Simply Cyber Newsletter #147

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

iCloud Calendar abused to send phishing emails from Apple’s servers. Scammers are abusing Apple’s iCloud Calendar to send fake purchase notices. These messages look like they come from Apple and push you to call a phone number. The real goal is to trick you into handing over access or money.

What you need to know: Educate your end users about a clever phishing scam that looks like an official Apple email. Attackers are abusing iCloud Calendar invites so the messages appear to come directly from Apple’s servers, even passing normal email security checks. The email claims your PayPal account was charged for hundreds of dollars and includes a phone number to call if you want to cancel or dispute the charge. This is where the real scam begins. If someone dials the number, the criminals on the other end will try to scare them into thinking their account is hacked, then push them to download software or give access so they can “fix” the problem.

Here’s what employees should know and do:

• Slow down: If you get an unexpected message about a payment, do not react quickly out of fear.

• Check the source: Apple and PayPal will not send a calendar invite with billing notices.

• Never call numbers in suspicious emails: Use only official contact numbers from company websites or account portals.

• Report it: Forward any suspicious emails or invites to your security team right away.

By teaching end users to pause and verify, you help them recognize that even when an email looks like it comes from a trusted brand, it may be a trap designed to get them on the phone and into a scam."

FOR PEERS

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack. Attackers compromised an npm maintainer through phishing, injecting malware into widely used packages with over 2.6 billion weekly downloads. The code hijacks web-based crypto transactions by intercepting APIs and replacing wallet addresses. While the exposure window was narrow, the incident underscores supply chain risks in open-source dependencies.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to protect open-source dependencies. Attackers phished an npm maintainer and pushed malicious updates into widely used packages, briefly poisoning downloads for libraries like chalk and debug. The injected code hijacked crypto transactions by intercepting APIs and redirecting wallet addresses.

This incident shows the value of safe versioning practices: use lockfiles, pin dependencies, and validate integrity to prevent silently pulling malicious updates. Equally important, protect developer accounts with phishing-resistant MFA to reduce the risk of maintainer compromise. Beyond that, teams should ask how they monitor supply chain advisories, whether SBOMs give visibility into transient dependencies, and how quickly they can roll back affected packages. It is important for end users to understand that they are truly the last line of defense in some situations.

FOR EXECUTIVES

US investors in spyware firms nearly tripled in 2024. A new Atlantic Council report finds that U.S.-based investors in spyware companies nearly tripled in 2024, with 31 firms backing vendors. This raises regulatory, reputational, and governance questions as spyware continues to be tied to civil society surveillance, sanctions, and export restrictions.

What you need to know: "Executives should take note of the Atlantic Council’s finding that U.S. investors nearly tripled their backing of spyware vendors in 2024, despite sanctions and government crackdowns. The report shows spyware is not shrinking but expanding, with new vendors in Asia and Latin America and brokers making the market harder to track. These tools have already been tied to surveillance of journalists and civil society.

The lesson for business leaders is that spyware is no longer just a government issue. It is a global commercial market, and companies in any industry could be targeted. Leaders should ask how the business would communicate and respond if spyware was suspected in devices or networks. Which channels would be used to inform employees? How would executives contact staff to request sensitive information in a secure and verifiable way?

If the conversation turns to this topic, be ready to ask:

• Do we have clear channels for executive communications so they cannot be spoofed?

• How would we respond if spyware was suspected on corporate or personal devices?

• Are end users being educated about how these threats can appear in HR, Accounting, or executive requests?

Clear processes and communication are the executive tools that prevent confusion when advanced threats emerge.

SIMPLY CYBER MEDIA GROUP PODCASTS

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

SIMPLY CYBER FIRESIDES

This Thursday at 4:30 PM EDT on Simply Cyber

⚡ In the next episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. welcomes Joe Marshall, Senior Security Strategist at Cisco Talos, to explore careers in ICS/OT cybersecurity — one of the most strategically important areas of cybersecurity, protecting the systems that keep our world running.

Joe is widely recognized as a leader, mentor, and cyber threat researcher with years of experience in industrial control systems and operational technology. He brings unique insights into how professionals can break into this specialized but vital field, what career paths look like, and how to stay ahead in an ever-evolving threat landscape.

During this live conversation, Joe will share:

• How to navigate a career path into ICS/OT security

• The different types of roles available in this specialized field

• Practical ways to learn, train, and build expertise

• Personal tips and career advice from his own journey

💬 Join us live, ask your questions in live chat, and get them answered directly during the stream. Whether you’re just starting out or looking to transition into ICS/OT, this session will give you valuable direction and inspiration.

We hope you meet us there! https://youtube.com/live/TidsfmxmKFc

METACTF SEPT FLASH CTF 

This Thursday from 5 - 7 PM EDT on MetaCTF

Connect in Simply Cyber Discord to get connected with others from #TeamSC

Register to participate in the MetaCTF Flash CTF for September now.

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

🚨 This Week in Cybersecurity Events from Simply Cyber (Sept 15–20, 2025) 🚨

Stay connected, learn, and engage with the Simply Cyber community! Here’s what’s live this week:

Monday, Sept 15

• 📰 Daily Cyber Threat Brief – 8:00 AM EDT

• 🎤 Jaw Jackin’ AMA – 9:00 AM EDT

• 🛡️ Simply Defensive Podcast – 9:30 AM EDT

Tuesday, Sept 16

• 📰 Daily Cyber Threat Brief – 8:00 AM EDT

• 🎤 Jaw Jackin’ AMA – 9:00 AM EDT

Wednesday, Sept 17

• 📰 Daily Cyber Threat Brief – 8:00 AM EDT

• 🎤 Jaw Jackin’ AMA – 9:00 AM EDT

• 🎙️ 2 Cyber Chicks Podcast – 9:30 AM EDT

Thursday, Sept 18

• 📰 Daily Cyber Threat Brief – 8:00 AM EDT

• 🎤 Jaw Jackin’ AMA – 9:00 AM EDT

• 🔥 Simply Cyber Firesides Live – 4:30 PM EDT

Friday, Sept 19

• 📰 Daily Cyber Threat Brief – 8:00 AM EDT

• 🎤 Jaw Jackin’ AMA Panel – 9:00 AM EDT

Saturday, Sept 20

• 🎓 Slay Security+ with @SlaySecurityPlus (YouTube) – 4:00 PM EDT

💬 Discord Events

• M–F: Pre-Show Jaw Jackin’ – 7:30 AM EDT

• Thu: MetaCTF Sept Flash CTF – 7:30 AM EDT

👉 Don’t miss a stream! Join the community at simplycyber.io/learn & simplycyber.io/discord

#cybersecurity #threatIntel #TeamSC

SIMPLY CYBER CON 2025

When: Sunday, Nov. 2nd & Monday, Nov. 3rd

We’re excited to share Simply Cyber Con is back for the third year in a row!

Registration is now available! Head over to the website to learn more about conference registration and training day options.

Don’t miss the opportunity to attend onsite training in-person with the amazing instructors on Nov. 2nd!

Interested in sponsoring? Review the sponsor packet. It’s going to be the best Simply Cyber Con yet, don’t miss out on this chance to sponsor and share your business with #TeamSC!

Stay tuned for updates! #simplycybercon

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry