 
                        BARR Advisory Cybersecurity Consulting Manager Larry Kinkaid picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what Larry has been reading this February—plus, scroll to see his CISO Pick of the Month for a must-see new resource on CMMC.
Google’s Threat Analysis Group (TAG) reports that Russia-aligned threat actors are actively targeting Signal Messenger users—not by breaking Signal’s encryption, but by hacking the people using it. Attackers are deploying phishing, credential theft, and device compromise to gain access to accounts. In other words, your messages are safe, but your endpoint might not be.
Encryption isn’t enough if attackers can just steal your credentials or compromise your device. Phishing remains the easiest way in, and adversaries know it.
➡️ Read more
Fraud rates are skyrocketing, and banks are finally taking drastic action. Chase and Zelle are blocking money transfers that originate from social media platforms like Facebook and Instagram, a move aimed at disrupting scammers who use fake listings, romance fraud, and investment scams to siphon cash from unsuspecting users.
If major banks are willing to lose transactions over fraud concerns, that means the fraud problem is worse than we think. This isn’t just a consumer issue—businesses are prime targets too.
➡️ Read more
A security researcher found that DeepSeek, an iOS app tied to ByteDance (TikTok’s parent company), was transmitting user data in plaintext to overseas servers. This kind of sloppy security means anyone monitoring network traffic could intercept sensitive user information.
If an app in Apple’s walled garden is sending unencrypted data, what’s happening with apps you’re not even paying attention to? The reality is that App Store approval doesn’t guarantee security.
➡️ Read more
The SANS Institute is hosting a global AI security hackathon, inviting security professionals to tackle threats like model poisoning, adversarial attacks, and prompt injection exploits. AI-powered threats are evolving faster than traditional defenses—so security teams need hands-on experience now.
AI security isn’t just about preventing hallucinations—it’s about stopping attackers from manipulating models, bypassing safeguards, and poisoning AI-powered decisions. If your company is using AI but not securing it, you’re already behind.
➡️ Read more
If hacking were a video game, social engineering would be the ultimate cheat code. The latest breakdown from Wiz highlights just how alarmingly effective psychological manipulation is in cybersecurity. Attackers don’t need zero-days or fancy exploits when they can trick people into handing over access.
Security tools can only do so much if employees are unknowingly holding the door open for attackers. Social engineering is the common denominator in everything from BEC scams to executive deepfake fraud.
➡️ Read more
The Ins and Outs of CMMC: An Essential Security Framework for Defense Contractors
You don’t need a government contract in-hand to get started with CMMC. Beginning the CMMC readiness process now—including conducting a gap assessment and understanding how your environment aligns with the Defense Department’s requirements—can help you secure future opportunities.
A recent blog post from my team shares everything you need to know about CMMC. Give it a read here.
Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.