Cyber Readiness Institute

05/15/2026

Phishing Friday Alert: Old Vulnerabilities + New Attacks

A 17-year-old Microsoft Excel vulnerability is being actively exploited again—proof that old security flaws never really go away (via PC Gamer).

Attackers are pairing outdated, unpatched vulnerabilities with modern phishing tactics, AI, and automation.

Translation:
Cybercriminals don’t always need new tricks…
They just wait for organizations to fall behind on updates.

Why this matters:
Unpatched systems remain one of the easiest ways into a network.

One outdated device or missed update can open the door to:
- Malware
- Credential theft
- Ransomware
- Full system compromise

Patch your system before the next cyberattack strikes:
- Keep software and systems updated
- Don’t ignore security patches or reminders
- Be cautious with unexpected Excel attachments or downloads
- Train employees to spot phishing attempts
- Report suspicious files or emails immediately

Remember:
Cybersecurity isn’t just about defending against the newest threats…
Old vulnerabilities are still gold mines for attackers.

Source: https://bit.ly/4tAWE7u

05/14/2026

Cybersecurity doesn’t have to be complicated to be effective.

In this video, Sasha Pailet Koff, Managing Director at CRI, shares why the most impactful investment small and mid-sized businesses can make isn’t in tools—it’s in people.

Through CRI’s Cyber Readiness Program, organizations can quickly equip a dedicated “cyber leader” with the practical skills needed to manage risk, build stronger habits, and integrate security into everyday decisions—no technical background required.

It’s a simple shift that can make a lasting difference.

Learn more and get started today: https://bit.ly/3LWpG1x

05/13/2026

Agentic AI tools are quickly becoming part of everyday operations for small and mid-sized businesses — but many teams are still unsure how to manage the new cyber risks that come with them.

Our Agentic AI Guide is designed to help SMB leaders cut through hype and confusion with clear, practical actions you can take now to use AI agents more safely and responsibly.

Use this resource to start building a more secure, resilient, and organization today: https://bit.ly/cri-agentic-ai-guide

05/12/2026

When even bath time gets political, it’s time to pay attention. Critical infrastructure, like water treatment plants, are increasingly in the spotlight for cyberattacks. Make sure yours is ready to respond.

Learn how to build stronger defenses today using CRI's Critical Infrastructure Program for water utilities: https://bit.ly/42zoENJ

05/08/2026

Phishing Friday Alert! This week: Supply Chain & Third-Party Attacks

Hackers don’t always attack the target directly anymore, when it’s sometimes easier to breach one of their trusted partner instead.

Companies are increasingly being compromised through:
• Vendors
• SaaS platforms
• External integrations
• Third-party access

One weak link can open the door to an entire organization.

This matters because attackers know trusted partners often have system access, shared data, and built-in trust.

And once inside, the damage spreads fast.

Call To Action: Trust, But Verify

Before clicking, approving, or sharing anything:
• Verify third-party requests through trusted channels
• Limit vendor access to only what’s necessary
• Monitor unusual login attempts or account behavior
• Treat shared files and external links with caution
• Report suspicious partner communications immediately

Don’t assume an email is safe just because it comes from a known vendor or partner.
Attackers are counting on that trust.

Remember:
You don’t always have to hack the company…
Sometimes you just hack the company they trust.

05/07/2026

Meet “Dwayne.” He’s got the drills scheduled, the policies memorized, and zero tolerance for risky clicks. But here’s the question: is being a stickler for the rules enough to be cyber leader in his office?

A true cyber leader doesn’t just follow the rules—they help build a culture where everyone understands why cyber readiness matters and feels empowered to act securely every day.

Like this post if you think Dwayne would make a good cyber leader.

Learn more about nominating a cyber leader for your office: https://bit.ly/49zuEK6

05/06/2026

Cybersecurity isn’t just a technical issue—it’s a leadership responsibility.

Sasha Pailet Koff, Managing Director at CRI, explains why every small and medium-sized business needs a dedicated cyber leader to help build a culture of security across the workforce.

Through our free Cyber Readiness Program, organizations can empower leaders with the practical skills needed to strengthen everyday cybersecurity habits—no technical background required.

Because when cyber readiness becomes part of your culture, your entire business is stronger.

Want to become a cyber leader? Sign up, today: https://bit.ly/49zuEK6

05/05/2026

Agentic AI is reshaping how small businesses operate. It's also creating risks that most SMBs aren't prepared for...yet.

Our new Agentic AI Guide cuts through the noise — practical steps, real considerations, no jargon — so you can move forward with AI agents confidently and securely.

Download it here and get started on creating a environment, today: https://bit.ly/cri-agentic-ai-guide

05/04/2026

Cyberattacks on SMBs can come from anywhere—even a galaxy far, far away. 🌌

You don’t need a rebel alliance or even special powers to defend your data. The Cyber Readiness Program provides the blueprints your business needs to mount an elite defense against the Dark Side of the web.

🛡️ Secure your business at: cyberreadinessinstitute.org.

be with you in the fight against hackers.

05/04/2026

"If there was ever a time to finally take your cybersecurity practices seriously, it's now." — Brett J. Goldstein, Professor of Cybersecurity and Artificial Intelligence at Vanderbilt University.

In a recent New York Times opinion piece, “Your Passwords Are Probably Screwed,” Goldstein delivers a clear warning: AI is rapidly equipping attackers with the ability to identify and exploit vulnerabilities at an unprecedented scale.

While large enterprises are investing in advanced defenses, small businesses, nonprofits, and individuals often lack the resources to keep pace—making them especially vulnerable in this evolving threat landscape.

At the CRI, we’re working to close that gap. Our mission is to empower small and medium-sized businesses with the tools and knowledge needed to strengthen their cybersecurity foundations—because simple steps, like using strong passwords, enabling multi-factor authentication, and keeping systems updated, can make a significant difference.

Explore the full article and follow CRI for practical guidance on how to : https://nyti.ms/4w5zB7m

Nobody can afford to be relaxed about their digital security anymore.

05/01/2026

Alert! The battle of the ages: AI vs AI

Cybersecurity just entered a new era and it’s not human vs hacker anymore… but AI vs AI.

Companies like Google are now using artificial intelligence to block hundreds of millions of scam ads and phishing attempts every single day.

But the reality is, the same technology that’s protecting you is also being used against you.

Attackers are using AI to:
• Generate flawless phishing emails (no typos, no red flags)
• Clone voices for realistic phone scams (vishing)
• Create fake websites that look identical to trusted brands
• Automate attacks at a scale we’ve never seen before

Defenders are using AI to:
• Detect suspicious behavior in real time
• Block malicious links before you ever see them
• Identify patterns humans would miss
• Shut down scams at massive scale

This is the new battlefield: Speed. Scale. Automation.

And here’s the truth most people miss…

AI can’t save you if you still click the link. Here’s what that means for you:

• “Phishing isn’t just email anymore”
→ It’s texts, calls, QR codes, social media, and more

• “AI is your new attacker”
→ Messages will look and sound perfect

• “Anyone can be a hacker now”
→ Tools are cheap, easy, and widely available

• “MFA isn’t bulletproof anymore”
→ Attackers can intercept or trick you into approving access

• “Your phone is just as dangerous as your inbox”
→ Mobile-first attacks are exploding

Don’t rely on technology alone — You are the last line of defense

Pause before clicking any link:
Verify requests through a second channel (call, message, in person)
Never approve logins you didn’t initiate
Treat urgency as a red flag, not a reason to rush
Report anything suspicious immediately

Remember:
AI can filter… block… and detect…
But it can’t replace your judgment

Stay sharp. Stay skeptical. Stay secure.