POPULARITY
Categories
Watch The X22 Report On Video No videos found (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:17532056201798502,size:[0, 0],id:"ld-9437-3289"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="https://cdn2.decide.dev/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs");pt> Click On Picture To See Larger PictureCanada tried to put pressure on Trump and the US, it backfired, and Canada has now bowed to Trump. If they followed through Canada would have been a disaster. Inflation is not showing up in the tariffs, Powell running out of time. BBB is on its way, and once the President signs it, the economy is going to take off.Stage is set for the Federal Reserve.The [DS] is panicking, they thought they would be able to start WWIII, strings were cut and now their power is lost. CISA has now issued a cyber attack warning, right on schedule. The stage is set. All roads lead to Obama and Trump and team are bringing the [DS] down the path they want them to follow. This will not end well for the [DS]. Economy are hereby terminating ALL discussions on Trade with Canada, effective immediately. We will let Canada know the Tariff that they will be paying to do business with the United States of America within the next seven day period. Thank you for your attention to this matter! https://twitter.com/disclosetv/status/1939522597550518357 If Canada had kept the Digital Services Tax (DST) in place, the financial and economic consequences would have been significant, primarily due to potential U.S. retaliation and disruptions to the Canada-U.S. trade relationship. Lost Tax Revenue vs. Retaliatory Tariffs: The DST was projected to generate approximately C$5.9 billion (about US$4.3 billion) over five years, or roughly C$1.2 billion (US$870 million) annually, according to Canada's 2024 federal budget However, U.S. President Donald Trump threatened to impose new tariffs on Canadian goods in response to the DST, which could have far exceeded the tax revenue. For context, Canada exports over US$400 billion in goods annually to the U.S., representing 75% of its total goods exports. If the U.S. imposed tariffs (e.g., 10-50% as suggested by Trump's April 2025 tariff levels), the cost to Canadian exporters could have ranged from US$40 billion to US$200 billion annually, depending on the tariff rate and scope. Specific sectors like automobiles, energy, steel, and aluminum (already facing 50% U.S. tariffs) would have been hit hardest, with ripple effects across supply chains. Increased Costs for Canadian Consumers and Businesses: The DST would have imposed a 3% tax on digital services revenue from Canadian users, affecting U.S. tech giants like Amazon, Google, Meta, and Apple. Some companies, like Google, had already introduced surcharges (e.g., a 2.5% “Canada DST Fee” on ads starting October 2024) to offset compliance costs, which would have raised prices for Canadian consumers and businesses reliant on digital services. Canadian business groups warned that these costs would be passed on, increasing the price of digital subscriptions, online marketing, and e-commerce. Economic Impact of Retaliation: The U.S. could have targeted Canadian pension funds and investments through retaliatory measures, as warned by the Canadian Chamber of Commerce. A trade war could have exacerbated Canada's economic slowdown, with unemployment already at 7% in 2025, potentially leading to job losses in export-dependent industries like manufacturing and energy. Sector-Specific Impacts: Automotive and Manufacturing: Tariffs on automobiles and parts would have disrupted integrated North American supply chains, increasing costs for Canadian manufacturers and potentially le...
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin interviews RIMS General Counsel and VP of External Affairs Mark Prysock about the RIMS Legislative Summit in March 2025, how it went, and what to expect next. Mark mentions the registrant participation records they set and the connections they made as they lobbied. As Mark exits, Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management magazine enter the studio to talk with Justin about the mid-year in risk and four Q2 articles in RIMS Risk Management magazine on tariffs, the 2025 hurricane season, the USDA budget cuts and food safety, and minimizing risk while using AI for innovation. After lessons from the articles, Hilary invites listeners to submit risk management articles to RIMS Risk Management magazine. If you publish in the magazine, what opportunities will that open for you? Listen to learn more about the highlights of the first two quarters of 2025 and what to prepare for the rest of the year. Key Takeaways: [:01] About RIMS and RIMScast. [:17] About this episode of RIMScast. We've got three guests today. We'll get a RIMS legislative update from Mark Prysock, and we will look back at major risk management news from the first half of 2025 with Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management magazine. [:48] RIMS-CRMP Workshops! The next Virtual RIMS-CRMP exam prep, co-hosted by Parima, will be held on September 2nd and 3rd. [:58] The next RIMS-CRMP-FED virtual workshop will be led by Joseph Mayo on July 17th and 18th. Register by July 16th. Links to these courses can be found on the Certification Page of RIMS.org and through this episode's show notes. [1:16] RIMS Virtual Workshops! We have a day-long course on July 24th, “Risk Taxonomy for Effective Risk Management.” On August 5th, we have a day-long course about “Emerging Risks.” RIMS members enjoy deep discounts! [1:31] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [1:42] If you tuned in to the recent episode featuring James Lam, you will know that he is hosting a new six-module workshop for us, the “RIMS-CRO Certificate in Advanced Enterprise Risk Management”. [1:56] The inaugural summer course is completely sold out! We are filled to the virtual capacity! Don't worry, in the Fall, the bi-weekly course will begin on October 9th. Registration closes on October 2nd. A link is in this episode's notes. Check it out and register today! [2:15] Mark your calendars for November 17th and 18th for the RIMS ERM Conference 2025 in Seattle, Washington. The agenda is being built. Soon, we will distribute a Call for Nominations for the ERM Award of Distinction. I'll update this episode's show notes when that link is ready. [2:38] Think about your organization's ERM program or one that you know of, and how it has generated value. We will have more on that in the coming weeks. [2:47] RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through May 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when registering by September 30th. [3:01] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by September 30th, and you will also be entered to win a $500 raffle. Don't miss out on this chance to plan and score some extra perks. [3:14] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to register at RIMS.org/membership. [3:24] On with the show! Mark Prysock is the RIMS General Counsel and VP of External Affairs. It's always wonderful to have him on the show. [3:32] He is here to remind us of the RIMS legislative priorities, how they were addressed during the RIMS Legislative Summit in March, and what else we can expect in the way of public policies that RIMS would like to prevent and those we'd like to support. [3:46] There are lots of links in this episode's notes, as well, including ones to RISK PAC and an upcoming fundraiser. Let's get to it! [3:54] Interview! Mark Prysock, welcome back to RIMScast! [4:14] RIMS's top legislative or advocacy priorities for 2025 include opposing legislation on taxing non-profit associations. RIMS is working with other associations on this. The tax would have a significant impact on RIMS. [5:26] Another issue is the Freedom to Invest in Tomorrow's Workforce Act, which would allow individuals to use college savings 529 plans to pay for certifications like the RIMS-CRMP. It's a very popular issue in the association community. [5:55] Third-party litigation funding has become a very big issue, followed by nuclear verdicts. What can we do to stop that? That's an issue that's been growing in both the House and the Senate. RIMS is working within a broad coalition to address that issue. [6:14] RIMS believes, at a bare minimum, there needs to be disclosures when third-party litigation funding agreements are in place so that everyone understands who stands to benefit from a nuclear verdict. It's not the plaintiff. [6:37] The last issue is the National Flood Insurance Program. [7:01] Mark and his team spent Day 1 of the RIMS Legislative Summit in March prepping the registrants so they understood the ins and outs of the issues. They all received one-page leave-behind documents to take to the Congressional offices. [7:18] Panellists had talked to them about the issues. The registrants were prepped to be lobbyists on these issues. [7:30] On Day 2, the registrants went to the Hill and lobbied on behalf of RIMS. [7:39] There were over 60 registrants this year. That was a RIMS Legislative Summit record. They had around 100 Congressional meetings, also a RIMS Legislative Summit record. [8:15] Mark says holding the event at the U.S. Chamber of Commerce building is fantastic. It's a classic D.C. building that everyone knows. It's fairly close to Capitol Hill. You can get all the speakers you want to come and meet with your group there. It's perfect for the Summit. [8:49] A couple of years ago was the first time the Summit met at the Chamber building. Going back this year confirmed that it's going to be the new location for the Summit. Mark says it was an enriching experience for the attendees. [9:33] The Summit lobbyists focus on committees in both the House and Senate with jurisdiction over insurance. [9:47] The House Financial Services Committee has a Subcommittee on Housing and Insurance. Most of the legislation the Summit is concerned about comes from the House. [10:04] That Subcommittee has a new Chair, Congressman Mike Flood from Nebraska. The Summit has made inroads with his office and with other offices, too. [10:28] The Summit's focus is on establishing relationships with newer Congressional offices that are in a position to impact RIMS's legislative priorities. [10:52] Mark says, typically when we meet with a Member of Congress, it might be that we're talking to them because they're well-situated to talk to us about NFIP. [11:02] On other issues, we don't know that they necessarily align with us, but we know that with what we're trying to accomplish with the NFIP, they are going to be a great ally. That's our foot in the door to discuss other legislative issues. [11:24] Marks says the Summit is looking to establish long-term relationships with Members of Congress and educate them on the importance of different issues. [11:58] The RIMS Public Policy Committee will continue hammering on these issues for the remainder of 2025 and into 2026. The tax issues are likely to be resolved in RIMS's favor in the Omnibus tax bill Congress is wrestling with now. [12:18] The One Big Beautiful Bill does not include language for imposing new taxes on non-profits, but it does include the language about liberalizing the use of College 529 plans, which RIMS supports. Mark thinks that it will be wrapped up soon. [12:39] NFIP has been reauthorized through September 30th, the end of the Federal Government's Fiscal Year. There is legislation out there to reauthorize it for a longer period. The RIMS Public Policy Committee is talking with Members of Congress about that. [12:57] Third-party litigation funding is an issue to keep working on for the next couple of years. [13:04] The RIMS Public Policy Committee will be working closely with the RISK PAC Trustees to figure out how they can help to raise more money for the PAC. They have some ideas for things to do at RISKWORLD 2026 in Philadelphia. [13:22] They have a fundraising event in Philadelphia in the middle of July. They'll be sending out Calendar invites to the RIMS membership. 2026 will be an election year, so they want to raise as much money as they can for RISK PAC and the right re-election campaigns. [14:02] At RIMS.org/advocacy, you can see that the RIMS Legislative Summit 2026 will be held from March 16th through 18th. Mark is more excited than ever for next year's Summit! It's an election year. They've got the details nailed down. They'll be at the U.S. Chamber of Commerce. [14:53] They will have a hotel block nailed down soon. They'll start promoting this event far in advance. Mark your calendars, please! As you build your chapters next year, please include some money to send your Advocacy Ambassador to the Legislative Summit 2026 in March. [15:20] We've got the link in this episode's show notes and at RIMS.org/advocacy. You can reach out to Mark Prysock directly through his email address on the RIMS Advocacy page. Write to him if you have questions about what it takes to get there or how you can contribute. [15:43] As Morgan O'Rourke and Hilary Tuttle walk into the studio, Justin thanks Mark Prysock for being on the show. [16:04] Plugs! The very first RIMS Texas Regional Conference will be held from August 4th through the 6th in San Antonio at the Henry B. González Convention Center. Public Registration is open. [16:17] Hotel cut-off for the discounted rate is available through July 7th. The full Conference Agenda is now live, so you can start planning your experience. Don't miss the post-conference workshop, the RIMS-CRMP Exam Prep Course, available onsite. [16:33] This event is open to any RIMS Chapter member. If you are local to the area, you might consider becoming a RIMS member today, so that you can get all the benefits and begin networking with your new RIMS Texas peers. Links are in this episode's show notes. [16:48] You can also visit the Events Page of RIMS.org for more information. We look forward to seeing you in Texas! [16:56] Just a month later, we will be up North for the RIMS Canada Conference 2025, from September 14th through 17th in Calgary. Registration is open. Visit RIMSCanadaConference.CA and lock in those favorable rates. We look forward to seeing you in Calgary! [17:15] On October 1st through the 3rd, the RIMS Western Regional Conference will be held in North San Jose at the Santa Clara Marriott. The agenda is live. It looks fantastic! Visit RIMSWesternRegional.com and register today. [17:31] Let's Get on with the Show! It is July 1st. We have reached the midpoint of 2025. On RIMScast, we like to take stock of the year in risk, so far. Morgan O'Rourke and Hilary Tuttle are going to break it all down for us. [17:54] Morgan O'Rourke is the RIMS Senior Director of Content and Publications. Hilary Tuttle is the Managing Editor of RIMS Risk Management magazine. That's our flagship, at RMmagazine.com. [18:07] We will look back on the Q2 digital issue of RIMS Risk Management magazine and discuss some of the news and trends that have been driving the risk profession. We'll talk about tariffs, AI, and more. Let's get to it! [18:23] Interview! Morgan O'Rourke and Hilary Tuttle, welcome back to RIMScast! [18:50] We are here to talk about the mid-point of 2025 in risk and what it has meant for the profession and the reporting on the profession. The Q2 digital issue of RIMS Risk Management magazine is now available. The link is on this page. [19:26] A big story from this quarter was tariff volatility. In April, Neil Hodge wrote a great article “How to Navigate the Volatile Tariff Landscape.” Many companies underestimate their exposure to tariffs through lower-tier suppliers. [20:06] Hilary says the number one tip is to map your exposure to tariffs via suppliers. Also, think about finished goods as well as what hypothetical future scenarios would mean. We've seen that tariffs are consistently volatile. Map different scenarios to see how they will play out. [20:43] In the article, Neil also mentions alternatives such as near-shoring, alternative suppliers, and technicalities about working within the system. Morgan mentions contract management. Another tip was tariff engineering by modifying your product design or where it's assembled. [21:35] Morgan shares an example. Converse All Stars have a layer of felt on the bottom, which classifies them as slippers, which have a lower tariff. They tweaked the product so it could be classified differently. Morgan just bought a new pair and saw the felt he had never noticed. [23:24] Morgan says certain auto imports may leave out features that would classify them as commercial vehicles, so they don't have a commercial vehicle duty. [24:08] Equipment that was bought before steel tariffs will be more expensive to repair after steel tariffs, and insurance that was in place before the tariffs may not cover the drastically more expensive repairs. This will affect heavy machinery. Revisit your insurance coverage. [25:06] Considering what major assets may be changing with tariff changes would be a helpful next step for people. Morgan refers to finding alternate suppliers or diversifying. If you're starting a new relationship with a supplier, tariffs need to be part of the contract conversation. [25:42] If tariffs are a risk you have not been accounting for in your supplier agreements, you may want to build more flexibility into future agreements. [26:03] Justin mentions the 2025 hurricane season and accurate weather reporting. That relates to supply chain. Hilary includes replacement values, as materials cost more. [26:33] Hilary wrote an article, “The 2025 Hurricane Season Outlook.” Hilary says it's interesting to tell similar stories every year in different ways. She looked at the outlook for this season and compared it to the results from last year. [27:35] She looked for the key trends that drove the results last year and that will impact this year. It's an outlook and also a strategic input. How does your organization need to adapt to this outlook? It's about seeing the overarching trends and figuring out how to act on them. [28:20] Hurricane Beryl came in the summer of 2024. It was one of the earliest major hurricanes to form. It reached Category 5 in 42 hours. What strategies should organizations take to address fast-developing storms? [28:43] Rapid intensification is a major trend with hurricanes. This is fueled by above-average ocean temperatures and other impacts of climate change. Storms are getting worse faster. The energy at the surface level contributes to faster-building hurricanes. Then there are trade winds. [29:09] It is a very big challenge for governments and private industry because you need to prepare much faster. You might only have a day of notice between a tropical storm and a Category 3 hurricane. [29:29] Preparedness is a state of being, not something you deal with if and when a storm arises. It needs to be a constant state of readiness. This year there have been significant budget cuts to NOAA and FEMA. This affects weather forecasting and the number of emergency staff. [30:22] Organizations need to understand that they need an increased amount of self-reliance. You cannot count on the cavalry coming. Preparedness means more than ever this year. [30:38] Morgan says it's less about coordinating with Federal agencies and more about making sure you have your ducks in a row. You may not have access to outside resources. You might be able to coordinate with other companies and organizations. Cooperation helps. [31:43] Hilary says, after last year, we saw with Hurricane Helene that some of these disasters are increasing and hitting in unpredictable areas that don't have the preparedness or the infrastructure because there is not a legacy sense of being at risk for hurricanes. [32:05] Preparedness is different in different regions. Taking an assessment, thinking about some of those scenarios is a strategic risk management issue that may need to shift in new ways. In some of those areas, you might not have local disaster resources because it has not been a risk. [32:38] Prepare by taking a realistic assessment of emergency resources on the ground, what has the historical risk been, and how that is shifting? [32:51] A Small Break! The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [33:10] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centred experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [33:30] General Grant awardees are typically notified at the end of October. The link is in this interview's show notes. Be sure to visit the programs page of SpencerEd.org. [33:40] The Spencer 2025 Funding their Future Gala will be held Thursday, September 18th at the Cipriani 42nd Street in Manhattan, New York. This year's honoree is Tim Ryan, the U.S. President of Lockton, and we hope to have him here on RIMScast this summer. A link is in the show notes. [34:03] Let's Return to the Conclusion of My Interview with Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management magazine! [34:55] Jennifer Post, one