Weekly #cybersecurity digest to your inbox

Subscribe for our weekly digest and get each Friday the most important cyber security news, list of upcoming free webinars and a summary of Cyberday development to your inbox.

Thanks! See you in your inbox on Fridays. :)

Unfortunately something went wrong. You can contact us at team@cyberdayai.

Recent #cybersecurity weekly digests

See full archive? Go to Weekly digests -page >>

🛡️ Cyberdigest: 10 things I wish I knew before ISO 27001 process 👀 2024 cyber trends ⚖️

Published at

17:02

Open digest

🛡️ Cyberdigest: Easter Greetings! 🐣 Read about NIS2 supervision and penalties 📝🛡️

Published at

17:00

Open digest

🛡️ Cyberdigest: Read about EU's top frameworks! 🛡️ AI in cybersecurity 🧠 Next week's webinars ➡️

Published at

17:00

Open digest

Webinars

See the full calendar? Go to Webinars-page >>

Coming up on:

Wednesday

30

.

5

.

at

14:00

Admin training (part 3/5): Risk management and security control implementation

Coming up on:

Wednesday

7

.

6

.

at

14:00

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Coming up on:

Wednesday

13

.

6

.

at

14:00

Admin training (part 4/5): Automating employee awareness, guidance and training

Coming up on:

Wednesday

21

.

6

.

at

15:00

ISO 27001 (part 3/5): Certification audit fundamentals

Coming up on:

Wednesday

9

.

8

.

at

14:00

Admin training (part 2/5): Framework selection and asset identification

Coming up on:

Wednesday

9

.

8

.

at

15:00

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Blog posts

Info of new posts? Subscribe now >>

10 things I wish I knew: Starting your ISO 27001 project on the right track

This post shares 10 key lessons learned from going through an ISO 27001 certification project - from the importance of setting clear goals and managing documentation to the realities of risk management and the value of using the right tools.

23.4.2025

Understanding NIS2: supervision and penalties of non-compliance

Let's now look into the NIS2 directive, it's supervision in EU member states and what is supervised. We'll also check out NIS2 penalties for noncompliance and how you can stay compliant (to avoid penalties).

15.4.2025

Comparing EU cybersecurity frameworks: NIS2, GDPR, DORA and more

A comparison of key cybersecurity frameworks in the EU, including NIS2, GDPR, DORA, CRA, and ISO 27001. Learn who they apply to and what they require.

10.4.2025

ISO 27001 compliance vs. certification: differences, benefits & which path to choose

Understanding when to pursue ISO 27001 compliance rather than going for certification—or vice versa—hinges on your organizational priorities, resources, and long-term security strategies. Check the differences and learn which path to choose.

1.4.2025

Framework recap, US security & and role management: Cyberday product and news summary 3/2025 🛡️

The March product and news update presents updates to role management and the new Trust Center, a review of the key frameworks for 2025 and US security.

28.3.2025

Understanding DORA compliance: Key steps to prepare your organization

Understand DORA compliance and get a clear DORA requirements summary with key compliance areas, practical steps, and essential guidelines to strengthen your organization's digital resilience.

18.3.2025

ISMS implementation: comparison of documents, wikis, ISMS tools and GRC

There are a few different approaches to building an ISMS. In this post, we’ll compare these different methods, helping you understand which might be the best fit for your organization’s security management needs.

6.3.2025

What is Statement of Applicability (SoA) in ISO 27001?

In this blog, we'll cover the main purpose and benefits of a well-working Statement of Applicability document. We'll also explain why SoA is important, and 4 key roles it can play in information security work.

4.3.2025

News articles

Get weekly news? Subscribe now >>

Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones

🚩 Students discovered: when a user starts fitness activity from home, an attacker can use app's API metadata to pinpoint their home location, even if they've set up an "endpoint privacy zone" (EPZ) for that area. #privacy

Go to article at

Avoid this "lost injured dog" Facebook hoax

Compromised or new accounts sending hoax posts to e.g. local community groups. Now with "Lost injured dog" approach. This is common - used to great effect in the “dead daughter / free PS5” scam last year. Avoiding hoaxes >> #cybercrime

Go to article at

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

Phones charge over USB cables, which carry both power and data. 🪫 When you plug into a USB outlet at an airport, how do you know you're only getting power, not a secret data connection? More info about #juicejacking >> #cybersecurity

Go to article at

Fake Chrome updates spread malware

⚠️ Campaign (since Nov-22) uses vulnerable, hacked sites to push fake browser updates. Malicious JS shows an update msg and automatically downloads a zip when landing on the page. Opening the file will execute a cryptominer #malware.

Go to article at

Discarded, not destroyed: Old routers reveal corporate secrets

🗑️ The fate of a discarded routers? ESET purchased a few used ones to investigate. In many cases, previous configurations weren't wiped and data could be used to identify the prior owners and network details. #cybersecurity

Go to article at

AI chatbots making it harder to spot phishing emails, say experts

⚠️ Europol issues a warning about criminal use of ChatGPT "AI allows crafting very believable ‘spear-phishing’ emails and other written communication with very little effort, especially compared to what you have to do before." #phishing

Go to article at

Pig butchering scams: The anatomy of a fast‑growing threat

💬 Hyper-connectedness cuts both ways. Scammers also can reach you anytime, any channel. And their techniques are developing. "Pig butchering scams" start with weeks long cold msg chains, to trick people later. Examples >> #cybercrime

Go to article at

Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity

🤖 Microsoft is developing an AI-powered #cybersecurity assistant to help identify breaches and derive smart signals from data. Security Copilot has a chatbot interface like new Bing, and is the latest example of MS's big push with AI.

Go to article at

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

⚠️ Researchers uncovered a #vulnerability in IEEE 802.11 Wi-Fi protocol standard: "Attacker can disconnect a victim and connect under his MAC address (using the credentials of the adversary) to steal the data still underway to them."

Go to article at

Get started today

Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.

Start free 14-day trial