Think Twice Before You Click ‘Unsubscribe’

That link at the bottom of your email might clean up your inbox—or make you a bigger target

https://www.wsj.com/tech/cybersecurity/unsubscribe-email-security-38b40abf

AI is the new attack surface—are you ready?

From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.

Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:

The rise of shadow AI (yes, your team is probably using it!)
Real-world examples of AI misconfigurations and account takeovers
What to ask vendors about their AI usage
How to update your incident response plan for deepfakes
Actionable steps for AI risk assessments and inventories

Don’t let your AI deployment become your biggest security blind spot.

Watch now: https://youtu.be/R9z9A0eTvp0

Just released! Our Top Cybersecurity Control selection for Q2 2025 is Continuous Vulnerability Management (CVM).

Why CVM? We’ve analyzed the trends, and today’s threat landscape demands more than periodic scans and reactive fixes. Attackers are exploiting new vulnerabilities within hours, sometimes minutes, of disclosure. You need a program that’s always on, and it’s also becoming a compliance necessity.

Read the analysis on why CVM is the top control for Q2 and how to put it into action: https://www.lmgsecurity.com/why-continuous-vulnerability-management-is-the-top-cybersecurity-control-for-q2-2025/?latest

Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?

These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.

Join us as we unpack:
What “high-agency behavior” means in cutting-edge AI
How API access can expose unpredictable and dangerous model actions
Why these findings matter now for security teams
What it all means for incident response and digital trust

Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!

Register today: https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/

Be on the lookout for any unauthorized logins or suspicious activity.

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online https://www.malwarebytes.com/blog/news/2025/05/184-million-logins-for-instagram-roblox-facebook-snapchat-and-more-exposed-online

Almost every organization is using some type of AI, but are you securing it?

Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates

From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.

Check it out: https://www.lmgsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/

Is your data a security risk?

Organizations are rapidly embracing AI and cloud transformation, resulting in massive data consolidation. But with increased data comes increased risk. Are your sensitive datasets secure, or are you unknowingly exposing your organization?

In this video, we dive into:
Why security and SIEM tools are driving the growth of data lakes
Hidden risks from shadow data and shadow IT
Practical asset management challenges and tips to reduce your risk

Watch now for data and asset management tips! https://youtu.be/jYkW1GHmzEE

What happens to your digital world when you die?

In this noteworthy episode of Cyberside Chats, “Afterlife Access: Cybersecurity Planning for When You’re Gone,” we’re tackling this question that most people overlook.

Special guest @tompohl joins @sherridavidoff to explore the privacy and cybersecurity challenges of death and incapacity—from encrypted files and password managers to social media and smart devices.

Learn practical steps for protecting your digital legacy, including how to:

Create a secure digital inventory
Set up emergency access in password managers
Choose and prepare a digital executor
Plan your online presence after death
Build policies for organizational continuity

Don’t miss this timely conversation.
Video: https://youtu.be/gkFm_FowimI
Podcast: https://www.chatcyberside.com/e/navigating-your-digital-afterlife-ensuring-access-after-youre-gone/

Deepfake Danger: FBI Issues Urgent Warning on AI Voice Attacks

Since April, cybercriminals have been using AI-generated voice deepfakes to impersonate senior U.S. officials in phishing attacks that target current and former government personnel.

The FBI’s latest alert warns of growing threats from vishing (voice phishing) and smishing (SMS phishing), where attackers use cloned voices and fake texts to build trust, then trick victims into handing over sensitive data or access.

One tactic? Sending links that move the conversation to other messaging platforms, then hijacking accounts to target additional contacts.

You can't assume messages or even video calls are real these days, so always verify sensitive requests through another known communications channel! These attacks underscore the need for stronger verification protocols, staff training, and multi-layered defenses. Contact us if you need help implementing these proactive cybersecurity controls.

Read the full article: https://www.bleepingcomputer.com/news/security/fbi-us-officials-targeted-in-voice-deepfake-attacks-since-april/

Are your defenses ready for the quantum future?

Quantum computing and cybersecurity are on a collision course—and it's time to start thinking about the impacts it will have on your organization.

Check out our latest blog to learn what quantum computing means for your organization, the NIST standards, how to protect your data, and what steps to take right now to stay ahead of the curve.

Read more: https://www.lmgsecurity.com/quantum-computing-and-cybersecurity-how-to-secure-the-quantum-future/

The hackers got hacked! In an ironic twist, LockBit, the infamous ransomware-as-a-service gang, was breached. Watch the new episode of Cyberside Chats as @sherridavidoff and @MDurrin share the details and explain what it means for cyber defenders.

We explore what was leaked, why it matters, and how this incident compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization.

Watch or listen now and get practical takeaways to strengthen your ransomware response playbook.

