<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>OS Weekly on CybersecurityOS</title><link>http://www.cybersecurityos.net/categories/os-weekly/</link><description>Recent content in OS Weekly on CybersecurityOS</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Wed, 08 Jul 2026 17:19:19 -0500</lastBuildDate><atom:link href="http://www.cybersecurityos.net/categories/os-weekly/index.xml" rel="self" type="application/rss+xml"/><item><title>OS Weekly: Extortion Without Ransomware, a 2M-Device Botnet Takedown &amp; AI's Double Edge</title><link>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-07-05/</link><pubDate>Sun, 05 Jul 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-07-05/</guid><description>&lt;p&gt;This week showed how quickly cyber-extortion economics are shifting: a $1 million payout to a group with no evidence of ever encrypting a file, and a law-enforcement takedown of a proxy empire built on two million unknowing devices. Add a sharp read on AI&amp;rsquo;s asymmetric future and an unexpected lesson from the board-game table, and there&amp;rsquo;s plenty here for working defenders and aspiring practitioners alike.&lt;/p&gt;
&lt;p&gt;&lt;img src="http://www.cybersecurityos.net/posts/os-weekly/images/os-weekly-2026-07-05-hero.svg" alt="OS Weekly: Extortion Without Ransomware, a 2M-Device Botnet Takedown &amp;amp; AI&amp;rsquo;s Double Edge"&gt;&lt;/p&gt;</description></item><item><title>OS Weekly: A Ransomware Access Broker, Stolen OAuth Tokens &amp; the Human Factor in Security</title><link>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-06-28/</link><pubDate>Sun, 28 Jun 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-06-28/</guid><description>&lt;p&gt;This week&amp;rsquo;s stories share a theme: the fundamentals — access hygiene, token rotation, and security awareness — are still where most breaches start and stop. From a backdoor built to be handed off to ransomware crews to a guilty plea from one of the most notorious hacking crews in recent memory, here&amp;rsquo;s what cybersecurity professionals and aspiring practitioners need to know from June 22–28, 2026.&lt;/p&gt;
&lt;p&gt;&lt;img src="http://www.cybersecurityos.net/posts/os-weekly/images/os-weekly-2026-06-28-hero.svg" alt="OS Weekly: A Ransomware Access Broker, Stolen OAuth Tokens &amp;amp; the Human Factor in Security"&gt;&lt;/p&gt;</description></item><item><title>OS Weekly: Patch Deadlines, a Note-Free Ransomware, and AI Reshaping Security Teams</title><link>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-06-21/</link><pubDate>Sun, 21 Jun 2026 00:00:00 +0000</pubDate><guid>http://www.cybersecurityos.net/posts/os-weekly/os-weekly-2026-06-21/</guid><description>&lt;p&gt;This week brought two maximum-severity vulnerabilities with hard patch deadlines, a ransomware operator that changed the playbook on victim communication, and fresh evidence that AI is reshaping how security teams are built and staffed. Here&amp;rsquo;s everything cybersecurity professionals and aspiring practitioners need to know from the past seven days.&lt;/p&gt;
&lt;p&gt;&lt;img src="http://www.cybersecurityos.net/posts/os-weekly/images/os-weekly-2026-06-21-hero.svg" alt="OS Weekly: Patch Deadlines, a Note-Free Ransomware, and AI Reshaping Security Teams"&gt;&lt;/p&gt;
&lt;h2 id="cisa-orders-feds-to-patch-a-max-severity-joomla-plugin-flaw-by-friday"&gt;CISA Orders Feds to Patch a Max-Severity Joomla Plugin Flaw by Friday&lt;/h2&gt;
&lt;p&gt;The U.S. Cybersecurity and Infrastructure Security Agency issued a directive requiring federal agencies to patch a maximum-severity vulnerability in the Widget Factory Joomla Content Editor (JCE) plugin by this Friday. The flaw is being actively exploited in real-world attacks, which is what triggered the compressed timeline rather than the standard patch cycle.&lt;/p&gt;</description></item></channel></rss>