News

France Conducts Phishing Test on 2.5 Million Students with 8% Click Rate

Luciano Ferrari

24 Oct 2025 — 2 min read

Friday, October 24, 2025

Top 5 Cybersecurity Stories You Should Know

France Conducts Phishing Test on 2.5 Million Students with 8% Click Rate — tl;dr: The French government executed a large-scale phishing awareness test, dubbed Operation Cactus, involving over 2.5 million middle and high school students. The initiative, which aimed to educate students about phishing threats, resulted in approximately 210,000 clicks on a deceptive link that promised cheats and cracked games, representing an 8% click rate. This is significantly lower than the average 33% click rate observed in corporate environments. The test, following a pilot in Yvelines last year, underscores the importance of cybersecurity education among youth as digital threats continue to evolve.
↪ https://news.risky.biz/risky-bulletin-france-runs-phishing-test-on-2-5-million-students/
New Prey Ransomware Variant Targets Windows with Double-Extortion Tactics — tl;dr: The CYFIRMA Research and Advisory Team has identified a new ransomware variant named Prey, part of the MedusaLocker family, which primarily targets Windows systems. Utilizing RSA and AES encryption, Prey locks user data and threatens victims with data exposure unless a ransom is paid. It employs social engineering tactics for distribution and disables recovery options to hinder data restoration. Organizations are advised to enhance security protocols, maintain robust offline backups, and implement a comprehensive data breach prevention plan to mitigate risks associated with this evolving threat.
↪ https://www.cyfirma.com/news/weekly-intelligence-report-24-october-2025/
Cybersecurity Awareness Month 2023: Building a Cyber Strong America — tl;dr: October marks Cybersecurity Awareness Month, emphasizing the importance of cybersecurity for U.S. critical infrastructure. This year’s theme, 'Building a Cyber Strong America,' highlights the role of small and medium businesses, as well as state, local, tribal, and territorial governments, in enhancing digital defenses against cyber threats. CISA urges these entities to take immediate action to improve their cybersecurity posture. Resources, including a comprehensive toolkit for organizations, are available to help implement effective cybersecurity practices. Individuals and families are also encouraged to adopt safe online habits.
↪ https://www.cisa.gov/cybersecurity-awareness-month
CISA Issues Emergency Directives for F5 and Cisco Vulnerabilities — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directives 26-01 and 25-03, urging federal agencies to address critical vulnerabilities in F5 and Cisco devices, respectively. These directives aim to protect against ongoing exploitation by nation-state threat actors. Organizations using these products should prioritize identifying and mitigating these vulnerabilities to enhance their cybersecurity posture. CISA emphasizes the importance of timely patching and proactive threat monitoring as essential strategies for safeguarding critical infrastructure and maintaining operational resilience.
↪ https://www.cisa.gov/
Zero-Day Vulnerabilities in PTZ Cameras: CVE-2024-8956 and CVE-2024-8957 Exploited — tl;dr: Hackers are exploiting two critical zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom cameras used in various sectors, including healthcare and government. Discovered by GreyNoise, these flaws allow unauthorized access to camera APIs and potential remote code execution. Affected models include several PTZOptics and other devices running outdated firmware. Users are urged to check with their vendors for firmware updates, as many models may remain vulnerable, posing risks of complete camera takeover and network compromise.
↪ https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/