PornHub, OpenAI, and the Same SMS Phishing (Smishing) Failure

This is a post to explain why PornHub’s extortion story matters far beyond adult content. This is the same phishing led analytics failure that exposed OpenAI customer data and impacted other Mixpanel customers who still haven’t come forward. Different brands. Same entry point. Same security failure. The problem isn’t who was targeted. It’s that phishing […]

Read More

Authorisation Code Abuse Is a Major Account Takeover Vector

This is an account takeover attack that bypasses phishing detection, malware controls, and authentication safeguards. It exploits legitimate authorisation workflows exactly as designed. There is currently no technical control that reliably prevents it. Awareness is the only effective defence. Some referring to this as “device code phishing” but I don’t think that’s technically correct. Phishing […]

Read More