Podcasts about cisa

  • 877PODCASTS
  • 4,370EPISODES
  • 39mAVG DURATION
  • 1DAILY NEW EPISODE
  • Jul 1, 2026LATEST

POPULARITY

20192020202120222023202420252026

Categories



Best podcasts about cisa

Show all podcasts related to cisa

Latest podcast episodes about cisa

Security Now (MP3)
SN 1085: A SOTA State-Sponsored Campaign - AI's New Superpower: Loop Engineering

Security Now (MP3)

Play Episode Listen Later Jul 1, 2026


AI is now uncovering and fixing thousands of hidden software bugs faster than humans can keep up, but not everyone is playing by the rules. Find out how state-sponsored attackers and careless disclosures are turning the cybersecurity playbook upside down. Win10's popularity forces another year of free updates. CISA directs all federal agencies to update their UniFi OS devices. CISA gave federal agencies "the weekend" to update Cisco devices. Australia is disturbed by a deeply compromised infrastructure provider. OpenAI introduces Daybreak-powered "Patch the Planet" initiative. Meta's employee monitoring-for-AI-training backfired badly. Script Kiddies figure out how to use AI to find vulnerabilities. AI improves with "looping", "repeating" or "iterating". A wonderful story about Kevin Mitnick. Serious hackers mistakenly left a server directory accessible Show Notes - https://www.grc.com/sn/SN-1085-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit hoxhunt.com/securitynow cohesity.com/Resilience zscaler.com/security

The CyberWire
The court draws a privacy line.

The CyberWire

Play Episode Listen Later Jun 30, 2026 24:50


The Supreme Court limits geofence warrants. DHS moves to expand CISA. The State Department offers $10 million for Russian hackers. A legal theory could reshape EU-U.S. data sharing. Plus, cyberattacks hit D.C. housing, Oracle and SimpleHelp flaws face active exploitation, malware lingers on Japanese military networks, and stolen Apple supplier data surfaces online. John Cannava, CIO at Ping Identity, discusses how identity threats don't go on holiday. The Secret Service dial down the risk on BYOD.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by John Cannava, CIO at Ping Identity, as he discusses how identity threats don't go on holiday: how attackers take advantage of these high-traffic moments to blend in with normal user behavior, and what needs to change to better protect fans of major events like this summer's World Cup, and identity threats in travel at large. Selected Reading Supreme Court says police need a warrant to obtain Google location data (Washington Post) DHS Eyes 600 New Cybersecurity Hires, New Director for CISA (BankInfo Security) US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp (The Record) US Supreme Court just blew up EU-US Data Transfers (NOYB) DC Housing Authority hit by cyberattack, website down (WJLA) Exploitation of Recent Oracle E-Business Suite Vulnerability Begins (SecurityWeek) USB drives carrying China-linked malware infected Japanese military networks for nearly a year (Bitdefender) A forged login key unlocks SimpleHelp servers, and a new stealer is raiding cloud and AI credentials (SURIQ) Apple iPhone 18 Pro supplier list, parts and photos exposed in Tata data leak (Reuters) Even the Secret Service won't use company-issued phones (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Factory reset required.

The CyberWire

Play Episode Listen Later Jun 26, 2026 25:13


Tata Electronics and Bajaj Auto continue recovery from cyberattacks. FCC tightens undersea cable rules to bolster national security. CISA warns of actively exploited PTC vulnerability. Gamaredon expands toolkit, hides behind legitimate services. Iran-linked hackers turn public warning systems into psychological weapons. Threat actors target critical infrastructure across Southeast Asia. DCloud framework behind global scam economy. Polish police disrupt SIM-swapping gang. French statistics agency reports cyberattack affecting nearly 13,000 staff. Our guest is Michael Fanning, CISO at Splunk, discussing how AI doesn't create problems, it exposes them. And an open-book exam for hackers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Michael Fanning, CISO at Splunk, discussing how AI doesn't create problems, it exposes them. Selected Reading Apple supplier Tata tightens internal controls after data breach, sources say (Reuters)  Bajaj Auto resumes normal operations as cyberattack probe continues (Storyboard18)  FCC passes new cybersecurity rules for emergency systems, undersea cables (CyberScoop) U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog (SecurityAffairs)  Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances (ESET)  A Cyber-Psychological Operation: Iran-Linked Attackers Target Warning Systems (Claroty)  CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure (Unit 42) From San Pedro to Salinas: How a Chinese Framework “DCloud Uni-App” Powers a Global Scam Economy (Infoblox) Poland busts SIM-swapping gang tied to millions in crypto theft (BleepingComputer) France's statistics department reports cyberattack on staff data (Reuters) UK school's network left wide open for invasion, student found (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Klue me in on the breach.

The CyberWire

Play Episode Listen Later Jun 24, 2026 28:16


LastPass says Klue breach affected customer information, but passwords remain secure. Attackers begin exploiting Cisco Unified CM vulnerability. CISA flags actively exploited Ubiquiti and Lantronix flaws, urges rapid patching. DifyTap flaws could expose private AI conversations across tenants. Researchers find AI plugin registry let unofficial tools masquerade as trusted software. xpl0itrs launches leak site, signaling shift toward full-service cyber extortion. Ransomware attack hits Indian auto giant Bajaj Auto. U.S. presses Meta to submit AI models for national security reviews. Alleged criminal marketplace administrator extradited to the US. U.S. expands sanctions against Cambodian scam network tied to cyber fraud operations. On today's Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. And a lesson in access control. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Mike Masciulli, Managing Director, Migration Products and Services at Semperis, discussing RC4 and AD Migration: The Break Scenarios Hiding in Your Source Domain. If you enjoyed this conversation, check out the full interview here. Selected Reading Password manager maker LastPass says hackers stole customer support case data during Klue breach (TechCrunch) Klue says hackers stole credential from 2022 that led to customer data breaches (TechCrunch) Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog (SecurityAffairs)  DifyTap: Zafran discovers how attackers can silently wiretap AI data across tenants on a platform powering 1M+ apps  (Zafran)  23 ClawHub Plugins Squat Official Org Scopes (Manifold Security)  Cyber Intel Brief: xpl0itrs Leak Site Launch (Dataminr)  Indian auto giant Bajaj Auto hit by ransomware incident (The Record)  U.S. Presses Meta to Agree to A.I. Reviews as Security Concerns Rise (NY Times) Algerian Man Extradited to US for Running Cybercrime Marketplaces (SecurityWeek) US adds sanctions against accused Cambodian scammers Prince Group (Reuters) Ushering in the Next Frontier of Quantum Innovation (The White House)  Meta Exposed Data Internally From Its Controversial Employee-Tracking Program (WIRED)  Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

