Top Cybersecurity Side Hustles & What’s Happening in Cybersecurity This Week

One thing I hear from a lot of cybersecurity professionals is this:

How do you create more income without walking away from your career?

The good news is that working in cybersecurity gives you skills that are valuable far beyond your day job. Whether you're in a SOC, working in governance, engineering cloud security, or trying to break into leadership, there are ways to turn your expertise into additional income streams that can grow alongside your career.

That’s exactly why I put together my newest YouTube video covering the Top 7 side hustles for cybersecurity professionals, including opportunities that can help you:

• Build an extra stream of income
• Strengthen your personal brand
• Expand your network
• Create more long-term career flexibility

Some of these can start as a few hours a week and potentially grow into something much bigger over time.

Watch the full video below to see which side hustle could be the best fit for your background.

Now, let’s get into this week’s top cyber headlines, it’s been a big week!

1. Three Microsoft Defender Zero Days Surface

Researchers disclosed three previously unknown vulnerabilities in Microsoft Defender, raising concerns about the security of the tools many organizations rely on to protect endpoints. Two of the flaws reportedly remain only partially addressed, and one could potentially be used for privilege escalation.

Microsoft Defender is deeply integrated into many Windows environments, which means vulnerabilities in the platform itself can create serious operational risk. In some scenarios, attackers could potentially interfere with protection mechanisms or manipulate trusted processes to avoid detection.

One of the biggest concerns for defenders is the growing trend of adversaries targeting security products directly. Rather than trying to bypass defenses from the outside, attackers are increasingly looking for ways to disable or undermine those protections from within.

Why it matters:
When endpoint security tools become a target, organizations can lose visibility at the exact moment they need it most, creating a dangerous gap in detection and response.

👉 Read more at The Hacker News

2. AI Powered Scareware Campaign Uses Google Discover

Researchers uncovered a new campaign where attackers used AI-generated content, fake security warnings, and manipulated search visibility to distribute scareware through Google Discover.

The campaign used convincing language and realistic branding to trick users into believing their devices had been infected. Victims were then redirected to malicious landing pages designed to generate fraudulent ad revenue or push additional malicious downloads.

What makes this campaign different is how effectively attackers used AI to scale persuasive content. Instead of relying on generic phishing pages, they generated tailored content that looked more credible and aligned with what users were already browsing.

This reflects a larger trend security teams are watching closely: threat actors are using generative AI to make social engineering faster, cheaper, and more convincing than traditional phishing campaigns.

Why it matters:
AI is lowering the barrier for cybercriminals to create believable scams at scale, making user awareness training more important than ever.

👉 Read more at The Hacker News

3. Apache ActiveMQ Added to CISA KEV List

A remote code execution vulnerability in Apache ActiveMQ was added to the Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities catalog after evidence showed attackers were actively using it in real-world attacks.

Apache ActiveMQ is widely used as a messaging broker in enterprise systems, often handling communication between critical applications and backend services. Because it typically runs in the background, organizations may not always prioritize patching it as quickly as internet-facing systems, which can leave a valuable opening for attackers.

CISA’s decision to add the flaw to its KEV catalog signals that exploitation has moved beyond theory. Once a vulnerability lands on that list, security teams should treat it as a priority because threat actors are already operationalizing it.

For organizations with hybrid infrastructure, vulnerable middleware like this can become an ideal bridge between cloud services and internal systems if left unpatched.

Why it matters:
The most dangerous vulnerabilities are often the ones buried in infrastructure components teams rarely think about until attackers start abusing them.

👉 Read more at The Hacker News

4. Microsoft Fixes SharePoint Zero Day Under Active Exploitation

Microsoft’s latest Patch Tuesday included fixes for more than 160 vulnerabilities, but one issue immediately stood out to defenders: a SharePoint zero day that was already being exploited in the wild before the patch was released.

The vulnerability affected on-premises SharePoint deployments and could allow attackers to execute code remotely. Because SharePoint is commonly used to store internal files, workflows, and collaboration data, a successful compromise could give threat actors access to highly sensitive business information while also creating a foothold for deeper lateral movement across the environment.

Security researchers noted that internet-facing SharePoint servers remain attractive targets because they often sit at the intersection of identity systems, document repositories, and privileged workflows. Organizations that delay patching collaboration infrastructure can unintentionally leave one of their most valuable internal systems exposed.

Why it matters:
This is another reminder that collaboration platforms are no longer just productivity tools. They are now high-value targets that can become an entry point into the broader enterprise.

👉 Read more at SecurityWeek

Bottom line

The pattern this week is becoming impossible to ignore:

Attackers are increasingly going after the platforms and security tools organizations trust most.

That means modern defense can no longer focus only on endpoints. It now requires stronger visibility across collaboration tools, middleware, cloud services, and AI-driven threats before those systems become the next attack path.

Stay secure out there!

-Sandra