CyberHoot Newsletter – May 2025

Welcome to CyberHoot’s May Newsletter!

This month, we’re spotlighting key developments in the cyber threat landscape, including a malvertising phishing campaign targeting Onfido users via Google Ads, and how organized cybercrime groups are increasing the volume and lowering the cost of attacks through division of labor. With tax season wrapping up, Microsoft is warning of a spike in phishing scams, and we’re also breaking down the top Microsoft Office exploits hackers are using in 2025—and how you can defend against them.

Stay informed and stay secure with CyberHoot.

Malvertising Alert: Phishing Campaign Targets Onfido Users via Google Ads

A new malvertising campaign is targeting Onfido users through fake Google Ads and phishing pages. Learn how the attack works and how to stay protected.

Division of Labor in Criminal Enterprises leads to High-Volume, Low-Cost Attacks

Initial Access Brokers are changing tactics, selling low-cost access to more targets. Learn how this shift increases cyber risks and what defenses to implement.

Tax Season Scams: Microsoft Warns of Phishing Attacks

Protect yourself this tax season: Learn how hackers use tax-themed phishing emails to steal data and deploy malware.

Top 3 Microsoft Office Exploits Hackers Are Using in 2025—and How to Stop Them

Medusa ransomware is now using a malicious driver to bypass security tools and disable EDR systems. Learn how this advanced technique works and how to protect your organization.

Customer Spotlight

Liking CyberHoot? We need your help. Please leave us a review using the links below!

TrustPilot.com | G2.com | Capterra.com | Google.com | TrustRadius.com | Gartner.com

-Google

For more information on how to leave a CyberHoot review, please watch the brief video overviews below.  Note: to avoid fraudulent reviews, each review website will require to you to create and validate your identity through an email account registration process.

• How to leave a TrustPilot Review
• How to leave a G2 Review
• How to write a Capterra.com Review
• How to write a Google Review of CyberHoot
• How to leave a TrustRadius Review
• How to leave us a Gartner ‘Peer Review’ Review

CyberHoot Awarded Badges From G2

Cybrary Term of the Month

Risk Management

Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. This includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.

Click here to read more!

Explore CyberHoot’s Extensive 950+ Term Cybersecurity Library

Recently Added Features

General Release Notes

• Updated IP Whitelist page on cyberhoot.com with new IPs for new domains.
  • ch domains such as ch-account-2fa.com, ch-contact-us.com, ch-login-created.com, ch-password-reset.com and ch-security-alert.com, will be decommissioned by the end of the 2nd quarter of 2025.
• Added emails logs to the user status view and added notifications to users, managers, HR contact and admin interfaces to alert when a given emails is suppressed (Power and Autopilot platform).
• Updated manager edit interface in Power platform to make it more clear what fields will be saved with the update button.
• Added the ability to mass restore users in the Power and Autopilot platform.
• Added the ability to limit trainings to weekdays only on a per customer basis in Power and Autopilot.
• Updated Entra ID and Google sync to track added time and the admin who added the entry when adding users to the exclude list.

Listen to our CyberHoot CEO Craig Taylor Featured on The MSP 1337 Podcast on Spotify!

New Feature Alert: HootPhish Challenge

Set up a HootPhish Challenge to Test your Phishing Knowledge in a Fun Game

Enroll in CyberHoot’s Referral Program today and start earning a 20% share of all revenue generated for one year by those who register through your exclusive referral link. As a referral partner, not only will you receive financial rewards, but you’ll also experience the satisfaction of aiding others in becoming more security-conscious, safeguarding them against cyber threats. Don’t hesitate, sign up now at https://cyberhoot.com/referral-program/.

Referral through Autopilot’s Dashboard:

Join CyberHoot in our mission to create a more aware and better secured world! Recommend CyberHoot Autopilot to a friend, and they will enjoy a complimentary first month. For every new sign up who uses your referral link, you will receive a free month added to your account. This offer is exclusively for first-time CyberHoot registrants.

CyberHoot has Free Introductory Cyber Literacy Classes

Know someone who had a close call recently with a cyber attack, phishing email, or social engineering phone call?  Recommend CyberHoot’s free Cyber Literacy 101 training.  They’ll receive six (6) videos (each video is 3-4min.) and one of our positive reinforcement, hyper-realistic, phishing simulations. All for free.

Registration: https://cyberhoot.com/individuals

CyberHoot’s Social Media

Join CyberHoot’s subreddit to stay updated in the world of cybersecurity!

Instant Access

CyberHoot provides password-less access. End user frustration accessing training is gone. Click an email link for instant access!

Automatic
Compliance

Employee reminders to manager escalations, CyberHoot delivers automated, hands-off, extremely high compliance.

Product Training

CyberHoot includes limitless product training for your IT Projects. Teach users how to use new software on their terms how they want to learn.

Micro Training

Cyber”Hoots” are 5 minutes or less ensuring your staff get trained quickly and effectively.

The Power of Open

CyberHoot is an open. Any video or PDF can train and govern your employees.

Effective

Many clients routinely achieve 90% or greater compliance to policies, training, and phish testing.

---

Secure your business with CyberHoot Today!!!

Sign Up Now