No Password Required
No Password Required Podcast Episode 74 - Shane Tews

No Password Required

Play Episode Listen Later Jun 22, 2026 51:54


Shane Tews — Non-Resident Senior Fellow at AEI and the person who explained the internet to Capitol Hill No Password Required Season 7: Episode 7 – Shane Tews Shane Tews is a Non-Resident Senior Fellow at the American Enterprise Institute, where she focuses on cybersecurity, privacy, artificial intelligence, and internet governance. She is also President of Logan Circle Strategies, a strategic advisory firm working at the intersection of technology and policy. Before her think tank work, Shane helped introduce modems to the George H.W. Bush White House, walked the halls of Capitol Hill explaining the internet to blank-staring legislators, and spent years at VeriSign helping shape the foundational frameworks of how the internet would be governed. In this episode, Shane traces her unlikely path from the Bush administration to becoming one of Washington's most trusted voices on tech policy. She breaks down why regulating outcomes rather than inputs is the only sensible approach to technology governance, why the US and EU are operating from fundamentally different innovation philosophies, and why a national privacy bill is long overdue. She also explains why most organizations and individuals are far less protected than they think and why nobody knows who to call when something goes wrong. Jack Clabby and co-host Kayley Melton talk with Shane about legacy system vulnerabilities, the cybersecurity implications of agentic AI, and what policymakers absolutely must get right over the next decade. She also reflects on what the CISA reauthorization limbo means for companies that don't even know they've lost liability protection. In the Lifestyle Polygraph, Shane reveals she has 20,000 emails across eight accounts, admits she fakes laughs at bad jokes out of Midwestern politeness, shares her obsession with The Bear and Peaky Blinders, and tells us about her children's book project using Google Omni called "Shane on a Train." Follow Shane on LinkedIn and on X at @ShaneTews. Find her work at AEI.org and TechPolicyDaily.com. No Password Required is presented by ThreatLocker   In this episode: Shane's path from the George H.W. Bush White House to becoming Capitol Hill's go-to internet explainer (00:34 - 02:22) Why the Clinton-era multi-stakeholder model got internet governance right and what that means for policy today (04:40 - 06:13) The case for a national privacy bill and why 50 state standards aren't working (07:24 - 09:27) What AEI covers and how Shane thinks about riding the top of the wave across the entire tech policy stack (09:35 - 11:23) Legacy systems, vendor debt, and why outdated software is the easiest entry point for bad actors (11:30 - 13:34) The gap between how protected people think they are and how exposed they actually are, including a generational perspective on MFA (14:07 - 16:25) The biggest disconnect between everyday cyber reality and the policy world (16:59 - 20:35) Government readiness for a major cyber attack and why most people don't have a plan (20:54 - 22:32) How the US and EU innovation philosophies differ and why Europe's banking system is the real tech problem (22:41 - 25:38) The DeepSeek false narrative and where the US is leading vs. reacting on AI (25:45 - 29:21) The shift from AI features to AI coordination and what agentic AI means for cybersecurity permissions (29:28 - 32:16) What policymakers must get right on AI over the next 10 years (32:25 - 34:11) The Lifestyle Polygraph: inbox chaos, fake laughs, The Bear, and Shane on a Train (00:04 - 12:48)   Timestamp Highlights: (00:34) Shane's origin story: modems at the White House and blank stares on the Hill (04:40) Why the internet got policy right early on and what we can learn from it (07:24) The case for harmonizing breach standards with a national framework (11:30) Legacy systems and vendor debt as the easiest attack vectors (14:07) The real gap between how protected people think they are and how exposed they actually are (20:54) Government cyber readiness: do you know who to call when something goes wrong? (22:41) US vs. EU innovation: why Europe's banking system is the real tech problem (29:28) Agentic AI and the cybersecurity risks of permissions you forgot you gave (32:25) What policymakers must get right on AI over the next decade (06:44) Shane on a Train: using Google Omni to write a children's book series   Resources & Links: AEI.org — Shane's think tank home base TechPolicyDaily.com — Daily tech policy coverage ThreatLocker — Supporter of this podcast Cyber Florida — The Mother Ship  

The John Batchelor Show
S8 Ep1032: CISA's Mission to Protect Critical Infrastructure. Guest: Francis Rose. Acting Director Nick Anderson explains CISA's role as a vital clearinghouse for cyber threat information across federal and private sectors. Since 85% of critical inf

The John Batchelor Show

Play Episode Listen Later Jun 20, 2026 9:07


CISA's Mission to Protect Critical Infrastructure. Guest: Francis Rose. Acting Director Nick Anderson explains CISA's role as a vital clearinghouse for cyber threat information across federal and private sectors. Since 85% of critical infrastructure is privately owned, CISA focuses on information exchange to prevent bad actors from moving laterally to disrupt water or power supplies. 16DC 1936

The John Batchelor Show
S8 Ep1034: SCHEDULE JBS 6-19-2026.

The John Batchelor Show

Play Episode Listen Later Jun 20, 2026 8:25


Portland's Business Struggles and Las Vegas's SCHEDULE JBS 6-19-2026.1900 LAGrowth. Guest: Jeff Bliss. High taxes and progressive policies in Portland are driving a corporate exodus, including Under Armour, as business districts empty. Conversely, Las Vegas is thriving, highlighted by the opening of a massive four-story In-N-Out on the Strip. The segment also covers California's proposed wealth tax and calls to nationalize AI. 1Ethics Investigations into the Newsom Administration. Guest: Jeff Bliss. Governor Gavin Newsom and his wife, Jennifer Siebel Newsom, face investigations regarding millions in "behested payments" from entities like PG&E to her media company. While Newsom dismisses the probe as political weaponization, critics suggest these payments indicate potential undue influence and significant ethical scandals within the administration. 2Critique of Middle East Ceasefire Strategy. Guest: Richard Epstein. Epstein argues that recurring ceasefire declarations are merely strategic devices for rearmament rather than genuine steps toward peace. He criticizes current negotiation styles for alienating allies and failing to pursue the unconditional surrender of adversaries, which he believes is the only stable solution for regional security. 3Supreme Court Rulings on Gun Rights and Drug Use. Guest: Richard Epstein. In a unanimous decision, the Supreme Court ruled that marijuana use alone does not justify the categorical stripping of a citizen's Second Amendment rights. Epstein critiques the court's narrow reliance on originalism, suggesting a "police power" analysis should instead determine if a person poses an immediate physical threat. 4Economic Resilience in D.C. and Lancaster County. Guest: Jim McTague. A drop in gasoline prices has boosted consumer spending at retail stores and supermarkets. While D.C. remains popular with tourists, employers are struggling to find workers with specialized technical skills. Meanwhile, the housing market remains robust at the high end despite higher interest rates. 5Italian Defense Pressures and the Summer Heatwave. Guest: Lorenzo Fiori. Italy's government is balancing NATO's demands for increased military spending against rising energy costs. Simultaneously, a record-breaking heatwave reaching 104°F in Milan is straining public resources, prompting Fiori to recommend the cooler Garfagnana region for its fresh environment and traditional bean and cabbage soup. 6SpaceX's Aggressive Launch Schedule and Innovation. Guest: Bob Zimmerman. Gwynne Shotwell indicates that SpaceX's Starship may begin operational flights and orbital refueling tests by year's end. The company is also demolishing older facilities at Vandenberg for new launchpads, while private startups advance 3D-printed rockets and orbital satellite rescue missions to assist aging telescopes. 7Mars Discoveries and Cosmological Mysteries. Guest: Bob Zimmerman. The discovery of galaxies devoid of dark matter is challenging fundamental astronomical theories. On Mars, the Curiosity rover has reached smooth ground after five years of rocky terrain. Additionally, orbiters have detected multiple dust devils and potential frost and ice in the planet's equatorial regions during winter. 8Literary Giants of the New England Renaissance. Guest: Bruce Nichols. This segment explores the intense relationship between Hawthorne and Melville, who dedicated Moby Dick to Hawthorne. While Ralph Waldo Emersonoften criticized their dark worldviews, these authors, alongside Walt Whitman and Margaret Fuller, were instrumental in inventing a uniquely original and enduring American literary voice. 9Thoreau's Performative Solitude at Walden Pond. Guest: Bruce Nichols. Henry David Thoreau built his famous cabin on land owned by Ralph Waldo Emerson. Contrary to his image as a total hermit, Thoreau was quite social, often walking into town for fresh-cooked meals and laundry. He eventually spent years refining his journals into the masterpiece Walden. 10The Struggles and Triumphs of Louisa May Alcott. Guest: Bruce Nichols. Louisa May Alcott supported her family because her father, Bronson Alcott, failed to earn a consistent living. She served as a Civil War nurse, dealing with horrific casualties before contracting a severe illness she attributed to mercury poisoning. Her 1868 novel Little Womenfinally resolved the family's debts. 11The Literary Legacy and Final Days of the Alcotts. Guest: Bruce Nichols. Following the success of Little Women, Alcott resisted fan demands for her protagonist to marry Laurie, choosing an independent path. As the circle aged, both Emerson and Bronson Alcott suffered significant cognitive decline, with Louisa providing essential financial and personal support until her death in 1888. 12Diplomatic Strains and Escalation Risks in Ukraine. Guest: Anatol Lieven. European leaders are divided over initiating direct negotiations with Russia as the war remains stuck on the ground. While some advocate for offering Putina "golden bridge" to claim a symbolic victory, others argue for continued pressure, despite the constant risks of accidental or nuclear escalation. 13The Rise of Andy Burnham in UK Politics. Guest: Anatol Lieven. Greater Manchester Mayor Andy Burnham is emerging as a formidable potential successor to Prime Minister Keir Starmer. Though Burnham enjoys strong regional support, he faces daunting national issues, including the funding crisis in the NHS and Britain's inability to borrow like the United States. 14A Vision for Governance Reform in Canada. Guest: Conrad Black. Biographer Conrad Black and billionaire Stephen Jarislowsky have proposed recommendations to streamline Canadian governance by reducing duplicated bureaucracy. They argue that Canada's public service is top-heavy and that lowering corporate and personal taxes is essential for maintaining economic growth and competitiveness with the United States. 15CISA's Mission to Protect Critical Infrastructure. Guest: Francis Rose. Acting Director Nick Anderson explains CISA's role as a vital clearinghouse for cyber threat information across federal and private sectors. Since 85% of critical infrastructure is privately owned, CISA focuses on information exchange to prevent bad actors from moving laterally to disrupt water or power supplies. 16

