PornHub, OpenAI, and the Same SMS Phishing (Smishing) Failure
This is a post to explain why PornHub’s extortion story matters far beyond adult content. This is the same phishing led analytics failure that exposed OpenAI customer data and impacted other Mixpanel customers who still haven’t come forward. Different brands. Same entry point. Same security failure. The problem isn’t who was targeted. It’s that phishing […]
Authorisation Code Abuse Is a Major Account Takeover Vector
This is an account takeover attack that bypasses phishing detection, malware controls, and authentication safeguards. It exploits legitimate authorisation workflows exactly as designed. There is currently no technical control that reliably prevents it. Awareness is the only effective defence. Some referring to this as “device code phishing” but I don’t think that’s technically correct. Phishing […]