From churches to transit systems, this week’s stories underscore a central truth: threat actors are increasingly targeting the institutions people trust most. Whether you’re a faith-based organization, a nonprofit, or a public agency, these headlines offer timely insights into the tools and tactics adversaries are using—and what defenders should watch out for.
Phishing Campaigns Increasingly Target Churches
A growing wave of phishing scams is directly targeting churches, impersonating pastors or finance teams to manipulate staff and volunteers. Faith-based organizations should double down on training, implement email protections, and verify financial requests by phone.
Read more on ReligionUnplugged
FBI Warns of Three-Phase Bank Draining Scam
The FBI has flagged a sophisticated fraud scheme that begins with phishing emails, escalates to fake customer support calls, and ends with bank account takeovers. Nonprofits and community groups should alert their staff and vulnerable populations they serve.
Read more on The Hill
FTC Consumer Protection and Privacy Enforcement Series: Kids’ Online Safety Is a Top Priority
Chairman Ferguson told Congress that enforcing the Children’s Online Privacy Protection Act (COPPA) is some of the agency’s “most valuable work,” and “protecting children and teens online is similarly of paramount importance” to this FTC.
Read more on JD Supra
Hackers Weaponize AI to Craft Convincing Emails
Threat actors are using AI to generate highly believable phishing messages, some delivering malware like ScreenConnect. This increases the risk for all organizations, especially those with less formal IT departments or support staff.
Read more on SecurityWeek
Maryland Transit Services Hit by Cyberattack
A cyberattack disabled paratransit services in Maryland, disrupting vital transportation for disabled individuals. This event emphasizes how digital threats can have real-world consequences for vulnerable populations.
Read more on The Record
Nevada Ransomware Attack Disrupts State Services
Nevada confirmed a ransomware attack that caused outages across state services. Government bodies and social service providers should ensure business continuity plans are up to date.
Read more on SecurityWeek
Attacks via Third-Party Integrations Target Google, Salesforce
Attackers exploited third-party apps to infiltrate platforms like Google Workspace and Salesforce. Any nonprofit or agency using cloud integrations should assess their risk exposure and restrict unnecessary app permissions.
Read more on Dark Reading
Hackers Breach TransUnion Vendor, Leak Customer Data
A third-party breach has led to the exposure of TransUnion customer data. The incident is another reminder of how vendor weaknesses can cascade down the supply chain.
Read more on Dark Reading
SANS Cheat Sheet: Third-Party Supply Chain Incident Management
SANS released a practical cheat sheet on what to do if your third-party and supply chain supplier is breached. It’s a great quick-reference resource.
Download from SANS
Two Exploited Android Vulnerabilities Patched
Google has patched two Android vulnerabilities under active exploitation. Any staff or volunteers using Android devices should apply these updates to avoid compromise.
Read more on SecurityWeek
HopeNet reviews a variety of security news sources so you don’t have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers who want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please sign up for this FREE newsletter at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!