Simply Cyber Newsletter #158

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

$262 million stolen in account takeover fraud schemes this year, FBI says ahead of holiday season. The FBI has warned that more than 5,100 account takeover fraud cases this year have resulted in losses exceeding $262 million. Attackers impersonate banks, send fake charge alerts, poison search results, and use spoofed links to steal credentials and drain financial accounts.

What you need to know: Educate your end users about how account takeover scams work and why they're increasing ahead of the holiday shopping season. Criminals know that people constantly check online purchases, package updates, and bank alerts, so they send fake notifications designed to create urgency and prompt users into clicking before thinking. The goal is simple: get someone to enter their login details on a page the attackers control. These messages claim there's a suspicious charge or urgent problem, then link to a spoofed login page that steals usernames and passwords. Once attackers gain access, they often change the password and lock the victim out, transferring money to cryptocurrency accounts or through other means in an effort to prevent financial institutions from reversing the transactions. Explain that search results can also be misleading, directing people to fake shopping sites that look legitimate, and instead encourage users to visit financial or shopping sites directly rather than clicking on links. Remind them to verify unexpected alerts by calling the company using a trusted phone number, not the one provided in the message.

FOR PEERS

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets. The Shai-Hulud v2 supply chain attack spread from npm to Maven, compromising more than 830 packages and exposing developer machines, API keys, cloud credentials, and GitHub tokens. The malware abused CI misconfigurations, injected rogue workflows, and exfiltrated thousands of secrets to public repositories.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to strengthen software supply chain resilience. Shai-Hulud v2 shows how quickly malicious packages can move across ecosystems and compromise developer environments by exploiting CI misconfigurations and trusted distribution paths. This wave backdoored npm and Maven libraries, registered victim systems as self-hosted runners, and harvested thousands of cloud and GitHub tokens. Focus discussions on auditing dependency pipelines, enforcing least privilege in GitHub Actions, and verifying workflow triggers like pull_request_target and workflow_run. Reinforce the need for automated secret scanning, rapid key rotation, and tightened publishing controls to prevent downstream impact when a single package or maintainer account is compromised.

FOR EXECUTIVES

Comcast to pay $1.5M fine for vendor breach affecting 270K customers. Comcast will pay a $1.5 million FCC fine after a breach by a third-party debt collector exposed customer data and delayed notification for five months. The settlement requires stronger vendor oversight, reporting, and ongoing compliance measures.

What you need to know: Executives should view this incident as a clear example of how vendor failures become organizational liabilities, even when internal systems remain secure. Comcast's $1.5 million fine stems from a breach at FBCS, a debt collector the company no longer used but still trusted with customer data. The vendor waited five months to disclose the incident and had previously assured Comcast that no customer information was affected. The breach exposed sensitive data, including names, addresses, Social Security numbers, and account numbers, triggering regulatory penalties and a multi-year compliance order. Encourage leadership discussions about vendor lifecycle management, data retention controls, and verification of third-party assurances. Strengthening oversight and contractual requirements can reduce regulatory exposure and limit the downstream impact of inherited vendor risk.

SIMPLY CYBER MEDIA GROUP PODCAST HIGHLIGHT

Tuesday at 9:30 AM ET on Simply Cyber Media Group

Human Hacked: Life as the World’s First Augmented Ethical Hacker w/ Len Noe

In this episode of Simply Offensive, Phillip Wylie sits down with Len Noe (HaCkEr_213) — the world’s first recognized augmented ethical hacker.

From microchip implants and implantable terabyte drives to a past life in outlaw motorcycle clubs, Len’s story sits at the collision point of human and machine identity.

👉 Join us: https://youtu.be/ZpxH0JLKPxY

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST. It’s a party full of cybersecurity enthusiasts and professionals of all levels who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/learn & simplycyber.io/discord

SC ACADEMY THE PLACE FOR CYBER CAREERS

BLACK FRIDAY SALE ON SIMPLY CYBER ACADEMY!

🤩 30% off all courses from November 22-29! 📅 No tricks. No fake scarcity. Just straightforward pricing on training that can help you break into cybersecurity or level up your career.

Its simple. Use the code: BF30 at checkout and save 30%. That's it! https://academy.simplycyber.io

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry