Simply Cyber Newsletter
Posts
Simply Cyber Newsletter #164

Simply Cyber Newsletter #164

Crush Your Week Like a Cyber Pro with Simply Cyber!

Gerald Auger & Chuck Sapp
January 12, 2026

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign. Cybercriminals abused a legitimate Google Cloud email feature to send phishing messages that looked like real Google notifications. The emails led victims through trusted Google links before redirecting them to fake Microsoft login pages designed to steal credentials.

What you need to know: Encourage users to pause when emails reference voicemails, shared documents, access requests, or permission changes that demand quick action. These messages are designed to create urgency and bypass careful thinking, even when they appear to come from trusted services.

The main habit here is to teach users to avoid clicking links in unexpected emails altogether. Instead, they should access Google Drive, Microsoft 365, voicemail, or other services by opening the app or typing the site address themselves. If the alert is real, it will still be visible once they sign in directly.

Also, reinforce that sender names and logos are no longer proof of legitimacy. Attackers can abuse real cloud platforms to send convincing messages that pass technical checks and look authentic. We’ve seen examples of this numerous times whether it be from Google workspace or even Paypal.

Lastly, normalize reporting. Some users worry they will look careless or embarrassed for reporting something they think they should have recognized as spam. Reinforce that reporting is never a mistake. Reporting a suspicious email is the correct action even when the message looks professional, familiar, or appears to come from Google, Microsoft, or another trusted provider. Reporting helps protect everyone, not just the individual.

FOR PEERS

Max severity Ni8mare flaw lets hackers hijack n8n servers. A maximum severity flaw dubbed Ni8mare allows unauthenticated attackers to take over exposed n8n automation servers. The vulnerability enables file access, secret theft, authentication bypass, and possible remote command execution. More than 100,000 instances may be exposed.

What you need to know: Share this story with your peers and have conversations about how automation platforms are quietly becoming high value targets. Tools like n8n often hold API keys, OAuth tokens, cloud credentials, and business logic, yet they are frequently deployed quickly with public endpoints exposed. This story connects directly to the end user phishing risk, where compromised credentials or automation abuse can amplify impact far beyond a single click. Discuss where workflow automation exists in your environment, who owns its security, and whether public webhooks are necessary. Prioritize patching, restrict external access, and treat automation engines as critical infrastructure, not convenience tooling.

FOR EXECUTIVES

Microsoft to enforce MFA for Microsoft 365 admin center sign-ins. Microsoft will enforce MFA for all Microsoft 365 admin center access starting February 9, 2026. This signals a shift where privileged access security is no longer optional, negotiated, or left to organizations to self enforce.

What you need to know: Microsoft is moving from recommending to enforcing security controls by blocking administrator access to Microsoft 365 unless multi factor authentication is enabled. This is not a technical update. It is a governance signal. Platform providers are no longer willing to accept the risk created by privileged accounts without strong authentication. For organizations, this is a forcing function to evaluate how executive and administrative access is actually managed today. The real risk is not MFA. It is the long standing assumption that high privilege and leadership accounts are exceptions. This moment should prompt a review of who holds privileged access, how it is protected, and whether leadership behavior aligns with the level of risk those roles carry.

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams

NEW VIDEO SERIES: JUNIOR VS SENIOR GRC ANALYST

Part 2: Junior vs Senior GRC | How would you handle creating a policy for unregulated AI usage in your organization?

How would you handle creating a policy for unregulated AI usage in your organization?

In this video, three GRC professionals tackle one of today's most relevant challenges: "Your CISO asks you to develop a new policy for AI usage in the company after discovering several departments are using ChatGPT and other AI tools without oversight. How would you approach creating this policy?"

Watch as an aspiring analyst, a mid-level GRC professional with 3 years of experience, and a senior GRC leader each bring their unique perspective to this timely scenario—and learn what separates tactical responses from strategic leadership.

Check it out now to learn more: https://youtu.be/sCFx6LBwFfs

SIMPLY CYBER SKILLS STREAM: PERSONAL BRANDING

Join Us Live on Tuesday, January 13th at 1:00 PM EST

Personal Branding for Your Cyber Career in 2026

LinkedIn has become one of the most powerful career tools in cybersecurity. Recruiters use it to find talent.

Hiring managers use it to validate candidates. Peers use it to build credibility and community. Yet many cyber professionals struggle with what to post, how to show expertise, or how to stand out without feeling uncomfortable or self-promotional.

In this Simply Cyber Skills Stream, Gerald Auger and Mike Miller break down how cybersecurity professionals can use LinkedIn intentionally to increase visibility, build trust, and create career opportunities at any stage. This is not about becoming an influencer or posting every day. It is about learning how to communicate your value, share what you know, and engage in ways that actually matter in the cyber industry.

You will learn how LinkedIn really works for cybersecurity professionals, why your profile and activity matter more than you think, and how small, consistent actions can compound into meaningful opportunities over time.

What You Will Learn:

Why LinkedIn has become a primary platform for cybersecurity hiring and career growth
How recruiters and hiring managers evaluate LinkedIn profiles and activity
How to position your experience and interests without sounding like a resume
Practical ways to create content even if you think you have nothing to say
Simple post ideas that demonstrate expertise, curiosity, and professionalism
How engagement and conversation drive visibility more than posting alone
Why video content accelerates trust and differentiation on LinkedIn
How to build a sustainable system for showing up consistently

You will leave this session with a clearer understanding of how LinkedIn fits into your cybersecurity career strategy, practical ideas you can apply immediately, and the confidence to start showing up more intentionally.

The goal is progress, not perfection. Meet us on January 13th at 1:00 PM EST: https://luma.com/wwu7427v

SIMPLY CYBER FIRESIDES: AI GOVERNANCE

Join us on Thursday, January 15th at 4:30 PM EST

AI Governance

Artificial Intelligence is moving fast. Governance, security, and accountability are struggling to keep up.

In this episode of Simply Cyber Firesides, Gerald Auger, Ph.D. is joined by Jason Rebholz, Co-Founder and CEO of Evoke Security, for a practical and timely conversation on what AI governance actually looks like in the real world.

Jason brings deep experience from incident response, threat intelligence, and executive security leadership. After years responding to advanced cyber attacks and building security programs as a CISO, his focus has shifted to helping organizations securely deploy and manage AI systems. His work centers on understanding how autonomous and agent driven AI changes risk, accountability, and control inside modern enterprises.

🎯 In this Firesides chat, we'll explore:

What AI governance really means beyond policy documents
How organizations should think about risk, control, and accountability in AI
Where security teams fit into AI decision making • Common mistakes companies make when adopting AI too quickly
How incident response and threat intelligence experience informs AI security
Practical guidance for leaders navigating AI adoption

💬 Join the livestream and bring your questions. This is an interactive Firesides chat designed for CISOs, security leaders, practitioners, and anyone responsible for making AI decisions inside their organization.

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/streams & simplycyber.io/discord

SIMPLY CYBER MONTHLY EVENTS SCHEDULE

Want to know what’s happening at Simply Cyber at any given time? Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry