This update aligns our course with the 2025 OWASP Top 10 framework, reflecting the shift from traditional code-level vulnerabilities to broader architectural and supply chain risks.

• NEW: Software Supply Chain Failures (A03): Replacing the previous Injection-only focus, this module now prioritizes risks associated with third-party libraries, CI/CD pipelines, and dependency management.
• NEW: Mishandling of Exceptional Conditions (A10): Replaces SSRF as a standalone category. This module focuses on how applications manage errors, edge cases, and unexpected states to prevent logic bypasses.
• Insecure Design (A06): Broadened scope to address "shift-left" security, focusing on architectural flaws rather than just outdated components.
• Security Logging and Alerting (A09): Updated to include critical guidance on active response and real-time alerting, moving beyond passive logging.
• New Final Exam: A comprehensive end-of-course assessment has been added to validate mastery of the 2025 OWASP categories.

VIPRE Security Training for Students is a comprehensive cybersecurity education program designed to equip young learners with essential digital safety skills. Built for students ages 5–18, the program delivers age-appropriate, engaging content that helps students recognize online threats, make informed decisions, and develop responsible digital habits.

The curriculum covers critical topics such as social engineering, identity theft, malware, privacy risks, and emerging threats like AI-driven scams and deepfakes. It also emphasizes life skills like critical thinking, empathy, and boundary-setting, ensuring students are prepared both online and offline. Courses are structured by age group, with foundational lessons tailored to developmental stages, making it easy for educators to implement.

Supplemental materials, including quizzes, lesson plans, activity sheets, and parent resources, enhance learning and extend engagement beyond the classroom. 

An updated version OWASP Top Ten at a Glance - 2025 Edition course is now available.

What if you could spot the most critical software vulnerabilities before they become real-world breaches? In this fast-paced mini-course, you’ll get a clear, practical introduction to the most common and impactful application security risks defined by the OWASP Top Ten. Designed for developers, engineers, and anyone working around software, this course breaks down each vulnerability in a way that’s easy to understand and immediately useful. You’ll learn what these risks are, why they matter, and how they’re commonly exploited, along with high-level strategies to reduce exposure and build more secure applications from the start. Whether you’re new to application security or looking for a quick refresher, this course gives you the essential knowledge you need to recognize risk, speak the language of security, and make smarter decisions in your day-to-day work.

Mitigating Sensitive Data Disclosure in GenAI Applications course released

Ever wondered how a stray prompt or a rogue agent could turn your AI app into a headline-making data breach? In this course, you'll dive into the real risks of sensitive data disclosure in GenAI—and learn how to outsmart them. Through practical lessons, hands-on labs, and real-world case studies, you'll master the art of identifying, assessing, and mitigating sensitive information leaks across the GenAI lifecycle. From architectural best practices and regulatory must-knows to cutting-edge tooling and observability, you'll gain the skills and confidence to build AI systems that are both powerful and secure. Get ready to protect your users, your company, and your reputation - one prompt at a time.

This update integrates the latest California-specific labor laws and judicial rulings to ensure full compliance with the state's rigorous employment standards.

• 2024–2026 Minimum Wage Increases: Updated to reflect the California state minimum of $16.00 per hour, while noting that local ordinances (e.g., Los Angeles, San Francisco) and specific industries like healthcare and fast food may require even higher rates.
• Stringent Overtime & Double Time: Clarified that California requires 1.5x pay after 8 hours in a workday and 2.0x pay after 12 hours, or after 8 hours on the seventh consecutive day of work.
• Mandatory Meal & Rest Breaks: Added detailed requirements for unpaid 30-minute meal breaks (after 5 and 10 hours) and paid 10-minute rest breaks for every 4 hours worked, emphasizing that all breaks must be entirely duty-free.
• Criminal Wage Theft & Liability: Included new warnings that willful wage theft exceeding $950 can be prosecuted as grand theft, with supervisors potentially facing personal liability for knowingly participating in or allowing violations.
• Expanded "Hours Worked" & Travel: Updated the definition of compensable time to include employer-controlled activities such as security bag checks, on-site waiting time, and required travel beyond the normal commute.
• No "De Minimis" Unpaid Time: Explicitly states that California does not recognize the federal de minimis doctrine; all routine short-duration tasks (e.g., closing routines or digital device checks) must be recorded and paid.