Cyber Security Headlines
Police clean WordPress sites, Klue OAuth breach, Warner's CISA warnings

Cyber Security Headlines

Play Episode Listen Later Jun 19, 2026 9:28


Police clean ups SocGholish-infected sites tied to Evil Corp Klue OAuth breach linked to Icarus Salesforce data theft attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief  Get the show notes here: https://cisoseries.com/cybersecurity-news-police-clean-wordpress-sites-klue-oauth-breach-warners-cisa-warnings/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision. ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do. That's why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.  

IT Privacy and Security Weekly update.
EP 296. Deep Dive. "Recognized" by The AI, Privacy, and Security Weekly Update for the Week Ending June 16th. 2026

IT Privacy and Security Weekly update.

Play Episode Listen Later Jun 18, 2026 58:09


This week's update illustrates a global landscape rapidly transforming under the influence of artificial intelligence, highlighting both its innovative potential and significant societal risks. Surveillance capabilities are expanding through SignalTrace, which links vehicle data to personal electronics, while military navigation increasingly relies on spatial data harvested from mobile gaming. Within the workforce, professionals are navigating a "botsitting" paradox where productivity gains are often offset by the labor of managing AI errors and oversight. Simultaneously, the educational sector faces a crisis as reliance on digital tools correlates with a measurable decline in students' reading comprehension and attention spans. Security concerns are also intensifying, evidenced by CISA's new mandates for faster software patching to counter automated cyberattacks. Ultimately, these reports suggest that the true challenge of the AI era lies in managing data correlation and organizational adaptation rather than just technical advancement.

Security Now (MP3)
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege

Security Now (MP3)

Play Episode Listen Later Jun 17, 2026 156:20


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

The CyberWire
The nominee in limbo.

The CyberWire

Play Episode Listen Later Jun 17, 2026 31:36


President Trump halts a key intelligence nomination. The FBI warns of a new Microsoft 365 phishing threat. France cuts ties with Palantir. A new Android banking trojan emerges. Fortinet firewalls come under attack. CISA orders emergency Joomla patching. Plus, Madison Square Garden data leaks and malware hidden in Steam wallpapers. Our guest is Christy Wyatt, CEO from Absolute Security, discussing their new ebook. The DOJ claims pollution is mission-critical.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's Industry Voices we are joined by Christy Wyatt, CEO from Absolute Security, discussing their ebook. If you enjoyed this conversation, check out the full interview here. Selected Reading President Trump calls to delay nomination of intel pick Jay Clayton (NPR) Warner warns of CISA cuts, staffing gaps in letter to acting chief (The Record) French spies drop AI giant Palantir over US overreliance fears (The Local) Rokarolla : Android Banker with Complete Device Takeover Capabilities (Zimperium) FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure (InfoStealers) CISA orders feds to patch max severity Joomla plugin flaw by Friday (Bleeping Computer) Hackers Publish Knicks and Madison Square Garden Data Online (404 Media) Gamers beware: malicious wallpapers on Steam found stealing accounts (Securelist) DHS S&T Highlights New SPARTA Resources for Defending Spacecraft Against Cyberattacks (ExecutiveGov) DOJ Lawyers Argue xAI Is ‘Vital' for National Security in NAACP Lawsuit (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

All TWiT.tv Shows (MP3)
Security Now 1083: Patch Tuesday à la AI

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jun 17, 2026 156:20 Transcription Available


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

Security Now (Video HD)
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege

Security Now (Video HD)

Play Episode Listen Later Jun 17, 2026 156:20


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

Security Now (Video HI)
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege

Security Now (Video HI)

Play Episode Listen Later Jun 17, 2026 156:20


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

Radio Leo (Audio)
Security Now 1083: Patch Tuesday à la AI

Radio Leo (Audio)

Play Episode Listen Later Jun 17, 2026 156:20 Transcription Available


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

Security Now (Video LO)
SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under Siege

Security Now (Video LO)

Play Episode Listen Later Jun 17, 2026 156:20


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

All TWiT.tv Shows (Video LO)
Security Now 1083: Patch Tuesday à la AI

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Jun 17, 2026 156:20 Transcription Available


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

Radio Leo (Video HD)
Security Now 1083: Patch Tuesday à la AI

Radio Leo (Video HD)

Play Episode Listen Later Jun 17, 2026 156:20 Transcription Available


This episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just making attacks easier for everyone. Rootkits found in more than 400 ArchLinux User Repository packages. The US government requests Anthropic to remove Mythos and Fable. CISA responds to AI-driven attacks with new patching requirements. NPM to switch to more secure install defaults. Will it help. Our listeners react to last week's PHP commentary. June shows that AI has arrived for vulnerability discover Show Notes - https://www.grc.com/sn/SN-1083-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: meter.com/securitynow canary.tools/twit - use code: TWIT joindeleteme.com/twit-biz zscaler.com/security adaptivesecurity.com

The CyberWire
No Mythos of escape.