of the editors, wrote an article, “USDA Budget Cuts Present Food Safety Risks.” Budget cuts may increase the likelihood of an outbreak of foodborne diseases and compromise the USDA's ability to respond and notify consumers of an outbreak. [36:28] Hilary notes recent outbreaks with cucumbers and tomatoes, which have been deadlier than one might expect. The cucumber recall was for cucumbers that had been sold six weeks before. Hilary has never had a cucumber for more than two weeks. [37:11] Shifting responsibility to under-resourced states creates uneven safety standards. Private companies will have to incur some of the costs of testing and monitoring their food. Who is responsible for coordinating food safety between states or countries is a question mark. [37:50] This is not a great solution. It's an area of uncertainty for now. It is likely to increase costs for individual companies. It also increases the risk exposure for companies that are distributing food that makes people sick, but they don't know it. [38:09] The number of people getting sick and the amount of money a company will lose balloon as a function of time and notice. There are a lot of components to this issue. [38:30] Hilary says we are also seeing some concern around whether some of the shifting standards are going to create different levels of safety in different types of products or from different regions. This shifts a lot of the burden onto the consumer and private companies. [38:42] Morgan adds that beyond the cuts to NOAA, FEMA, and the USDA, there are cuts to cybersecurity infrastructure with CISA. These cuts remove a level of oversight that people have come to rely on. The cuts push responsibility for risks further onto states and private industry. [39:26] Morgan says they were worried about the appetite for change in the government from the Trump administration. The administration is making changes. Some of the fallout is that it has changed the risk landscape regarding storm damage, food safety, cybersecurity, and more. [39:46] You may have to reassess your risks in the light of these cuts to Federal agencies. Hilary points out that the cuts are not fluff when you realize the functions these agencies have. [40:21] Hilary quotes a food safety professor from the article. “Oversight is not a bureaucratic formality; it's the invisible line between routine production and preventable tragedy.” Hilary thinks that quote applies across a number of the cuts that have been made. [40:39] The magazine has an article on AI called “Balancing Innovation and Compliance When Implementing AI.” Morgan reports that AI is all over the place now. The conversation has to involve implementation issues and liability risks. AI hallucinations and data security are issues. [42:03] You need to have a level of human intervention and involvement to be looking for things that you might have taken for granted are true, but that are problematic or make you liable for something. [42:17] Hilary says another big issue is that the technology is drastically outpacing regulation, safety measures, and best practices. You need to be asking, “What do we have a defensible business reason to do, and what are we putting in place to safeguard those?” [42:44] Some of the AI applications around hiring incur very real consequences in terms of human impact and regulatory impact. You may be dealing with serious employment fines or other things of that nature that regulators will catch up on. [43:06] AI systems are designed to please you. They are not designed to do the right thing or to make intelligent choices. They guide a user, and the user needs to guide them. Hilary compares using AI to riding an elephant. The elephant can go where it wants to go; you need to control it. [43:55] Hilary says that a lot of these AI engines perpetuate bias that the people who developed them may or may not have or may not realize that they have. A large company for a while only hired white men because those were the people who had been successfully hired in the past. [44:20] The content online that trains these models is the content that is published online. It requires a certain amount of privilege, experience, education, and life perspective. It doesn't draw on the body of human experience and knowledge for representative bodies. [44:49] You have to bring a certain diversity of experience, and also check those inputs with either people or other sources. Morgan talks about the feeling you might get that something like an email was written by an AI. The homogeneity starts to erode the quality of things. [45:27] Morgan has read that one of ChatGPT's quirks is that a lot of responses will have a “not this but that” structure. For instance, “It's not just soup, it's a meal!” Once you see it, you start to see it everywhere. Hilary says a giveaway is the use of inserted emojis. [46:32] Morgan and Hilary have been editing for quite a while. Morgan can identify who wrote a piece of writing by its style. If you get an email from someone with turns of phrase they would never use, you know it's AI. Losing track of what's going on is not to your advantage. [47:26] Having AI write an email is an example of something that just because you can do it, doesn't mean you should do it. Should you be working in an environment in which you don't know how to interact functionally with your coworkers, the length of an email? [48:13] Engineering prompts are one of the biggest skills people need to learn in working with AI. Prompt engineering is the most important component that Hilary had to struggle to learn in an AI course she took. It makes the biggest difference to AI being usable. Take a prompt class. [49:05] Justin shares an experience he had using AI to make an email response he had written much shorter and less defensive. It wasn't perfect, but it helped him to revise his message. [49:47] Hilary said that Justin gave a great example of prompt engineering. You want to tell it who the recipient is, who you are, and what your specific concern is to address. You can also ask it to explain the changes that it makes, so you learn how to write better emails next time. [50:43] Hilary urges caution on choosing the platform. ChatGPT is decent for writing because you can prime it. You can't prime Copilot, and she says a lot of the results are garbage. [51:46] The Q2 edition of RIMS Risk Management magazine is online. All the articles are on the site as links and as part of the digital edition. [51:56] A reminder to the audience: RIMS Risk Management magazine is always seeking contributors and contributions, primarily from the risk profession. The topics that are important to you are the topics that are important to your colleagues. Get your voices out there! [52:37] A good submission answers two questions: Why this? And why now? Why should other people care about this issue? New regulations? New fines? A recent court case? Is there a nuance you are highlighting? Another question is, so what? What do you do about it? [53:28] Justin offers, How will the audience be able to do their job better based on the information you're telling them? Morgan comments that the idea is risk management. You want to get to the management part of it so your organization can do something about it. [53:58] Go to RMMagazine.com and see the Contribute button at the top. That's where you'll find the editorial submission guidelines and the contact information for Morgan, Hilary, and Jennifer. They are open to your ideas, so by all means, reach out. You never know what it could lead to! [54:58] Hilary says they also welcome feedback on their existing coverage and the challenges you are seeing in the field. [55:27] Hilary and Morgan are going to rejoin us at the end of the year. We always close the year with an episode when they look back on the year and forward to the next. [56:01] Special thanks to my RIMS colleagues Mark Prysock, Morgan O'Rourke, and Hilary Tuttle for joining us here on RIMScast! Visit RIMS.org/advocacy to connect with Mark, and RMMagazine.com to connect with Morgan and Hilary, and get the latest risk news and insight. [56:23] Links are in this episode's show notes, including a link to the Contribute page on RMMagazine.com. [56:29] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [56:57] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [57:15] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [57:33] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [57:49] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [68:04] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [58:11] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Registration now open. RIMS-CRMP In-Person Workshop in Texas Aug. 6 & 7 RIMS Canada 2025 — Sept. 14‒17 | Registration now open! RIMS Western Regional — Oct 1‒3 | Bay Area, California | Registration now open! RISKWORLD 2026 — Members-only early registration! Register through Sept 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS Risk Management magazine | Contribute “How to Navigate Tariff Volatility” (April 3, 2025) “2025 Hurricane Season Outlook” (June 9, 2025) “USDA Budget Cuts Present Food Safety Risks” (May 21, 2025) “Balancing Innovation and Compliance When Implementing AI” (April 30, 2025) RIMS Now The Strategic and Enterprise Risk Center Spencer Education Foundation — General Grants 2026 — Application Deadline July 30, 2025 RIMS ERM Conference 2025 — Nov 17‒18 in Seattle! [Save the Date!] “RIMS-CRO Certificate in Advanced Enterprise Risk Management” — Featuring Instructor James Lam! Summer course sold out! | Fall bi-weekly course begins Oct 9. RIMS Diversity Equity Inclusion Council RIMS Webinars: RIMS.org/Webinars Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP-FED Exam Prep Virtual Workshop — July 17‒18 RIMS-CRMP Exam Prep Virtual Workshop — Sept 2‒3, 2025 | Presented by RIMS and PARIMA Full RIMS-CRMP Prep Course Schedule “Risk Taxonomy for Effective Risk Management” | July 24 | Instructor: Joe Mayo “Emerging Risks” | Aug 5 | Instructor: Joe Mayo See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “James Lam on ERM, Strategy, and the Modern CRO” “RIMS Legislative Priorities in 2025 with Mark Prysock” “Q1 2025 Risks with Morgan O'Rourke” Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Mark Prysock, General Counsel at Risk and Insurance Management Society, Inc. (RIMS) Morgan O'Rourke, Director of Publications at RIMS Hilary Tuttle, Managing Editor of Risk Management Magazine Production and engineering provided by Podfly.
CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is Debbie Gordon, Co-Founder of Cloud Range, looking “Beyond the Stack - Why Cyber Readiness Starts with People.” An IT worker's revenge plan backfires. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, Debbie Gordon, Co-Founder of Cloud Range, shares insights on looking “Beyond the Stack - Why Cyber Readiness Starts with People.” Learn more about what Debbie discusses in Cloud Range's blog: Bolstering Your Human Security Posture. You can hear Debbie's full conversation here. Selected Reading CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment (CISA) Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (CISA, FBI, DOD Cyber Crime Center, NSA) Prolific cybercriminal group now targeting aviation, transportation companies (Axios) U.S. Cyber Diplomacy at Risk Amid State Department Shakeup (GovInfo Security) Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns (Infosecurity Magazine) Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos (Hackread) MacOS malware Poseidon Stealer rebranded as Odyssey Stealer (SC Media) Airoha Chip Vulnerabilities Expose Headphones to Takeover (SecurityWeek) FDA Expands Premarket Medical Device Cyber Guidance (GovInfo Security) 'Disgruntled' British IT worker jailed for hacking employer after being suspended (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this expert-led session, you'll get a complete roadmap to mastering the CISA exam with confidence. A seasoned CISA professional walks you through a proven study strategy — from building a personalized study plan to breaking down the exam's structure and mastering all four domains.You'll learn how to use practice questions effectively, manage your time during the exam, and approach each question with clarity and logic. This episode also covers key exam pitfalls, mindset shifts, and insights to help you avoid common mistakes and maximize your chances of success.
¿Problemas de adicción al #alcohol, #drogas…? ☎️ 915 630 447 ¡LLAMANOS 24H! 🌐 https://bienestar.neurosalus.com/ Solicita ahora mismo información sobre tratamientos de desintoxicación, precios, disponibilidad de plazas… HA SIDO POSIBLE CREAR EL PROGRAMA “LA REUNIÓN SECRETA” GRACIAS A TU AYUDA COMO GUARDIÁN MECENAS. ***** HAZTE MECENAS EN https://www.patreon.com/lareunionsecreta Esta noche vive un nuevo directo de #LaReuniónSecreta desde la 22:00 hora española. Te decimos lo que nadie dice: sin anestesia y sin edulcorantes. ¡La Reunión Secreta somos todos! No se lo digas a nadie… ¡PÁSALO! 🔁💪🤫 🎸 CARLITOS TÍNEZ https://www.youtube.com/channel/UC0eeuxpQ70z-Pe0rHhOq9Fg Conexiones en directo con: - 🎖️ Alfredo Perdiguero (Subinspector de la Policía Nacional. Delegado de ASP) - Carlos Paz (Analista político especializado en Oriente Medio. Escritor) - 🎖️ Dr. Guillermo Rocafort (Doctor en Ciencias Económicas por la Universidad San Pablo. Profesor de Economía Pública y Economía de la Empresa en la Universidad Carlos III de Madrid. Profesor del Departamento de Derecho Económico y Social de la Universidad Pontificia Comillas. Abogado) - Gabriel Araújo (Secretario general de la Asociación Nacional de Tasadores y Peritos Judiciales Informáticos - ANTPJI. Perito en informática forense. Auditor de sistemas CISA. Hacker ético CEHv7) - 🎖️ Profesor Dr. Ismael Santiago (Economista. Profesor doctor en Finanzas en la Universidad de Sevilla. Es fundador del proyecto AgoBlockchain y OlivaCoin. Es asesor internacional en procesos de Ofertas Iniciales de Moneda - ICO y en finanzas descentralizadas - DeFi. Experto en macroeconomía, ciclos económicos y criptoactivos) Con el equipo habitual de La Reunión Secreta: Dr. José Miguel Gaona, Joan Miquel MJ, Carlos Martínez, Lourdes Martínez, Marta Vim, Olga Ralló y Luna de María. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ SÍGUENOS EN REDES Twitter: https://twitter.com/lrsecreta Instagram: https://www.instagram.com/lareunionsecreta/ Facebook: https://www.facebook.com/LRsecreta REDES SOCIALES DEL EQUIPO | DR. JOSÉ MIGUEL GAONA | - https://twitter.com/doctorgaona | DIRECTOR | - Joan Miquel MJ - https://www.instagram.com/official_joan_miquel_mj/ | PRODUCTORA | - Lourdes Martínez - https://twitter.com/chicadelaradio | AYUDANTE DE DIRECCIÓN | - Olga Ralló - https://twitter.com/olgarallo | AYUDANTE DE PRODUCCIÓN | - Carlos Martínez - https://twitter.com/Carlitos_Tinez _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Cybercriminals target financial institutions across Africa using open-source tools. Threat actors are using a technique called Authenticode stuffing to abuse ConnectWise remote access software. A fake version of SonicWall's NetExtender VPN app steals users' credentials. CISA and the NSA publish a guide urging the adoption of Memory Safe Languages. Researchers identify multiple security vulnerabilities affecting Brother printers. Fake AI-themed websites spread malware. Researchers track a sharp rise in signup fraud. A new Common Good Cyber Fund has been launched to support nonprofits that provide essential cybersecurity services. Tim Starks from CyberScoop joins us to discuss calls for a federal cyberinsurance backstop. A Moscow court says ‘nyet' to more jail time for cyber crooks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are again joined by Tim Starks, Senior Reporter from CyberScoop. Tim discusses his recent piece on “Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends.” Selected Reading Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector (Unit 42) Hackers Abuse ConnectWise to Hide Malware (SecurityWeek) Fake SonicWall VPN app steals user credentials (The Register) CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development (GB Hackers) New Vulnerabilities Expose Millions of Brother Printers to Hacking (SecurityWeek) Black Hat SEO Poisoning Search Engine Results For AI (ThreatLabz) Half of Customer Signups Are Now Fraudulent (Infosecurity Magazine) Common Good Cyber Fund Launched to Support Non-Profit Security Efforts (Infosecurity Magazine) Russia releases REvil members after convictions for payment card fraud (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Logan Wamsley talks with George Barham about The IIA's Cybersecurity Topical Requirement. They discuss how internal audit functions should prepare for its 2026 effective date, and why CAEs should take action now. The conversation also highlights the requirement's companion user guide, outsourcing considerations, framework references, and IIA resources available to help internal audit functions conform with confidence. HOST:Logan WamsleyAssociate Manager, Content Development, The IIA GUEST:George Barham, CIA, CRMA, CISA,Director, Standards & Guidance, The IIA KEY POINTS: Introduction [00:00-00:00:21] Background on the Cybersecurity Topical Requirement [00:00:21-00:01:31] Key Feedback and Early Implementation Advice [00:01:31-00:03:09] Tips from CAEs on Getting Started [00:03:09-00:04:37] How to Use the Companion User Guide [00:04:37-00:05:57] Outsourcing Considerations [00:05:57-00:07:30] Framework References and Mapping [00:07:30-00:09:37] Keeping Up with the Evolving Cyber Landscape [00:09:37-00:11:30] Annual Review and Updates [00:11:30-00:12:24] Advice as the Effective Date Approaches [00:12:24-00:14:26] Additional IIA Resources and Support [00:14:26-00:16:38] Final Thoughts [00:16:38-00:18:23] THE IIA RELATED CONTENT: Interested in this topic? Visit the links below for more resources: Cybersecurity Topical Requirement Executive Knowledge Brief: The Cybersecurity Topical Requirement in Practice GTAG: Assessing Cybersecurity Risk 2025 Cybersecurity Virtual Conference Cyber Resource Center A New Tool to Monitor Established Risks Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
WEDI's Privacy & Security Workgroup Co-Chair Lesley Berkeyheiser (DirectTrust) speakers with Charles Sweat Jr. MD, Healthcare and Public Health Sector Liaison, Cybersecurity and Infrastructure Security Agency (CISA) & Charlee Hess, Director Cybersecurity Division, Critical Infrastructure Protection, US Department Health and Human Services on their organizations' missions, purposes and the resources they have that can help guide best practices for the healthcare industry as it pertains to cybersecurity.