This update integrates critical 2024–2026 statutory changes and judicial rulings to ensure compliance with California’s strict employment standards.

• Paid Sick Leave Expansion: Updated to reflect the new state minimum of 5 days (40 hours) per year (increased from 3 days), including new accrual and carryover alignment.
• Wage Theft & Personal Liability: New guidance on "Grand Theft" classifications for willful wage violations, highlighting that supervisors can be held personally liable for knowingly assisting in theft.
• Predictive Scheduling: Added "Fair Workweek" requirements for specific local ordinances, covering 14-day advance notice and predictability pay for schedule changes.
• Compensable Time Clarifications: Added California-specific notes confirming that security screenings (bag checks), out-of-town travel, and "de minimis" tasks (logging in/off) are fully compensable hours worked.
• Meal Break Precision: Refined protocols to mandate that the first 30-minute break begins before the end of the 5th hour, with a strict prohibition against rounding meal period time entries.
• Interactive Compliance Checks: Inserted new "Challenge Questions" specifically designed to test supervisor knowledge on the 5-day sick leave rule and wage-hour liability.

This update integrates critical legal changes regarding sensitive data usage, breach liability, and UK-specific regulations.

Key Course Additions

• Targeted Ads & Consent: New slides clarify that "special category" data (health, religion, etc.) requires explicit, documented consent for advertising—even if the information was shared publicly by the user.
• "Loss of Control" Damages: Updates reflect recent EU court rulings where individuals can claim compensation for data exposure without needing to prove financial or emotional harm.
• The Data Use and Access Act (DUAA): Content updated to reflect the July 2025 UK law. While the UK still holds "adequacy" status for easy data transfers from the EU, the DUAA introduces new domestic deviations from the EU GDPR.

Revised Penalties

HHS OCR Fines: Updated the non-compliance slide to reflect new maximums of $71,162 per violation and $2.13 million per year.

We have updated the Penalties for Non-Compliance slide to reflect the latest civil money penalty adjustments. It is crucial for learners to understand the significant financial risks associated with regulatory violations.

Key Updates:

• Civil Penalty Increases: The HHS Office for Civil Rights (OCR) has updated its enforcement thresholds.
• Per-Violation Caps: Organizations may now face fines of up to $71,162 per single violation.
• Annual Limits: For repeated violations of the same provision, the total penalty can reach up to $2.13 million per calendar year.

We have added new modules to reflect critical 2025/2026 legal rulings and regulatory clarifications.

What’s New:

• Sensitive Data in Ads: New slides clarify that "special category" data (e.g., health, religion) requires explicit, documented consent for targeted advertising, even if the information was shared publicly by the individual.
• Foreign Data Requests (Article 48): Following new 2025 EDPB guidance, personal data cannot be shared with non-EU authorities unless a valid international agreement and a GDPR transfer mechanism are both in place. Mandatory escalation to Legal/DPO is required.
• "Loss of Control" Damages: Updates reflect recent court rulings where individuals can now claim damages for data breaches based on "loss of control" alone, without needing to prove financial or emotional harm.

We have updated the Penalties for Non-Compliance slide to reflect the latest civil money penalty adjustments. It is crucial for learners to understand the significant financial risks associated with regulatory violations.

Key Updates:

• Civil Penalty Increases: The HHS Office for Civil Rights (OCR) has updated its enforcement thresholds.
• Per-Violation Caps: Organizations may now face fines of up to $71,162 per single violation.
• Annual Limits: For repeated violations of the same provision, the total penalty can reach up to $2.13 million per calendar year.