The CyberWire

Play Episode Listen Later Jun 16, 2026 31:39


Emergency talks fail to free Anthropic's Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. DragonForce hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA issues a three-day patch deadline, Delta avoids penalties, and researchers show just how easy it is to manipulate AI search. Our guest is Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. Consulting meets confabulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. If you enjoyed this conversation, check out the full interview here.  Selected Reading Anthropic Is Still at Odds With the White House Over Claude Fable 5 (WIRED) Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher (The Register) White House Issues Memo to Bolster NSS Cybersecurity (SecurityWeek) Microsoft Patches Critical SearchLeak Vulnerability in Copilot Enterprise (Beyond Machines) ShinyHunters Hits Universities Via Oracle Zero-Day (GovInfo Security) DragonForce Ransomware Exploited Microsoft Teams to Hide Attack (Infosecurity Magazine) Inside Amos Stealer: How This Threat Targets macOS Credentials and Keychains (CyberProof) CISA warns of another cPanel plugin flaw exploited in attacks (Bleeping Computer) US closes probe into 2024 Delta Air Lines meltdown sparked by CrowdStrike outage (Reuters) It Is Trivially Easy to Use Reddit to Manipulate AI Search, Research Suggests (404 Media) KPMG pulls report on AI usage due to apparent hallucinations (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Paul's Security Weekly
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

Paul's Security Weekly

Play Episode Listen Later Jun 15, 2026 91:17


Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-463

Enlighten: Uplift & Inspire
Episode 410 Cait Conley

Enlighten: Uplift & Inspire

Play Episode Listen Later Jun 15, 2026 62:49


My guest today is Cait Conley. Cait is running for Congress in NY District 17, determined to stop Donald Trump and cowards like Mike Lawler who enable him. Cait was born and raised in the Hudson Valley, graduated at the top of her class at West Point, served 16 years as an Army officer, and broke barriers as one of the first and only women in Special Operations leadership and was awarded three Bronze Stars. Cait's career as a public servant continued at home, protecting security and democracy while serving as Director of Counter-Terrorism on the National Security Council at the White House. She later helped safeguard our critical infrastructure and election systems at CISA, defending our democracy by standing up directly to Trump's big lie that the 2020 election was stolen.  Cait is dedicated to bringing dignity and courage back to Congress. She is fighting to lower costs, clean up corruption, reign in ICE, address climate change as a national security crisis, protect our elections and stop Trumps' unlawful and authoritarian agenda. I am impressed with her strength, courage and proven leadership and have been motivated to have as many people as possible hear from Cait directly, so they can make an informed decision when voting in the primary. Early voting started June 13th and the primary is Tuesday, June 23rd. This is a critical election, so please spread the word and get out and vote!  Check out the Show Notes for Cait's conversation with Ali Velshi on MSNOW as well as Cait's website. There you will find links to donate, upcoming events and volunteer opportunities. Enjoy the podcast! Links: Cait Conley's Website Ali Velshi-MSNOW

Resilient Cyber
AI Industrialized the Vuln Lifecycle and Broke the System of Record

Resilient Cyber

Play Episode Listen Later Jun 15, 2026 40:43


VulnCheck's Patrick Garrity on the NVD collapse, the first real AI disclosure wave, and why remediation, not finding bugs, is the bottleneck.DescriptionVulnerability management spent years as the chore everyone dreaded, and now it is one of the hottest topics in security because attackers made exploitation the number one way in. Patrick Garrity of VulnCheck rejoins the show to separate what is real from what is marketing. We get into the honest state of the NIST National Vulnerability Database after CISA pulled its funding, the new AI executive order that wants a clearinghouse for AI-discovered vulnerabilities, the first measurable wave of AI-assisted disclosures, and Patrick's audit of Anthropic's Glasswing ledger. We also dig into why cheap AI discovery makes the remediation bottleneck worse, how AI is raising the security poverty line, and whether the 90-day disclosure model still holds.Key takeawaysVulnerability management is hot again because attackers made it the top way in. As Patrick puts it, attention flows to wherever the attacker goes, and right now that is exploitation.The NIST NVD breakdown was worse than a backlog. A recent report confirmed CISA had stopped funding the NVD and NIST lost about half its funding, with no real plan to clear the backlog, which quietly hurts every defender who relies on enriched CVE data.A new AI executive order wants a clearinghouse for AI-discovered vulnerabilities, reportedly under Treasury. Patrick's reaction is that we already have a vulnerability database, the program is optional, and it may turn into a marketing race more than a coordination win.The first measurable AI disclosure wave is real. CVE volumes are up 563 percent for Chrome and GitHub advisories up 470 percent year to date, and Patrick separated genuine AI-assisted discovery from AI slop and from bugs that merely live in AI software by correlating researchers, domains, and email addresses across multiple advisory sources.Patrick audited Anthropic's Glasswing ledger and found the transparency lacking. He had around 80 vulnerabilities in his own database while the public ledger listed 27, several items had blown past their own 90-day disclosure window, and the ledger had not been updated in two weeks.Finding vulnerabilities is not the bottleneck, remediation is. AI makes discovery cheap, but the coordinated disclosure and fix process takes enormous human effort, and the median time to remediate even known exploited bugs is still measured in weeks.Exploitation looks like it is sustaining rather than surging. CISA KEV and VulnCheck KEV are tracking similar year-over-year volumes, partly because attackers already have more than enough to target and partly because you can only count the exploitation you can actually detect.AI is raising the security poverty line, at least for now. Token costs and access-restricted tools concentrate the most powerful discovery capabilities among well-funded teams, while smaller organizations lack the expertise to turn open-weight models into working vulnerability harnesses.The economics are circular. AI drives the surge in findings and attacker velocity, and AI is then sold as the fix, so teams pay to surface the problem and pay again to remediate it, all on consumption-based pricing against finite budgets.The 90-day disclosure norm mostly holds, though it may tighten. VulnCheck runs a strict 120-day policy with no exceptions and averages 45 to 48 days to fix and disclose, and for open source the fixing commit often makes the flaw public anyway.

Enterprise Security Weekly (Audio)
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jun 15, 2026 91:17


Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-463

Paul's Security Weekly TV
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

Paul's Security Weekly TV

Play Episode Listen Later Jun 15, 2026 91:17


Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463

Tech Gumbo
CISA Staffing Cuts, Google Pays SpaceX $920M Monthly, Chrome 149 Patch, Meta Smart Glasses NameTag, & Xbox Loses Millions

Tech Gumbo

Play Episode Listen Later Jun 15, 2026 22:02


News and Updates: CISA Staffing Concerns: DHS Secretary Mullin told Congress that CISA's ideal staffing level is 2,800 personnel — up from today's 2,200 but still well below the 3,400 it had before Trump's second term, raising cybersecurity concerns among lawmakers. Google Pays SpaceX $920M Monthly: Google agreed to rent 110,000 Nvidia chips worth of data center capacity from SpaceX at $920 million per month through 2029, as bridge capacity for surging Gemini Enterprise demand. Anthropic separately pays SpaceX $1.25 billion monthly for similar compute access. Chrome 149 Record Security Patch: Google released Chrome 149 fixing a record 429 security vulnerabilities — including 22 critical flaws — with AI tools credited for helping discover the majority. Users should update immediately. Meta Smart Glasses Facial Recognition: Wired discovered hidden code in the Meta AI app for a feature called NameTag that would enable Ray-Ban smart glasses to scan faces and match them against biometric databases. Meta called the reporting dishonest, despite an internal memo suggesting the feature should launch when civil liberties groups are too distracted to push back. Women Secretly Filmed in Brussels: A Belgian TV investigation found men using Ray-Ban Meta glasses to secretly record women on the streets, some for dating coach social media content. Tutorials disabling the glasses' recording indicator are widely available online, and a dating coach in Spain was arrested for the same behavior. Xbox Game Pass Loses Millions: Microsoft's Xbox CSO confirmed the service lost millions of subscribers following a 50% price hike in Fall 2025, prompting the company to reverse course with price reductions and a renewed focus on exclusive titles.

