YOU'VE SECURED YOUR NETWORK? TOO BAD, YOU'RE THE VULNERABILITY...

In partnership with

🤖 Dear internet users and fellow Cyberdefenders,

You thought the danger came from viruses ? Ransomware ? Think again, soldier. Today, the pirates’ ultimate weapon is no longer a line of code… it’s you. 

Every click is a grenade. Every unverified reply, a breach. Even the best soldiers—those with iron-clad passwords and MFA on all fronts—are falling. Not because they’re weak. But because they trust. And that’s exactly what the enemy is waiting for. 

The opposing camp’s new recruits ? AIs that can mimic your boss’s voice. Fake emails that perfectly imitate your applications. Attacks no longer carried out by humans… but by machines that understand how we think. 

But rest assured : the war is not lost. Not yet. 

High Command (aka us) has prepared this mission briefing for you. On the agenda: mental manipulation, high-stakes phishing, European cyber-diplomacy, the accountants’ rebellion… and even a Google AI that patches vulnerabilities before they’re even discovered. 

So, put on your cognitive armor. 

Scroll to the bottom. 

And above all, stay digitally alive.

Highlights :

👉 You Think You're Unhackable ? Hackers Are Counting On It… 🧠

👉 ALERT: Fake 1Password Emails Are Tricking Even the Experts ⚠️

👉 Data vs. Security: The EU’s Battle Against Unfettered Encryption 🏛️

👉 CFOs Are Turning into Cyber-Warriors: Thanks, CIMA 🛡️

👉 Google DeepMind : AIs That Patch Flaws Before the Hackers Do 🤖

If this letter was forwarded to you, subscribe by clicking this link 

🗞️​ Guess what ?

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

🤓​ Would you like to know more ?

1️⃣​ You Think You're Unhackable ? Hackers Are Counting On It…

Summary : Even the most aware users fall victim to social engineering. This type of attack doesn’t target systems, but humans. One word too many, one thoughtless action, and everything collapses. The human factor is, more than ever, the most critical vulnerability to address.

Details :

• The Illusion of Technical Security : Even with complex passwords and MFA properly configured, cybercriminals bypass systems by manipulating individuals through well-honed techniques.  

• The Art of Manipulation: Attackers pose as colleagues or technicians, playing on urgency or fear to push their targets into divulging sensitive information.

• A Striking Example: Rachel Tobac, a pentesting expert, successfully obtained sensitive data from an executive assistant in just 30 seconds. No technical exploit was used: only well-rehearsed theatrics.  

• The Impact of AI: From voice deepfakes to agentic AI, attack tools are gaining in realism and scalability. A call from a fake colleague becomes indistinguishable from a real one.

• Towards Behavioral Security: Individuals must be trained to detect these attempts. Security now relies as much on vigilance as it does on technology.

What should be remembered ?

Social engineering is not a marginal threat; it is the core problem in modern cybersecurity. Training users, establishing verification protocols, and fostering a culture of "polite paranoia" are now essential for the digital survival of organizations.

 —————————————————————————

2️⃣ ALERT : Fake 1Password Emails Are Tricking Even the Experts

Summary : A targeted phishing attack attempted to extract the 1Password credentials of a Malwarebytes employee. A fake "Watchtower" email redirected to a spoofed site: onepass-word[.]com. Fortunately, the attempt was quickly detected.

Details :

• A Credible Lure : The email mimicked a real message from Watchtower, 1Password's breach monitoring feature. The URL used imitated the official domain name.  

• Clever Redirection via Mandrillapp: The link was routed through a real transactional email service (Mailchimp) to deceive filtering protections.  

• Rapid Response: The fraudulent domain was blacklisted by the next day. Clicks then displayed an error message instead of the fake form.

• A Persistent Threat: Similar campaigns had already been spotted in September. Password managers are a prime target for attackers.

• Defense Tips: Never click on a link in an email concerning your digital vault. Always go directly through the app or the official website.

What should be remembered?

Password managers have become primary targets for phishers. A single compromise can grant access to hundreds of accounts. Vigilance against unexpected emails is vital, even for the pros.

 ——————————————————————

3️⃣​ Data vs. Security: The EU’s Battle Against Unfettered Encryption

Summary : At the Cybercrime Conference 2025, Europol warned about the obstacles that encryption and anonymization pose to lawful access to digital data. A tense debate between respecting freedoms and the need for effective investigations. 

Details:

• A Legal and Ethical Challenge: Advanced anonymization technologies are exploited by criminals faster than laws can adapt.  

• A Call for European Unity: Magnus Brunner argued for strengthening Europol's mandate and harmonizing cybersecurity policies at the European level.

• Concrete Case Studies: Operations "Eastwood" and "Ratatouille" highlighted the difficulty of investigating networks protected by highly advanced technical layers.

• Cyber Diplomacy in Progress: Discussions between governments and industry show that dialogue on regulated data access is possible.

• Prevention Through Cooperation: National CSIRTs exchanged best practices with ENISA on technical response and collective resilience.

What should be remembered ?

Digital sovereignty cannot be achieved without reconciling security and liberty. Europol is calling for a Europe capable of tracing data without falling into mass surveillance. A subtle but urgent balance must be found.

  ————————————————————-

4️⃣​ CFOs Are Turning into Cyber-Warriors : Thanks, CIMA

Summary : CIMA is updating its CGMA Cybersecurity Tool to help finance professionals integrate cybersecurity into risk management. A clear recognition of their growing role in digital defense strategy.

Details:

• A Strategic Role: Finance professionals master risk, compliance, and governance—fundamental pillars of cybersecurity.  

• An Enhanced Tool: The CGMA Cybersecurity Tool provides concrete guidelines on cyber insurance, incident response, and resilience practices.

• A Leadership Vision: Andrew Harding insists: cybersecurity is now a competitive advantage, not just a protective measure.

• International Recognition: CIMA is being integrated into professional qualifications in China, proving that cybersecurity is becoming a cross-functional and global skill.

• Action-Oriented Training: The tool offers operational strategies adapted to a constantly changing digital landscape.

What should be remembered?

Cyber defense is no longer limited to the CIO. The CFO is becoming a decisive player. CIMA is formalizing this role with a structured tool that transforms the finance department into a bastion of organizational security.

5️⃣ Google DeepMind: AIs That Patch Flaws Before the Hackers Do

Summary : CodeMender, the new AI from Google DeepMind, automatically detects and patches vulnerabilities in open-source projects. A major breakthrough that combines fuzzing, multi-agent analysis, and secure code rewriting.

Details:

• A Dual Function: CodeMender acts in reactive mode to fix known vulnerabilities, but also in proactive mode to restructure at-risk code.  

• Advanced Technology: The AI uses differential testing, fuzzing, and a multi-agent architecture to analyze and cleanly rewrite code.

• Concrete Impact : It has already submitted 72 patches, including one for libwebp, famous for a zero-click exploit used in 2023.

• Human Quality Control: For now, all patches are reviewed by researchers before submission. DeepMind remains cautious.

• Big Sleep in Support: DeepMind is also developing Big Sleep, another agent designed to find unknown flaws in critical systems.

What should be remembered?

AI is no longer just an attack tool. With CodeMender, it becomes a key player in preventive defense. This proactive approach is a game-changer for open-source security, but it also raises the question of human oversight.

LIEUTENANT'S REPORT 🏆

Cyberhaven : The Data-Tracking Unit That Watches from Within

Cyberhaven is a data security startup (based in California) that offers a data-path intelligence solution. By observing how data is used, transformed, or moved inside and outside an organization, it can detect leaks, abnormal usage, or insider risks.

Highlight :

In 2025, Cyberhaven raised $100 million in its Series D funding round, achieving unicorn status. This funding round shows that the market recognizes the value of data traceability in hybrid, multi-cloud, and distributed environments. 

This startup embodies a powerful trend: the focus is no longer solely on technical vulnerabilities, but also on understanding the data lifecycle—who handles it, how, and when.

In a context where insider attacks and accidental disclosures are on the rise, Cyberhaven positions itself as a strategic safeguard for organizations that want to move beyond simple prevention and toward systemic visibility.

CYBERTRIVIA - DID YOU KNOW ? 🤔

The biggest crypto heist in history… was solved by a simple bug

In 2022, the decentralized finance platform Wormhole lost $320 million in cryptocurrency due to a bug in its smart contract. But the attack isn’t the most surprising part… its resolution is.

Volunteer developers analyzed the exploit live on Twitter, identifying the flaw in under 12 hours. The irony ? The attacker forgot to revoke certain access permissions—allowing the teams to regain partial control of the funds. 

The result: an ethical cyber counter-attack that looked like a reverse heist. This goes to show that in Web3, a forgotten line of code can be as dangerous—or as life-saving—as ransomware. 

👉️ Let me know if you need further adjustments !