Workplace Violence Prevention (Retail Workers) course released

Workplace violence is any act of violence or threat of violence that occurs in a place of employment. The threat of workplace violence remains a serious concern for any business and must be addressed using proactive approaches.

This course, designed to meet the New York Retail Worker Safety Act (NY Labor Law §27-e) for Workplace Violence Prevention training requirements, discusses the types of violence encountered in the workplace, the impact of violence on the workplace, proactive measures and strategies to protect against workplace violence, and additional resources for further assistance.

Live from the GDPR News Desk course released

Tune in to the GDPR Global News Podcast with your hosts, Guy Davies and Patty Roberson, as they break down real-life data protection missteps from around the world. In this audio-first experience, you’ll learn how everyday oversights, like sending data overseas without safeguards and leaving laptops unencrypted, can spiral into costly consequences.

Each short episode features sharp storytelling, expert commentary, and practical takeaways that make GDPR both relatable and relevant. This course also features focused quizzes along the way designed to reinforce what matters most. Whether you're commuting, working out, or tackling your inbox, this privacy overview fits right into your day.

This update introduces significant enhancements to our core security awareness curriculum, focusing on emerging threats like AI-driven social engineering and QR code phishing, while streamlining the user experience for better retention.

• Privacy & Layout: The "Interactivity: Privacy" section features a refreshed UI and streamlined layout to improve readability and engagement.
• Malware Prevention: New best practices added regarding the dangers of unknown USB drives, email attachments, and the critical importance of regular data backups.
• Advanced Social Engineering Defense
  Modern Threats: Updated deep-dive content on AI Phishing, Deepfakes, Vishing, and Zishing (SMS phishing), providing defensive strategies against these high-sophistication attacks.
  • QR Code Phishing (Quishing): Due to the rise in physical-to-digital attacks, the QR Scams topic has been split into two dedicated sections:
  • QR Code Phishing: Understanding the mechanics of the scam.
• Defending Against QR Code Phishing: Actionable steps to verify codes before scanning.
• Phishing Heuristics: The "Thwarting Phishers" section now emphasizes "hover-to-verify" link techniques and identifying psychological triggers like artificial urgency.
• Password Mastery: To improve clarity, the "Best Practices: Password" section has been expanded and split into two distinct pages.
• Security Tools: Updated guidance on Password Phrases (Passphrases) and Password Managers to help users move beyond simple, easily cracked passwords.
• Learning Scenarios: New interactive scenarios implemented for Questions 1 through 5.
• Final Exam: Added new assessment questions covering QR code phishing, AI threats, Deepfakes, and updated Social Engineering tactics.

We have redesigned the course pre-exam to provide a more streamlined user experience, significantly reducing the need for vertical scrolling. This update also includes a technical "overflow: auto" fix for pre-exam questions, ensuring that content remains properly contained and accessible across all screen sizes and devices.

This release includes a multi-lingual version consisting of: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

We have enhanced the learner experience for our Spanish (Latin America) course version by integrating fully localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have enhanced the learner experience for our Spanish (Latin America) course version by integrating fully localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have enhanced the learner experience for our Spanish (Latin America) course version by integrating fully localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have enhanced the learner experience for our Spanish (Latin America) course version by integrating fully localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have upgraded this course to a new, fully responsive engine that ensures a seamless learning experience across all mobile and desktop devices. 

This update also brings the content into full compliance with WCAG 2.1 Level AA and Section 508 standards, featuring enhanced keyboard navigation and screen reader support.

• S-162-PW-01 Password Strong
• S-162-RW-01 Defending Against Ransomware
• S-162-SE-02 The In-Personator: A Social Engineering Threat
• S-162-SM-01 Before You Post
• S-162-US-01 USB Baiting: Don't Take the Bait

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

We have significantly updated our Spanish (Latin America) Sexual Harassment Prevention training to align with the latest New York State and City legislative requirements, while also enhancing the course's inclusivity and behavioral guidance.