¿Problemas de adicción al #alcohol, #drogas…? ☎️ 915 630 447 ¡LLAMANOS 24H! 🌐 https://bienestar.neurosalus.com/ Solicita ahora mismo información sobre tratamientos de desintoxicación, precios, disponibilidad de plazas… HA SIDO POSIBLE CREAR EL PROGRAMA “LA REUNIÓN SECRETA” GRACIAS A TU AYUDA COMO GUARDIÁN MECENAS. ***** HAZTE MECENAS EN https://www.patreon.com/lareunionsecreta Esta noche vive un nuevo directo de #LaReuniónSecreta desde la 22:00 hora española. Te decimos lo que nadie dice: sin anestesia y sin edulcorantes. ¡La Reunión Secreta somos todos! No se lo digas a nadie… ¡PÁSALO! 🔁💪🤫 🎸 CARLITOS TÍNEZ https://www.youtube.com/channel/UC0eeuxpQ70z-Pe0rHhOq9Fg Conexiones en directo con: - Gabriel Araújo (Secretario general de la Asociación Nacional de Tasadores y Peritos Judiciales Informáticos - ANTPJI. Perito en informática forense. Auditor de sistemas CISA. Hacker ético CEHv7) - 🎖️ Profesor Dr. Ismael Santiago (Economista. Profesor doctor en Finanzas en la Universidad de Sevilla. Es fundador del proyecto AgoBlockchain y OlivaCoin. Es asesor internacional en procesos de Ofertas Iniciales de Moneda - ICO y en finanzas descentralizadas - DeFi. Experto en macroeconomía, ciclos económicos y criptoactivos) - 🎖️ Dr. Guillermo Rocafort (Doctor en Ciencias Económicas por la Universidad San Pablo. Profesor de Economía Pública y Economía de la Empresa en la Universidad Carlos III de Madrid. Profesor del Departamento de Derecho Económico y Social de la Universidad Pontificia Comillas. Abogado) - José Luis Martín Ovejero (Abogado. Experto en retórica y argumentación jurídica. Experto en análisis del comportamiento no verbal y la detección de la mentira. Máster y Profesor en Comunicación No Verbal y Oratoria) Con el equipo habitual de La Reunión Secreta: Dr. José Miguel Gaona, Joan Miquel MJ, Carlos Martínez, Lourdes Martínez, Marta Vim, Olga Ralló y Luna de María. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ SÍGUENOS EN REDES Twitter: https://twitter.com/lrsecreta Instagram: https://www.instagram.com/lareunionsecreta/ Facebook: https://www.facebook.com/LRsecreta REDES SOCIALES DEL EQUIPO | DR. JOSÉ MIGUEL GAONA | - https://twitter.com/doctorgaona | DIRECTOR | - Joan Miquel MJ - https://www.instagram.com/official_joan_miquel_mj/ | PRODUCTORA | - Lourdes Martínez - https://twitter.com/chicadelaradio | AYUDANTE DE DIRECCIÓN | - Olga Ralló - https://twitter.com/olgarallo | AYUDANTE DE PRODUCCIÓN | - Carlos Martínez - https://twitter.com/Carlitos_Tinez _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.
Send us a textWhen automation fails, it fails spectacularly—and at scale. The recent Google Cloud outage that took down over 54 global services for more than seven hours demonstrates this perfectly. A simple error—blank fields in automated policy updates—cascaded into widespread failures affecting millions of users worldwide. This episode dives deep into what went wrong, how it happened, and what it means for cloud resilience in the AI era.We also explore Cisco's dramatic pivot at Cisco Live 2025, where they've committed to refreshing their entire hardware stack and integrating AI throughout their ecosystem. Their new LLM called Deep Network suggests a future where networking infrastructure makes intelligent decisions autonomously. We discuss whether Cisco can deliver on these promises and what the unification of their Meraki and Catalyst lines might mean for customers.The Ultra Ethernet Consortium has finally released their 1.0 specification, establishing a comprehensive standard for high-performance computing environments. This 600+ page document marks a significant milestone in creating viable alternatives to InfiniBand for AI workloads. Meanwhile, Network-as-a-Service pioneer Meter secured $170 million in Series C funding, raising questions about the actual size and sustainability of the NaaS market.On the cybersecurity front, we examine two concerning developments: the mass exodus of leadership from CISA during heightened threat conditions, and a novel zero-click vulnerability in Microsoft 365 Copilot that can expose sensitive data without any user interaction. This "Echo Leak" vulnerability demonstrates how AI systems that automatically scan content create entirely new attack vectors that organizations must defend against.Join us for a fast-paced discussion about these pivotal developments in cloud computing, networking technology, and cybersecurity. What does all this mean for your infrastructure strategy? Listen and find out.Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj
A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs. North Korea's Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA's new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it's time to rethink adversary naming. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here. Selected Reading Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE's Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform) Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record) Microsoft lays out data protection plans for European cloud customers (Reuters) New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News) Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine) Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News) Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek) Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek) Trump's Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity) Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
If you like what you hear, please subscribe, leave us a review and tell a friend!
In this episode of the Defending The Edge Podcast with DefendEdge, we discuss the recent cyber attacks from ConnestWise to Google Calendar. In a recent update, CISA has updated the way of reporting, and the intelligence community is aiming to create a shared threat actor glossary. Deepfake technology is becoming increasingly advanced and alarming. Lastly, Anonymous has been in the headlines for various data dumps. Join us as we discuss all of these topics and more.
