Cybersecurity With Sandra
Posts
This Week in Cybersecurity: 3 Headlines, 3 Lessons, Zero Jargon

This Week in Cybersecurity: 3 Headlines, 3 Lessons, Zero Jargon

Here’s your weekly shortcut to staying sharp in cybersecurity.

Sandra Liu
November 04, 2025

Today’s newsletter is in partnership with

Working in tech, we optimize our workflows and inboxes, but what about our finances?

I’ve been paying closer attention to how I manage my money as someone who’s focused on my career as well as my finances (and why I recommend it to everyone who’s looking to do the same!)

Here’s why I’ve been using Wealthfront since I started my career (7 years and counting!):

With Wealthfront, your uninvested cash earns 3.75% APY (as of 9/26/2025) through program banks.

Plus, there are no monthly fees, no minimum balances required, and up to $8M in FDIC insurance through program banks!

And when you need to move money? Get free, instant withdrawals to eligible accounts 24/7.

Wealthfront helps you keep your money organized, growing, and ready without having to think about it every day.

Right now, you can get an extra 0.65% APY for three months on up to $150,000, for a total 4.40% variable APY when you open your first Cash Account.

Go to wealthfront.com/sandra

Sandra Liu is a Wealthfront client and received compensation for the testimonial and promotion of the Wealthfront Cash Account. This compensation creates a conflict of interest. Experiences may vary among Cash Account clients, and results are not guaranteed.

The Cash Account, which is not a deposit account, is offered by Wealthfront Brokerage LLC ("Wealthfront Brokerage"), Member FINRA/SIPC. Wealthfront Brokerage is not a bank. The Annual Percentage Yield ("APY") on cash deposits as of September 26, 2025, is representative, requires no minimum, and may change at any time. The APY reflects the weighted average of deposit balances at participating Program Banks, which are not allocated equally. Funds in the Cash Account are swept to Program Banks where they earn a variable APY and are eligible for FDIC insurance. Conditions apply. For a list of Program Banks, see: www.wealthfront.com/programbanks. FDIC pass-through insurance, which protects against the failure of Program Banks, not Wealthfront, is not provided until the funds arrive at the Program Banks. While funds are at Wealthfront Brokerage, and while they are transitioning to and/or from Wealthfront Brokerage to the Program Banks, the funds are eligible for SIPC protection up to the $250,000 limit for cash. FDIC insurance is limited to $250,000 per customer, per bank, regardless of whether those deposits are placed through Wealthfront Brokerage. You are responsible for monitoring your total deposits at each Program Bank to stay within FDIC limits. Wealthfront works with multiple Program Banks to make available up to $8 million ($16 million for joint accounts) of pass-through FDIC coverage for your cash deposits. For more info on FDIC insurance coverage, visit www.FDIC.gov.

Instant and same-day withdrawals use the Real-Time Payments (RTP) network or FedNow service. Transfers may be limited by your receiving institution, daily caps, or participating entities. New Cash Account deposits have a 2–4 day hold before transfer. Wealthfront does not charge fees for these services, but receiving institutions may impose an RTP or FedNow Fee. Processing times may vary.

Hey Cyberfam,

This week reminded me of something simple cybersecurity doesn’t wait.
Not for patch cycles. Not for government budgets. Not even for million dollar contests.

And honestly, that’s what makes our field so exciting… and challenging.

Here’s what happened this week, what it means for us, and what we can learn from it.

Let’s break it down together. 👇

1. 250+ Magento Stores Got Hacked Overnight Because Most Never Patched

👉What Happened:
Hackers are actively exploiting a critical vulnerability called SessionReaper (CVE-2025-54236) in Adobe Commerce and Magento stores.

In just 24 hours, more than 250 attacks were recorded. The scary part? This flaw was patched six weeks ago but 62% of store

👉 Why it matters:
Most breaches don’t happen because we don’t know what to fix. They happen because we don’t do it fast enough.

👉 How to turn it into an advantage:
If you manage systems, check your patching cycle this week.
If you’re new to cybersecurity, remember this: mastering vulnerability management can make you one of the most valuable people in any team.

💬 Real talk: what’s the most common excuse you’ve heard for delaying a patch?

Full story → The Hacker News

2. The $1M WhatsApp Hack That Never Happened

👉What Happened:
A researcher was set to demo a $1 million WhatsApp zero click exploit at the Pwn2Own competition but pulled out right before the event.
Later, it turned out the exploit wasn’t viable, and Meta confirmed the disclosed bugs were only low-risk.

👉 Why it matters:
This story says a lot about integrity in cybersecurity. Not every exploit works, and not every researcher risks credibility for the spotlight.

In a world where “breaking something” can get clicks, I respect the ones who choose responsibility over hype.

👉 How to turn it into an advantage:
Whether you’re a student or a seasoned pro, focus on process over prestige.
The goal isn’t just to prove you can hack something it’s to learn, share, and make security stronger.

💬 What’s your take? Should hacking contests encourage more private disclosure or keep the public spotlight?

Full story → SecurityWeek

3. Government Shutdown = Hacker Free-For-All: 85% Surge in Federal Cyberattacks

👉What Happened:
Since the U.S. government shutdown on Oct 1, cyberattacks on federal employees have jumped 85%, with over 555 million attacks projected this month. With staff furloughed and systems paused, hackers are exploiting the chaos to target employees and agencies.

👉 Why it matters:
This isn’t just a government issue it’s a human one.
When defenses go quiet, attackers get loud. And this shows how political or operational instability becomes a hacker’s favorite window of opportunity.

👉 How to turn it into an advantage:
Think about your own environment.
If your team went offline tomorrow, would your security controls still stand?
Continuity planning and cyber resilience aren’t optional they’re what keep us ready when everything else pauses.

💬 If your team suddenly went offline, what’s your backup plan to stay secure?

Full story → Dark Reading

Every headline this week had the same lesson underneath it:
Cybersecurity isn’t just about tech it’s about timing, integrity, and people.

We don’t just defend networks.
We protect trust.
And every time we learn from stories like these, we grow as practitioners and as a community.

Which of these stories made you pause the most the unpatched stores, the researcher’s honesty, or the government shutdown?

Let’s keep learning, patching, and growing together

Until next time,
Sandra