crypto Platform Must Know About DNS and Insider Risk
On May 15, 2025, Coinbase—the world’s third-largest crypto exchange—revealed a sophisticated phishing breach that could cost up to $400 million in damages. While the technical infrastructure of their blockchain remained intact, the attackers never needed to touch it. Instead, they exploited something far older and more vulnerable: human trust and DNS-linked access ... View Post
“Sitting Duck” DNS flaw is a Red Herring
NOTE: If you followed some other domain to get here, then that domain us a "Sitting Duck" as outlined below. Contrary to the original Krebs on Security article: the vulnerability was introduced by a lapse at the Domain Registrar and not at the DNS Provider. All is explained below - and if this is your domain, perhaps think about talking to Domainsure to re-assess ... View Post