International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it's no laughing Meta. CyberWire Guest Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Selected Reading Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer) Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters) Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek) GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News) Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News) Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine) Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity) Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record) Coker: We can't have economic prosperity or national security without cybersecurity (The Record) The Meta AI app is a privacy disaster (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
The Trump administration has proposed cutting nearly half a billion dollars from the cybersecurity and infrastructure security agency's budget next year. But Congress also has a say, and the house appropriators are advancing a bill that would lessen the budget blow to CISA federal news networks. Justin Doubleday is reporting.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Cloudflare says yesterday's widespread outage was not caused by a cyberattack. Predator mobile spyware remains highly active. Microsoft is investigating ongoing Microsoft 365 authentication services issues. An account takeover campaign targets Entra ID users by abusing a popular pen testing tool. Palo Alto Networks documents a JavaScript obfuscation method dubbed “JSFireTruck.” Trend Micro and Mitel patch multiple high-severity vulnerabilities. CISA issues multiple advisories. My Hacking Humans cohost Joe Carrigan joins us to discuss linkless recruiting scams. Uncle Sam wants an AI chatbot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan, one of Dave's Hacking Humans co-hosts, to talk about linkless recruiting scams. You can learn more in this article from The Record: FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. Tune in to Hacking Humans each Thursday on your favorite podcast app to hear the latest on the social engineering scams that are making the headlines from Joe, Dave and their co-host Maria Varmazis. Selected Reading Cloudflare: Outage not caused by security incident, data is safe (Bleeping Computer) Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection (Cyber Security News) Microsoft confirms auth issues affecting Microsoft 365 users (Bleeping Computer) TeamFiltration Abused in Entra ID Account Takeover Campaign (SecurityWeek) 270K websites injected with ‘JSF-ck' obfuscated code (SC Media) Palo Alto Networks Patches Series of Vulnerabilities (Infosecurity Magazine) SimpleHelp Vulnerability Exploited Against Utility Billing Software Users (SecurityWeek) Trend Micro fixes critical vulnerabilities in multiple products (Bleeping Computer) Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking (SecurityWeek) CISA Releases Ten Industrial Control Systems Advisories (CISA) Trump team leaks AI plans in public GitHub repository (The Register) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA, Microsoft warn of Windows zero-day used in attack on ‘major' Turkish defense org 40K IoT cameras worldwide stream secrets to anyone with a browser Marks & Spencer begins taking online orders again, out for seven weeks due to cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh. https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability DNS4EU The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity. https://www.joindns4.eu/ WordPress FAIR Package Manager Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages. https://github.com/fairpm
In recent years, the United States has sustained some of the most severe cyber threats in recent history– from the Russian-government directed hack SolarWinds to China's prepositioning in U.S. critical infrastructure for future sabotage attacks through groups like Volt Typhoon. The Cybersecurity Infrastructure Security Agency (CISA) is responsible for responding to, and protecting against these attacks. How do leaders steer through cyber crises, build trust, and chart a path forward? In conversation with Dr. Brianna Rosen, Just Security Senior Fellow and Director of the AI and Emerging Technologies Initiative, Jen Easterly, who just completed a transformative tenure as Director of CISA under the Biden Administration, unpacks the challenges, breakthroughs, and lessons from the front lines of America's cybersecurity efforts. Jen Easterly Just Security's Cybersecurity coverage Empathy Matters: Leadership in Cyber by Jen Easterly ( 2019)
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns. Segment Resources: https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf https://www.youtube.com/watch?v=vHSXu1P4ZTo Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-334
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns. Segment Resources: https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf https://www.youtube.com/watch?v=vHSXu1P4ZTo Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-334
The Institute of Internal Auditors Presents: All Things Internal Audit In this episode, George Barham talks with Skip Langlois about the unique challenges and opportunities of small internal audit functions. They discuss definitions of a small function, advice for starting one, managing expectations, building relationships and developing future leaders in a small audit environment. Langlois also shares insights on leveraging AI and why emotional intelligence matters as as much as technical skill in a small audit environment. HOST:George Barham, CIA, CRMA, CISA,Director, Standards & Guidance, The IIA GUEST:Martin “Skip” Langlois, CIA, CPA, CISA, CFE, CRMA Senior Vice President and Chief Audit Executive, Encova Insurance Key Points Introduction [00:00-00:00:38] Defining a Small Audit Function [00:00:56-00:01:22] Advice for Starting a Small Audit Function [00:02:03-00:03:48] Building Relationships and Credibility [00:04:12-00:06:06] Identifying Stakeholders and Internal Relationships [00:06:13-00:08:03] Scope and Focus of Small Functions [00:08:13-00:10:22] Networking and External Relationships [00:10:22-00:11:50] Making the Case to Expand a Small Team [00:12:15-00:13:48] Recruiting and Retaining Top Talent [00:13:59-00:15:24] Leveraging AI in Small Functions [00:15:35-00:17:15] Leadership Lessons from the Military [00:17:15-00:19:42] Final Thoughts [00:19:44-00:19:56] The IIA Related Content Interested in this topic? Visit the links below for more resources: 2025 AuditSphere Virtual Conference Resources: Small Audit Function Resources Exchange Global Best Practice: Small Audit Functions, Large Audit Abilities Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns. Segment Resources: https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf https://www.youtube.com/watch?v=vHSXu1P4ZTo Show Notes: https://securityweekly.com/asw-334
The Monday Microsegment for the week of June 9th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.A North Korean ransomware campaign is playing for keeps.A rose by any other name smells as sweet. But would malware by a standardized name be as leet?And is CISA's brain drain a crisis in the making?Head to The Zero Trust Hub: hub.illumio.comIntroducing Illumio Insights: AI Cloud Detection and Response Webinar: https://lp.illumio.com/Introducing-Illumio-Insights-Webinar.On-Demand
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various aspects of cybersecurity, focusing on recent data breaches, the implications for businesses, and the challenges faced by small and medium-sized enterprises (SMBs). He highlights the Victoria's Secret data breach as a case study, examines vulnerabilities in water utilities, and critiques the government's approach to cybersecurity funding and information sharing. The discussion also touches on the market dynamics surrounding cybersecurity firms like CrowdStrike and the implications of workforce changes within the Cybersecurity Infrastructure Agency (CISA).TakeawaysCybersecurity breaches can significantly impact business operations and stock performance.Organizations should proactively assess their connections to compromised entities.The government lacks effective reporting mechanisms for cybersecurity vulnerabilities.Small and medium-sized businesses are often left out of cybersecurity discussions.Congress needs to clarify definitions and incentivize cybersecurity participation among SMBs.Funding cuts to cybersecurity agencies can undermine national security efforts.CrowdStrike's market performance raises questions about accountability in cybersecurity.CISA is facing significant workforce challenges that may affect its effectiveness.Popular Chrome extensions can pose security risks by leaking sensitive data.Proactive measures are essential to mitigate cybersecurity threats.
Register for Free, Live webcasts & summits:https://poweredbybhis.com00:00 - PreShow Banter™ — natural MSG05:31 - Victoria's Secrets are Compromised - Talkin' Bout [infosec] News 2025-06-0206:31 - Story # 1: Authors Are Accidentally Leaving AI Prompts In their Novels08:36 - Story # 1b: This Latest AI Book Debacle Is A Disturbing Part Of A Growing Trend09:41 - Story # 2: Developer Builds Tool That Scrapes YouTube Comments, Uses AI to Predict Where Users Live10:48 - Story # 2b: AI-powered OSINT tool profiles YouTube users, raising privacy concerns15:55 - Story # 2c: Researchers Dump 2 Billion Scraped Discord Messages Online20:28 - Story # 3: Vending-Bench: A Benchmark for Long-Term Coherence of Autonomous Agents21:02 - Story # 3b: An AI Goes Insane, Emails FBI Over $2 (YouTube)26:55 - Story # 4: The UK will totally replace two-thirds of junior civil servants with AI chatbots, says the chatbot27:27 - Story # 4b: Reeves confirms 15% cut to Civil Service running costs29:29 - Story # 5: ConnectWise Breached, ScreenConnect Customers Targeted31:28 - LOLRMM - a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.35:34 - Story # 6: New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers36:19 - Story # 7: US intelligence employee arrested for alleged double-dealing of classified info40:12 - Story # 8: Victoria's Secret takes down website after security incident45:43 - Story # 9: Microsoft and CrowdStrike partner to link hacking group names46:59 - Story # 10: Zscaler Acquisition of Red Canary49:57 - Story # 11: Most of CISA's senior leaders are leaving the agency51:22 - Story # 12: Telegram announces partnership with Musk's xAI51:32 - Story # 13: Google warns of Vietnam-based hackers using bogus AI video generators to spread malware
This week on Caveat, Ben's got the story of Texas becoming the second—and largest—state to pass a law requiring Apple and Google to verify users' ages on app stores and get parental consent before kids and teens can download apps or make purchases, signaling a broader push toward stricter online age checks. Dave dives into the story of President Trump's 2026 budget proposal, which calls for slashing over 1,000 jobs at CISA and cutting the agency's budget by nearly half a billion dollars, raising bipartisan concerns about the future of federal cybersecurity programs. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to stories: Trump budget proposal would slash more than 1,000 CISA jobs A new Texas law mandates age checks on phones. It may be just the start. Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing is on how a federal judge is weighing less aggressive remedies in the U.S. antitrust case against Google, suggesting limited data sharing and conditional changes to its deals with Apple rather than the sweeping 10-year plan proposed by regulators. The judge also noted that emerging AI tools like ChatGPT could disrupt traditional search, raising questions about how future competitors should factor into the case. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
Researchers uncover a major privacy violation involving tracking scripts from Meta and Yandex. A compliance automation firm discloses a data breach. PumaBot stalks vulnerable IoT devices. The Ramnit banking trojan gets repurposed for ICS intrusions. The North Face suffers a credential stuffing attack. Kaspersky says the Black Owl team is a cyber threat to Russia. CISA releases ISC advisories. An Indian grocery delivery startup suffers a devastating data wiping attack. The UK welcomes their new Cyber and Electromagnetic (CyberEM) Command. Our guest is Rohan Pinto, CTO of 1Kosmos, discussing the implications of AI deepfakes for biometric security. The cybersecurity sleuths at Sophos unravel a curious caper. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Rohan Pinto, CTO of 1Kosmos, and he is discussing the implications of AI deepfakes for biometric security. Selected Reading Meta and Yandex are de-anonymizing Android users' web browsing identifiers (Ars Technica) Vanta leaks customer data due to product code change (Beyond Machines) New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials (Cyber Security News) Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift (SecurityWeek) The North Face warns customers of April credential stuffing attack (Bleeping Computer) Pro-Ukraine hacker group Black Owl poses ‘major threat' to Russia, Kaspersky says (The Record) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cyber Security News) Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms (TechCrunch) UK CyberEM Command to spearhead new era of armed conflict (The Register) Widespread Campaign Targets Cybercriminals and Gamers (Infosecurity Magazine) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us a textWelcome to another episode of the “Daily Drop,” where Jared breaks down the chaos disguised as a defense budget. We're talking about a $1 trillion spendathon featuring: cutting cybersecurity staff during peak cyber threat season, trying to mass-produce drones in 24 hours with foreign parts we don't make, and senior leaders treating AI like it's witchcraft.You'll also get the inside scoop on how our Space Force is flexing with rapid GPS launches (kind of), why cutting Air Force Academy faculty could kneecap future warfighters, and which senator is still obsessed with moving Space Command for no tactical reason.PLUS:
Microsoft and CrowdStrike partner to link threat actor names Qualcomm sees Adreno bugs under active exploitation New details on proposed CISA cuts Huge thanks to our sponsor, Conveyor Does trying to get the security questionnaire done and back to your customer ever feel like you're herding cats? It's not answering questions - most of you have automation software for that. It's all of the manual back and forth that becomes a slog like communicating between teams, tracking people down to get their review, updating sources and updating systems. Conveyor just launched an AI agent, Sue, to do all of these things and more for you. Learn about Sue at www.conveyor.com.
The theme of the current administration is to do more with less. Today, we hear from experts on how they have assisted in implementing Zero Trust by leveraging all resources possible. We know implementing Zero Trust is a continuous process; David Bottom from the SEC provides guidelines on what to review constantly. He suggests focusing on decreasing privileges, patching systems, and learning how to extract meaningful signals from the flood of data entering the federal government. None of this can be done without cooperation across the agency. As an example of working with others, David Bottom references the SEC's EDGAR (Electronic Data Gathering, Analysis, and Retrieval). Jennifer Franks, GAO, recommends that listeners take advantage of federal guidelines to spend as little as possible while meeting compliance goals. For example, CISA, OMB, and NIST all offer guidance in implementation. She has an excellent eight-word summary of Zero Trust: right users, proper access, at the right time. Many agencies are understaffed. As a result, one way to meet goals is to leverage the right tools. Brian "Stretch" Meyers believes the most "bang for the buck" will be achieved by using tools to establish visibility. From there, one can identify key items to reach compliance. Zero Trust is an initiative that is here to stay. Listen to the podcast to get ideas on how to optimize the staff and resources at hand.
If you like what you hear, please subscribe, leave us a review and tell a friend!
In this episode, Ryan Williams Sr. and Shannon Tynes discuss the recent budget cuts proposed for the Cybersecurity and Infrastructure Security Agency (CISA) and the implications of these cuts on cybersecurity efforts in the U.S. They highlight CISA's critical role in managing cyber incidents and the importance of maintaining adequate funding for cybersecurity initiatives. The conversation also touches on the challenges CISA faces, including talent retention and the need for continued education in cybersecurity. Article: DHS budget request would cut CISA staff by 1,000 positions https://federalnewsnetwork.com/cybersecurity/2025/05/dhs-budget-request-would-cut-cisa-staff-by-1000-positions/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExSk92elhwQm1sVDhUbXJJcQEe9Qs9B2fABpO-SLCON7ZvpkTGX_G3LDZya8eGBtLc_Z8LMScNY35ADkRNIEM_aem_hj20amxI4DCdhfI-MNEEHg Please LISTEN
An international law enforcement operation dismantles AVCheck. Trump's 2026 budget looks to cut over one thousand positions from CISA. Cyber Command's defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today's Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics. Complete our annual audience survey before August 31. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today's episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference. Selected Reading Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer) DHS budget request would cut CISA staff by 1,000 positions (Federal News Network) Cybercom's defensive arm elevated to sub-unified command (DefenseScoop) vBulletin Vulnerability Exploited in the Wild (SecurityWeek) Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine) Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer) Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer) Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines) Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield) The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw (SecurityWeek) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Artificial intelligence powers many cybersecurity applications, and government agencies are increasingly using AI to augment systems in national security and intelligence capacities. The complexities of AI implementation require careful architectural considerations and robust governance frameworks to ensure safe execution. William MacMillan, former CISO at CISA and current chief product officer at Andesite AI, noted how AI holds tremendous potential to enhance efficiency and accuracy, particularly through "human in the loop" systems that manage vast amounts of data. MacMillan also talks about the critical role of leadership in establishing international AI standards and the necessity of user training and human-AI collaboration for effective implementation.
Drex covers Kettering Health's week-long cyber attack recovery with radiation oncology back online, the mass exodus of CISA leadership amid federal downsizing, and the growing frustration over lack of comprehensive federal cybersecurity strategy for healthcare. Discussion includes regional coordination during cyber incidents and the reality that hospitals are fighting nation-state actors without adequate government support.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt's conversation here. Selected Reading Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity) DDoS incident disrupts internet for thousands in Moscow (The Record) Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com) Australian ransomware victims now must tell the government if they pay up (The Record) New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News) Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity) UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News) CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News) Trump Taps Palantir to Compile Data on Americans (The New York Times) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses various pressing issues in cybersecurity, including the recent leadership changes at CISA, NATO's proposal for cybersecurity spending, market trends in cybersecurity IPOs, and the alarming number of exposed credentials. He emphasizes the importance of cybersecurity in business growth and critiques the healthcare sector's approach to cybersecurity investments. The conversation also touches on emerging threats and concludes with a call to action for the cybersecurity community to address these challenges.TakeawaysCISA's leadership changes raise questions about its effectiveness.NATO's inclusion of cybersecurity in spending targets is a significant development.Market trends indicate a shift towards IPOs in cybersecurity.The exposure of 184 million login credentials highlights ongoing security issues.Cybersecurity teams contribute significantly to business growth.Healthcare organizations prioritize IT security but struggle with implementation.Hackers are increasingly exploiting cloud services for attacks.CrowdStrike's lack of accountability raises concerns in the industry.The cybersecurity community must work together to address emerging threats.There is a need for greater transparency and accountability in cybersecurity incidents.
The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISA's leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO, discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, at the 2025 RSA Conference we were joined by Tony Velleca, CyberProof's CEO, who is discussing exposure management and moving towards a more risk-focused approach to prioritize threats. Listen to Tony's interview here. Selected Reading Chinese spies blamed for attempted hack on Czech government network (The Record) CISA loses nearly all top officials as purge continues- (Cybersecurity Dive) Google warns of Vietnam-based hackers using bogus AI video generators to spread malware (The Record) Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities (SecurityWeek) New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know (Hack Read) Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data (Cybersecurity News) RE/MAX deals with alleged 150GB data theft: Medusa ransomware demands $200K (Cyber News) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cybersecurity News) Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars (The Record) Neural Privacy Under Threat: The Battle for Neural Data (tsaaro consulting) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this week's edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week's news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that's how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA's leadership is fleeing in droves, even though the US needs them more than ever. This week's episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year's RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon' hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events
If you like what you hear, please subscribe, leave us a review and tell a friend!
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia's APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA's sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia's discovery of thousands of hijacked edge devices repurposed as honeypots. The back half veers into Microsoft's resurrected Windows Recall, Signal's new screenshot-blocking countermeasure, Japan's fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. Along the way you get hot takes on techno-feudalism, Johnny Ive's rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Cyber attacks against public safety agencies are rising, with 324 confirmed globally in 2024, including 25 complete system shutdowns. The Public Safety Threat Alliance, established by Motorola Solutions, is a cyber threat Information Sharing and Analysis Organization (ISAO) recognized by CISA that provides actionable intelligence to public safety agencies across the globe to improve their resilience and defense capabilities. Membership in the PSTA is open to all public safety agencies, and there is no cost to join for public sector organizations. In this episode of the Policing Matters podcast, part of a special report from Motorola Solutions Summit 2025, host Jim Dudley speaks with William DeCoste, STARS Program Manager and Telecommunications Engineer Manager with the Virginia State Police Communications Division and Jay Kaine, the Director of Threat Intelligence at Motorola Solutions. They tackle the direct effect cyber attacks can have on public safety agencies and the collaborative efforts underway to combat them. About our sponsor This episode of the Policing Matters podcast is sponsored by Motorola Solutions.
A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here. Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer) Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer) Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer) Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters) New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer) M&S cyber insurance payout to be worth up to £100mn (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards' automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a remote IT job scheme. Europe's cybersecurity agency launches the European Vulnerability Database. CISA pares back website security alerts. Moldovan authorities arrest a suspect in DoppelPaymer ransomware attacks. On today's Threat Vector segment, David Moulton speaks with Noelle Russell, CEO of the AI Leadership Institute, about how to scale responsible AI in the enterprise. Dave & Buster's invites vanish into the void. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Recorded Live at the Canopy Hotel during the RSAC Conference in San Francisco, David Moulton speaks with Noelle Russell, CEO of the AI Leadership Institute and a leading voice in responsible AI on this Threat Vector segment. Drawing from her new book Scaling Responsible AI, Noelle explains why early-stage AI projects must move beyond hype to operational maturity—addressing accuracy, fairness, and security as foundational pillars. Together, they explore how generative AI models introduce new risks, how red teaming helps organizations prepare, and how to embed responsible practices into AI systems. You can hear David and Noelle's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Selected Reading Republicans Try to Cram Ban on AI Regulation Into Budget Reconciliation Bill (404 Media) Spain investigates cyber weaknesses in blackout probe (The Financial Times) Critical Security flaw in ASUS mainboard update system (Beyond Machines) Hackers Exploiting PyInstaller to Deploy Undetectable macOS Infostealer (Cybersecurity News) Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals (GB Hackers) European Vulnerability Database Launches Amid US CVE Chaos (Infosecurity Magazine) Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched (Cybersecurity News) CISA changes vulnerabilities updates, shifts to X and emails (The Register) Suspected DoppelPaymer Ransomware Group Member Arrested (Security Week) Cracking The Dave & Buster's Anomaly (Rambo.Codes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A critical zero-day vulnerability in SAP NetWeaver is being actively exploited. Researchers uncover two major cybersecurity threats targeting IT admins and cloud systems. U.S. prosecutors charge three Russians and one Kazakhstani in connection with the takedown of two major botnets. A new tool disables Microsoft Defender by tricking Windows into thinking a legitimate antivirus is installed. Tim Starks, Senior Reporter from CyberScoop, discusses congressional reactions to White House budget cut proposals for CISA. Fair use faces limits in generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter from CyberScoop, discussing congressional reactions to White House budget cut proposals for CISA. You can find background information in these articles: House appropriators have reservations — or worse — about proposed CISA cuts Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity' Selected Reading iClicker website compromised with fake ClickFix CAPTCHA installing malware (BeyondMachines.net) Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits (SecurityWeek) Fears 'hackers still in the system' leave Co-op shelves running empty across UK (The Record) 437,000 Impacted by Ascension Health Data Breach (SecurityWeek) SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers (Cyber Security News) New SEO Poisoning Campaign Targeting IT Admins With Malware (Hackread) Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets (The Record) Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution (Cyber Security News) Five Takeaways from the Copyright Office's Controversial New AI Report (Copyright Lately) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Judge Blasts Apple For Violating Antitrust Ruling Google's Sundar Pichai Calls US Remedies 'De Facto' Spinoff of Search - Slashdot Firefox could be doomed without Google search deal, says executive Visa Announces Plans to Give AI Agents Your Credit Card Information The Age of Realtime Deepfake Fraud Is Here The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship Congress Moving Forward On Unconstitutional Take It Down Act White House Slams Amazon After Report it Will Highlight Tariff Costs The Kickstarter you backed may soon ask for more money to cover Trump's tariffs Microsoft Raises Xbox Prices 20% as Tariffs Drive Up Cost of Development UPS will cut 20,000 jobs because fewer Amazon packages are coming Elon Musk's DOGE ties could get his companies out of $2 billion in potential liability President Trump's fiscal 2026 budget proposal suggests slashing $491M from CISA's ~$3B budget, claiming the cut "refocuses CISA on its core mission" Government Actually Threatens Wikipedia's Editorial Freedom; Self-Proclaimed Free Speech Warriors Suddenly Have Other Plans Mark Zuckerberg Sailed 5,300 Miles With Two Superyachts Only to Helicopter Up a Mountain and Ski Down in Billionaire Style - Sustainability Times Massive power outage in Spain, Portugal leaves millions in dark Wall Street Banks Sell Final Slug of Elon Musk's X Debt Elon Musk's SpaceX gets a company town in Texas Amazon deploys the first Project Kuiper internet satellites Researchers Secretly Ran a Massive, Unauthorized AI Persuasion Experiment on Reddit Users How Badly Did ChatGPT and Copilot Fail to Predict the Winners of the Kentucky Derby? - Slashdot Quantum message travels record distance over fiber optic network Photo appears to show Mike Waltz using Signal-like app that can archive messages Chinese university designed 'world's first silicon-free 2D GAAFET transistor,' claims new bismuth-based tech is both the fastest and lowest-power transistor yet The one interview question that will protect you from North Korean fake workers Host: Leo Laporte Guests: Owen Thomas, Iain Thomson, and Gary Rivlin Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT outsystems.com/twit drata.com/weekintech coda.io/twit zscaler.com/security