Read more
Blog

Insights on Enterprise Risk, Behavior, and Security

Daily POVs from our founder. Deep dives from our experts. Everything you
need to stay ahead of the human risk curve

Blog

How Ghost Students Are Exploiting College Enrollment Systems to Steal Federal Aid

Criminal fraud rings are targeting college aid systems with fake student identities. These scams use automation, identity theft, and AI to steal financial aid, lock out real students, and overwhelm public institutions. Here’s how it works and what security leaders in higher ed need to know.
13 Jun 2025
7 min read
Founder POV
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

16 billion passwords exposed in record-breaking data breach: what does it mean for you?

Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers.

25 Jun 2025
Industry News

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a "single combined cyber event."

21 Jun 2025
Industry News

How Hackers Are Turning Tech Support Into a Threat

Attacks on call centers lead to hundreds of millions of dollars in crypto thefts and disrupt retail sales.

19 Jun 2025
Industry News

Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month

The Aflac breach potentially impacted files with customers’ Social Security numbers and health details.

21 Jun 2025
Industry News

‘Anthony from Staten Island’ said he developed a chat tool for Meta. His entire identity was fake.

A provider of identity verification and fraud tools was recently targeted by what appear to be multiple North Korean IT workers managing dozens of personas.

30 May 2025
Industry News

Financial aid fraud is on the rise. Here’s how scammers are stealing funds

As fake enrollments for online courses surge, some professors discover that no one in their classes is real.

10 Jun 2025
Industry News

Accenture: What we learned when our CEO got deepfaked

Rather than a mere advance in social engineering, deepfakes represent ‘a paradigm shift in the attack vector,’ says security lead Flick March

07 May 2025
Industry News

The Age of Realtime Deepfake Fraud Is Here

Fraudsters are able to change their race, facial hair, voice, and more during live video calls with very little effort. Scammers are already fooling the elderly and verification systems.

28 Apr 2025
Industry News

Former FBI agent thought he had seen it all in cybercrime. Then he became a corporate executive in charge of information security

For cybersecurity workers, 2021 was intense. There was the Russian-based ransomware attack on Colonial Pipeline, a key transit system for U.S. oil, that set off panic-buying at the gas pumps. Meanwhile, major U.S. meat packer JBS was shut down by yet another attack. And then there was the U.S. federal government, which suffered one of its worst cyber espionage breaches ever, due to aftershocks created by the hacking of software maker SolarWinds.

11 Mar 2025
Industry News

Fake job seekers are flooding U.S. companies that are hiring for remote positions, tech CEOs say

Companies are facing a new threat: Job seekers who aren’t who they say they are, using AI tools to fabricate photo IDs, generate employment histories and provide answers during interviews.

08 Apr 2025
Industry News
Stylized glowing email icon surrounded by digital debris, symbolizing the spread of phishing emails and Business Email Compromise attacks in corporate environments.

BEC Has Already Cost $55 Billion and AI Is Making It Worse

Business Email Compromise has already caused over $55 billion in losses. Now AI is scaling these attacks with deepfakes, voice clones, and urgent pretexts. Learn how modern BEC works and what CISOs can do to stop it.

16 Jun 2025
Blog

How Ghost Students Are Exploiting College Enrollment Systems to Steal Federal Aid

Criminal fraud rings are targeting college aid systems with fake student identities. These scams use automation, identity theft, and AI to steal financial aid, lock out real students, and overwhelm public institutions. Here’s how it works and what security leaders in higher ed need to know.

13 Jun 2025
7 min read
Blog

How Employee Fatigue Drives Human Error in Cybersecurity

Employee fatigue fuels human error and cybersecurity breaches by creating behavioral blind spots attackers exploit through social engineering and cognitive overload. Replace static awareness training with adaptive, real-time protection built for enterprise-scale risk.

06 Jun 2025
5 min read
Blog

ChatGPT in the Wrong Hands: How AI is Being Used in Cybercrime

Generative AI is reshaping enterprise cybersecurity by targeting trust, behavior, and user access. Learn how AI-powered threats bypass static defenses and what CISOs must do to protect the human layer.

27 May 2025
5 min read
Blog

Why Static Defenses Leaves Enterprises Vulnerable to Insider Risk

Insider threats are costly and hard to detect. Learn why static defenses fail and how User Adaptive Risk Management stops insider breaches early.

22 May 2025
5 min read
Blog

How to Defend Against Deepfake Impersonation in Remote Hiring: An Operational Guide

Protect your organization from deepfake impersonation in remote hiring. This guide outlines effective strategies, tools, and best practices for detecting and preventing deepfake attacks, ensuring a secure hiring process from start to finish.

14 May 2025
7 min read
Blog

Quishing Explained: How QR Code Phishing Bypasses Enterprise Defenses

Quishing is a growing phishing threat that uses malicious QR codes to bypass enterprise defenses. Learn how it works and why traditional tools fall short.

12 May 2025
5 min read
Blog
Piggy bank surrounded by Bitcoin symbols, set against a blurred cryptocurrency chart, representing pig butchering scams and fake investment platforms in the cryptocurrency space.

Pig Butchering Scams: A Rising Enterprise Threat Every CISO Must Understand

Learn how pig butchering scams use social engineering and fake crypto platforms to exploit human error and bypass enterprise defenses.

07 May 2025
7 min read
Blog

Why Traditional Security Awareness Training Can’t Stop Phishing 3.0

Phishing 3.0 weaponizes human error across email, SMS, voice, and apps. Learn how attackers use AI-driven deception to bypass static defenses and how your team can respond in real time.

02 May 2025
3 min read
Blog

From the Founder

View Linkedin
June 25, 2025

Dune has been committed to giving CISOs full visibility into user risk since day one. And now, every single Dune Security customer is live on Dune V2, our biggest product leap yet.

Read Full Post
June 20, 2025

In the last 24 hours, 16 billion login credentials (including emails + passwords) were temporarily leaked. Here's what we're tracking:

Read Full Post

Never Miss a Human Risk Insights

Subscribe to the Dune Risk Brief - weekly trends, threat models,
and strategies for enterprise CISOs.
Thanks for submitting the form!
Oops! Something went wrong while submitting the form.