Decipher Files · Archive

Every analysis, in one place.

48 long-form analyses across cybersecurity breaches and Applied AI events. Hand-authored, primary-source documented, career-implication framed.

Filter by vertical

All Cybersecurity Applied AI

Decipher File

July 19, 2024

Decipher Files: CrowdStrike Falcon and the Kernel-Mode Update That Bricked 8.5 Million Windows Machines on a Single Friday

On July 19, 2024 at 04:09 UTC CrowdStrike pushed a Falcon Sensor channel-file update that triggered a kernel-mode null-pointer dereference on Windows hosts running the affected sensor version. The res…

Decipher File

April 2024-August 2024 (disclosure August 2024)

Decipher Files: National Public Data and the 2.9 Billion-Record Background-Check Database Leak That Reframed Data-Broker Risk

On August 6, 2024, a class-action complaint disclosed that data-broker Jerico Pictures Inc. doing business as National Public Data had been the source of a 2.9 billion-record dataset containing Social…

Decipher File

June 19, 2024-July 4, 2024

Decipher Files: CDK Global and the Ransomware Attack That Took 15,000 US Auto Dealers Offline for Three Weeks

On June 19, 2024, automotive dealer-management-software vendor CDK Global was hit with ransomware that took its dealer-management platform offline. Approximately 15,000 US and Canadian auto dealership…

Decipher File

October 9, 2024-October 21, 2024

Decipher Files: Internet Archive and the 31-Million-User Credential Breach That Tested What Public-Interest Service Security Means

On October 9, 2024, attackers compromised the Internet Archive's user-authentication database containing approximately 31 million email and bcrypt-hashed-password records. The same threat actor deface…

Decipher File

May 8, 2024-June 2024

Decipher Files: Ascension Health and the May 2024 Ransomware That Stopped Care Delivery Across 140 Hospitals

On May 8, 2024, Ascension Health, one of the largest US nonprofit hospital systems, disclosed a ransomware incident that took its electronic-health-record systems and clinical-decision-support tools o…

Decipher File

May-July 2023

Decipher Files: The MOVEit Cl0p Ransomware Cascade and What Cybersecurity Teams Should Have Drilled Beforehand

Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to steal data from approximately 2,500 organizations through a single managed-file-transfer dependency. The breach is the canonical…

Decipher File

February-November 2024

Decipher Files: The Change Healthcare ALPHV/BlackCat Breach and the Concentration Risk No US Hospital Could Diversify Away From

ALPHV/BlackCat encrypted Change Healthcare's claims-processing infrastructure on February 21, 2024, halting prescription processing, claims adjudication, and provider payments across roughly one-third…

Decipher File

April-July 2024

Decipher Files: The Snowflake Credential-Stuffing Campaign and Why MFA-Optional Was the Real Vulnerability

ShinyHunters and affiliated actors exfiltrated data from approximately 165 Snowflake customer tenants by reusing credentials harvested from prior infostealer-malware infections against accounts that h…

Decipher File

November 2023-April 2024

Decipher Files: Microsoft, Midnight Blizzard, and the Test Tenant That Became a Pivot Point

APT29 (Russian Foreign Intelligence Service, tracked by Microsoft as Midnight Blizzard) compromised a Microsoft non-production legacy tenant in November 2023 via password spray against an account with…

Decipher File

March-July 2024

Decipher Files: AT&T's 2024 Dual-Disclosure Year and What Telecom Cybersecurity Looks Like at the Aggregation Layer

AT&T disclosed two distinct cybersecurity incidents in 2024 within four months of each other. The March 2024 disclosure covered approximately 73 million current and former customer records released on…

Decipher File

August 2022-March 2023

Decipher Files: LastPass and the 2022 Vault Leak That Tested What Encrypted Means

LastPass disclosed two separate intrusions across August and December 2022. The second exfiltrated encrypted customer vaults plus unencrypted metadata. Subsequent crypto-currency theft losses traced b…

Decipher File

May-July 2023

Decipher Files: Storm-0558 and the Microsoft Signing Key That Forged 25 Email Tenants

Storm-0558 (Chinese state-aligned, tracked by Microsoft) used a stolen Microsoft consumer signing key to forge Azure AD authentication tokens against approximately 25 Microsoft 365 customer email tena…

Decipher File

September 2023

Decipher Files: MGM Resorts and the Vishing Call That Stopped a $7 Billion Casino

ALPHV/BlackCat affiliate Scattered Spider used a 10-minute vishing call against MGM Resorts' IT help desk to obtain credentials for a privileged Okta account, then encrypted the casino operator's infr…

Decipher File

September-November 2023

Decipher Files: Okta's Support-System Breach and the Vendor of Vendors Blast Radius

Okta disclosed in October 2023 that an attacker had used a stolen credential to access its customer support case-management system, then read HAR files uploaded by customers that contained valid sessi…

Decipher File

May 2023-Present

Decipher Files: Volt Typhoon and the State Actor That Was Already Inside

CISA, NSA, FBI, and Five Eyes partners disclosed in May 2023 (and re-disclosed with materially expanded scope in February 2024) that the People's Republic of China state-sponsored cyber actor tracked…

Decipher File

September 2019-December 2020

Decipher Files: SolarWinds Sunburst and the Build-System Compromise That Reframed Supply Chain Security

APT29 (Russian SVR-aligned, tracked as Cozy Bear / NOBELIUM) compromised SolarWinds's Orion build system and shipped malicious updates to roughly 18,000 customer organizations. The campaign reset the…

Decipher File

Disclosed October 2024-Present

Decipher Files: Salt Typhoon and the Telecom Backbone Compromise the US Government Said Was the Worst in History

PRC state-sponsored actor Salt Typhoon (also tracked as Earth Estries, GhostEmperor) compromised at least nine major US telecommunications carriers including AT&T, Verizon, T-Mobile, Lumen, and Charte…

Decipher File

2021-March 2024

Decipher Files: The xz-utils Backdoor and the Three-Year Social-Engineering Campaign That Almost Compromised Half the Internet

A multi-year social-engineering campaign by an actor operating as 'Jia Tan' (jiatXX-aliased GitHub identities) inserted a sophisticated backdoor (CVE-2024-3094) into xz-utils, a foundational Linux com…

Decipher File

February-June 2024

Decipher Files: Polyfill.io and the JavaScript Supply Chain Compromise That Reached 100,000 Sites

A Chinese-owned domain operator acquired polyfill.io in February 2024 and silently injected malicious JavaScript into the polyfill.js script, which approximately 100,000 websites loaded directly into…

Decipher File

February 2024-Present

Decipher Files: ConnectWise ScreenConnect and How an Authentication Bypass Cascaded Through MSP Customers

ConnectWise disclosed two critical vulnerabilities in ScreenConnect (CVE-2024-1709 authentication bypass, CVSS 10.0; CVE-2024-1708 path traversal, CVSS 8.4) on February 19, 2024. Within 24 hours of di…