Watch: https://youtu.be/xr-8GhazgME
Listen: https://www.chatcyberside.com/e/lockbits-own-medicine-when-hackers-get-hacked/?token=914ee622fe9d4797c7a87bfedd0294f0

File Transfer Tools Under Fire

Secure file transfer vulnerabilities are fueling massive breaches—and insurers are tightening the rules. In just 9 minutes, get expert insights on:

The ripple effect of the CrowdStrike outage
How the Cleo breach by the Clop gang impacts your data
AI’s role in faster exploits and leaked code weaponization
How cyber insurance is evolving
What your team can do to stay protected

From MoveIt to Cleo, file transfer tools are prime targets. Don’t become the next headline.

Watch now: https://youtu.be/vAm5N8c2EGk

2025 Ransomware Trends You Need to Know

Ransomware isn’t slowing down—in fact, it’s evolving faster than ever in 2025. Watch our new video for details on ransomware trends, including:

AI-powered ransomware that evolves faster than defenders can keep up
A surge in rookie attackers using leaked playbooks and dark web kits
The 2025 must-have proactive prevention strategies

Watch now for the details! https://youtu.be/r4_ePm3swE0

The FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.

Watch the full Cyberside Chats episode to hear @sherridavidoff and @MDurrin 's insights on:

The FBI’s May 2025 alert
TheMoon malware and the Faceless proxy service
What these botnets mean for your enterprise
What you need to do now to stay protected

Watch the video: https://youtu.be/x_40BlvWsHk
Listen to the podcast: https://www.chatcyberside.com/e/outdated-routers-a-hidden-threat-in-your-neighborhood/?token=b0b648ff9ddf79f7cb1099945c74f7f0

Congratulations to @sherridavidoff and @MDurrin for an amazing session at #RSAC! PCWorld called their session on Evil AI and hacker tools like WormGPT “a glimpse into a mirror universe” that provided an “aha” moment about how AI is already impacting cybersecurity.

In a packed room at RSA, Sherri and Matt demonstrated how rogue AI tools are already finding vulnerabilities faster than many defensive systems and how the cybersecurity community must adapt.

Read PCWorld's full article: https://ow.ly/M6gz50VMXGo

AI is making #cyberattacks faster and easier. Are you ready?

In our latest podcast, Hacker AI: Smarter Attacks, Faster Exploits, Higher Stakes, @sherridavidoff and @MDurrin dive into how cybercriminals are weaponizing AI to launch more convincing, scalable attacks—from deepfake scams to AI-assisted exploit development.
You'll hear about original research using real underground AI tools like WormGPT, plus field-tested strategies you can put into action today to defend your organization.

Watch the full episode: https://youtu.be/QfhmG7QxTdI
Listen on your favorite podcast app: https://www.chatcyberside.com/e/ai-in-cybercrime-how-hackers-exploit-artificial-intelligence/?token=57dafee9697759cbee09dcdd4929876a

Cybercriminals are using Google Ads to hijack accounts, steal data, and clone websites using AI—and it’s happening faster than you think.

Want to keep your company safe? Watch our latest video: Malvertising Attacks: How Google Ad Spoofed Account Attacks Work. You'll learn how these attacks work, why phishing is moving beyond email, and what practical steps you can take to defend your organization. https://youtu.be/Q_qTvyVlGwc

Microsoft 365 credential theft is evolving quickly!

Attackers are no longer just stealing your login—they’re using your own AI tools like Microsoft Copilot to accelerate fraud from inside your environment.

Our 4-minute video breaks down how threat actors are targeting Microsoft 365 accounts and weaponizing Copilot, Teams, SharePoint, and more to perform rapid reconnaissance, commit fraud, and exploit centralized trust systems.

Watch now to learn:

How Copilot can be used against you
Real phishing tactics mimicking Microsoft 365, Adobe & DocuSign
Why SSO, OAuth, and poor access controls can make attacks worse
What your organization must do to stay ahead

Watch the video! https://youtu.be/zaBwxy1Gjhc

How your team responds to a data breach can make a $1.5 million difference in damages. In our latest blog, Security Consultant Derek Rowe answers frequently asked questions about critical incident response training. This FAQ covers everything from what to look for in a class and how to grade your IT training maturity, to how IT training impacts compliance and BCDR.

Don’t wait for an attack to find out how prepared your team is. Read the blog: https://www.lmgsecurity.com/critical-incident-response-training-your-top-questions-answered/

Register for Cyberside Chats: Live! Quantum Shift: How Cybersecurity Must Evolve Now!

Quantum computing is on the horizon, and it has the potential to revolutionize the way we think about cybersecurity. Join our April 23rd live session where cybersecurity experts @sherridavidoff and @MDurrin will dive into the implications of quantum technology on encryption and data security. Learn what steps security leaders should take today to prepare for this disruptive shift.

Don’t miss out on this opportunity to ask questions and stay ahead of emerging threats. Register now!

https://www.lmgsecurity.com/event/cyberside-chats-live-april25/