THE HACKERS ARE ALREADY ONLINE WITH YOU : DID YOU CLICK AT THE WRONG TIME ?

In partnership with

🤖 Dear internet users and fellow Cyberdefenders,

Imagine : you are at your desk, ready for a routine Zoom interview with a LinkedIn recruiter... and without knowing it, you have just opened a breach in your entire system. Not a massive attack. Not a digital missile. No — a simple click. A link. A fake plugin. And everything falls apart.

Welcome to 2025.

The battlefield is no longer limited to your servers, your emails, or your firewalls. It is in your meetings, in your professional social networks, in your most innocuous habits. Cybercriminals no longer force your defenses: they make you open the door for them with a smile.

The enemy ? Invisible. Persistent. Perfectly disguised.

A fake HR recruiter. A targeted LinkedIn message. A poorly protected VPN access. Ransomware deployed from the shadows. The infrastructure is compromised before your sensors even have time to blink.

And meanwhile, your leaders think they are safe. Your employees believe they recognize their contacts. Your tools become your weaknesses.

But this newsletter is not just a warning.

It is a tactical briefing. A mapping of real threats. A roadmap for analysts, CISOs, and cyber strategists.

You are the last line of defense.

Will you be able to detect the enemy before they act?

So read on. And prepare yourself.

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

Highlights :

👉 They want to trap you on Zoom: the formidable new HR scam 🎥 

👉 48% of ransomware exploits your VPN: here is why you are in danger 🛡️

👉 LinkedIn has become a minefield: how hackers target your executives 💼 

👉 2026: the year cybersecurity will no longer be negotiable 📜 

👉 Awareness 2.0: when AI takes control of anti-phishing campaigns 🤖

If this letter was forwarded to you, subscribe by clicking this link 

🗞️​ Guess what ?

🤓​ Would you like to know more ?

1️⃣​ They want to trap you on Zoom : the formidable new HR scam

Summary : Cybercriminals are targeting your recruitment processes: after an initial contact on LinkedIn, they send a convincing email stating "you have been selected for an interview," followed by a "Zoom invitation" link. This link leads to a fake site that requires the installation of a remote support program (e.g., a fake "update" to join the meeting). Once installed, the tool can serve as a backdoor to install ransomware or surveillance tools. The reflex must be the same as for a suspicious email: confirm the offer directly with the company, verify the sender domain, and never install unsolicited software.

Details :

• Credible impersonation : The name used in the email is that of a real employee of the company, creating a false sense of legitimacy. The attacker relies on public LinkedIn profiles to reinforce the effect of trust.

• Fraudulent address : The sender uses a generic address like Gmail or Outlook, whereas a legitimate company would use an official domain. This inconsistency often goes unnoticed, especially if the message appearance is polished.

• Booby-trapped link : URLs present in the email are shortened via services like t[.]co, making the real address invisible. These links redirect to professional-looking sites designed to deceive the user.

• Fake software : The site invites the user to download a supposed meeting plugin, which is actually a remote control tool. This file is not immediately detected as malicious, which facilitates its execution.

• Total control : Once installed, the software offers the attacker unlimited access to the targeted machine. This allows the silent deployment of ransomware or more sophisticated surveillance tools.

What should be remembered ?

The access mode may seem "usual" (interview, Zoom, etc.), but conceals a high-risk initial access strategy. For companies, this type of scenario demonstrates that vigilance must no longer be limited to traditional emails: recruitment and video conferencing platforms must be approached as potential intrusion vectors. Will you be able to spot the decoy before it is too late ?

2️⃣ 48% of ransomware exploits your VPN : here is why you are in danger

Summary : According to the Beazley report, the third quarter of 2025 saw 48% of ransomware attacks begin with valid VPN credentials. Groups like Akira, Qilin, or INC Ransomware exploit SSL-VPN equipment via credential stuffing or the absence of MFA. The report warns about the commoditization of stolen credentials. The recommendation is simple: adopt robust MFA, segment access, and audit exposed VPN devices.

Details :

• Explosion of vulnerabilities: Q3 2025 saw the publication of 11,775 CVEs, including several critical ones affecting widely used tools. The multiplication of flaws reinforces the pressure on IT teams.

• Preferred methods: Attackers use credential stuffing to exploit exposed credentials. In the absence of MFA or lockout policies, access is often obtained effortlessly.

• Role of infostealers: Malware like Rhadamanthys has taken over from Lumma to fuel cybercriminal marketplaces. These tools facilitate the compromise of VPN credentials on a large scale.

• External attack surface: VPNs directly exposed to the Internet without adequate filtering represent a major risk. Too often, they are neither segmented nor actively monitored.

• Recommended response: Companies must deploy conditional access policies, strengthen MFA, and ensure continuous monitoring. It is also essential to have a rapid remediation strategy.

What should be remembered ?

The VPN has become an intrusion vector. Without MFA and strict security policies, it offers direct access to critical infrastructure. Have you checked if your remote accesses are still safe ?

3️⃣​ LinkedIn has become a minefield : how hackers target your executives

Summary : 1 in 3 attacks no longer goes through email. LinkedIn DMs, used on professional accounts accessed from corporate devices, are the hackers' new weapon. They impersonate compromised accounts, target executives, and bypass traditional protections. Companies often have no means of detection or response on these channels.

Details:

• Channel invisibility: LinkedIn evades classic threat detection tools, notably email gateways and proxies. DMs are not monitored, creating a blind spot.

• Account compromise: Hackers prefer to rely on already credible accounts, recovered via leaks or infostealers. This drastically increases the chances of success.

• Strategic targeting: LinkedIn profiles reveal valuable information on privileges and responsibilities. Attackers can easily identify high-potential targets.

• Optimized spear-phishing: By combining generative AI and contextual data, hackers create very convincing messages. Interaction via a social platform makes manipulation even more effective.

• Domino effect: A compromise can open the door to the SSO ecosystem and other internal applications. The risk of lateral movement is high, even from a personal account.

What should be remembered ?

Social networks have become major attack channels. Protection must extend beyond just the email perimeter. Will you be able to distinguish a real connection request from a targeted attack ? 

4️⃣​ 2026 : the year cybersecurity will no longer be negotiable 

Summary : Between NIS2 and DORA, 2026 promises to be a transformative year for cyber governance. Companies must demonstrate their ability to react, monitor, and protect their supply chains. But reality still shows a gap between ambition and execution. It is urgent to create shared cyber governance. 

Details:

• Strengthened regulation: Requirements are increasing with concrete obligations for proof of compliance. Auditing is becoming a norm, not an option.

• Vulnerable supply chains: External partners remain the easiest entry point. Too few companies demand solid guarantees from their subcontractors.

• Cross-functional mobilization: Cybersecurity is becoming a legal, financial, and operational issue. Organizational silos slow down the effectiveness of responses.

• Necessary decompartmentalization: Transversal programs must emerge, integrating compliance, continuity, and security. This implies steering by governance.

• Strategic awareness: All hierarchical levels must be trained in cyber culture. This goes beyond simple ad-hoc training.

What should be remembered ?

Compliance is no longer enough. Resilience is built through transversal governance and a culture of cybersecurity. Are you ready to transform your model before it is imposed by a crisis ?

5️⃣ Awareness 2.0 : when AI takes control of anti-phishing campaigns

Summary : AI is making its way into cybersecurity training. Sensiwave, a solution by Conscio Technologies, offers automatic generation of realistic and contextualized internal phishing campaigns. The interface is simplified, the analysis improved. The objective : detect weak reflexes, reinforce attention, and create pedagogical repetition without increasing the burden on security teams.

Details:

• Automated campaigns: The platform allows launching campaigns in a few clicks thanks to a simplified interface. Templates are reusable and customizable.

• AI-simulated phishing: Generated messages mimic techniques used in real attacks. This improves the relevance of simulation exercises.

• Advanced analysis: Results are centralized in dashboards with detailed metrics. This facilitates the continuous adaptation of campaigns.

• Credible scenarios: AI automatically adjusts messages according to the sector or past behaviors. This increases the element of surprise and educational effectiveness.

• HR Optimization: Automation frees security teams from repetitive tasks. They can focus on support and strategic analysis.

What should be remembered ?

Cyber training is no longer an annual module, but a continuous process. AI makes it smarter, more precise, more efficient. Have you updated your programs before hackers update theirs ?

LIEUTENANT'S REPORT 🏆

AI + SOC = The strategic alliance to stop suffering from alerts

Mate is a newly launched U.S. startup offering a SOC platform driven by autonomous AI agents designed to reduce alert fatigue, handle false positives, and automate initial investigations.

Highlight :

Mate has positioned itself at a critical moment : with 83% of SOC analysts reporting being overwhelmed by the volume of alerts and false positives, Mate’s solution steps in to relieve the human team and accelerate responses.

Specifically, the startup announced that its platform is capable of automatically ingesting logs, extracting context, prioritizing incidents, and generating investigation workflows without requiring manual intervention at every step. This allows a SOC team to focus on high-stakes strategic cases rather than thousands of daily items of “noise.”

For a CISO or CIO, this approach marks a paradigm shift: rather than increasing the size of the SOC team, you increase automation and processing intelligence. The anecdote: Mate wrapped up its private beta phase in just a few months and has already signed initial contracts with Fortune 500 companies before fully opening its commercial offering.

CYBERTRIVIA - DID YOU KNOW ? 🤔

The biggest data breach in history isn’t the one you think

In 2019, researchers discovered that over 773 million email addresses and 21 million unique passwords were compiled in a database named "Collection #1". This mega-set, stemming from multiple leaks, was freely distributed on underground forums.

Why is this still relevant in 2025 ? Because this data is still being used in credential stuffing attacks, particularly on corporate VPN services. Some companies still haven’t invalidated these credentials — 6 years later.

Let me know if you need further adjustments !