Simply Cyber Newsletter #166

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Phishing and Spoofed Sites Remain Primary Entry Points For Olympics. A new report warns that phishing and spoofed websites are the primary cyber risks facing the Milano-Cortina 2026 Winter Games. Attackers historically exploit Olympics infrastructure, ticketing, and communications using business email compromise, credential theft, and event themed scams rather than novel technical exploits.

What you need to know: Share this story to help your end users understand how attackers take advantage of moments that feel exciting and routine at the same time. Large events like the Olympics create a flood of emails, links, ticket offers, schedule updates, and promotions that look legitimate because many of them are. That volume is what attackers hide inside. The takeaway is not to avoid events or technology, but to slow down during high interest moments. Encourage your end users to use official apps and bookmarked sites instead of links in messages, verify unexpected requests even when they reference real events, and report suspicious emails rather than ignoring them. At home and at work, this is about protecting attention, not limiting participation, because attackers rely on urgency and familiarity more than technical tricks.

FOR PEERS

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews. North Korean actors used fake job interviews to trick candidates into running malicious code, exposing employers. The risk is not job hunting. It is unmanaged testing on trusted devices inside real corporate environments.

What you need to know: This was not careless behavior or someone being reckless. It shows how normal career activity intersects with modern threat operations.

Teams should assume job outreach, coding tests, and portfolio reviews will be abused because they already are. The key question is whether your organization has clear boundaries for what belongs on corporate devices and what does not. That is a policy, training, and culture issue, not a personal failure.

Use this as a prompt to review how developer workflows are protected, how external code is handled, and how safe reporting is reinforced. If someone pauses or reports something that feels off, that is success. The lesson is not don’t look for opportunities. The lesson is separate personal risk from organizational exposure without added fear.

FOR EXECUTIVES

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint. Microsoft uncovered a coordinated phishing and business email compromise campaign that bypassed MFA by abusing SharePoint, session cookies, and inbox rules. The attack spread laterally across organizations using trusted identities, showing that password resets alone no longer stop modern identity-driven attacks.

What you need to know: Share this story to prompt a leadership discussion about identity trust as a business risk, not user behavior. Use it to ask who owns identity risk after authentication and whether cloud collaboration platforms are governed as high-risk business systems. This incident shows how attackers operated entirely within approved workflows once an identity was compromised. The risk is not whether MFA exists, but whether identity lifecycle governance keeps pace with how these tools are relied upon. Password resets failed because session tokens and inbox rules preserved access after login. The takeaway is not more training or alerts, but explicit ownership of identity risk, authority to rapidly contain compromised accounts, and fewer assumptions that trusted tools automatically produce safe outcomes.

Go from AI overwhelmed to AI savvy professional

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

• Join the Superhuman AI newsletter - read by 1M+ professionals

• Learn AI skills in 3 mins a day

• Become the AI expert on your team

Start learning AI now

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO DROP: TOP OSINT SITES 2026 EDITION

5 Free OSINT Tools Every Cybersecurity Investigator Needs in 2026

Stuck in your cybersecurity investigation with just a name, email, IP address, or phone number? Mishaal Khan reveals the 5 essential OSINT (Open Source Intelligence) websites he uses to take investigations from basic information to actionable intelligence in minutes.

In this video, you'll discover how to leverage open-source data to connect the dots across multiple data sources and accelerate your investigative workflow. Whether you're a cybersecurity analyst, penetration tester, or OSINT enthusiast, these tools will transform how you conduct reconnaissance.

Check out the full video now on Simply Cyber Media Group: https://youtu.be/rVZXabBmFqs

SIMPLY CYBER FIRESIDES WITH DAKOTA SNOW

Cybersecurity Career Speedrun

Breaking into IT or cybersecurity can feel overwhelming. Too many paths, too much noise, and not enough clarity on what actually works.

In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. sits down with Dakota Snow, also known as The Bearded I.T. Dad, for a fast paced and practical conversation focused on accelerating your tech and cyber career.

Dakota creates content and resources designed to help people land their first IT role, transition into cybersecurity, and stand out to recruiters and hiring managers. Through his YouTube channel, career coaching programs, and weekly newsletter, he focuses on real world guidance, mindset, and execution rather than theory.

🎯 In this SC Firesides session, you will learn: • How to move faster from interest to first IT or cyber role

• What hiring managers and recruiters actually look for

• How to position yourself when you do not have years of experience

• Mistakes that slow down career progress

• How to keep momentum after landing your first job

• Practical steps you can take right now

💬 Join the livestream and bring your questions. Whether you are trying to break into IT, pivot into cybersecurity, or level up your current role, this Cyber Career Speedrun is built to deliver clarity and action.

Register to attend now and meet us on Simply Cyber this Thursday: https://luma.com/liu0cgas

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/streams & simplycyber.io/discord

SC ACADEMY WORKSHOP AMPLIFY YOUR CYBER CAREER

Stand out. Get noticed. Move up.

​In cybersecurity, your skills matter, AND so does your visibility.

​The people getting promoted, landing speaking gigs, and fielding recruiter calls aren't just good at their jobs. They have a brand.

​This THURSDAY, attend a 4-hour live workshop gets you from "I should probably do this" to "my channel is live and I have a plan."

• ​Here's what you're walking away with:

• ​Your YouTube channel launched and branded

• ​Your first video strategy defined (no guessing what to create)

• ​A thumbnail that actually gets clicks

• ​The confidence to hit record

​Who this is for: Cybersecurity professionals ready to be visible, build authority, and open doors.

​Whether you're looking to land your next role, attract consulting clients, or position yourself as an expert, personal branding is how you get there.

​Why YouTube? It's where hiring managers, recruiters, and conference organizers are looking. It's proof you know your stuff. And it builds your network faster than anything else.

​I've built Simply Cyber from zero to 260K+ YouTube subscribers and a thriving community. YouTube changed my career trajectory completely.

​This workshop shows you exactly how to start yours. This is live, hands-on, and action-packed. No fluff. No theory. Just practical steps to get your brand launched today.

​Limited to 100 participants so everyone gets attention and leaves with results.

​Ready to amplify your career? Let's build your brand.

​Live Workshop Fee only $99 - Fee Waived - attend now for FREE!

Register Now via Zoom: https://us06web.zoom.us/webinar/register/WN_R4r571WyQ8yvuzSwV14tzw#/registration

SIMPLY CYBER MONTHLY EVENTS SCHEDULE

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry