Cybersecurity isn’t slowing down, and this week’s headlines show just how broad the threat landscape has become. From North Korean hackers targeting cryptocurrency and AI-powered voice scams, to vulnerabilities in WordPress and VMware tools, it’s another reminder that security awareness and vigilance must span every level of the organization. Whether you lead a church, nonprofit, or business, these stories offer lessons to apply right now.
Secure Generations Awareness Toolkit
SANS has released its Secure Generations Awareness Toolkit, offering a practical resource for organizations to promote security awareness across age groups. It includes free materials to help leaders educate staff, volunteers, and families on recognizing modern digital threats—a great resource for awareness programs in faith-based and nonprofit settings.
🔗 Read more on SANS
What Is a Virtual CISO (vCISO)?
TechTarget offers a clear breakdown of what a virtual Chief Information Security Officer is, how they operate, and when an organization should consider one. For nonprofits or smaller entities without a full-time CISO, this article explains how a vCISO can provide strategic guidance, policy development, and risk oversight without the cost of an internal role.
🔗 Learn more on TechTarget
North Korean Hackers Steal Millions in Crypto
Researchers have uncovered a North Korean campaign focused on cryptocurrency theft, using advanced phishing and social engineering tactics to steal digital assets. These operations fund the regime’s weapons programs and highlight how state actors exploit financial systems and human trust alike.
🔗 Full story on Help Net Security
AI Voice Cloning Fuels Vishing Risks
Dark Reading reports on the growing trend of AI-generated voice cloning used in vishing (voice phishing) attacks. Scammers can now convincingly impersonate executives or loved ones, creating urgent, believable calls to trick victims into transferring funds or revealing credentials. Awareness and verification protocols are crucial defenses.
🔗 Read more on Dark Reading
U.S. Law Firm Breach Exposes Email Systems
Hackers successfully breached a major U.S. law firm, compromising internal email communications and client data. Additionally, this access could allow emails to be sent to other parties – bypassing those parties email filters through the use of trusted email accounts.
🔗 More from The Record
Phishers Exploit 1Password’s Watchtower
Attackers are turning 1Password’s Watchtower—a legitimate password security tool—into a blind spot for phishing campaigns. By spoofing its alerts, threat actors lure users into entering credentials on fake pages that mimic security warnings. Even security tools can become tools for deception when users aren’t cautious.
🔗 Read more on CSO Online
Jaguar Land Rover Suffers Cyber Disruption
Jaguar Land Rover continues to struggle with a prolonged cyberattack disrupting manufacturing operations. With production downtime estimated at over a month, the incident reinforces that even well-resourced enterprises can face severe operational and financial consequences from digital attacks.
🔗 Coverage on Dark Reading
Email Phishing Breach Exposes 150,000 Records
A phishing attack that lasted only an hour exposed protected health information (PHI) of 150,000 individuals. The breach demonstrates how quickly damage can occur when attackers exploit human error and access to email systems. Fast detection and layered defenses are critical to reduce exposure.
🔗 More on BankInfoSecurity
WordPress Theme Exploit Targets Service Finder
Hackers are exploiting an authentication bypass flaw in the Service Finder WordPress theme to gain admin access. Website operators are urged to update immediately or disable the theme to prevent compromise. The attack highlights the risks of using outdated or poorly maintained web components.
🔗 Read on BleepingComputer
VMware Patches High-Severity Flaws
VMware has issued patches for several high-severity vulnerabilities affecting Aria Operations for Networks, NSX, and vCenter. These flaws could allow remote code execution and privilege escalation. Organizations running VMware infrastructure should prioritize patching and verify system hardening.
🔗 More from SecurityWeek
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!