social engineering

4 posts

Microsoft sent you a code you didn't request

An unrequested Microsoft single-use code email is evidence of external interaction with your identity surface. What it proves and what it does not.

May 19, 2026

Article

The LinkedIn leak is not a privacy incident

A LinkedIn data leak is not a privacy event. It is pre-staged targeting data for credential harvesting. Operator briefing on what must now be true.

May 12, 2026

Article

The helpdesk chat window is the breach

Microsoft Teams helpdesk impersonation succeeds because identity verification is placed at the channel boundary, not at the credential action.

Apr 27, 2026

Article

How Identity Presentation Without Verification Enabled a Credential Compromise

A breakdown of how the Axios npm credential breach occurred due to identity presentation without technical validation, highlighting systemic risks in open-source infrastructure.

Apr 13, 2026