New York & Regional Compliance

• Lowered Legal Threshold: Updated to reflect that harassment in NY is actionable if it rises above "petty slights or trivial inconveniences" (the "severe or pervasive" standard no longer applies).
• Expanded Protections: Integrated new protected classes including caregiver status, salary history, and domestic violence victim status, while adopting inclusive "their" terminology throughout.
• Revised Definitions: Added statutory definitions for Gender Identity, Gender Expression, and Sex Stereotyping, specifically removing legacy WHO references.

Modern Workplace Standards

• Remote & Digital Conduct: Explicitly extends policy coverage to virtual backgrounds, web-based chats, and off-hours electronic communications.
• Active Bystander Strategies: Introduced "Direct" and "Distract" intervention scripts to empower employees to interrupt harmful behavior.
• Enhanced Reporting & Resources: Updated all downloadable PDFs and infographics with current 72-hour breach notification rules and NYS Division of Human Rights contact protocols.

We have updated our Spanish (Latin America)  to provide a more victim-centered approach to reporting and to align our legal definitions with modern standards.

Key Updates

• Expanded Gender Definitions: The glossary now includes a comprehensive definition of gender as a socially constructed identity alongside specific legal protections in New York City and California regarding gender identity and expression.
• Victim-Centered Reporting: New guidance for supervisors emphasizes that while reporting is mandatory, it must be handled with sensitivity to the individual's comfort and safety to prevent further trauma during investigations.
• Refined Retaliation Guidance: We have clarified the definition of "Protected Activity," explicitly protecting employees from retaliation when they intervene to mitigate harassment, assist a colleague with a complaint, or provide information during an investigation.

We have updated our HIPAA course to reflect critical 2025–2026 legal shifts and to reinforce mandatory breach notification protocols.

Key Regulatory Updates

• Reproductive Health Care (RHC) Privacy Rule: New guidance addresses the June 2025 federal court ruling that vacated the enhanced RHC Privacy Rule. The course now instructs covered entities to consult a Privacy Officer or legal counsel before responding to any RHC-related data requests, as enforcement remains subject to ongoing appeals.
• Large-Scale Breach Reporting: Updated protocols for breaches affecting 500 or more individuals. All such incidents must be reported to HHS within 60 calendar days of discovery.
• Mandatory Media Notice: Clarified that a media notice is required if a breach affects 500 or more individuals within a single state or jurisdiction.

We have updated our HIPAA course to reflect critical 2025–2026 legal shifts and to reinforce mandatory breach notification protocols.

Key Regulatory Updates

• Reproductive Health Care (RHC) Privacy Rule: New guidance addresses the June 2025 federal court ruling that vacated the enhanced RHC Privacy Rule. The course now instructs covered entities to consult a Privacy Officer or legal counsel before responding to any RHC-related data requests, as enforcement remains subject to ongoing appeals.
• Large-Scale Breach Reporting: Updated protocols for breaches affecting 500 or more individuals. All such incidents must be reported to HHS within 60 calendar days of discovery.
• Mandatory Media Notice: Clarified that a media notice is required if a breach affects 500 or more individuals within a single state or jurisdiction.

We have performed a technical cleanup to improve course performance and ensure content accuracy. 

Key updates include:

• System Optimization: Removed redundant background files and disabled the global download option to enhance security and load times.
• Interface & Content Refinements: Applied fixes to the Help page, corrected minor typographical errors, and updated the copyright to the current year.

We have performed a technical cleanup to improve course performance and ensure content accuracy. 

Key updates include:

• System Optimization: Removed redundant background files and disabled the global download option to enhance security and load times.
• Interface & Content Refinements: Applied fixes to the Help page, corrected minor typographical errors, and updated the copyright to the current year.

We have redesigned the course pre-exam to provide a more streamlined user experience, significantly reducing the need for vertical scrolling. 

This update also includes a technical "overflow: auto" fix for pre-exam questions, ensuring that content remains properly contained and accessible across all screen sizes and devices.

We have upgraded this course to a new, fully responsive engine that ensures a seamless learning experience across all mobile and desktop devices. This update also brings the content into full compliance with WCAG 2.1 Level AA and Section 508 standards, featuring enhanced keyboard navigation and screen reader support.

• S-162-FN-01 Fake News
• S-162-HS-01 Home Cybersecurity
• S-162-IO-01 Home Invasions: The Internet of Terrors?
• S-162-PH-04 Dial V for Vishing
• S-162-SE-01 How to Defeat Social Engineers
• S-126-OW-02 OWASP Top 10
• S-162-MS-01 Living Mobile Secure
• S-162-MS-01 Living Mobile Secure
• S-162-PH-03 SMIShed!
• S-162-PS-01 Tales from CPU City - Tailgating

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

This update introduces significant enhancements to our core security awareness curriculum, focusing on emerging threats like AI-driven social engineering and QR code phishing, while streamlining the user experience for better retention.

• Privacy & Layout: The "Interactivity: Privacy" section features a refreshed UI and streamlined layout to improve readability and engagement.
• Malware Prevention: New best practices added regarding the dangers of unknown USB drives, email attachments, and the critical importance of regular data backups.
• Advanced Social Engineering Defense
  Modern Threats: Updated deep-dive content on AI Phishing, Deepfakes, Vishing, and Zishing (SMS phishing), providing defensive strategies against these high-sophistication attacks.
  • QR Code Phishing (Quishing): Due to the rise in physical-to-digital attacks, the QR Scams topic has been split into two dedicated sections:
  • QR Code Phishing: Understanding the mechanics of the scam.
• Defending Against QR Code Phishing: Actionable steps to verify codes before scanning.
• Phishing Heuristics: The "Thwarting Phishers" section now emphasizes "hover-to-verify" link techniques and identifying psychological triggers like artificial urgency.
• Password Mastery: To improve clarity, the "Best Practices: Password" section has been expanded and split into two distinct pages.
• Security Tools: Updated guidance on Password Phrases (Passphrases) and Password Managers to help users move beyond simple, easily cracked passwords.
• Learning Scenarios: New interactive scenarios implemented for Questions 1 through 5.
• Final Exam: Added new assessment questions covering QR code phishing, AI threats, Deepfakes, and updated Social Engineering tactics.

We have upgraded this course to a new, fully responsive engine that ensures a seamless learning experience across all mobile and desktop devices. This update also brings the content into full compliance with WCAG 2.1 Level AA and Section 508 standards, featuring enhanced keyboard navigation and screen reader support.

• S-162-BE-01 The Business Email Compromise
• S-162-CC-01 Tales From CPU City – Diagnosis: Cryptojacking
• S-162-ET-01 Evil Twin
• S-162-FA-01 Fake App Trap

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

We have updated the Gender and Case Study sections of the course to streamline legal references and improve instructional feedback.

Key Revisions:

• Updated Gender Definitions: We have removed external World Health Organization (WHO) references to focus strictly on jurisdictional legal standards. The section now highlights specific statutory definitions for New York City and California, as well as federal protections and the role of executive orders in EEOC enforcement.
• Case Study Two ("Put On the Spot") Feedback: The feedback for the scenario involving Ricardo and Erica has been revised for greater impact. The update clarifies that while a single comment may not always meet the legal threshold for sexual harassment, it remains unacceptable conduct that should be reported and addressed immediately to prevent a broader pattern of harassment.

We have updated the GDPR Interactive Infographic (downloadable PDF) to provide clearer guidance on mandatory reporting timelines and responsibilities.

Key Revision: Section 6 (Breach Notification)

The updated infographic now explicitly distinguishes between the obligations of Controllers and Processors to ensure regulatory compliance:

• Data Controllers: Must notify the relevant Supervisory Authority of any personal data breach likely to result in a risk to the rights and freedoms of individuals within 72 hours of discovery.
• Data Processors: Are required to inform the Controller of any breach without undue delay upon becoming aware of the incident.

To prevent data loss following the permanent removal of the unload event by Google Chrome and Microsoft Edge, we have updated the course engine. This ensures that student progress, bookmarks, and completion data continue to sync reliably with your LMS using modern, browser-supported protocols.

This major update transforms the course from a standard compliance module into a comprehensive guide for fostering a psychologically safe and inclusive workplace. By addressing the root causes of workplace tension—such as bias and exclusion—this version emphasizes proactive prevention through cultural strength.

• Core Concepts: Introduces Intersectionality (overlapping identities) and Allyship (supporting colleagues) to broaden the scope of safety and belonging.
• Unconscious Bias: A new module explaining the science of hidden biases with practical strategies for mitigation.
• Modern Intro: A new video using a "cooking metaphor" to illustrate how blending diverse backgrounds strengthens the organization.
  Key Enhancements
• Expanded Definitions: Diversity now explicitly includes cognitive styles, values, and organizational roles.
• Inclusion vs. Diversity: New sections differentiate between representation (diversity) and active participation (inclusion).
• Discrimination: Updated with deeper legal context and a focus on proactive “positive practices.”
• Bias Activity: 10 new real-life scenarios provided with immediate feedback for identifying and correcting bias.
• Updated Assessments: The Knowledge Challenge increased from 4 to 6 questions to cover intersectionality and allyship.
• Course Summary: A more robust recap with a clear call to action for all staff.
   

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

This release includes a significant revision to our GDPR and International Data Transfers curriculum to reflect the latest regulatory frameworks and compliance requirements for 2026.

International Data Transfer Revisions

• EU-US Data Privacy Framework (DPF): The course now includes the 2023 adoption of the DPF, which provides adequacy for transfers between the EU and the US. It replaces the invalidated Privacy Shield and offers a legal mechanism for data flow to certified US organizations.
• Documenting Appropriate Safeguards: We have updated the guidance on documenting safeguards, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and the new DPF certification process.
• Transfer Impact Assessments (TIA): New content outlines the mandatory 7-step TIA process required under Schrems II guidance. This includes assessing recipient surveillance risks and documenting technical safeguards like encryption before transfers can proceed.
• The "Brexit Effect" & UK GDPR: The curriculum now covers the reciprocal adequacy decisions between the UK and EU. It also introduces the International Data Transfer Agreement (IDTA), the UK’s equivalent to the EU’s Standard Contractual Clauses.
• Knowledge Challenges: We have updated the interactive scenarios to test learner competency on using the EU-US DPF for cloud-provider transfers and identifying when a Code of Conduct requires Supervisory Authority approval.

To prevent data loss following the permanent removal of the unload event by Google Chrome and Microsoft Edge, we have updated the course engine. This ensures that student progress, bookmarks, and completion data continue to sync reliably with your LMS using modern, browser-supported protocols.

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

This release includes a significant revision of GDPR and International Data Transfers curriculum to include the latest US state-level regulations and refined guidance on transatlantic data flows.

The course now includes a comprehensive overview of the rapidly evolving US privacy landscape. It highlights specific compliance requirements for organizations operating under:

• California: CCPA and the CPRA (2020) updates.
• Emerging State Laws: New dedicated sections covering privacy acts in Virginia, Connecticut, Colorado, Utah, Texas, Oregon, and the Florida Digital Rights Bill.

Transatlantic Data Flow & Schrems II

• Legacy Frameworks: Detailed context on the invalidation of the EU-US Privacy Shield following the Schrems II decision and why it no longer represents a valid means of data protection.
• New Data Privacy Framework (DPF): Comprehensive new slides covering the EU-US Data Privacy Framework. This includes the mandatory Department of Commerce certification process, enhanced oversight mechanisms, and how it aligns with strict EU standards.
• Transfer Impact Assessments (TIA): Clarified guidance on when a TIA is required. While essential for most "Appropriate Safeguards," a TIA is not required when transferring data to an organization already certified under the new DPF.

To prevent data loss following the permanent removal of the unload event by Google Chrome and Microsoft Edge, we have updated the course engine. This ensures that student progress, bookmarks, and completion data continue to sync reliably with your LMS using modern, browser-supported protocols.

