Simply Cyber Newsletter #168

Crush Your Week Like a Cyber Pro with Simply Cyber!

AuthorAuthor

Gerald Auger & Chuck Sapp
February 09, 2026

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account. Researchers found an AI chat toy company left over 50,000 children’s conversation logs accessible to anyone with a Gmail account. The exposed data included names, preferences, and chat transcripts. The company fixed the issue quickly, but the incident highlights risks around consumer devices today broadly.

What you need to know: Educate your end users about how this incident exposes a broader risk that goes beyond children’s toys. It applies to any app or service powered by AI that promises convenience, companionship, or productivity. If a toy can expose private conversations, the same thing can happen when someone uses an AI app to help plan projects, summarize meetings, draft messages, or organize daily work.

Ask your end users to reflect on this. If they typed details about a work project, a customer issue, or an internal discussion into a personal AI app today, would they be comfortable if that information were exposed tomorrow? Many of these tools collect more data than expected and store it longer than users realize.

The practical takeaway is simple. Treat personal AI tools the same way you treat public platforms. If you would not share it in an open forum or send it to the wrong email address, it does not belong in an unapproved AI app. This mindset shift helps protect both personal privacy and organizational trust without shutting down innovation.

FOR PEERS

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users. State sponsored attackers hijacked Notepad++ update traffic by compromising hosting infrastructure, redirecting select users to malicious servers. The tool itself was not exploited, but targeted updates delivered malware for months without detection.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to account for trusted tools that are allowed but not actively managed. Notepad++ is familiar, widely used, and often installed quietly outside formal deployment pipelines, which is exactly why this matters. This was not a software bug but a failure of trust in an update path that most teams never monitor. Ask whether Notepad++ exists anywhere in your environment, whether update traffic is inspected, and whether indicators from this campaign were checked. Then ask the harder question. If a selectively targeted, poisoned update channel can operate for months without detection, what other tools are effectively invisible because they are considered low risk, familiar, and nobody’s explicit responsibility?

FOR EXECUTIVES

Iron Mountain: Data breach mostly limited to marketing materials. Iron Mountain says a breach claimed by the Everest extortion group was limited to marketing materials accessed via compromised credentials, with no customer data or systems affected.

What you need to know: This incident is less about the breach itself and more about how organizations respond when a critical vendor says, “You weren’t impacted.” Iron Mountain’s statement may be accurate, but executives are not expected to accept reassurance without verification, especially when vendors store or handle sensitive business or customer data.

For large enterprises and small local companies alike, this highlights a governance gap. When a supplier experiences a security incident, do you have a defined process to confirm whether your specific data, metadata, or access paths were involved, or does the conversation end at a press release?

This is where risk ownership lives. Vendor trust does not remove your duty of care. It shifts it.

If the conversation turns to this topic, be prepared to ask how your organization validates vendor incident claims, what contractual or regulatory rights you exercise during third-party breaches, and whether leadership would feel confident defending that reliance to customers, regulators, or a board.

Trusted by 125K+ IT pros

Modern IT decisions don’t come from a single headline—they come from understanding how everything connects.

IT Brew brings together the stories shaping the IT landscape, from cybersecurity and cloud to enterprise software and IT operations, so teams can see the full picture—not just isolated updates.

Less scrolling. Better context. Smarter decisions. And it’s completely free.

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO DROP: THE CLOUD ISN’T SECURE

"The cloud is secure by default" - this phrase has ruined the security programs of countless organizations. Beau Bullock from Black Hills Information Security has spent 12 years pentesting cloud environments and reveals why modern cloud breaches rarely start with sophisticated hacking - they exploit default misconfigurations that organizations never changed.

If you're a cloud security engineer, security architect, or IT professional responsible for Azure, AWS, or Microsoft 365 security, this video exposes the dangerous default settings that leave organizations vulnerable every single day. Learn what actual threat actors and pentesters exploit to gain initial access, pivot, and maintain persistence in cloud environments.

🔍 KEY FINDINGS:
⚠️ Default settings in Microsoft 365 leave organizations wide open
⚠️ Any user can invite guests, create apps, and consent to permissions
⚠️ MFA gaps exist due to conditional access misconfigurations
⚠️ Public resources deployed without security controls
⚠️ Credentials hardcoded in cloud resource configurations

Check out the full video now on Simply Cyber Media Group: https://youtu.be/MGUxVtMV4W8

SIMPLY CYBER FIRESIDES WITH PRATIK DOSHI OF AIRIA

AI is being adopted across organizations faster than security, compliance, and governance teams can keep up. In many cases, AI systems are being built, deployed, and used without clear oversight, ownership, or controls.

This growing problem is often referred to as Shadow AI, and it is creating serious security and regulatory risks.

In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. is joined by Pratik Doshi, Product Lead for AI Governance at Airia, for a conversation into how ungoverned AI is becoming a hidden threat inside modern enterprises.

Pratik brings hands-on experience from building privacy and compliance products, leading security programs, and now developing governance solutions for AI systems. His perspective bridges product development, risk management, and real-world operational challenges.

💬 This session includes live audience questions and practical guidance for security leaders, compliance teams, SOC professionals, and anyone responsible for managing AI risk.

Register to attend now and meet us on Simply Cyber this Thursday: https://luma.com/41hhx3ty

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking every day of the work week at simplycyber.io/streams & meet the community at simplycyber.io/discord!

SC ACADEMY WORKSHOP READING THE ATTACKER

Reading the Attacker: A Hands-On Ransomware Negotiation Workshop - Happening February 26th from 5:30 - 7:30 PM EST

​What if understanding how a ransomware gang negotiator was feeling could help you guide those negotiations? What if inducing affect and emotions in those online communications could help you influence how someone responds to you?


This workshop will familiarize all levels of participants with the foundations of how we process information based on how we think and what we are feeling.

This workshop taught by a certified former FBI profiler who specialized in online influence will provide demonstrations and exercises on how to analyze ransomware negotiations based on the affect and emotions in those communications and how to design a behaviorally based communications strategy that induces affect and emotions in those online communications.

Live Workshop Fee only $99 - get in on this while spaces are still available!

SIMPLY CYBER MONTHLY EVENTS

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry