Simply Cyber Newsletter #144

In partnership with

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Update your iPhone, iPad, and Mac ASAP to fix this dangerous security flaw - here's why. Apple has released urgent security updates for iPhones, iPads, and Macs to fix a flaw that attackers may already be exploiting. The flaw could let attackers install spyware just by opening a malicious image. Update your device now to stay protected.

What you need to know: Tell your end users who use Apple devices that an update is available and that you'd strongly recommend they install it immediately. Apple's latest patch fixes a flaw attackers have already exploited, showing how quickly threat actors evolve their tactics. For everyone else, this story is a reminder that updates for all devices (computers, phones, watches, even IoT) are crucial in closing security gaps before attackers can take advantage.

Use this as a teachable moment for end users: updating isn't just about new features but fixing the weaknesses attackers seek to exploit. Every delayed update gives threat actors more time to weaponize known flaws. Encourage end users to turn on automatic updates where possible, regularly check available patches, and treat update notifications as urgent security alerts rather than inconveniences. Framing updates as part of daily digital hygiene, such as locking the front door, helps shift them from being a task people put off into a reflex that strengthens personal and organizational security.

FOR PEERS

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft. A new attack called DOM-based extension clickjacking exposes popular password manager browser extensions to credential theft, including 2FA and credit card data. Until patches are fully released, peers should disable auto-fill, restrict extension permissions, and consider implications for other browser add-ons that inject sensitive UI elements.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to manage risks tied to browser extensions. A security researcher has demonstrated DOM-based extension clickjacking vulnerabilities in popular password manager plugins, showing how attackers can trick users into leaking credentials, TOTP codes, and payment details with just one click.

Until vendors release fixes, peers should advise disabling auto-fill features, adjusting permissions to "on click" in Chromium browsers, and closely monitoring vendor patch announcements. Review internal policies on extension use and educate teams about the risks of installing unnecessary add-ons. Consider expanding internal security testing to include UI redressing scenarios, as this technique could impact not only password managers but also SSO tools, autofill utilities, and other extensions that interact with sensitive data. It’s important for end users to understand that they are truly the last line of defense in some situations.

FOR EXECUTIVES

HR giant Workday says hackers stole personal data in recent breach. Workday confirmed a breach in a third-party database containing contact information like names, emails, and phone numbers. While customer HR records were not accessed, the stolen data can fuel targeted social engineering. This highlights ongoing risks tied to third-party platforms like Salesforce and the importance of vendor oversight.

What you need to know: Executives should view the Workday breach as a timely reminder of the risks posed by third-party systems that hold sensitive or seemingly "basic" data. Attackers stole contact information, which may appear low-impact. Still, social engineering campaigns often weaponize such details to trick employees or business partners into granting deeper access. Workday joins a list of major firms whose Salesforce-hosted databases were recently targeted, showing these incidents are not isolated.

For leadership, the pressing question is visibility: how quickly would we know if a third-party vendor handling our data experienced a breach? Many organizations rely on vendor disclosures that come weeks later, which leaves a dangerous blind spot. Ask your teams what monitoring and assurance mechanisms are in place to give early signals of third-party exposure. Also, have the security team educate end users on how stolen "basic" data like names, phone numbers, and emails can make phishing and social engineering attempts appear more convincing.

Find out why 1M+ professionals read Superhuman AI daily.

AI won't take over the world. People who know how to use AI will.

Here's how to stay ahead with AI:

1. Sign up for Superhuman AI. The AI newsletter read by 1M+ pros.

2. Master AI tools, tutorials, and news in just 3 minutes a day.

3. Become 10X more productive using AI.

Join 1 million pros and start learning AI

SIMPLY CYBER MEDIA GROUP PODCAST LINEUP

Visit https://www.youtube.com/@SimplyCyber/podcasts to check out and catch up on all of the podcasts available on Simply Cyber Media Group!

SCA COMMUNITY PRACTICAL CYBER WORKSHOP

Join Simply Cyber Academy for an engaging talk on the amazing world of advanced Open Source Intelligence (OSINT) and how it can transform basic information into powerful insights with Mishaal Khan!

We’ll explore 5 real-life examples, like tracking down phishing scams, uncovering financial fraud, using social media to reveal hidden connections, analyzing geolocation data to follow someone’s movements or leveraging OSINT to outsmart competitors in business.

With just a few clicks, you’ll see how OSINT is a game changer in today’s fast paced world. Get ready to be inspired by the tools and techniques that can help you uncover the truth and make a real impact!

Register now for this Tuesday at 1 PM EDT: https://academy.simplycyber.io/l/pdp/workshop-osint-in-action-5-real-world-applications

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Ready to share your knowledge? Navigate to the Call For Papers section of simplycybercon.org and submit yours now!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry