Simply Cyber Newsletter #167

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

A new wave of ‘vishing’ attacks is breaking into SSO accounts in real time. Cybercrime groups are using live phone calls combined with fake single sign on websites to trick people into approving login requests in real time. These voice phishing attacks have led to data theft and extortion after attackers gain access to cloud accounts globally.

What you need to know: Educate your end users about how voice based scams now target single sign on accounts by guiding people through fake login steps during live phone calls. These attacks work because they feel urgent and personal, not because systems are broken. Help your end users slow down when calls ask them to approve logins or share codes. Encourage pausing, hanging up, and verifying requests through known contacts or official apps. Reinforce that unexpected calls about access issues are a signal to stop and check. This applies at work and at home before acting or responding in the moment under pressure.

FOR PEERS

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware. A fake Moltbot AI assistant extension on the official VS Code Marketplace installed malware, giving attackers persistent remote access. The extension exploited Moltbot’s popularity, had no legitimate plugin, and was removed after researchers identified methods.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to govern developer tooling, extensions, and AI assistants across the environment. This incident shows how marketplace trust and convenience quietly expand attack surface when speed outpaces ownership. Review how extensions are approved, monitored, and removed, and who is accountable when tools appear informally. Treat AI assistants as privileged software with access implications, not harmless helpers. This is not a single bad plugin problem, it is a governance gap requiring deliberate control, visibility, and discipline from us.

FOR EXECUTIVES

Cyberattack disrupts digital systems at renowned Dresden museum network. A cyberattack disrupted systems at Germany’s Dresden State Art Collections, disabling online ticketing, payments, and visitor services while museums stayed open. Collection security was unaffected, restoration timelines remain unclear, and authorities have not attributed the attack or confirmed ransom involvement.

What you need to know: Use this story to help leaders understand how operational disruption can occur even when core assets remain protected. The museums stayed open, but revenue collection, customer experience, and basic services were impaired for days with no clear recovery timeline. This highlights exposure created by dependency on digital systems that lack graceful failure. If the conversation turns to this topic, be prepared to ask how much disruption your organization can tolerate, which services must recover first, and whether continuity plans reflect real operating conditions across teams and leadership roles today.

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO DROP: AI NOT EXPOSURE

Your Analysts Are Already Uploading Customer Data to AI. Now What?

Your teams are already using AI with customer data, financial records, and sensitive information; whether you know it or not. The moment that data leaves your enterprise systems for AI analysis, it loses all its protections. No audit trail. No compliance controls. No way back.

But what if you could enable AI workflows with full data protection, end-to-end governance, and enterprise-grade security, all without the enterprise budget?

In this video, I walk you through Protegrity's AI Developer Edition: a FREE, enterprise-grade data protection tool that runs on your laptop. This isn't a demo or toy. It's the same technology protecting data in regulated production environments at Fortune 1000 companies.

I'll show you:
✅ 5 core data protection capabilities (with live demos)
✅ How tokenization maintains AI utility while eliminating exposure
✅ 3 ways you can use this at work starting tomorrow
✅ How to turn security from a blocker into a business enabler

Check out the full video now on Simply Cyber Media Group: https://youtu.be/TUnqYqNpVUs

SIMPLY CYBER FIRESIDES WITH WADE & HAYDEN

AI for Cyber SOC Analysts

Artificial intelligence is rapidly changing how security operations centers detect, investigate, and respond to threats.

But what does AI actually look like in day to day SOC work, and how should analysts think about using it effectively?

In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. is joined by Wade Wells and Hayden Covington for a practical discussion on AI in cybersecurity from the perspective of SOC analysts and detection engineers.

Wade is a Lead Detection Engineer at a Fortune 50 company with years of experience across security operations, threat hunting, cyber threat intelligence, and detection engineering in highly regulated environments. He is also a board member of BSides San Diego and co host of the Simply Defensive podcast.

Hayden is a Senior SOC Analyst and Detection Engineer at Black Hills Information Security, where he focuses on building high fidelity detections, incident response, and structured SOC operations. He is also the founder of Noct Information Security and an active contributor to the SOC community.

🎯 In this SC Firesides chat, we'll cover:
• How AI is currently being used in SOC environments
• Where AI helps analysts and where it can create new challenges
• The impact of AI on detection engineering and threat hunting
• Skills SOC analysts should build to stay relevant
• Practical ways to evaluate AI driven security tools

This session is designed for SOC analysts, detection engineers, blue teamers, and anyone interested in how AI is reshaping security operations without the hype.

Register to attend now and meet us on Simply Cyber this Thursday: https://luma.com/r6khshnv

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking: simplycyber.io/streams & simplycyber.io/discord

SC ACADEMY WORKSHOP READING THE ATTACKER

Reading the Attacker: A Hands-On Ransomware Negotiation Workshop - Happening February 26th from 5:30 - 7:30 PM EST

​What if understanding how a ransomware gang negotiator was feeling could help you guide those negotiations? What if inducing affect and emotions in those online communications could help you influence how someone responds to you?

This workshop will familiarize all levels of participants with the foundations of how we process information based on how we think and what we are feeling.

This workshop taught by a certified former FBI profiler who specialized in online influence will provide demonstrations and exercises on how to analyze ransomware negotiations based on the affect and emotions in those communications and how to design a behaviorally based communications strategy that induces affect and emotions in those online communications.

​Live Workshop Fee only $99 - get in on this while spaces are still available!

Register Now via Zoom: https://us06web.zoom.us/webinar/register/WN_M3c4mXpqQWKGkS3ERrxFKQ#/registration

SIMPLY CYBER MONTHLY EVENTS

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry