- Simply Cyber Newsletter
- Posts
- Simply Cyber Newsletter #183
Simply Cyber Newsletter #183
Crush Your Week Like a Cyber Pro with Simply Cyber!
Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter.
FOR END USERS
Scammers are abusing an internal Microsoft account to send spam links. Scammers have been abusing a legitimate Microsoft notification email address to send phishing-style messages that appear trustworthy to recipients. The emails imitate account alerts and private message notifications, showing how threat actors are increasingly weaponizing trusted brands and familiar communication channels to trick users into clicking malicious links.
What you need to know: Educate your end users about how modern phishing attacks are increasingly abusing trusted brands, legitimate-looking email addresses, and familiar account notifications to create a false sense of safety. In this case, scammers were able to send spam-style emails from an address associated with legitimate Microsoft account alerts, making the messages appear more believable to recipients. Remind users that verifying a sender alone is no longer enough to determine whether an email is safe.
Encourage employees to slow down when receiving urgent account notices, unexpected fraud alerts, or messages asking them to click links or review account activity. Reinforce the importance of navigating directly to trusted websites instead of using links inside emails whenever possible. This is also a good opportunity to remind employees that attackers increasingly rely on emotional reactions such as urgency, fear, curiosity, and trust in familiar brands to bypass critical thinking and trigger quick actions.
FOR PEERS
GitHub confirms breach of 3,800 repos via malicious VSCode extension. GitHub confirmed that attackers breached roughly 3,800 internal repositories after an employee installed a malicious Visual Studio Code extension tied to a broader supply-chain campaign linked to TeamPCP. Researchers say the operation leveraged poisoned developer tools and npm packages to steal credentials, access repositories, and compromise software development environments.
What you need to know: Share this with your peers as a reminder that developer environments are no longer just productivity workspaces. They are privileged access paths into source code, secrets, build systems, and internal repositories. In this case, a malicious Visual Studio Code extension reportedly compromised an employee device and exposed thousands of GitHub internal repositories.
This is a good opportunity to review blast radius, not just extension approval. Teams should validate whether one compromised developer workstation can access too many repositories, whether tokens are scoped and short-lived, and whether repository access is segmented by role and need. Security teams should also monitor unusual repo cloning, extension behavior, and authentication activity from developer endpoints. The goal is not only preventing malicious tools from being installed, but limiting what they can reach when trust fails.
FOR EXECUTIVES
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict. CISA is urging critical infrastructure organizations to prepare for operating independently from IT systems, vendors, and telecommunications providers for weeks or months during a major cyber event. The guidance reflects ongoing concerns that nation-state groups continue targeting operational technology and interconnected infrastructure environments.
What you need to know: For executives, this is a reminder that resilience planning must extend beyond preventing attacks and include maintaining operations during prolonged disruption. CISA’s guidance highlights a growing concern that organizations may need to isolate operational technology from corporate networks, vendors, cloud services, and telecommunications providers during a cyber crisis while still delivering critical services.
Leaders should evaluate whether essential business functions can continue under degraded conditions, what dependencies exist on third parties, and how recovery priorities would be managed during extended outages. This is also a good opportunity to review manual fallback procedures, backup communications, recovery testing, and continuity plans tied to operational technology environments. As cyber threats increasingly target interconnected systems and supply chains, resilience is becoming just as important as prevention.
Autonomous AI employees, without the runaway bill.
Autonomous agents shouldn’t come with surprise bills. SureThing is built to be an affordable AI employee: it matches each task to the lowest-cost model that can complete it well, shows what the work cost, and only uses stronger models when the job actually needs them.

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF
Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber every weekday at 8:00 AM EDT: https://cyberthreatbrief.simplycyber.io
Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.
NEW VIDEO: SOC ANALYST INTERVIEW - PART 3
You've been closing the same alert every day for 2 weeks. Your teammate says just mark it false positive and move on. What do you actually do?
This isn't just a triage question — it's testing your understanding of SOC maturity, alert tuning, documentation, and your responsibility to the entire team.
In this video, three SOC analyst candidates answer one of the most underrated interview questions in the field, with expert commentary from Eric Capuano breaking down exactly what separates analysts who close tickets from analysts who make the whole operation better.
Whether you're prepping for your first SOC interview or leveling up your detection engineering mindset, this is the kind of real-world thinking that gets you hired.
Watch now on Simply Cyber Media Group: https://youtu.be/SupZfdNAqnY
SIMPLY CYBER FIRESIDES: CYBER THREAT INTEL SKILLS
Cyber threat intelligence is more than collecting indicators or searching the dark web. Strong CTI programs are built on frameworks, analysis, logic, and the ability to turn information into actionable intelligence.
In this episode of Simply Cyber Firesides, host Gerald Auger, Ph.D. is joined by Wade Wells for a conversation focused on the real skills behind effective cyber threat intelligence work.
Wade has years of experience across security operations, threat hunting, detection engineering, and intelligence analysis in enterprise environments. His work focuses on helping organizations understand threats in context and make better security decisions through intelligence-driven operations.
Join us as we explore concepts from Wade’s upcoming Cyber Threat Intelligence 101 training, which focuses on building strong analytical foundations instead of relying solely on tools.
🎯 In this SC Firesides chat, we discuss:
• What cyber threat intelligence actually is in practice
• Core CTI frameworks and analytical approaches
• How AI is beginning to influence intelligence workflows
• What skills matter most for aspiring CTI professionals
This session is valuable for SOC analysts, threat hunters, intelligence professionals, and anyone looking to better understand how intelligence supports modern cybersecurity operations.
Thursday at 4:30 PM EDT: https://youtube.com/live/f1zGzktbcyw
Register to attend and get an email reminder: https://luma.com/hwq7di4m
SC MEDIA GROUP WEEKLY EVENTS SCHEDULE
Join us for learning and networking every day of the work week on YouTube: youtube.com/@simplycyber
Connect with the SC Discord community: simplycyber.io/discord
SIMPLY CYBER MONTHLY EVENTS LINEUP
Want to know what’s happening at Simply Cyber at any given time?
Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber
SC ACADEMY THE PLACE FOR CYBER CAREERS
At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.
The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.
Check out the NEW FREE courses available in the academy!
SIMPLY CYBER ACADEMY BLOG HIGHLIGHT
Check out the highlighted blog on Simply Cyber Academy: https://academy.simplycyber.io/p/Blog?p=breaking-into-cybersecurity-top-career-questions-answered
LET’S CONNECT
Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.
As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.
Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.
Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.
Thank you and see you again next week, #TeamSC!
Gerry