We have enhanced the learner experience for our Spanish (Latin America) course version by integrating fully localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have updated Simulations 2 and 4 to improve clarity, technical performance, and instructional accuracy based on learner feedback.

• Simulation 2, Part 3 (UI & Content): We adjusted the layout to ensure the "highlighted phone number" is visible in the default view without scrolling. Additionally, the question was rewritten to clarify why certain phone numbers are considered suspicious, preventing confusion between legitimate vendor support and phishing tactics.
• Simulation 4, Part 1 (Logic Correction): To better reinforce the concept of trusted internal domains, we corrected the sender's name to match the email address.

We have released a multi-ligual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

This release includes a significant revision of our GDPR training to reflect the current legal landscape of transatlantic data flows and to ensure long-term browser stability.

• EU-US Data Privacy Framework: The course now includes comprehensive guidance on the new framework that replaced the invalidated Privacy Shield. It outlines the certification process through the U.S. Department of Commerce and explains how this framework addresses the privacy concerns raised by the Schrems II ruling.
• Updated Transfer Protocols: We have restructured the curriculum to prioritize the latest "Appropriate Safeguards" and Transfer Impact Assessments (TIA). New instructional logic clarifies that TIAs are not required when transferring data to organizations already certified under the new Data Privacy Framework.
• Refined Data Definitions: Updated content now explicitly covers personal data subject to automated processing, including cookies, tracking pixels, and logic-driven algorithms.

To prevent data loss following the permanent removal of the unload event by Google Chrome and Microsoft Edge, we have updated the course engine. This ensures that student progress, bookmarks, and completion data continue to sync reliably with your LMS using modern, browser-supported protocols.

We have updated the Final Exam to streamline the assessment process. Specifically, Question 4 regarding the jurisdictional reach of GDPR and CCPA has been removed to optimize the exam length and focus.

The release includes a multi-lingual version to include: French Canadian, French, German, Italian, Japanese, Korean, Portuguese Latin America, Russian, Simplified Chinese, Spanish, Spanish Latin America, Traditional Chinese (Taiwan), and Danish, German, Norwegian, Swedish  w/ VO

We have enhanced the learner experience for our Spanish (Latin America) and French (Canada) course versions by integrating full localized audio. This update ensures that native speakers in these regions now have access to a completely immersive, narrated training environment.

We have updated our course engine to address the permanent removal of the JavaScript unload event by Google Chrome and Microsoft Edge. This change is critical for ensuring that student progress, bookmarks, and completion data continue to sync reliably with your Learning Management System (LMS).

• S-161-HM-01 Security Awareness for the Home (iModule)
• S-161-IT-03 Protecting Against Malicious Insiders (Mini-iModule)
• S-161-MA-02 The Malware Threat (Mini-iModule)
• S-162-BE-01 The Business Email Compromise
• S-162-CC-01 Tales From CPU City – Diagnosis: Cryptojacking
• S-162-ET-01 Evil Twin
• S-162-FA-01 Fake App Trap
• S-162-FN-01 Fake News
• S-162-HS-01 Home Cybersecurity
• S-162-MS-01 Living Mobile Secure
• S-162-IO-01 Home Invasions: The Internet of Terrors?
• S-162-PH-01 Phishing Defense Best Practices 
• S-162-PH-02 Protecting Against Spear Phishers
• S-162-PH-03 SMIShed!
• S-162-PH-04 Dial V for Vishing
• S-162-PS-01 Tales from CPU City - Tailgating
• S-162-PW-01 Password Strong
• S-162-RW-01 Defending Against Ransomware
• S-162-SE-02 The In-Personator: A Social Engineering Threat
• S-162-SM-01 Before You Post
• S-162-US-01 USB Baiting: Don't Take the Bait
• HR-138-AC-01 Active Shooter 
• HR-138-VS-01 Preventing Workplace Violence for Supervisors