cat /etc/threat-model.conf
// the attack vector you can't patch.
Every breach has a person at the start of it. We take the week's most consequential cyberattacks apart and explain, calmly and without the hype, how the human element was exploited and how to harden it. No clickbait, no fear-mongering, just the mechanics.
monitoring the human attack surface.threat level: ELEVATED
Multi-factor authentication is not a silver bullet. MFA fatigue, push bombing, and SIM swaps let attackers walk past the second factor. Here is how, and how to harden it.
open briefing ->
Multi-factor authentication is not a silver bullet. MFA fatigue, push bombing, and SIM swaps let attackers walk past the second factor. Here is how, and how to harden it.
read briefing ->Ghostwriter is a long-running influence operation that forged content and compromised inboxes to push state-aligned narratives. We break down the playbook and how to spot it.
read briefing ->Ghost Stadium is a case study in deepfake brand fraud: a cloned voice, a hijacked brand, and a payment rail nobody questioned turned a fan base into a fraud funnel.
read briefing ->ClickFix is a social engineering attack that shows a fake error and tricks you into pasting a malicious command into your own terminal. Here is how it works and how to stop it.
read briefing ->How attackers hack people instead of computers, the most common types, and the red flags that give them away.
read the guide ->The warning signs, the main types of phishing, and how to verify a suspicious message safely.
read the guide ->One calm, no-hype briefing in your inbox each week. The attack, the human factor, the fix. Join free and get the Social Engineering Red Flags field guide.