Simply Cyber Newsletter #169

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

AMOS infostealer targets macOS through a popular AI app. Attackers are spreading Atomic macOS Stealer through fake AI apps, poisoned search results, and malicious add-ons inside popular AI platforms. Once installed, the malware steals passwords, crypto wallets, browser sessions, and personal data, then sells that access in underground markets to fuel larger fraud and ransomware campaigns.

What you need to know: Educate your users that modern infostealers like Atomic macOS Stealer are not just isolated malware infections. They are part of an industrialized identity harvesting economy. Once executed, AMOS rapidly extracts saved passwords, browser session cookies, crypto wallet data, SSH keys, and other sensitive files. Those “stealer logs” are then sold in underground markets where other criminals use them for account takeover, fraud, and follow-on attacks.

In recent campaigns, attackers hid AMOS inside fake AI desktop assistants, malicious marketplace add-ons, sponsored search results, and even GitHub repositories. The most important behavior to teach is Instruction-Based Execution. Legitimate software for everyday users almost never requires copying and pasting code into Terminal or PowerShell from a website. If an installer or help page asks for that, treat it as a red flag and verify independently.

Reinforce three practical rules. Slow down when installing trending AI tools and confirm the official domain. Never paste command-line instructions from a website or shared chat guide. Use password managers and multifactor authentication, and log out of sensitive accounts when finished, since infostealers target active sessions, not just passwords.

FOR PEERS

Devilish devs spawn 287 Chrome extensions to flog your browser history to data brokers. Researchers identified 287 Chrome extensions with 37 million installs that allegedly exfiltrate browsing histories to more than 30 data brokers and analytics firms. Even when disclosed in privacy policies, this large-scale data collection highlights how legitimate browser ecosystems can quietly fuel identity profiling and surveillance economies.

What you need to know: Share this story with your peers and have conversations about what your organization is doing to monitor browser extension risk across managed and unmanaged devices. Researchers identified 287 Chrome extensions with more than 37 million installs that allegedly transmit browsing history data to over 30 companies, including major analytics and data firms. Many of these tools appear harmless yet request broad access to browsing activity without clear justification.

It is important for end users to understand that they are truly the last line of defense in some situations, especially when installing extensions that request extensive permissions. Security teams should evaluate extension allowlists, enforce browser management policies, review third party add on governance, and reinforce that free utilities often monetize user data rather than charge upfront fees.

FOR EXECUTIVES

CISA gives federal agencies one year to rip out end-of-life devices. CISA ordered federal agencies to remove unsupported EOS Edge Devices within one year, citing constant nation-state exploitation. Agencies must inventory, replace, and establish continuous discovery processes to eliminate end-of-life technology risk.

What you need to know: Use this directive as a strategic trigger to assess your own exposure to unsupported hardware and software. CISA’s order is not tied to a single breach but to persistent exploitation campaigns targeting edge devices such as firewalls, routers, load balancers, and IoT systems. These assets often sit at the perimeter and integrate with identity management systems, making them high-value entry points for attackers.

Ask three questions immediately. Do we have a complete inventory of edge devices and their support status? How much unsupported technology remains in production due to budget or operational constraints? Do we have a formal lifecycle replacement program, or are upgrades reactive?

Executives should treat end-of-life technology as unmanaged risk, not deferred maintenance. Establish board visibility into asset lifecycle tracking, align refresh cycles with vendor support timelines, and ensure continuous discovery processes exist so unsupported systems cannot silently persist inside your environment.

Stop Drowning In AI Information Overload

Your inbox is flooded with newsletters. Your feed is chaos. Somewhere in that noise are the insights that could transform your work—but who has time to find them?

The Deep View solves this. We read everything, analyze what matters, and deliver only the intelligence you need. No duplicate stories, no filler content, no wasted time. Just the essential AI developments that impact your industry, explained clearly and concisely.

Replace hours of scattered reading with five focused minutes. While others scramble to keep up, you'll stay ahead of developments that matter. 600,000+ professionals at top companies have already made this switch.

Join them today, for free.

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EST.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO DROP: START A CYBER PODCAST

So You Want To Start A Cybersecurity Podcast

Are you ready to launch a podcast for yourself or your business in 2026?

Gerald Auger, Ph.D. built a daily cybersecurity podcast and a network of over 250,000 people teamed up with Kathy Chambers Media to share the exact 7-step strategy for success.

In this video, you'll learn the essentials, including:

➡️ The critical foundation you need for branding, content, and guests—and the mistake most new podcasters make.
➡️ How to choose the right format and frequency that you can actually maintain, with suggestions on where to start.
➡️ The simple equipment you actually need to hit "record" faster—and why focusing on gear is a common trap.
➡️ The proven strategy for getting ahead so your content never becomes a burden.
➡️ How to efficiently record, edit, and publish your show across all platforms.
➡️ Creative ways to build your audience and promote your show, even if your first episode only gets 10 views.
➡️ When and how to monetize your podcast through sponsorships and partnerships, and why you don't need to be a top influencer to start.

Get your cybersecurity (or any niche!) podcast off the ground. Watch now!

Check out the full video now on Simply Cyber Media Group: https://youtu.be/_or1RexRK5A

SIMPLY CYBER FIRESIDES: DO I BELONG HERE?

Imposter Syndrome in Cybersecurity: Do I Belong Here?

Imposter syndrome shows up in cybersecurity in unique and often unspoken ways — from early-career analysts questioning their technical credibility to seasoned leaders downplaying their achievements.

This live panel brings together women across cyber roles to discuss how imposter syndrome affects career growth, confidence, communication, and participation in a rapidly evolving industry.

We’ll explore real scenarios, mindset traps, cultural factors, and practical strategies for breaking through, so you walk away with clarity, language, and tools to own their place in the room.

Join Host, Kathy Chambers and Special Guests Yvonne Rivera, Char Hunt, and Kim Mansour - bring your questions to live chat and we’ll answer them during the stream.

Register to attend now and meet us on Simply Cyber this Thursday: https://luma.com/4r4n63os

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking every day of the work week at simplycyber.io/streams & meet the community at simplycyber.io/discord!

SC ACADEMY WORKSHOP READING THE ATTACKER

Reading the Attacker: A Hands-On Ransomware Negotiation Workshop - Happening February 26th from 5:30 - 7:30 PM EST

​What if understanding how a ransomware gang negotiator was feeling could help you guide those negotiations? What if inducing affect and emotions in those online communications could help you influence how someone responds to you?

This workshop will familiarize all levels of participants with the foundations of how we process information based on how we think and what we are feeling.

This workshop taught by a certified former FBI profiler who specialized in online influence will provide demonstrations and exercises on how to analyze ransomware negotiations based on the affect and emotions in those communications and how to design a behaviorally based communications strategy that induces affect and emotions in those online communications.

​Live Workshop Fee only $99 - get in on this while spaces are still available!

Register Now via Zoom: https://us06web.zoom.us/webinar/register/WN_M3c4mXpqQWKGkS3ERrxFKQ#/registration

SIMPLY CYBER MONTHLY EVENTS

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry