Podcasts about botnets

On this week's show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week's cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US troop locations with commercially available location data A new Signal phishing campaign is going after message backups 404 Media is suing ICE to get its spyware contract with REDLattice (lol) Microsoft's tone-deaf response to ‘never justifiable' zero-day disclosures Mini Shai-Hulud pops up again just as Glassworm gets shattered Much, much more This week's episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week's sponsor interview Authentik's CEO Fletcher Heisler joins Patrick Gray to talk about how they're keeping up with the bugpocalypse, and also the work they're doing to support identities for AI agents. This episode is also available on YouTube. Show notes The Pentagon Knew Enemies Could Track Troops' Phones for Years. Now They Are | wired.com U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat' | TechCrunch Security DOD location data attachment (Wyden) | Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media US has seized nearly $1 billion in crypto from Iran, Bessent says | Russia claims foreign spy agencies hacked officials' phones | therecord.media Hackers are trying to steal Signal users' backups in new wave of phishing attacks | TechCrunch Security We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals Microsoft calls zero-day releases ‘never justifiable' as researcher threatens to drop more | therecord.media A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media IBM's new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals Federal audit reveals NIST's NVD is plagued by poor planning and duplication | cyberscoop.com Hackers Used Meta's AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive Password manager Dashlane says hackers stole some customers' password vaults | TechCrunch Security CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com Botnet of more than 17 million devices dismantled | arstechnica.com Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media ACCC investigating Olympics ticket scam | ABC Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com Solo podcast: A deep dive on TeamPCP - Risky Business Media | Trump administration releases scaled-back AI executive order | cyberscoop.com Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com

This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic's reported IPO plans and valuation, AI's impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Meta AI hands over Instagram account access Dutch police dismantle huge botnet RedHat packages get backdoored Get the show notes here: https://cisoseries.com/meta-ai-hands-over-instagram-access-dutch-police-dismantle-botnet-redhat-packages-backdoored/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.   The good news: The Vanta  [rhymes with Santa] Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.   Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.   Get started at vanta.com/headlines. 

Dutch police take down a botnet of 17 million devices, US military staff have been tracked with ad-tech location data, a Google engineer is arrested for insider trading on Polymarket, and Gogs and the Casdoor IAM leave major bugs unpatched. Show notes Risky Bulletin: Dutch police take down giant botnet of 17 million devices

Glassworm botnet gets shattered China overhauls world's biggest surveillance network Charter confirms ShinyHunters data breach Check out your show notes here: https://cisoseries.com/cybersecurity-news-glassworm-botnet-shattered-china-overhauls-surveillance-charter-confirms-shinyhunters-breach/ Huge thanks to our sponsor, Guardsquare AI is speeding up development, but at what cost? While ninety-six percent of teams now use AI tools, eighty-one percent report that AI-generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi-layered, polymorphic security to stay ahead of the curve. Learn more at Guardsquare.com.

Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed. The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1). Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents. We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets. And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware. If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch. 00:00 Vunpocalypse Headlines 00:28 AI Finds Vulnerabilities 01:32 False Positives and Costs 02:39 WolfSSL Critical CVE 03:51 Patch Volume Pressure 04:28 Kim Wolf Botnet Arrest 05:13 Botnet Scale and Swatting 06:48 International Takedowns 07:41 Ghost CMS Mass Exploits 09:07 ClickFix Infection Chain 10:25 How to Remediate Ghost 10:39 Iran Spear Phishing Ops 12:51 Closing and Sign Off #Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec

¿Sabrías diferenciar un Gusano de un Troyano en tu examen? No dejes que la informática te quite la plaza. Muchos opositores subestiman la seguridad informática, pero el tribunal sabe que es el lugar perfecto para poner "preguntas trampa". En este episodio, Fran te explica de forma sencilla y directa todos los conceptos (Malware, Phishing, Ransomware...) que suelen aparecen en los temarios oficiales. No pierdas puntos por una pregunta de informática. ¡Aprende a distinguir cada amenaza! Temas del episodio Virus vs. Gusano vs. Troyano Ransomware y el Spyware: cómo funcionan los secuestros de datos Qué es la Ingeniería Social y el Phishing Conceptos avanzados: Botnets, ataques DDoS y vulnerabilidades de día cero Qué es lo que realmente te va a preguntar el Tribunal en el examen Enlaces de interés Descarga un esquema gratis sobre peligros y amenazas de la red

Your smart devices could be someone else's weapon. A global crackdown wiped out four massive botnets linked to 300,000 attacks. Intelligence Analyst Allan Liska explains who's behind it and what it means for you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Routers, computers, web cameras — they all connect to the internet. And they can be infected with malicious software that lets someone else take over. The device becomes a bot, essentially.A group of these devices networked together then becomes a botnet. And these botnets can then be used for nefarious purposes, like distributed denial of service attacks, without the device owners even knowing about it.Cybersecurity journalist Brian Krebs recently wrote about several large botnets including one called Kimwolf that compromised more than three million devices.

Routers, computers, web cameras — they all connect to the internet. And they can be infected with malicious software that lets someone else take over. The device becomes a bot, essentially.A group of these devices networked together then becomes a botnet. And these botnets can then be used for nefarious purposes, like distributed denial of service attacks, without the device owners even knowing about it.Cybersecurity journalist Brian Krebs recently wrote about several large botnets including one called Kimwolf that compromised more than three million devices.

Synopsis Dans l'épisode 0x290, Patrick, Steve et Francis reviennent sur une semaine chargée en cybersécurité. Un marin français a révélé la position du porte-avions Charles de Gaulle en Méditerranée via Strava — un problème d'OPSEC récurrent qui rappelle le cas du capitaine de sous-marin russe traqué et exécuté grâce à ses données de course à pied. L'équipe en profite pour discuter de l'utilisation des téléphones personnels par les policiers et militaires canadiens. L'équipe décortique ensuite ce qui pourrait être une des plus grosses brèches au Canada : TELUS Digital compromis par le groupe Shiny Hunters, avec un pétaoctet de données exfiltrées. Le tout via des outils de base comme TruffleHog, en scannant des mots de passe en clair dans les données internes. L'ampleur touche TELUS Santé, la domotique (ADT) et bien plus. Parmi les autres sujets : Google qui finalise l'acquisition de Wiz, Microsoft Copilot qui contourne les règles d'accès pour lire des courriels restreints, la Commission d'accès à l'information du Québec sous enquête, le démantèlement de quatre botnets majeurs avec la participation de la SQ et de la GRC, la vente de son visage et sa voix à l'IA, les pannes informatiques récurrentes dans les hôpitaux québécois, et les menaces cyber liées au conflit au Moyen-Orient qui touchent directement le Canada — incluant l'attaque destructrice contre le conglomérat biomédical Stryker via Microsoft Intune. L'épisode se termine avec un hommage humoristique au décès de Chuck Norris et une réflexion sur la vulnérabilité des infrastructures essentielles canadiennes, d'Hydro-Québec aux stations radar du Grand Nord. Crew Patrick Mathieu Steve Waterhouse Francis Coats Liens et ressources Steve StravaLeaks : le porte-avions Charles-de-Gaulle localisé en temps réel grâce à l'application de sport TELUS Digital confirms breach after hacker claims 1 petabyte data theft US seizes domains and infrastructure used in sprawling botnet campaigns Justice Department disrupts botnet networks that hijacked 3 million devices La Commission d'accès à l'information visée par des enquêtes Canada should ‘absolutely' match Poland's Chinese EV ban at military bases: expert Stryker attack wiped tens of thousands of devices, no malware needed Seriez-vous prêt à vendre votre voix ou à louer votre visage pour entraîner une IA? Switzerland built a secure alternative to BGP ‘Source of data': are electric cars vulnerable to cyber spies and hackers? Max severity Ubiquiti UniFi flaw may allow account takeover The US bans all new foreign-made network routers Patrick Crunchyroll data breach Wiz acquisition finalisée par Google Anthropic finds 22 Firefox vulnerabilities using Claude Disnat serre la vis - MFA enfin activé L'hôpital Maisonneuve-Rosemont affecté par une panne informatique Google Chrome - 26 CVE patchés Microsoft error sees confidential emails exposed to AI tool Copilot Francis ITSEC 2026 : j'y serai! Shamelessplug Join Discord — channel

Law enforcement seizes botnet infrastructure California city and LA transit agency report cybersecurity issues Microsoft Azure Monitor alerts used for callback phishing attacks  Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-cybersecurity-news-international-botnet-takedown-california-city-ransomed-azure-monitor-phishing/ Huge thanks to our sponsor, ThreatLocker Most breaches don't start with a zero-day — they start because something unexpected was allowed to run. One way organizations reduce risk is by shrinking the attack surface: deciding what software should be allowed to execute and blocking everything else by default. Fewer unknowns means fewer opportunities for attackers. Learn more at ThreatLocker.com

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com  

Buster presents Basspaths feat Botnet on Sub FM 12th March 2026 - https://www.sub.fm

Sylvester ist im Urlaub, daher springt kurzerhand Jan Mahn von der c't ein. Und der hat eine brisante Geschichte mitgebracht, in der es um "Bulletproof Hoster" geht. Also um Anbieter, die auf die guten Sitten im Internet pfeifen - manchmal gar auf Recht und Gesetz - solange ihre oft zwielichtige Kundschaft ihnen monatlich Geld überweist. Doch vorher gibt es einen längeren Rant über einen Security-Appliance-Hersteller, den Christopher sich nicht selber ausgedacht hat, sondern den der Finanz-Nachrichtendienst Bloomberg veröffentlichte. Und es gibt einige PKI-Neuigkeiten, die fast alle etwas mit IP-Adressen zu tun haben.

Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary] https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708 OpenSSH Update on MacOS https://www.openssh.org/releasenotes.html Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations

Today on Tech and Science Daily from The Standard: the UK sets out new measures aimed at protecting universities from foreign interference, as concerns grow about pressure on researchers and sensitive collaboration. Plus, a record-setting DDoS attack is linked to the AISURU/Kimwolf botnet — a reminder that insecure everyday devices can end up powering serious cyber disruption. And in gaming, Sony confirms a 60+ minute State of Play landing this week, with major updates expected for the PS5 slate. We also look to science, with new research pointing to an empty lava tube beneath Venus, and a fresh method for measuring energy loss in nanoscale systems that could help shape future electronics. Hosted on Acast. See acast.com/privacy for more information.

This week we talk about the new CISA Binding Operational Directive that sets a deadline for removing end of support edge security devices from federal government networks (1:15), then we discuss the new research from Silent Push on the new variant of the SystemBC botnet (6:45), and finally we have a movie recommendation for you: Joybubbles, the fascinating new documentary about phone phreaker Joe Engressia Jr.Support the show

Battling Cryptojacking, Botnets, and IABs Cryptojacking often comes with less obvious addons, like SSH backdoors https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632 Microsoft Copilot Reprompt Attacks Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow. https://www.varonis.com/blog/reprompt Hijacking Bluetooth Accessories Using Google Fast Pair Google s fast pair protocol is often not implemented correctly, allowing the Hijacking of Bluetooth accessories https://whisperpair.eu/#about

Everything old is new again in this Packet Protector news roundup, from end-of-life D-Link routers facing active exploits (and no patch coming) to a five-year-old Fortinet vulnerability being freshly targeted by threat actors (despite a patch having been available for five years). We also dig into a clever, multi-stage attack against hotel operators that could... Read more »

Everything old is new again in this Packet Protector news roundup, from end-of-life D-Link routers facing active exploits (and no patch coming) to a five-year-old Fortinet vulnerability being freshly targeted by threat actors (despite a patch having been available for five years). We also dig into a clever, multi-stage attack against hotel operators that could... Read more »

Synopsis Dans cet épisode, Steve, Patrick, Francis et Jacques revient sur une semaine particulièrement chargée en actualité cybersécurité, mêlant enjeux technologiques, sécurité publique et décisions politiques. On débute avec des nouvelles locales et matérielles, notamment la nomination de Pierre Brochet comme nouveau chef de la police de Laval, ainsi que la découverte de failles majeures et d'un microphone non documenté dans le NanoKVM de Sipeed, soulevant des questions sérieuses sur la chaîne d'approvisionnement et la confiance envers le matériel. La discussion se poursuit avec les correctifs Microsoft de décembre 2025 : trois failles zero-day activement exploitées, des dizaines de vulnérabilités corrigées et une mise à jour de sécurité étendue pour Windows 10. L'équipe analyse aussi une arrestation marquante en Espagne liée au vol de 64 millions de dossiers personnels, ainsi qu'une attaque zéro-clic particulièrement inquiétante capable d'effacer un Google Drive complet via de simples courriels piégés. Un large segment est consacré aux menaces à grande échelle : l'exploitation de la faille React2Shell, ses impacts en cascade (jusqu'à une panne Cloudflare), des campagnes liées à la Chine, et un botnet responsable d'une attaque DDoS record de près de 30 Tbps. S'ajoutent des cas troublants de cybercriminalité, comme la vente de vidéos intimes issues de caméras IP piratées. Enfin, l'épisode explore les enjeux émergents autour de l'IA : vulnérabilité persistante des LLM aux prompt injections, utilisation militaire de l'IA par Google, cyberassurance couvrant les deepfakes, et avertissements sur le rôle croissant de l'IA dans la chaîne de menaces. Le tout est replacé dans un contexte géopolitique et sociétal, entre surveillance étatique, hacktivisme pro-russe et nouvelles régulations, notamment l'interdiction des réseaux sociaux pour les moins de 16 ans en Australie. Nouvelles Francis Pierre Brochet, nouveau chef de la police de Laval TVA Nouvelles Researcher finds undocumented microphone and major security flaws in Sipeed NanoKVM Jacques Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws Microsoft releases Windows 10 KB5071546 extended security update Spain arrests teen who stole 64 million personal data records Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails Steve India backs off mandatory “cyber safety” app after surveillance backlash Researchers track dozens of organizations affected by React2Shell compromises tied to China's MSS React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable Cloudflare blames today's outage on React2Shell mitigations Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack Korea arrests suspects selling intimate videos from hacked IP cameras Pro-Russia hacktivists conduct opportunistic attacks against U.S. and global critical infrastructure (JCA-AA25-343A) Organizations can now buy cyber insurance that covers deepfakes UK cyber agency warns LLMs will always be vulnerable to prompt injection Ignoring AI in the threat chain could be a costly mistake, experts warn Millions of children and teens lose access to accounts as Australia's world-first social media ban begins Australia social media ban – explainer video Google is powering a new US military AI platform Crew Patrick Mathieu Steve Waterhouse Francis Coats Jacques Sauvé Shamelessplug Join Hackfest/La French Connection Discord #La-French-Connection Join Hackfest us on Masodon POLAR - Québec - 29 Octobre 2026 Hackfest - Québec - 29-30-31 Octobre 2026 Crédits Montage audio par Hackfest Communication Music par Kazuki – Four Day Weekend - Dusk Locaux virtuels par Streamyard

Chris and Hector break down North Korea's covert push to infiltrate Western companies through fake IT recruiting, the leaked Predator spyware network targeting journalists and activists, and a record shattering DDoS attack driven by millions of compromised IoT devices. Along the way they unpack lazy opsec, hardware backdoors, and why everyday consumer tech keeps ending up in global cyber warfare. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Chris and Hector break down North Korea's covert push to infiltrate Western companies through fake IT recruiting, the leaked Predator spyware network targeting journalists and activists, and a record shattering DDoS attack driven by millions of compromised IoT devices. Along the way they unpack lazy opsec, hardware backdoors, and why everyday consumer tech keeps ending up in global cyber warfare. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

KFI Tech Reporter Rich DeMuro joins Wake Up Call for ‘Wired Wednesday’! Rich talks about Samsung’s NEW tri-folding phone, a free website to see if your home is part of a botnet, and the best places to go for online shopping promo codes.See omnystudio.com/listener for privacy information.

Im Podcast kränkelt's: Bei Cloudflare gab es einen dreistündigen Schluckauf, der Co-Host hat Hustenanfälle und Würmer befielen mal wieder NPM. Christopher und Sylvester schauen sich ausgiebig an, was die zweite Ausgabe der Javascript-Schadsoftware "Sha1-Hulud" anders macht als die erste und befassen sich auch noch einmal mit "Glassworm", einem Thema der letzten Folgen. Dort ist im Nachhinein unklar, ob es sich tatsächlich um einen Wurm handelt oder vielleicht eher ein Botnet, wie Christopher mutmaßt. Doch auch der dreistündige Ausfall bei Cloudflare steht auf der Tagesordnung - mit ungewohnt viel Lob der Hosts! - und ob Whatsapp wirklich das größte Datenleck der Geschichte hatte, ergründen die beiden heise-Redakteure ebenfalls. - Cloudflare zum Ausfall am 18. November: https://blog.cloudflare.com/18-november-2025-outage/ - Threema zum WhatsApp-Scraping: https://threema.com/de/blog/whatsapp-datenleck-2025 - Trend Micros technische Analyse von Shai Hulud 2.0: https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html - Expel zu Cache Smuggling: https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/ - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de

AWS outage botnet smacks 28 countries LLMs help malware authors evade detection Anthropic questioned over Claude espionage Huge thanks to our episode sponsor, KnowBe4 Cybersecurity isn't just a tech problem—it's a human one.   That's why KnowBe4's Human Risk Management platform allows you to measure, quantify and actually reduce human risk across your organization.   With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively. Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.

In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security breaches affecting critical infrastructure and the broader impact of cybersecurity on financial sectors. Ethical concerns about AI's use in creating inappropriate content and the urgent need for better regulatory frameworks for tech and cloud providers are underscored. The episode concludes with a humorous moment as Jim dons a gifted white TOK, bringing a smile to the discussion. 00:00 Introduction and Sponsor Message 00:18 Panel Introduction and AI Discussion 01:02 Cloud Outages and Their Impact 02:52 DNS and Internet Fragility 07:07 Botnets and Cybersecurity Threats 14:09 Industrial Control Systems Vulnerabilities 26:29 AI in Cybersecurity 35:37 Voice Deepfakes and Authentication Risks 38:32 Creative Scams and Real-Time Voice Translators 39:22 The Importance of Safe Words and Persistent Surveillance Issues 40:17 Hybrid Scams and Financial Crimes in Canada 41:44 Corporate Reputation and Financial Crimes Agency 42:41 Challenges with Digital Banking and Security 44:49 The Role of AI and Security in Financial Transactions 45:55 The Impact of Open Banking and Real-Time Payments 50:57 Email Filters and Cybersecurity Awareness 58:03 Microsoft's Security Challenges and Vulnerabilities 01:03:39 Legal Consequences for Cybercriminals 01:12:17 Final Thoughts and Acknowledgements

Got a question or comment? Message us here!This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this “shotgun” exploitation strategy is fueling massive DDoS and crypto-mining attacks.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire? The EU aborted their Chat Control vote knowing it would fail. Salesforce says it's not going to pay; customer data is released. Hackers claim Discord breach netted 70,000 government IDs. Microsoft to move Github to Azure. What could possibly go wrong. New California law allows universal data sharing opt-out. OpenAI reports that it's blocking foreign abuse. Who cares. IE Mode refuses to die, so Microsoft is burying it deeper. The massive mess created by Texas legislation SB2420. The BreachForums website gets a makeover. 100,000 strong global botnet attacking U.S. RDP services. UI experts weigh in on Apple's iOS 26 user-interface. 330,000 publicly exposed REDIS servers are RCE-vulnerable Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security expressvpn.com/securitynow vanta.com/SECURITYNOW canary.tools/twit - use code: TWIT bigid.com/securitynow

Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire? The EU aborted their Chat Control vote knowing it would fail. Salesforce says it's not going to pay; customer data is released. Hackers claim Discord breach netted 70,000 government IDs. Microsoft to move Github to Azure. What could possibly go wrong. New California law allows universal data sharing opt-out. OpenAI reports that it's blocking foreign abuse. Who cares. IE Mode refuses to die, so Microsoft is burying it deeper. The massive mess created by Texas legislation SB2420. The BreachForums website gets a makeover. 100,000 strong global botnet attacking U.S. RDP services. UI experts weigh in on Apple's iOS 26 user-interface. 330,000 publicly exposed REDIS servers are RCE-vulnerable Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security expressvpn.com/securitynow vanta.com/SECURITYNOW canary.tools/twit - use code: TWIT bigid.com/securitynow

Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire? The EU aborted their Chat Control vote knowing it would fail. Salesforce says it's not going to pay; customer data is released. Hackers claim Discord breach netted 70,000 government IDs. Microsoft to move Github to Azure. What could possibly go wrong. New California law allows universal data sharing opt-out. OpenAI reports that it's blocking foreign abuse. Who cares. IE Mode refuses to die, so Microsoft is burying it deeper. The massive mess created by Texas legislation SB2420. The BreachForums website gets a makeover. 100,000 strong global botnet attacking U.S. RDP services. UI experts weigh in on Apple's iOS 26 user-interface. 330,000 publicly exposed REDIS servers are RCE-vulnerable Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security expressvpn.com/securitynow vanta.com/SECURITYNOW canary.tools/twit - use code: TWIT bigid.com/securitynow

Texas is on the brink of forcing Apple and Google to overhaul app downloads with strict age verification laws—are tech giants ready, or is your privacy about to get caught in the crossfire? The EU aborted their Chat Control vote knowing it would fail. Salesforce says it's not going to pay; customer data is released. Hackers claim Discord breach netted 70,000 government IDs. Microsoft to move Github to Azure. What could possibly go wrong. New California law allows universal data sharing opt-out. OpenAI reports that it's blocking foreign abuse. Who cares. IE Mode refuses to die, so Microsoft is burying it deeper. The massive mess created by Texas legislation SB2420. The BreachForums website gets a makeover. 100,000 strong global botnet attacking U.S. RDP services. UI experts weigh in on Apple's iOS 26 user-interface. 330,000 publicly exposed REDIS servers are RCE-vulnerable Show Notes - https://www.grc.com/sn/SN-1047-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security expressvpn.com/securitynow vanta.com/SECURITYNOW canary.tools/twit - use code: TWIT bigid.com/securitynow

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don't hold your breath. Hacktivists leak data tied to China's Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteCobra targets developers with malicious extensions. North Korea's Kimsuky group uses AI to generate fake South Korean military IDs. My guest is Tim Starks from CyberScoop, discussing offensive cyber operations. A cyberattack leaves students hung out to dry. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined once again by Tim Starks from CyberScoop discussing offensive cyber operations. You can read Tim's article Google previews cyber ‘disruption unit' as U.S. government, industry weigh going heavier on offense for more background. Selected Reading The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces (Wall Street Journal) 15 ransomware gangs ‘go dark' to enjoy 'golden parachutes' (The Register) 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet (HackRead) China Enforces 1-Hour Cybersecurity Incident Reporting (The Cyber Express) ​​DHS watchdog finds mismanagement in critical cyber talent program (FedScoop) GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe (Arctic Wolf) 'WhiteCobra' floods VSCode market with crypto-stealing extensions (Bleeping Computer) AI-Forged Military IDs Used in North Korean Phishing Attack (Infosecurity Magazine) Mitsubishi to acquire Nozomi Networks for nearly $1 billion. (N2K CyberWire Business Briefing)  Dutch students denied access to jailbroken laundry machines (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Want to work in cybersecurity but don't know where to begin? Or just curious what it takes to break into the field? This week, we're joined by the internet's very own Heath Adams, better known as The Cyber Mentor. He demystifies the application process and what it takes to build a career in cybersecurity – no matter your background.

Malicious Go module steals credentials via Telegram Mirai-based botnet resurfaces targeting systems globally Silk Typhoon hackers exploit cloud trust to hack downstream customers Huge thanks to our sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. Find the stories behind the headlines at CISOseries.com.

The White House has joined TikTok, the social media app that President Trump wanted to ban during his first term. Its first post shows clips of Trump in various events with Kendrick Lamar's track playing in the background. The New York Times notes that it references a popular video edit of Creed, a boxing movie starring Michael B. Jordan, on the app. In the TikTok post, Trump could be heard saying "I am your voice," while the caption reads "America we are BACK! What's up TikTok?" In other news, an Oregon man has been charged in a federal complaint today on allegations of operating a botnet for hire that conducted cyberattacks beginning at least in 2021. Ethan Foltz has been accused of running Rapper Bot, also known as Eleven Eleven Botnet and CowBot, and using it to execute coordinated distributed denial of service or DDoS attacks; Meta rolled out its new voice dubbing feature globally. The Reels feature uses generative AI to translate your voice, with optional lip-syncing. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Four members of President Trump's cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

Please enjoy this encore of Research Saturday. This week we are joined by ⁠⁠Silas Cutler⁠⁠, Principal Security Researcher at ⁠⁠Censys⁠⁠, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: ⁠⁠Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Research Saturday. This week we are joined by ⁠Silas Cutler⁠, Principal Security Researcher at ⁠Censys⁠, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: ⁠Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.

In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts

Presidential cyber executive order signed Neuberger warns of U.S. infrastructure's cyberattack weakness Mirai botnet infects TBK DVR devices Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at  Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

In this Marketing Over Coffee: Learn about Running Traffic, Coordinated Inauthentic Engagement, Finfluencers and more! Direct Link to File Fast Company Article Past Interview on Black Hat SEO and the Search Engine PR battleground Running Traffic Coordinated Inauthentic Engagement as a tool to lift organic traffic 9:02- 11:07 Insta360 X5 Camera. To bag a free […] The post Eric Schwartzman on BotNets and How To Market in the Post Facts World appeared first on Marketing Over Coffee Marketing Podcast.

This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI's role in Canada's next election. Scammers target Singapore's PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women's History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this special International Women's Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, Gianna Whitver, CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez, Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare, Project Management Specialist and Content Developer at N2K Networks, and host of CertByte, Ann Lang, Project Manager at N2K Networks, Jennifer Eiben, Executive Producer at N2K Networks, and Maria Varmazis, host of the T-Minus Space Daily show at N2K Networks for their achievements, resilience, and the invaluable contributions they make to keeping our digital world secure. Selected Reading Russian crypto exchange Garantex's website taken down in apparent law enforcement operation (The Record) Data breach at Japanese telecom giant NTT hits 18,000 companies (BleepingComputer) Malvertising campaign leads to info stealers hosted on GitHub (Microsoft) Canadian intelligence agency warns of threat AI poses to upcoming elections (The Record)  Deepfakes of Singapore PM Used to Sell Crypto, Residency Program (Bloomberg)  Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets (SecurityWeek) Magecart: How Akamai Protected a Global Retailer Against a Live Attack (Akamai)  Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets (BleepingComputer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html Healthcare Malware Hunt Part 1: Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware. https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today's CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today's question comes from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook   Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/cc  Selected Reading New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine) First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek) A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security) Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News) Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch) New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread) Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News) CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek) New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek) Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices