Organizations carry out an ethical hacking approach to combat cybersecurity challenges, focusing on the technical aspects of cybersecurity vulnerabilities. The practice persists despite evidence that shows that human-induced cybersecurity vulnerabilities constitute a significant threat to organizational cybersecurity. To address this gap, we propose the social-ethical hacking framework to deal with human-induced cybersecurity vulnerabilities in organizations. We adopted the interpretive case study research method, the community of practice theory as the theoretical study lens, and university undergraduate students as the study context. Research data was collected through interviews and participatory observation. The study reveals how the communities of practice undergraduate students established in the study context enabled the institutionalization of social actions and behaviors that constitute cybersecurity vulnerabilities. Organizational actors jointly create the social behaviors and actions that make organizations vulnerable to cybersecurity challenges and should focus on social-ethical hacking practices. The result shows the crucial role of competence in degenerating similar behaviors among undergraduate students; and how their social behaviors make their institution susceptible to cyber security threats.