Enterprise Security Weekly (Video)
Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 15, 2026 91:17


Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463

The John Batchelor Show
S8 Ep1002: Francis Rose discusses the U.S. military's efforts to integrate AI by "gamifying" systems to make them intuitive for young, video-game-literate service members. He also highlights CISA's work in rebuilding its workforce to protec

The John Batchelor Show

Play Episode Listen Later Jun 13, 2026 10:52


Francis Rose discusses the U.S. military's efforts to integrate AI by "gamifying" systems to make them intuitive for young, video-game-literate service members. He also highlights CISA's work in rebuilding its workforce to protect private-sector cyber infrastructure and the Army's Joint Innovation Outpost, which aims to accelerate the transition of technology from private inventors to the battlefield. (16)1606

The John Batchelor Show
S8 Ep1003: SCHEDULE THE JOHN BATCHELOR SHOW, 6-12-2026.

The John Batchelor Show

Play Episode Listen Later Jun 13, 2026 5:57


SCHEDULE THE JOHN BATCHELOR SHOW, 6-12-2026.1903 PRINCETON UNIVERSITYJeff Bliss describes massive, deadly swells hitting California beaches due to a southern hemisphere storm system. The conversation shifts to Las Vegas, where a massive, highly anticipated In-N-Out Burger recently opened on the Strip. Bliss details the chain's reputation for fresh food, cleanliness, and fair employee wages. (1)Jeff Bliss discusses the surprising results of the Los Angeles City Council primary, where Nithya Raman surged despite initially conceding. He highlights allegations of voter fraud in the Skid Row area and the impact of California's ballot harvesting laws. The segment also touches on Xavier Becerra's lead in the governor's race. (2)Richard Epstein analyzes the legal effort to prevent the removal of Donald Trump's name from the Kennedy Centerfacade. He argues that the Trump-aligned board's appeal lacks legal merit and strength, as removing a nameplate does not constitute irreparable harm. Epstein suggests the judge should consider firing the current board due to bias. (3)Richard Epstein critiques the construction of the Obama Center in Chicago, lamenting the destruction of 800 historical trees and the seizure of public land. He describes the project's design as a "monstrosity" with a flawed traffic plan and expresses concern over the foundation's lack of financial transparency and endowment. (4)Jim McTague reports on a "budget-minded hesitancy" among Pennsylvania consumers despite falling gas prices. He notes a rare layoff notice for 70 logistics workers and uneven retail activity. Meanwhile, a data center project near Costcoproceeds under heavy security, while a similar proposal was rejected by a neighboring borough. (5)Lorenzo Fiori discusses the "disaster" of the Italian national football team failing to qualify for the World Cup for the third consecutive time. The segment transitions to Pisa, highlighting the prestigious Scuola Normale Superiore and recent astronomical breakthroughs involving the James Webb Space Telescope. Fiori concludes with local wine and culinary recommendations. (6)Bob Zimmerman discusses the crew selection for NASA's Artemis 3 mission, which has been simplified to focus on Earth-orbit docking tests. He also examines private sector developments, including German startup Isar's funding, Stoke Space's reusable rocket design, and an orbital servicing mission by Catalyst intended to rescue a decaying NASAtelescope. (7)Bob Zimmerman honors the late Alan Hale, co-discoverer of the record-setting Comet Hale-Bopp. He reviews the historical significance of the first image of the moon's far side taken by Luna 3 in 1959. The segment also explores current cosmological debates regarding dark energy and the existence of "little red dots" in the early universe. (8)Peter Huessy discusses the history of "tactical" nuclear weapons and the 1950s Desert Rock exercises where U.S. troops were exposed to nuclear detonations. He details the health risks soldiers faced and parallels these actions with Sovietmaneuvers, highlighting the "ludicrous" idea of trying to operate militarily in a post-detonation environment. (9)Peter Huessy explains that Russia views low-yield, tactical nuclear weapons as usable battlefield tools to achieve victory or coerce opponents. He contrasts this with U.S. doctrine, which keeps such weapons under central command. Huessywarns of the lack of transparency regarding China's dual-use nuclear capabilities and Russia's "reckless" potential to use these weapons. (10)Colonel Jeff McCausland discusses stalled negotiations with Iran, noting the heavy influence of the Revolutionary Guard Corps over the diplomatic process. He analyzes the military difficulty of seizing Kharg Island and the profound impact of Ukrainian drones on the Russian front, suggesting that drone saturation has leveled the battlefield and interdicted Russian resupply lines. (11)Jeff McCausland draws parallels between the performative style of Civil War General Jeb Stuart and current Secretary of Defense Pete Hegseth. He critiques Hegseth's recent speeches in Singapore, Normandy, and Guantanamo, arguing they prioritize individual image over grand strategy and mark significant, potentially transactional shifts in long-standing U.S. foreign policy toward Taiwan and European allies. (12)Veronique de Rugy argues that the U.S. already has the most progressive tax system among OECD countries, with the wealthy paying a disproportionate share of revenue. She critiques Thomas Piketty's proposal for a global wealth tax and mandated "degrowth," characterizing it as an effort to limit national growth under the guise of climate and social justice. (13)Mary Anastasia O'Grady questions the delay in scheduling Venezuelan elections under Delcy Rodriguez. She reports that over 400 political prisoners remain held, and the notorious Helicoide prison remains operational despite contradictory claims. O'Grady notes that the regime lacks the political will to allow a free press or fair electoral body to organize. (14)Conrad Black emphasizes the vital economic ties between the U.S. and Canada, noting Canada provides 25% of U.S.aluminum and 20% of its uranium. He expresses confidence that Prime Minister Mark Carney will build necessary oil pipelines to both coasts to benefit the Canadian economy, despite opposition from environmental groups and Carney's own "green instincts." (15)Francis Rose discusses the U.S. military's efforts to integrate AI by "gamifying" systems to make them intuitive for young, video-game-literate service members. He also highlights CISA's work in rebuilding its workforce to protect private-sector cyber infrastructure and the Army's Joint Innovation Outpost, which aims to accelerate the transition of technology from private inventors to the battlefield. (16)One name correction: (2) Nithia Raman → Nithya Raman (established style for the LA city council member).

The CyberWire
Deadline-driven defense.

The CyberWire

Play Episode Listen Later Jun 12, 2026 28:21


CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability. FancyBear shifts part of its infrastructure to compromised edge devices. Pundits push for CyberCorps scholarship budgets. Our guest is Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss scams targeting the World Cup. Amazon drivers sweat through a software update.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss the World Cup and fans possibly getting caught out if they use SuperBox to view it. Selected Reading CISA directive orders agencies to prioritize vulnerability patching in a new way (CyberScoop) House votes against extending controversial wiretapping law set to lapse Friday (The Washington Post) Ransomware gangs cut off from EUR 336 million ‘AudiA6' crypto laundering pipeline - Europol analysis links the criminal service to over 15 international cybercrime investigations (Europol) GitHub to Update npm to Thwart Software Supply Chain Attacks (Infosecurity Magazine) Anthropic Disputes Fable 5 AI Jailbreak (SecurityWeek) CISA orders feds to patch actively exploited Ivanti flaw by Sunday (Bleeping Computer) Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters (SecurityWeek) GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations (GB Hackers) CyberCorps is adapting to AI. The budget isn't keeping up. (CyberScoop) Software Update Automatically Turns off Amazon Delivery Drivers' AC During Dangerous Summer Heat (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
The Department of Know: CISA's quick patch, Miasma attacks, judge finds AI guilty

Cyber Security Headlines

Play Episode Listen Later Jun 12, 2026 38:26


This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our episode sponsor, Doppel Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your inbox, and manipulate your team. Stop playing whack-a-mole with fragmented tools. Doppel unifies Digital Risk Protection, Human Risk Management, and Email Security into one unified platform. One attack chain. Three pillars of defense. Zero blind spots. Secure your enterprise relentlessly at doppel.com.

