Simply Cyber Newsletter #159

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Google expands Android scam protection feature to Chase, Cash App in U.S. Google expanded Android's in-call scam protection to major U.S. banking and fintech apps, including Cash App and JPMorgan Chase. The feature warns users when unknown callers attempt to pressure them into sharing their screen or disclosing financial information during a call.

What you need to know: Educate your end users about Google's expanded in-call scam protection on Android, which now supports major banking and fintech apps in the United States. This feature appears when someone is on a call with an unknown number and opens a financial app, warning them that the caller may be trying to trick them into sharing their screen or revealing account details. These scams operate by creating panic and prompting people to act quickly. The 30-second warning forces a pause and helps break that urgency. Remind users to hang up, avoid sharing information, and always confirm account issues by contacting their bank directly.

FOR PEERS

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution. A maximum severity flaw in React Server Components allows unauthenticated attackers to execute arbitrary code on vulnerable servers by abusing unsafe deserialization. Major frameworks, such as Next.js, Vite, Parcel, and RedwoodJS, are affected. Patches are available, and cloud providers have deployed temporary WAF protections.

What you need to know: Share this story with your peers and discuss what your organization is doing to reduce exposure in applications using React Server Components or any framework that handles serialized payloads on the server side. Even if your teams do not use React, this incident highlights a broader risk: default framework behavior can create remotely reachable attack surfaces without developers being aware of it. Use this opportunity to review how your organization manages dependencies, validates framework versions, and enforces patch requirements through CI/CD. For teams using React, Next.js, or bundled RSC libraries, confirm patch levels and apply updates immediately. For everyone else, treat this as a reminder to strengthen supply chain governance by monitoring malformed or unexpected HTTP requests across application endpoints.

FOR EXECUTIVES

California law regulating web browsers could have national data privacy impact, experts say. California’s new privacy law requires browsers to offer a universal opt-out tool, a change expected to roll out nationally and significantly reduce data sharing across industries.

What you need to know: California’s new privacy mandate will require web browsers to provide a built-in, universal opt-out tool for data sharing. Regulators expect this capability to be implemented nationally because the law applies to Californians even when they are traveling or using a VPN. Browser companies will likely standardize the feature for all users to avoid compliance complexity. This shift means far more consumers will automatically opt out of tracking, reducing the data available to advertisers, analytics platforms, and third-party partners. Executives should assess the degree to which their business models rely on shared browsing data, consider how customer experience might be impacted, and determine whether existing consent practices can withstand regulatory scrutiny. If the conversation turns to this topic, be prepared to ask how your organization will adapt before enforcement begins.

SIMPLY CYBER FIRESIDES

Thursday at 4:30 AM ET on Simply Cyber Media Group

Chill Cyber Firesides Chat 🔥

Join Gerald Auger, Ph.D., for a relaxed and insightful Firesides conversation with Sean Kilbourn, Director of Cybersecurity Services at Highpoint.

Sean brings a deep and diverse background that spans the U.S. Navy’s red and blue teams, senior engineering roles, penetration testing, management positions, and his time as a Deputy CISO in the oil and gas sector.

In this casual and chill open conversation, Sean will walk us through his career journey, share lessons from two decades of experience in IT and cybersecurity, and explain how each role shaped his path into leadership.

He will also share his work helping veterans transition from military service into cybersecurity careers, offering guidance for anyone looking to find their footing in the industry.

🎯 In this episode you will learn:

• What a multi discipline cybersecurity career path looks like in the real world

• How red and blue team experience can influence your growth

• Insights from roles that range from penetration testing to Deputy CISO

• Advice for veterans and career changers entering cyber

• How to grow from technical roles into leadership positions

• What hiring managers look for in up and coming cybersecurity professionals

💬 Join the livestream and bring your questions. Whether you are just starting out or aiming to level up into leadership, this Firesides session offers relatable and practical career insights.

👍 Register to attend now! https://luma.com/0f8nd03s

Visit https://www.youtube.com/@SimplyCyber/podcasts to catch up on all of the podcasts available on Simply Cyber Media Group!

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

It’s a party full of cybersecurity enthusiasts and professionals of all levels who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/learn & simplycyber.io/discord

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry