I investigated a phishing email claiming I had 115 BTC waiting for withdrawal and uncovered a five-year multi-domain scam still active today. A quick breakdown of how it works and why people keep falling for it today.

A story from a real pentest, where a strange cross-site scripting vulnerability was mistaken for a much more severe server-side template injection.

A Pastebin-driven crypto phishing scam is dissected, revealing obfuscated JavaScript that swaps deposit addresses during exchanges, though blockchain analysis shows little evidence of victims falling for it.