Risky Business News
Risky Bulletin: CISA tightens patching rules amid bug deluge

Risky Business News

Play Episode Listen Later Jun 12, 2026 9:49


CISA changes federal patching rules due to AI, a House Republican was hacked by Russia, ShinyHunters go on an Oracle hacking spree, and npm will block auto-run install scripts by default. Show notes Risky Bulletin: In the age of AI, CISA changes federal patching rules

The Daily Scoop Podcast
Oracle wins OPM's massive governmentwide HR modernization contract

The Daily Scoop Podcast

Play Episode Listen Later Jun 11, 2026 5:06


The Office of Personnel Management on Wednesday awarded its anticipated contract to modernize and consolidate federal human resources functions to Oracle, capping a process that's been over a year in the making. The nearly $400 million award puts Oracle in charge of a process to bring over 100 HR systems under one single platform that the agency is calling its Core Human Capital Management system. OPM says it believes the project will make significant reductions in the overall cost of HR platforms to taxpayers. “Historically, federal agencies have relied on fragmented, aging HR systems that are costly to maintain and difficult to scale,” OPM Director Scott Kupor said in a written statement included in a press release. He called the award “a foundational investment in the future of federal workforce management.” A final award comes over a year after an early effort to award such a contract failed to move forward. In May 2025, the Office of Personnel Management awarded a sole-source contract to Workday to facilitate the Trump administration's HR modernization efforts, arguing it was the only vendor that could do the job. But OPM abruptly canceled that award, and later launched open competition for such a contract. The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of a push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control of a system or relate to evidence of active, real-world exploitation, CISA declared. CISA acting director Nick Andersen previewed the binding operational directive (BOD) Tuesday, framing it as a rethinking of vulnerability management more broadly. Andersen said in a statement: “This Directive provides clear definitions, timelines and criteria that enhances transparency, predictability and agencies' resource planning to execute more effective vulnerability remediation." BOD 26-04 sets forth timelines for how quickly agencies must fix a vulnerability based on how many of the four criteria it meets. If it meets all four, for example, agencies need to fix it within three days and carry out a “forensic triage” to assess whether their systems were compromised. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Autonomous IT
Product Talk – CISA's BOD 26-04 Directive Explained, E26

Autonomous IT

Play Episode Listen Later Jun 11, 2026 27:11


CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the four urgency signals, the 16-row decision tree, and the shift from "justify the patch" to "justify why you can't." They also cover what it means for contractors, cyber insurance, and the future of Patch Tuesday. If you own patching or vulnerability management, start here.

Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Ep. 327 Is Cybersecurity a Data Problem? Elastic Explains Why

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

Play Episode Listen Later Jun 11, 2026 23:03


Finding a needle in a haystack would seem like a minor endeavor compared to what today's federal systems managers must face. Let's take a stab at a correct farmyard analogy – the haystacks double in size every day and are moving. That sounds like an exaggeration, but recent reports show that nine million zero-day exploits are released every day. AI is putting malicious actors on steroids. Chris Townsend, Global Vice President of Public Sector at Elastic, discussed the company's role in federal cybersecurity and data management. His argument is, essentially, that cybersecurity is a data problem. If threats are viewed from that perspective, the more data you can bring into your security environment, the more effective you are at defending it. Elastic enables security operations analysts      who are responsible for detecting threats to keep up with today's tlandscape and cyber-attack velocity. Elastic's platform and tools     can reduce false positives and help federal security operations centers (SOCs) prioritize valid threats. Townsend highlighted Elastic's agentic AI tools, which help SOC operators prioritize and remediate threats, reducing mean time to detect and respond.  Elastic's partnership with CISA for a managed  Security Information and Event Management (SIEM) as-a- service was also mentioned, emphasizing the importance of standardizing data for effective AI-driven cybersecurity. Townsend goes on to articulate Elastic's launch of a SIEM-as-a-Service offering for federal civilian agencies, featuring Elastic Security on Elastic Cloud. SIEMaaS delivers a cloud-based platform for next-generation, AI-powered threat analytics, incident response, and open-standards-based cybersecurity data ingestion. Here is a link to Chris' blog describing     CISA's SIEMaaS offering and how it supports federal agencies' cybersecurity posture while reducing costs

The CyberWire
The patch pile reaches new heights.

The CyberWire

Play Episode Listen Later Jun 10, 2026 32:19


Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. If you enjoyed this conversation be sure to check out the full interview here.  Selected Reading Microsoft's biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days (Malwarebytes) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches 123 Vulnerabilities (SecurityWeek) Warner proposes overhaul of critical infrastructure cyber plans as AI threats rise (Nextgov/FCW) New Windows Zero-Day Exploit 'RoguePlanet' Released (SecurityWeek) Lookout Study Reveals 93% of CISOs Blinded by False AI Confidence as 59% of Mobile AI Traffic Flows "Dark" (Lookout) Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets (Varonis) MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers (Rebora) How Spammers Are Hiding Behind Google and the New York Times (Comparitech) CISA names winners of seventh annual President's Cup cybersecurity competition (Industrial Cyber) U.S. Consumers Received Just Over 4.1 Billion Robocalls in May, According to YouMail Robocall Index (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Fable 5, Tchap hacked, CISA priorities

Cyber Security Headlines

Play Episode Listen Later Jun 10, 2026 7:19


Anthropic releases Claude Fable 5 French government messaging service breached CISA rethinking risk evaluations Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-fable-5-tchap-hacked-cisa-priorities/  Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.   But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.   We fight relentlessly to protect your business, brand, and people.   Doppel. Outpacing what's next in social engineering.   Learn more at doppel.com.

The Gate 15 Podcast Channel
Weekly Security Sprint EP 161. Job site risks, patching, and much more

The Gate 15 Podcast Channel

Play Episode Listen Later Jun 9, 2026 19:12


On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• A Review of the Fiscal Year 2027 Budget Request for DHS — House Homeland Security Committee• DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels — CyberScoop • DHS chief signals efforts to reshape CISA — The Record • CISA and Partners Release Fact Sheet on Securing Automatic Tank Gauge Systems• Industry Collaboration and Resilience is a Team Sport — Cyber Threat Alliance — 02 Jun 2026. This article is authored by the Executive Director of IT-ISAC and emphasizes the importance of collaboration across industry, government, and nonprofit organizations to improve cyber resilience. Main Topics:Safeguarding OUR SECRETS — IC3 — 03 Jun 2026. Five Eyes agencies warned that Chinese military intelligence services are using Western online job platforms and professional networking sites to recruit people with access to classified, privileged, or sensitive information. • Applicant Beware - Who Is Recruiting You? — NPSA — 03 Jun 2026“Patch Now!” Most organizations that miss 24-hour patch window report breaches. Gate 15 note: We've been discussing this a lot in recent exercises and meetings. The time to safely address Known Exploited Vulnerabilities is limited and decreasing. Attackers' speed is accelerating; exploited vulnerabilities are a major point of attack. CISA KEV & Other Threat Updates: AI! Promoting Advanced Artificial Intelligence Innovation and Security — The White House — 02 Jun 2026• Opinion from Jen Easterly: The Government Is Finally Taking A.I. Risk Seriously • Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator — Anthropic • What we learned mapping a year's worth of AI-enabled cyber threats — Anthropic Quick Hits:• Ransomware Group Claims Cyberattack on Buffalo Convention Center — Skift Meetings — 01 Jun 2026. Skift Meetings reports that the Akira ransomware group claimed it stole 46 gigabytes of data from the Buffalo Convention Center, including employee records, contracts, financial information, and personal data tied to approximately 180,000 individuals. • Knicks Watch Party at Garden Is Canceled, as Game 3 Security Ramps Up — The New York Times • FIFA World Cup 2026 Scams Are Already Here: Fake Tickets, Phishing Sites, and Crypto Cons Exposed • Hackers are hoping to score at the World Cup • At least 12 wounded near Ohio festival as police hunt multiple gunmen • Hurricane Season!• Software supply chain attacks: check your dependencies — NCSC

The CyberWire
Meta's recovery plan needed recovery.

