Log in

ISC2 News & Resources

IN THE NEWS
 For the latest news on ISC2, visit the ISC2 Press Center.

ISC2 RESOURCES
As a global leader in the information security field, ISC2 offers valuable resources to professionals, organizations and the public to educate and promote security awareness around the world.  Below are some of the many resources available:

• ISC2 Job Board by Monster

ISC2 offers members a way to easily search for positions that require the CISSP®. There is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish holistic security programs that assure the protection of organizations’ information assets. Search for positions in your area now. 

ISC2 Partnership with SecurityCompass – ISC2 Members Only (external site)

2 Free Application Security Training Courses from SecurityCompass. Use the Group Key “ISC2” when registering.

 ISC2 Continues Investment in One Million Certified in Cybersecurity Pledge

ISC2 has committed to help close the cybersecurity workforce gap and diversify those working in the field, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people.


  • FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

    15 Sep 2025 5:00 PM | ISC2 Admin (Administrator)

    The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for orchestrating a string of data theft and extortion attacks.

    UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025.

    The second group the FBI has called attention to is UNC6040. Assessed to be active since October 2024, UNC6040 is the name assigned by Google to a financially motivated threat cluster that has engaged in vishing campaigns to obtain initial access and hijack Salesforce instances for large-scale data theft and extortion.  

    These attacks have involved the use of a modified version of Salesforce's Data Loader application and custom Python scripts to breach victims' Salesforce portals and exfiltrate valuable data. At least some of the incidents have involved extortion activities following UNC6040 intrusions, with them taking place months after the initial data theft

  • ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity℠ Courses and Exams

    9 Jun 2024 10:30 AM | ISC2 Admin (Administrator)

    ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity℠ Courses and Exams

    See yourself in cybersecurity. You don’t need experience — just the passion and drive to enter a demanding and rewarding field, one that opens limitless opportunities worldwide.

    As part of our commitment to help close the cybersecurity workforce gap and diversify those working in the field, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people.

    Advancing DEI in Cybersecurity

    To encourage diversity, equity and inclusion in the workforce, ISC2 will work closely with partner organizations as part of this program to reach populations underrepresented in cybersecurity. We’ve pledged half of the commitment – 500,000 course enrollments and exams – to this effort. Organizations serving these groups and willing to partner with us in this DEI effort can contact us at inclusion@isc2.org.

    Start Your Journey

    To participate in the One Million Certified in Cybersecurity program, please follow these simple steps:

    1. Create an account. If you already have an ISC2 account, sign in.

    2. Complete your ISC2 Candidate application form and select Certified in Cybersecurity as your certification of interest.

    3. Once the application is complete, you’ll become an ISC2 Candidate. It’s free to join and you’ll gain access to Official ISC2 Certified in Cybersecurity Online Self-Paced Training and a code to register for the free certification exam. You will find your access on the Candidate Benefits page. Annual dues of U.S. $50 will be due at the end of your first year of ISC2 Candidate status.

    4. Upon passing the exam, completion of the application form and payment of your $50 AMF, you’ll become a certified member of ISC2 – the world’s largest association of certified cybersecurity professionals – with access to a broad range of professional development resources to help you throughout your career.

    Get Started


  • CROWDSTRIKE 2024 GLOBAL THREAT REPORT

    6 Jun 2024 10:55 AM | ISC2 Admin (Administrator)

    CROWDSTRIKE 2024 GLOBAL THREAT REPORT

    Resouce URL:  CROWDSTRIKE 2024 GLOBAL THREAT REPORT DOWNLOAD

Copyright 2024, International Information Systems Security Certification Consortium, Inc. (ISC2), in website format and trade dress only. All Rights Reserved. ISC2, CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of ISC2. Disclaimer: ISC2 does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated ISC2 Chapter organization, which is not owned, managed, or controlled by ISC2 and operates independent of ISC2.  

ISC2 RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software