The CyberWire

Play Episode Listen Later Jun 8, 2026 28:39


Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus, allegations against IBM and AT&T, a dark web drug dealer gets 26 years, and the Monday business brief. Tim Starks from CyberScoop discusses the ongoing debate over staffing and budget cuts at CISA. NATO lets Ukraine play the bad guy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Tim Starks from CyberScoop, who is discussing the ongoing debate over staffing and budget cuts at CISA, the political battles surrounding the agency's future, and what the Trump administration's plans could mean for U.S. cybersecurity efforts. Selected Reading Meta AI Bug Exposes Over 20,000 Instagram Accounts (Infosecurity Magazine) NSO Group back in Meta's crosshairs after alleged WhatsApp targeting (The Register) CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) (Help Net Security) Everest Forms Vulnerability Exploited to Hack WordPress Sites (SecurityWeek) C0XMO botnet spreads via DD-WRT router flaw, kills rival malware (Bleeping Computer) New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams (Hackread) Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks (GovInfo Security)  California man sentenced to over 26 years for dark web drug trafficking (SC Media) AI observability platform Coralogix raises $200 million in a Series F round. (N2K Pro Business Briefing)   Nato narrowly beats Russia-style enemy in cyber attack simulation (Financial Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
CISA Palantir Director, EU tech sovereignty, SolarWinds Serv-U flaw

Cyber Security Headlines

Play Episode Listen Later Jun 8, 2026 8:14


Palantir executive considered for CISA leadership EU unveils tech sovereignty package to cut reliance on U.S., Chinese suppliers Hackers now exploit SolarWinds Serv-U flaw to crash servers  Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-palantir-director-eu-tech-sovereignty-solarwinds-serv-u-flaw/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.   But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.   We fight relentlessly to protect your business, brand, and people.   Doppel. Outpacing what's next in social engineering.   Learn more at doppel.com.

The CyberWire
The NSA gets an AI upgrade.

The CyberWire

Play Episode Listen Later Jun 5, 2026 31:56


Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Ashu Savani, Co-Founder from TryHackMe, discussing building high performing SOC & IR teams. You can listen to the full conversation here. Selected Reading US National Security Agency using Anthropic's Mythos for cyber attacks (Financial Times) Trump considers Palantir exec to lead CISA (The Record) CISA Warns of Active Exploitation of Linux Container Escape Flaw (Beyond Machines) Game Over: WeedHack - The Rise of Minecraft Malware-as-a-Service Campaigns (McAfee Blog) Detecting Claude Cowork Insider Threat Activity (DTEX) Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp (Endor Labs) Agentic threat actor hits the orchestration plane: AI agent-driven container escape (Sysdig) You do surprise me.exe: An unexpected executable in Hola Browser (SOPHOS) My SSN was exposed in a breach at Columbia—a school I have no connection with (Ars Technica) ‘Bots have now passed human traffic online,' Cloudflare boss laments — says agentic traffic wasn't expected to eclipse real people until next year (Tom's Hardware) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Business of Tech
Consumption-Based AI Billing Increases Financial Risk for Unprepared MSPs

Business of Tech

Play Episode Listen Later Jun 5, 2026 13:46


The current structural shift centers on the transfer of accountability for AI risk from vendors and regulators to managed service providers (MSPs). Vendors such as Anthropic and Microsoft are expanding their enterprise-focused AI channel programs and services tracks, while regulators pull back from enforcement, leaving MSPs as the de facto accountable parties for AI deployments. Reports and data indicate that vendor-driven channel expansion and regulatory laxity are converging to make service providers the liable layer in AI delivery. Anthropic is broadening its CLAUDE partner network from around 100 to several thousand partners, organized in tiers with outcome-based incentives and a dedicated services track targeting MSPs and system integrators. Microsoft, responding to low Copilot adoption rates (reported at 3.3% of eligible users), is allowing full removal of Copilot from systems. An IDC/Expereo survey of 800 companies found 70% are budgeting for AI, but investment is driven more by competitive anxiety than proven results. Additionally, a concentrated group—top 5% of users—accounts for the bulk of enterprise AI-related risk, according to a separate analysis. Supporting developments include the emergence of Lemhi, an early-stage platform aimed at enabling MSPs to package and sell AI transformation as a recurring service, and warnings from lawmakers about cuts to CISA that undermine federal cyber defense capacity. The episode also highlights a consistent theme: government agencies such as the White House and NIST are shifting toward voluntary measures and measurement frameworks, declining to create enforceable accountability standards for AI in production environments. For MSPs and IT leaders, these developments translate to increased contract and operational risk. Without renegotiated agreements specifying usage ceilings, approval workflows, and liability terms, providers may inherit unpredictable financial exposure and compliance gaps. The absence of effective governance requirements from both vendors and authorities places the operational burden on MSPs to define, monitor, and enforce safe use of AI, including recurring governance services such as data boundary enforcement and audit evidence. Failure to address these issues may result in MSPs acting as uninsured support for unmanaged AI deployments they cannot fully control or price. 00:00 MSP AI Play  04:24 AI's Accountability Gap 06:50 MSP Risk Transfer 09:49 Why Do We Care?  Supported by:  ScalePad Moovila 

The Emergency Management Network Podcast
Seven Cabins Fire evacuations rescinded at 64% containment; central Plains brace for severe weather

The Emergency Management Network Podcast

Play Episode Listen Later Jun 5, 2026 5:02


Today's brief leads with Orange County, where Garden Grove's GKN Aerospace hazmat emergency de-escalates and all evacuation orders lift, returning the final 16,000 residents home with no injuries. New Mexico's Seven Cabins Fire reaches 64 percent containment and Lincoln County rescinds all evacuations. CISA adds an actively exploited vulnerability to its KEV catalog, the central United States faces a multi-day severe-weather threat, Kilauea holds at ADVISORY, and FEMA assistance deadlines approach in Washington and Hawaii. EM Morning Brief is your concise daily update on national and state-by-state emergency management news. Produced by Sitch Radio, an EOC Voices podcast.Key Takeaways• California hazmat: All Garden Grove GKN Aerospace evacuation orders lifted June 4; about 16,000 residents returned, no injuries, but tank cleanup remains delayed.• New Mexico wildfire: Seven Cabins Fire at ~31,867 acres and 64% contained; all evacuations rescinded June 4; Capitan Mountain forest closure still in effect.• Cyber / CISA: CISA added CVE-2026-45247 (Mirasvit) to the KEV catalog June 3 with an active-exploitation flag and a federal remediation deadline.• Severe weather: NWS and SPC flag a multi-day large-hail, wind, tornado, and flash-flood threat across the central Plains and mid-Mississippi Valley through the weekend.• Volcano: Kilauea remains at ADVISORY / Aviation Color Code YELLOW; eruption paused, episode 49 possible within ~10 to 15 days of June 1.• FEMA deadlines: Washington December-storm applications close June 10; Hawaii Kona Low Individual Assistance closes June 14.• Lifelines: City of Aiken, SC water main break June 4 affected ~60 connections; precautionary boil-water advisory to follow restoration.SponsorsThe NIMS Store - https://thenimsstore.com/SourcesNIFC / Wildfire• NIFC Incident Management Situation Report — National daily wildfire situation report and preparedness level• NIFC National Fire News — National wildland fire activity summaryCISA• CISA Adds One Known Exploited Vulnerability to Catalog (June 3, 2026) — CVE-2026-45247 Mirasvit deserialization flaw added to KEV• CISA Known Exploited Vulnerabilities Catalog — Authoritative KEV catalog and remediation deadlinesUSGS — Volcano• USGS Kilauea Volcano Updates — Hawaiian Volcano Observatory status and alert level for KilaueaSevere Weather• NWS National Forecast — National Weather Service hazards and severe-weather summary• SPC Day 1 Convective Outlook — Storm Prediction Center severe-weather outlook for the central U.S.Tropical / NHC• National Hurricane Center — Atlantic and Eastern Pacific tropical weather outlooksFEMA• FEMA — Hawaii Kona Low deadline extended to June 14 — Individual Assistance deadline for Maui and Honolulu counties• FEMA — One month remains to apply in Washington — June 10 deadline for December storms and floodingUSGS — Earthquakes• USGS Significant Earthquakes — 2026 — No significant U.S. seismic events in the last 24 hoursCalifornia• ABC7 — Garden Grove chemical tank updates — OCFA lifts all evacuation orders June 4; residents return• City of Garden Grove — Hazardous Materials Incident — Official municipal incident information pageNew Mexico• NM Fire Info — Lincoln County rescinds Seven Cabins evacuations (June 4) — Evacuation orders rescinded; acreage and containment update• Lincoln National Forest — Fire — Forest Service fire and closure informationSouth Carolina• City of Aiken — Water Main Break Advisory (June 4) — York Street NE main break affecting ~60 connections This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit emnetwork.substack.com/subscribe

Cyber Security Today
New HTTP/2 Bomb Attack, Trump's AI Security Reviews, Android Zero-Day & The Patching Crisis

Cyber Security Today

Play Episode Listen Later Jun 5, 2026 11:43


A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms including Apache, NGINX, Microsoft IIS, and Envoy. The attack also highlights a growing trend in cybersecurity research: the use of artificial intelligence to uncover dangerous combinations of existing vulnerabilities. The episode also examines President Trump's new executive order creating a voluntary framework for reviewing advanced AI models before public release. The administration says the goal is to improve cybersecurity and national security visibility while avoiding mandatory regulation or licensing requirements. Next, a new Cloud Security Alliance report warns that organizations are struggling to keep up with the growing volume of vulnerabilities. Security teams increasingly face difficult choices about which flaws to patch first as cloud environments, containers, APIs, and third-party software continue to expand the attack surface. Finally, CISA warns that attackers are actively exploiting both a newly patched Android vulnerability and a years-old Linux flaw. The contrast highlights a simple reality: cybercriminals do not care whether a vulnerability is new or old. They care whether it remains exploitable. Stories in this episode HTTP/2 Bomb Can Crash Web Servers in Seconds Researchers disclose a denial-of-service technique capable of exhausting server memory in under a minute, while OpenAI's Codex helps uncover a novel attack chain. Trump Creates Voluntary AI Security Reviews as Government Seeks Visibility Into Frontier Models A new executive order establishes voluntary reviews of advanced AI systems before public release, raising questions about visibility, oversight, and national security. The Cybersecurity Industry's Patch-Everything Strategy May Be Breaking Down A Cloud Security Alliance report suggests organizations are overwhelmed by vulnerability volume and increasingly forced to choose which risks to address. CISA Warning Shows Attackers Don't Care Whether a Vulnerability Is New or Old Active exploitation of both a newly patched Android flaw and an older Linux vulnerability demonstrates that attackers focus on opportunities, not disclosure dates. Cybersecurity Today brings you the latest cybersecurity news, threat intelligence, breach reports, vulnerability disclosures, ransomware developments, cybercrime investigations, and security research affecting organizations around the world. #Cybersecurity #CyberSecurityToday #InfoSec #CyberNews #Ransomware #ThreatIntelligence #VulnerabilityManagement #AndroidSecurity #LinuxSecurity #ArtificialIntelligence #HTTP2 #CISA #CloudSecurity #OpenAI #PatchManagement

Security Now (MP3)
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?

Security Now (MP3)

Play Episode Listen Later Jun 3, 2026 199:51


AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

All TWiT.tv Shows (MP3)
Security Now 1081: AI Captured the Flag

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jun 3, 2026 199:51 Transcription Available


AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

Security Now (Video HD)
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?

Security Now (Video HD)

Play Episode Listen Later Jun 3, 2026 199:51 Transcription Available


AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

Security Now (Video HI)
SN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?

Security Now (Video HI)

Play Episode Listen Later Jun 3, 2026 199:51 Transcription Available


AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

Radio Leo (Audio)
Security Now 1081: AI Captured the Flag

Radio Leo (Audio)

Play Episode Listen Later Jun 3, 2026 199:51 Transcription Available


AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow

The CyberWire
AI joins the chain of command.

The CyberWire

Play Episode Listen Later Jun 1, 2026 29:48


Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today's business update. Our guest is Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. Microsoft hits refresh on research relations.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices we are joined by Heather Ceylan,  CISO at Box, discussing how governed AI starts with solving the unstructured data problem. If you enjoyed this conversation, you can catch the full interview here. Selected Reading As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution (SecurityWeek) Why a surge of election-related websites could spell rising cyber threats for the midterms (PBS News) Election threats are focused on campaign systems, not voting machines (CyberScoop) Critical Windows Netlogon RCE flaw now exploited in attacks (Bleeping Computer) U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) CISA Town Halls Set Final Stage for CIRCIA Debate (BankInfo Security) Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years (The Record) 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access (SecurityWeek) Indian Exam Board Admits to Cybersecurity Holes Found by Teen (Bloomberg) Zscaler intends to acquire identity mapping company Symmetry Systems. (N2K Pro Business Briefing) Microsoft says it will not pursue security researchers after zero-day backlash (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Breaking the GlassWorm.

The CyberWire

Play Episode Listen Later May 27, 2026 28:15


A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech extremism. GCHQ warns Russia is targeting UK infrastructure. Researchers uncover stealthy new malware, AI coding agent supply chain risks, and in-person extortion tactics targeting U.S. law firms. Europe grabs satellite spectrum. Ben Yelin joins us to discuss the bipartisan push for more support of CISA. Hacking your way to the main stage.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our Caveat co-host and Program Director for Public Policy & External Affairs at the University of Maryland Center for Cyber Health and Hazard Strategies, Ben Yelin, joins Dave to talk about the bipartisan push for more support of CISA. Selected Reading GlassWorm Botnet Disrupted (SecurityWeek) OMB Scraps Biden-Era Cyber Logging Rules (BankInfoSecurity) US law enforcement warns of "anti-tech extremism" as AI hatred grows (Ars Technica) Russia 'relentlessly targeting' critical infrastructure and democracy, GCHQ says (BBC) Trump hobbled top cyber agency just as AI learned to hack (Axios) EU to squeeze US space tech out of prized satellite airwaves (Politico)  Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data (FortiGuard Labs) FBI warns of in-person data theft attacks from extortion gang (Bleeping Computer) ‘SymJack' Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems (SecurityWeek) How to guarantee a speaker gig: Hack the system. Literally (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices