Podcasts about citrix

Mark Sweeney, senior vice president of mid‑market growth and global commercial strategy at Citrix As of this week, MSPs and resellers working with Citrix may notice their partner relationship looks a little different. On March 1, Citrix officially expanded its long-standing partnership with Arrow Electronics, shifting more of the day-to-day management of its Service Provider partners in North America and Europe to the distributor. The move builds on an existing relationship between the two companies, but goes further — touching partner engagement, transactions, and how partners interact with the Citrix ecosystem overall. For MSPs and resellers, especially in Canada, changes like this tend to raise practical questions. What's actually changing in the partner experience? Why make this move now? What responsibilities remain with Citrix, and which ones move to Arrow? And what does this mean for quoting, renewals, incentives, and support escalation? In this episode of the podcast, we're joined by Mark Sweeney to help unpack the announcement. We talk through what Citrix had already handed over to Arrow, what's new as of March 1, and how the company sees this shift fitting into its broader channel strategy. The conversation also takes a Canada-specific lens, exploring what this transition means for Canadian MSPs and resellers, and what partners should be thinking about as the new model settles in. We wrap with a look ahead at what comes next — and how partners can position themselves to get the most value from the change. Read Full Transcript Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. If you’re an MSP or a reseller working with Citrix, as of this week, your relationship with the vendor may look a little different. Earlier this year, Citrix announced it’s expanding its partnership with distributor Arrow Electronics, handing over more of the day-to-day management of its service provider partners in North America and Europe. That change officially took place March 1st. Citrix and Arrow have already been working together for some time, but this move goes further, affecting things like partner engagement, transactions, incentives, and how partners interact with the Citrix ecosystem overall. For MSPs and resellers here in Canada, it naturally raises questions. What’s actually changing? Why now? What stays with Citrix? What shifts to Arrow? And most importantly, what does it all mean to your day-to-day business? To help unpack all of that, I’m joined by Mark Sweeney from Citrix. Mark’s been deeply involved in the company’s channel strategy and is here to walk us through not just what is changing, but why Citrix believes it’s the right move and how partners can get the most out of the transition. So let’s dive right in. Robert Dutt: Mark, thanks for taking the time. I appreciate it. Mark Sweeney: No, thanks for having me, Robert. Robert Dutt: I guess let’s start with a little bit of context first. You guys have been working with Arrow Electronics for a long time as a distribution partner and more recently, over the past little while, have handed over a little bit more responsibility and management to Arrow. I guess to level set it, can you walk me through before this March 1 announcement, what part of the relationships had already been managed by Arrow and what parts did Citrix still manage or handle directly? Mark Sweeney: Sure. Thanks for that. You’re right. Over the past numerous years, we’ve had a long and outstanding relationship with our friends at Arrow and it historically was a distribution-related arrangement that we had with them. Over the past two years, I would say that that relationship has started to change and evolve into where we see it today. Specifically, I would say it was probably about 18 months ago where we started to extend more of our business over to Arrow. That specific piece was around our CSP business. That was below a certain threshold. The threshold being about 2,000 users. Any of our CSP, MSP partners that were providing services to end users, we actually shifted those over to Arrow about 18 months ago to start supporting that business. The initial approach that we saw was very healthy and very good. One of the things that we wanted to do was actually extend that a little bit further. We looked at some of our mid-market customers and any of our mid-market customers that we didn’t manage with our enterprise team. We started to have Arrow actually manage them from a go-to-market perspective as well. The first idea there was to start to remove friction between the CSP business that was managing the same type of customers that were existing in our mid-market space. That happened probably about 12 months ago. During that period of time, our enterprise team continued to manage enterprise customers and larger MSPs that were above that 2,000 user threshold. If you thought about it and you just drew a line into our business, anyone that was below that 2,000 threshold was probably being managed by Arrow and anyone above was being managed by our enterprise team. Robert Dutt: We look forward to March 1 as that goes live, as that has gone live. What actually changes for a Citrix service provider or MSP partner of yours with this further transition to Arrow? Mark Sweeney: If there were MSP partners that were being managed by named account executives as part of Citrix, those MSP customers are also being moved over to Arrow as of March 1. Now, we’ve already communicated that to them. If not all of the MSPs should have received communication from us and from Arrow on this. I’ve also posted myself on LinkedIn about this. Anyone who was an MSP before, they are now also going to be managed by Arrow. Robert Dutt: Why make the move now? Was this something that partners were asking for? Is it sort of about where you’re at and where you want to take the channel? Mark Sweeney: I like to say, “Why not now?” The reason why I say that is because we saw some very good success with Arrow in our mid-market space and then also in our MSP business. What we also saw was a little bit of friction, as I mentioned earlier, in the smaller CSPs but then also in the mid-market space because we’re selling into the same market. What we wanted to do was we wanted to remove that friction entirely so that all MSPs now could be worked and can be functioning as a single entity that’s being managed by Arrow. What that allows us to do is really begin to focus on our innovation of our technology but then also allow us to give further support to our product development teams or product engineering teams, all of our support teams. I think for us, it wasn’t necessarily that it had to be done on March 1st, but I think it was just more of a natural time for us to do it as it was occurring 12 months after the mid-market space, 18 months after the initial CSP space. That’s why I think now is probably the best time. Robert Dutt: Continue to pull on that thread that you just introduced there. As this transition is complete, in terms of the partner business, where does Citrix stay very hands-on and where does Arrow kind of fully take the wheel? Mark Sweeney: I would say that Arrow is fully taking the wheel on all the business that is mid-market business. Anything where our enterprise account executives aren’t managing the team, they’re going to be there. Any of our service providers, any of our managed service providers, Arrow is taking the full reins too. But we still have a channel team and our channel team is still going to be managed by Kerry Saunders in the US from an enterprise perspective. For the enterprise CSA channel partners out there, they’re still going to be managed. We’re still going to be building this team. We’re still going to be managing that team. I’m working very closely with Kerry and her team. My counterparts on Arrow are actually working very closely with Kerry and her team as well. I’ll also say that I’m fully supporting the Arrow business right now and I have a team that’s supporting the Arrow business as well. We have Citrix representation that is going to be supporting all of our partners across the business. Robert Dutt: Most of our listeners are Canadian MSPs and resellers, folks who’ve been working with you or with Arrow historically. But as this transition happens, what can they expect to feel different in Canada compared to the rest of North America, if anything? Mark Sweeney: This business, what we’re doing is not just happening in North America as well. This is also happening in Europe. I’m based out of London, England, as I’m sure you hear the accent, originally American. I’ve actually spent a couple of years in Canada and in the Mississauga-Etobicoke area when we had our office there. I have had the opportunity to meet a number of your partners and your customers in the region. I don’t think anything is going to change based on geography. Anything that we’re going to see in the US is likely what we’re going to see in Canada. Similar things that we’re going to see in Europe. I would say immediate changes, there really aren’t going to be any. I think a lot of the business that we’ve already worked on with the channel partners in Canada as well as the other regions is going to be an extension. Any of the contracts that you have in place with us, those are being assigned out to the Arrow team. You’re not going to see anything change there. I did have the opportunity to spend a few days with Arrow and their leadership last week in Spain talking about strategies. One thing that it’s not a change, but I would think of it more as an opportunity. There are a lot of technologies that Arrow is exploring outside of Citrix. If I were to give one recommendation to the Canadian team, it is to work with your Arrow counterparts to see what other technologies that they have inside of their portfolio that could potentially play into what you’re doing as an MSP or in the mid-market. Given what they’re doing, there are some areas of synergy in terms of being able to potentially expand the portfolio that some of the managed service providers are actually providing to their customers. Robert Dutt: Along those same lines, what can partners do to make sure this is as smooth a transition as possible for them, to make things as simple as possible? What are you doing to make sure this is as simple a process as possible? This hopefully simplifies things for partners. I don’t think any channel chief ever sets out to make things more complex. Mark Sweeney: Two answers to that. I think the first is what I’m doing. In North America, I’m establishing a team that’s going to be dedicated to supporting the MSP business and our MSP partners, and then also a team that’s going to be supporting our mid-market team too. The reason why I’ve kept them separate is specifically what you just said, to provide this as seamless as possible so that we have subject matter experts on the MSP business and then subject matter experts on the mid-market business. I think that’s probably the first thing. Keep in mind that these are overlays from a Citrix standpoint, so there are going to be direct counterparts for Arrow that will be able to work with your partners in Canada. I think the first thing that I would recommend to any of the MSPs in Canada is to identify who your account executive is going to be from an Arrow standpoint and reach out to that person as quickly as you can. Don’t wait for a renewal to happen. Don’t wait for an expansion need to happen. Really understand what your business looks like today. Understand if you have customers, if you are looking to expand what that looks like, reach out to your account team. In the FAQ that should be shared, you should be able to find it. In North America, there’s a gentleman by the name of John Heller who is available for you to reach. He’s based in the US. Then you’ve also got myself, Mark Sweeney, that you could reach out to if you’re having any challenges identifying who your account executive is. I would say, again, two things just to summarize. I’m building a team to help support. Then from your perspective, just go ahead and reach out to your account executive as quickly as you can. Robert Dutt: Any time a vendor shifts responsibilities like this, I think there’s a natural tendency for partners to worry about support and escalation, those sorts of things, about being a step further away from the vendor in abstraction and potentially worst case scenario becoming that proverbial pop fly that drops harmlessly between two fielders who both presume the other guy’s got the ball. What are you guys doing to make sure that that doesn’t happen? What safeguards are in place? You discussed a little bit having that overlap already, but what else are you doing to make sure partners’ fears around that may be assuaged if they’re out there? Mark Sweeney: Sure. To play on your reference a little bit, because I don’t get to talk about baseball too often and it’s always cricket related, I will say that it’s important for us to call the ball. If I’m in center field and the ball’s coming my way and I’ve got my left fielder over there, I want to make sure I know who has what. I think the first thing we’re doing is creating rules of engagement between our two partners so we understand who’s doing what. From a support perspective, that support is still being handled by Citrix. Anything that’s tier one related or tier two related, you’re still calling or you’re still working into the Citrix support teams. You still have contact information from Citrix support people that you can work with, but from a go-to-market perspective, that’s where you’re going to be working with the Arrow team. I think we’ve drawn very clear lines in terms of who’s doing what. We have our support team that’s being managed, the support still being managed by Citrix. All the go-to-market functions are going to be managed by Arrow. So I think that’s the first thing to keep in mind. The second thing is to think holistically, why are we even doing this? We’re doing this because we want to dedicate more resource to our innovation. We want to dedicate more resource to our supportability of our products. We want to dedicate more of our resource just to the overall adoption and consumption of everything that we’re trying to do from a technology perspective. I understand that and I’ve heard that before and I’ve had conversations with partners and customers on this, but I think when you actually dive into it to say, “Why are we doing it?” I think the answer to that “why” is what should actually make you feel better. The reason why is because we’re trying to invest more in innovation and support engineering and product development and product management. We’re actually seeing quick execution and quick successes from a lot of that as we continue to expand on our technology and our platform and our portfolio. Then again, on the support perspective, we’re still managing that and then the go-to-market functions are going to be managed by Arrow. Robert Dutt: Zooming out a bit from that, how does this Arrow partnership and this new structure fit into the overall picture of where you guys want to take your channel community over the next year or two? Mark Sweeney: I think our channel community is incredibly important to us as a whole. When we look at who our channel partners are, the ones that have been working with us for the past dozen years, they know who we are as an organization. They know what we’ve been doing from a technology perspective. If you look at where we are building our channel program right now, more on Kerry Saunders’ team, a lot of it right now is identifying the partners that are providing value-added services into our product community and into our customer community. I think where I start to think about what’s going to happen in the future is a lot of this is like, what more can we be providing to our customers and how can we do that with our channel? This allows us to help enable our channel even further, start to enable our channel around some of the concepts that we’re thinking specifically around persona-based selling, persona-based consumption. One of the things that we’re working with our consulting teams and our technical teams right now is around the concepts that we really want our customers to think about us as a company that secures the work. The way we do that is by looking at various personas across our customer base. We want our channel partners to really understand that concept and work with customers to identify them as a persona that is focused on the modern worker, somebody who’s using SaaS-based applications on a regular basis, personas that are task-based workers, think about call centers, things like that, knowledge-based workers, maybe somebody that needs more access to more specialized applications. Then you may have power users. I think working with our channel to build that out, build that strategy out so that we could go more wall-to-wall with customers is where I see our business going towards in the next few years. Robert Dutt: Before we wrap up, I’m sure you’ve been talking to a lot of partners about this change as you formulated it and since it was announced and out there, and channel partners are not a notoriously shy bunch in terms of sharing opinions. I’m curious if you had one misconception that you’ve heard from partners or otherwise in the market about this announcement that you’d like to clear up. Mark Sweeney: I haven’t heard a misconception yet. I think that’s a good thing. I did have some conversations with a few of the partners already. For the most part, and I’ll say for the whole part, it’s actually been very positive. I think the piece about removing the friction is one of the critical pieces. I think our channel partners and our managed service providers are very excited about the fact that we’ve removed that friction and we’re allowing that ability to really sell into all of the spaces out there. I’ll double back on one of the points that you raised and it’s that point of what’s going to happen. Is there going to be any miss or any like missing the fly ball? I think that’s not a misconception I’ve heard yet. That’s a misconception I heard last year. That’s probably still out there a little bit. I mean, you’ve asked the question and I think where I want your partners in Canada to think about is we have done this for a specific reason and that specific reason is because we saw significant growth in the relationship in the business over the past 18 months. We saw that also give us the ability to really focus on our innovation and our technology and our support and product management capabilities. The reason why we’re extending it is because we’ve seen success early on and we want to continue that success and we want to build on that momentum. I would say that’s probably, even though I haven’t heard something yet, that would be the reason why I think it could be out there. Robert Dutt: Mark, I appreciate your taking the time. Good luck on this transition and look forward to seeing how the relationship evolves. Mark Sweeney: That’s great. Thanks very much for your time, Robert. Thank you to the folks listening to me in Canada. There you have it, a look at the expanding Citrix-Arrow relationship, courtesy of Citrix’s Mark Sweeney. I’d like to thank Mark for joining us for the show and thank you for listening today. The podcast will be back in your feed tomorrow as we tackle shadow AI from an identity point of view and Thursday as we take a look at the launch of Lexful, an AI-first documentation tool that boasts, if you can believe it, a robotic channel chief. You’ll want to catch both of those, so please subscribe to the show or follow it in your podcast app of choice and if it allows you to do so, please consider leaving a rating or review of the show. Until tomorrow, I’m Robert for ChannelBuzz.ca and I’ll see you in the channel.

Today is Monday, March 2, 2026. Welcome to In Case You Missed It, our weekly five-minute rundown of important channel news stories that might have flown under the radar last week. In this edition: Component shortages start hitting the channel: Rising memory and storage costs are prompting vendors to revisit pricing and deal protections, highlighted by a letter from Cisco to partners and reinforced by warnings from other vendors, distributors, and suppliers as availability tightens across servers, storage, and PCs. Pure Storage rebrands as Everpure: Pure Storage has rebranded to Everpure, signaling a shift toward AI-ready data management and rolling out partner program changes aimed at supporting subscription services and platform-led growth. WatchGuard targets MSPs with enterprise-grade security: WatchGuard says new platform enhancements allow MSPs to deliver enterprise-level security outcomes — including zero trust, MDR, and unified management — without enterprise-level complexity. AWS threat research highlights AI-driven attacks: New findings from Amazon Web Services show attackers using AI-assisted techniques to accelerate exploitation of perimeter devices, including firewalls, underscoring how rapidly the threat landscape is evolving. Read Full Transcript Hello and welcome to In Case You Missed It from ChannelBuzz.ca, your Monday morning recap where we catch you up on some of the channel news and trend headlines you may have missed in the last week. I’m Robert Dutt, editor of ChannelBuzz.ca. Today is Monday, March 2, 2026. Let’s get your week started right. This week, the IT channel is being forced to confront an uncomfortable reality. Global components shortages and memory price spikes are fundamentally reshaping how hardware deals are negotiated and fulfilled, and vendors are already updating partner policies as they try to cope. At the center of the storm is a note from Cisco Systems to partners, which was obtained by CRN, in which Cisco says it’ll adjust partner contract terms in response to rapidly rising memory costs and supply volatility. The company now reserves the right to cancel compute orders up to 45 days prior to shipment and to adjust pricing between order and shipment date if component costs, tariffs, or other external factors shift dramatically. That’s a significant departure from the traditional price protection norms. And this isn’t isolated. Executives from major distributors told CRN that memory and storage shortages, particularly DRAM and SSDs, are pushing prices up and tightening supplies across servers, storage, and PC portfolios. Memory prices are reported to have doubled year over year in early 2026, and are expected to continue rising, leading many distributors to shorten their own validities and revisit backlog pricing with vendors. Vendors themselves are directly advising partners of pricing shifts too. Lenovo has warned partners that select PC and server products will see price hikes in March unless orders are placed and shipped promptly, reflecting those costs. And hardware availability is also tightening in real terms. For example, Western Digital says its entire 2026 hard drive production capacity is already spoken for, with most allocations locked up in long-term agreements with hyperscale cloud and AI customers, a trend that could push prices higher and leave less inventory for channel projects. As memory, storage, and other components become harder to source and pricier to procure, partners may face shortened quote windows, less pricing certainty, and project timing risk, compelling MSPs and VARs to rethink their own quoting strategies, accelerate their sales cycles, and build supply chain agility into their roadmaps. Good luck out there. Also worth noting, Everpure, the company formerly known as Pure Storage, has completed a major strategic evolution, rebranding itself to signal a transition from traditional storage vendor to a broader AI-ready data management platform and announcing changes that partners should really pay attention to. The name change, which takes effect on the New York Stock Exchange March 5, reflects the company’s push into enterprise data orchestration and intelligence beyond simply shipping storage hardware and arrays. Central to this transformation is Everpure’s planned acquisition of data intelligence firm 1touch, a move designed to bring automated data discovery, classification, and semantic enrichment capabilities into its portfolio. This expands the enterprise data cloud vision, equipping enterprises to make data inherently AI-ready and more valuable across hybrid environments. Alongside that rebrand, Everpure has updated its partner engagement model with a new tiering structure that gives MSPs, resellers, and distributors clearer pathways to profitability and growth, reflecting the broader mission of the company going forward. Recent results show that the demand for data management and subscription services are driving double-digit growth, the company says, underscoring why partners should lean into Everpure’s evolving platform play. For channel pros, the message is that Everpure sees partners as critical to selling data-centric solutions in the AI era and is aligning its incentives and program structure accordingly. Up next, WatchGuard is positioning its latest platform updates as a way for MSPs to deliver what it calls enterprise-grade security to small and mid-sized customers, without the complexity typically associated with large enterprise tools. The company says the enhancements are focused on unifying endpoint, network, identity, and MDR capabilities into a single manageable platform designed for service providers. Key to the message is simplification. WatchGuard is emphasizing centralized management, automated threat response, and bundled security services that allow MSPs to deploy advanced protection like zero-trust network access, AI-driven threat detection, and 24/7 monitoring at scale and under predictable pricing models. For MSPs, the pitch is that this closes a long-standing gap, giving smaller customers access to security capabilities that more rival enterprise deployments, while still fitting MSP operational and margin requirements. WatchGuard argues that as threats become more sophisticated, the ability to offer enterprise-grade outcomes without enterprise-grade overhead is becoming a baseline expectation rather than a premium add-on. And speaking of more sophisticated threats to bring this week’s roundup home, new threat research from Amazon Web Services adding to the evidence that AI is actively changing how attacks are carried out, not just how they’re defended against. AWS researchers report seeing threat actors use AI-assisted techniques to more quickly identify and exploit vulnerabilities in perimeter devices, including Fortinet FortiGate firewalls, reducing the time between disclosure and real-world exploitation. The finding reinforces a growing concern for solution providers. Attackers are using AI to scale reconnaissance, speed up exploit development, and adapt attacks faster than traditional defenses expect. For MSPs and VARs, the implication is clear. Staying ahead now requires faster patching cycles, continuous monitoring, and security platforms that assume AI-accelerated threats are the norm and not an edge case. Those are some of the things we were paying attention to last week. This week on the podcast, expect to hear how Citrix is thinking of partners as it hands off more of its channel management to Arrow Electronics, a look at the role of identity in taming shadow AI, and how startup Lexful is aiming to redefine how MSPs think about documentation. I’m Robert Dutt for ChannelBuzz.ca. Have a great week!

Filip Verloy is a technology leader with over 25 years of experience across enterprise IT, consulting, and global vendors. Currently working on securing Agentic AI for the enterprise, he brings deep expertise in API security, infrastructure, and large-scale complex environments. Before joining Rubrik, Filip served as Global Field CTO at API security startup Noname Security and held senior architecture and solutions roles at Citrix, Dell, Riverbed, and VMware. Known for his curiosity and commitment to understanding the fundamentals behind technology, Filip challenges the “illusion of knowledge” and focuses on building secure, resilient systems from first principles.00:00 Intro02:30 Our Guest05:06 Illusion of Knowledge 07:04 Unknown-Unknowns in AI09:57 Increasing the Attack Surface12:58 Risk in the Age of Agentic AI 17:56 How do you secure that data?25:00 How do we deal with IAM in this world of Agentic AI?31:22 API Security and API Access in Agentic AI39:02 How is the model of consuming surfaces over the internet going to change? 43:00 Agentic AI Governance49:25 More about Filip

  Why do small business leaders keep buying more software yet still feel like they are drowning in logins, dashboards, and unfinished work? In this episode of Tech Talks Daily, I sit down with Jesse Lipson, founder and CEO of Levitate, to unpack a frustration I hear from business owners almost daily. After years of being pitched yet another tool, many leaders now spend hours each week troubleshooting software instead of serving customers. Jesse brings a grounded perspective shaped by decades of building SaaS companies, including bootstrapping ShareFile before its acquisition by Citrix, and what stood out to me immediately was how clearly he articulates where the current software model has broken down for small businesses. We talk about why adding more apps has not translated into better outcomes, especially for teams without dedicated specialists in marketing, finance, or sales. Jesse explains how traditional software often solves only part of the problem, leaving owners to become accidental experts in accounting, marketing strategy, or customer communications just to make the tools usable. From there, our conversation shifts toward what he believes will actually matter as AI adoption matures. Rather than chasing full automation or shiny new dashboards, Jesse argues that the real opportunity lies in blending intelligence with human guidance, allowing AI to work quietly behind the scenes while people remain the face of authentic relationships. A big part of our discussion centers on trust and connection in an AI-saturated world. Jesse shares why customers have become incredibly good at spotting automated communication and why relationship-based businesses cannot afford to lose the human element. We explore how AI can act as a second brain, helping business owners remember details, follow up at the right moments, and show up more thoughtfully, without crossing the line into impersonal automation that turns customers away. His examples, from marketing emails to customer support, make it clear that technology should support better relationships rather than replace them. We also look ahead to what small businesses should realistically focus on as AI evolves. Jesse offers practical guidance on getting started, from everyday use of conversational AI, to building internal documentation that allows systems to work more effectively, and eventually moving toward agent-based workflows that can take on real operational tasks. Throughout the conversation, he keeps returning to the same idea, that AI works best when it helps people become the kind of business leaders they already want to be, more present, more consistent, and more human. If you are a founder, operator, or small business leader feeling overwhelmed by tools that promise productivity but deliver friction, this episode offers a refreshing reset. As AI becomes more capable and more embedded in daily work, the real question is not how many systems you deploy, but whether they help you build stronger, more genuine relationships, so how are you choosing to use AI to support the human side of your business rather than bury it? Useful Links Connect with Jesse Lipson Connect with Jesse on X Learn more about Levitate    

Ik praat met CISO (en developer) Hugo Leisink over waarom het toch zo moeilijk blijkt om software te bouwen zonder kwetsbaarheden.Met name waarom grote bedrijven als Citrix en Microsoft het maar niet wil lukken om uit het nieuws te blijven met ernstige kwetsbaarheden.Wat zouden ze daar aan kunnen/moeten doen? En waarom lijken ze dat niet te doen?En hoe ga je als CISO om met het ontwikkelen van software in jouw organisatie? Hoe zorg je dat je veilige software inkoopt?Ik duik met Hugo in de wereld van software ontwikkeling.(Bij deze aflevering is geen YouTube video gemaakt)

In this episode, we dive deep into the critical topic of self-deception and its profound impact on leadership and personal effectiveness. Mitch shares powerful insights on how self-deception can undermine our relationships and professional success, often without us even realizing it. He explains the concept of self-betrayal and how it leads to a distorted view of ourselves and others, creating unnecessary conflicts and reducing our influence as leaders. Mitch shares a valuable advice on how to rebuild trust in relationships damaged by self-deception and how to not let it happen again.   Mitch is the co-author of Arbinger's latest bestseller, The Outward Mindset. He writes frequently on the practical effects of mindset at the individual and organizational levels as well as the role of leadership in transforming organizational culture and results. He is an expert on mindset and culture change, leadership, strategy, performance management, organizational turnaround, and conflict resolution.    Mitch is a sought-after speaker to organizations across a range of industries, bringing his practical experience to bear for leaders of corporations, governments, and organizations across the globe. Specific clients include NASA, Citrix, Aflac, the U.S. Army and Air Force, the Treasury Executive Institute, and Intermountain Healthcare. Mitch carries his first-hand perspective as a proven leader into his speeches and facilitation, dynamically bringing Arbinger's concepts and tools to life through his powerful stories and hands-on experience. His audiences leave inspired to improve and equipped with a practical roadmap to effect immediate change.    In his role as managing partner, Mitch directs the development of Arbinger's intellectual property, training and consulting programs, and highly customized large-scale organizational change initiatives. He has been instrumental in Arbinger's rapid growth, including its expanding international presence in nearly 30 countries.    Mitch received his B.A. in philosophy and is a licensed nursing administrator. Trained in fine art at the Art Students League and the National Academy, he spends much of his free time painting. His work hangs in organizations nationwide.   Visit Arbinger Institute here: https://arbinger.com/   Here are some free gifts for you: Overall Approach Used in Well-Managed Strategy Studies free download: www.firmsconsulting.com/OverallApproach   McKinsey & BCG winning resume free download: www.firmsconsulting.com/resumepdf   Enjoying this episode? Get access to sample advanced training episodes here: www.firmsconsulting.com/promo

Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US organizations uses Venezuela-themed lures. The episode wraps up with a discussion on a recent study revealing that training AI to produce insecure code can lead to broader problematic behaviour. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Cisco Patches Critical Async OS Bug 02:26 Fortinet Vulnerability Exploited in the Wild 04:04 Dutch National Police and Aging IT Infrastructure 05:55 Spear Phishing Campaign with Venezuelan Lure 07:54 AI Writing Buggy Code: Unexpected Consequences 10:21 Conclusion and Final Thoughts

(00:00) Thuiswerksoftware van overheid zo lek als een mandje.   Citrix, de thuiswerksoftware van duizenden medewerkers binnen ministeries, gemeenten en andere overheden, heeft geen beste reputatie: volgens cybersecurityexperts is het zo lek als een mandje.     Zij keken er dus ook niet van op toen het Openbaar Ministerie afgelopen zomer via juist dat programma werd gehackt. Wekenlang ging het OM offline en het kampte nog maandenlang met ernstige ICT-problemen. Waar de software handig is voor medewerkers, is die ook ideaal voor hackers. Want wie eenmaal binnen is, kan bij alle vertrouwelijke informatie en kan bovendien gaan rommelen in de systemen.     Waarom wordt deze software nog gebruikt? En heeft de Nederlandse overheid haar digitale beveiliging überhaupt wel op orde?       (38:54) De F-35: bescherming of afhankelijkheid?  Amerika is al decennialang onze grootste militaire bondgenoot. Een belangrijk symbool voor dat bondgenootschap is de Joint Strike Fighter, nu beter bekend als de F-35, het geavanceerde Amerikaanse gevechtsvliegtuig waar Nederland er inmiddels 46 van heeft. Maar sinds de herverkiezing van Donald Trump en zijn harde taal richting Europa zijn er scheuren ontstaan in de vriendschap. Sinds de recente Amerikaanse inval in Venezuela rijzen ook de reële zorgen over een inval in Groenland, Europees grondgebied.     De vraag is dan ook: Was de aankoop van de F-35 wel zo'n goed idee? Wat gebeurt er als de Amerikanen op een dag niet meer aan onze kant staan - kunnen we onze straaljagers dan nog wel gebruiken?  Die vragen komen aan bod in de driedelige serie F-35: Onder Trumps vleugels, die Argos voor NPO Start maakte. Regisseur Saskia Adriaens komt erover vertellen.  Presentatie: Liesbeth Staats  Research thuiswerksoftware: Saar Slegers  Research studiogesprek: Saskia Adriaens en Maarten van den Heuvel 

(00:00) Thuiswerksoftware van overheid zo lek als een mandje.   Citrix, de thuiswerksoftware van duizenden medewerkers binnen ministeries, gemeenten en andere overheden, heeft geen beste reputatie: volgens cybersecurityexperts is het zo lek als een mandje.     Zij keken er dus ook niet van op toen het Openbaar Ministerie afgelopen zomer via juist dat programma werd gehackt. Wekenlang ging het OM offline en het kampte nog maandenlang met ernstige ICT-problemen. Waar de software handig is voor medewerkers, is die ook ideaal voor hackers. Want wie eenmaal binnen is, kan bij alle vertrouwelijke informatie en kan bovendien gaan rommelen in de systemen.     Waarom wordt deze software nog gebruikt? En heeft de Nederlandse overheid haar digitale beveiliging überhaupt wel op orde?       (38:54) De F-35: bescherming of afhankelijkheid?  Amerika is al decennialang onze grootste militaire bondgenoot. Een belangrijk symbool voor dat bondgenootschap is de Joint Strike Fighter, nu beter bekend als de F-35, het geavanceerde Amerikaanse gevechtsvliegtuig waar Nederland er inmiddels 46 van heeft. Maar sinds de herverkiezing van Donald Trump en zijn harde taal richting Europa zijn er scheuren ontstaan in de vriendschap. Sinds de recente Amerikaanse inval in Venezuela rijzen ook de reële zorgen over een inval in Groenland, Europees grondgebied.     De vraag is dan ook: Was de aankoop van de F-35 wel zo'n goed idee? Wat gebeurt er als de Amerikanen op een dag niet meer aan onze kant staan - kunnen we onze straaljagers dan nog wel gebruiken?  Die vragen komen aan bod in de driedelige serie F-35: Onder Trumps vleugels, die Argos voor NPO Start maakte. Regisseur Saskia Adriaens komt erover vertellen.  Presentatie: Liesbeth Staats  Research thuiswerksoftware: Saar Slegers  Research studiogesprek: Saskia Adriaens en Maarten van den Heuvel 

Is your company's "AI disruption" happening with you—or quietly without you… and putting your business worth at risk? If you're leading a mid-to-large company right now, you're probably feeling two pressures at the same time: move faster with AI and don't blow up the business while you do it. Because AI isn't a future trend anymore—it's already being built, tested, and used across departments, geographies, and teams (often without a single unified view). And that creates a real leadership headache: how do you scale AI for competitive advantage while still keeping guardrails in place? In this episode, Jim Schleckser talks with Pete Foley (CEO of ModelOp) about what happens when AI spreads "like wildfire" inside an organization—and how to regain control without killing momentum. You'll walk away with: A practical way to get visibility into AI across your organization so you know what models exist, what they're doing, and where the biggest risks are hiding. A framework for putting governance and guardrails in place without slowing innovation—so you can move faster than competitors and sleep at night. A clearer path to scaling AI investments into real business outcomes (revenue, cost reduction, risk control) instead of letting models sit stuck in limbo for 9–12 months. Hit play now to learn how to build AI guardrails that protect your brand and accelerate results—so you can boost business worth before the market decides who survives the disruption. Check out: [02:10] "In five years, there'll be two kinds of companies…" — Jim frames the stakes of AI disruption and why ignoring it threatens long-term survival and business worth. [10:45] The real AI bottleneck: why models take 9–12 months to reach production — Pete explains what's slowing companies down and why that pace won't survive the next wave. [23:30] The "air traffic controller" approach to AI governance — visibility, risk assignment, guardrails, and real-time monitoring so AI can scale without chaos. About Pete Foley With more than 25 years of executive and entrepreneurial experience in enterprise software and a track record of successful business exits, Pete Foley's leadership gives ModelOp customers, partners and employees a high level of trust and confidence in the company and its future. Prior to co-founding ModelOp, Pete held several chief executive roles, including CEO of RingCube Technologies, a desktop virtualization software solution provider acquired by Citrix in 2011; CEO of PortAuthority Technologies, a provider of data leak protection systems, from 2005 through its acquisition by Websense in 2007; and CEO of Infoblox (BLOX) from 2002 through 2005. In addition, Pete was the Executive Chairman of Graphite Systems, a low latency, flash-based big data appliance that was acquired by EMC, from 2012 to 2015.

Andy Cohen, Vice President of Corporate Development at F5 Andy has built a career that proves M&A is fundamentally about relationships, not just transactions. With 30 years of experience and 60 deals closed across high-growth tech companies including Citrix, Acquia, and F5, Andy has cultivated the kind of reputation where every CEO he's worked with will take his call tomorrow. In this conversation, he reveals why zero-sum thinking kills deals, how to convince people to sell without convincing them to sell, and why walking away on principle matters more than closing at any cost.  Things you will learn:  Why reputation is your most valuable M&A asset The shift from zero-sum to win-enough thinking Learn Andy's approach to using due diligence as the foundation for integration strategy, cultural fit assessment, and long-term value creation.  _____________

Lou Shipley has led multiple startups to breakout growth ($100M+) and major acquisitions to companies like Citrix and Synopsys. He has taught some of the most in-demand sales and GTM courses at HBS and MIT. In this episode, we dig into the core traits behind Unlikely Entrepreneurs — the title of the new book he co-authored — and why unconventional founders so often win through curiosity, ambition, and determination. Lou breaks down “the problem with the problem,” why the sled only moves as fast as the lead dog, and the essential role founders play as keepers of culture. We explore the patterns he's seen across high-growth companies, the misunderstood craft of sales, and what Fortune 500 innovators can learn from Unlikely Entrepreneurs.

Podcast DescriptionIn Episode 189 of The Citrix Session, host Bill Sutton, Director of Modern Workspace at XenTegra, is joined by Solutions Architects Stuart Donaldson and Randy Price for a deep dive into one of the most significant updates in modern Citrix authentication.This episode unpacks Microsoft Entra ID Single Sign-On inside Citrix sessions and what it means for end users, admins, and the future of passwordless access. The team breaks down why FAS has become a layer of technical debt, how Entra ID SSO removes friction for users, and what prerequisites and limitations customers need to know before adopting it.Listeners will learn: • How Entra ID SSO eliminates duplicate authentication inside Citrix sessions • Why Primary Refresh Token support is a major win for M365 user experience • What environments are supported and where FAS is still required • Operational considerations like Windows 11 requirements, VDA versions, and the impact on Auto Client Reconnect • Known issues, performance implications, and what to expect in future iterationsIf you support Citrix DAS, modern authentication, or hybrid identity environments, this episode gives you a practical, expert-level overview of what Entra ID SSO unlocks and why it matters.Technical Details can be found at: https://docs.citrix.com/en-us/citrix-daas/install-configure/session-authentication/entra-sso.html

Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down and record an episode together, something we’ve talked about doing for years. As they sit down and enjoy a sunny afternoon in at Microsoft Ignite in San Francisco they discuss security in the financial sector, EU regulations (N2 and DORA), integrating Data Lake with Sentinel, optimizing log analytics, and the latest on Security Copilot and E5 licensing. They also spend some time chatting about some of their conference highlights, assisting as proctors in the hands-on labs, and the unique experience of Ignite in San Francisco. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Microsoft Ignite (with sessions on demand) Microsoft Ignite Book of News Catch up on Microsoft Security sessions and announcements from Ignite 2025 Microsoft Sentinel benefit for Microsoft 365 E5, A5, F5, and G5 customers Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI What is Microsoft Sentinel data lake? KQL and the Microsoft Sentinel data lake Henrik F. Wojcik Henrik has worked in the IT industry since 2003. He’s always had a passion for learning new technologies and expanding his knowledge through various means such as online courses, webinars, and reading up on the latest developments in the industry. Throughout his career, he’s gained experience in various areas of IT, making him a true jack of all trades. However, his latest interests lie in the security space, modern workplace and management in Azure, with a particular focus on cyber security. He has experience working with products such as Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, Conditional Access, Microsoft Sentinel, and Microsof t Entra ID. His primary focus is on security on Azure workloads and identity (Entra ID). He prioritizes security awareness and believe that learning never stops, which is why He’s always eager to expand my knowledge and skillset. In the past, He’s also worked with various tools and technologies such as Cisco, Citrix, Dynamics AX, Exchange, ITIL, Azure, SCCM & SCOM, Scrum & Kanban, VMware, Windows Servers, and Windows Desktops. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

Gou Rao is CEO of NeuBird, an agentic AI Site Reliability Engineer for IT teams. They've raised $44.5 Million from Mayfield and M12. He was previously the CTO of Citrix and Portworx.(00:01) Introduction(01:07) What Does an SRE Do?(02:19) Inside a Typical Incident Flow(04:16) What Can Be Automated?(05:52) Deploying Hawkeye: Day 1 to Day 100(11:59) Earning Trust for Autonomous Agents(14:57) Versioning Agent Behavior & Chain of Thought(17:02) Building Agentic Infra Products(18:38) Access Control for Agents(20:29) Company Building in the AI Era(23:53) Competitive Edge in AI + Infra(26:35) Model Choice & Agent Reasoning Quality(29:33) Biggest Product Bet(31:22) Exciting AI Advancements(33:04) Rapid Fire Round--------Where to find Gou Rao: LinkedIn: https://www.linkedin.com/in/gouthamrao/--------Where to find Prateek Joshi: Research Column: https://www.infrastartups.comNewsletter: https://prateekjoshi.substack.com Website: https://prateekj.com LinkedIn: https://www.linkedin.com/in/prateek-joshi-infiniteX: https://x.com/prateekj 

In this episode of The Digital Executive, host Brian Thomas sits down with Jesse Lipson, founder and CEO of Levitate, a relationship marketing platform helping small businesses build genuine, human connections at scale. A seasoned entrepreneur, Jesse previously founded ShareFile, growing it to millions of users before its acquisition by Citrix, and has since become a key leader in North Carolina's tech ecosystem.Jesse shares the inspiration behind Levitate—observing firsthand how traditional CRMs and marketing automation tools fall short for relationship-driven businesses. Instead of mass-blast, transactional communication, he saw a need for a platform built around authentic, personal outreach—the kind that drives referrals, trust, and long-term loyalty.He discusses Levitate's recent expansion into healthcare, where providers face unique challenges: limited staff, increasing competition, and the delicate balance between efficiency and personalized patient communication. Jesse explains how Levitate's software-plus-services model helps practices stay top-of-mind with patients, maintain a strong online presence, and offload time-consuming content creation so practitioners can focus on care.Looking ahead, Jesse explores how AI will shape the future of relationship-driven software. Rather than replacing personal connection, he believes AI should enhance it—helping professionals remember meaningful details, reach out at the right moments, and scale genuine communication without losing the human touch.If you liked what you heard today, please leave us a review - Apple or Spotify.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In today's Cloud Wars Agent and Copilot Minute, I look at how screen-aware Copilots, task-based agents, and multimodal interfaces are reshaping enterprise work — and why identity, permissions, and access guardrails now matter more than ever.Highlights00:30 — Two experts, Brian Madden, Vice President and Field Technology Officer and Futurist at Citrix, and Marco Casalaina, Vice President of Products, Core AI and an AI Futurist at Microsoft, hosted a session at this year's Microsoft Ignite conference titled “Develop Your Enterprise Playbook to Prepare for the AI of Tomorrow.”00:58 — I want to share some key takeaways. Madden laid out a seven-stage roadmap for human–AI collaboration. Steps included simple prompt and paste, the first introduction to AI; next, AI as an analyst for colleagues; followed by AI watching your screen; AI using your computer for you; AI using your computer without you watching; multi-agent AI communication; and the final step: AI-orchestrated work.01:55 — Ultimately, AI needs to work where human knowledge workers work, because the world we live in today is built for humans, and the way that AI will succeed is by operating within this user space and emulating humans in practice. Users talk to AI, and AI talks to the applications and workflows on behalf of the user.02:34 — The discussion moved on to the notion of apps dissolving into data, ultimately AI talking directly to the data without going through an application. Casalaina demonstrated this by running Anthropic's Claude on Azure and giving it the skills to create a PowerPoint. It did — without using PowerPoint. It made the slides in HTML and then converted them without ever opening the PowerPoint application. Visit Cloud Wars for more.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It's a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now it's time for a hiring spree Researchers brute force entire phone number space against Whatsapp contact discovery API DOJ figures out how to make SpaceX turn off scam compounds' Starlink service This week's episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world. This episode is also available on Youtube. Show notes Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica China's ‘autonomous' AI-powered hacking campaign still required a ton of human work | CyberScoop Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News PSIRT | FortiGuard Labs CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive This Is the Platform Google Claims Is Behind a 'Staggering' Scam Text Operation | WIRED A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED

This week was a bit of a throwback to olden times, with the disclosure by Amazon threat intelligence of  zero days in Cisco and Citrix products that were exploited by an unnamed APT, and Google using legal action to disrupt the Lighthouse phishing service operation. We dig into those two stories, plus we discuss the challenge of trying to quantify the financial and other effects of a major cyber attack. Related stories:https://decipher.sc/2025/11/12/apt-targets-cisco-and-citrix-zero-days/https://decipher.sc/2025/11/14/marks-and-spencers-profit-drop-the-financial-toll-of-cyberattacks/https://decipher.sc/2025/11/12/google-wants-to-snuff-out-lighthouse-phishing-kit/https://censys.com/blog/highway-robbery-2-0Support the show

Lative, the AI sales planning platform for sales and go-to-market teams, has announced it has raised $7.5 million in funding to boost product development and expand its go-to-market. The round, co-led by Act Venture Capital and Senovo VC, has also been backed by Elkstone, Enterprise Ireland, WestWave Capital, Handshake Ventures and Shuttle. Among customers utilising the platform already for more precise sales planning are Seismic, Intercom, Aiven, Avalara and Version 1. Lative helps companies understand their sales data and invest resources where they'll have the greatest impact. Instead of juggling multiple sheets, models and disconnected tools, Lative unifies the sales planning process in one cloud-based platform by connecting top-down targets and quota plans with bottom-up sales productivity and capacity. Teams can model and simulate future org designs to have the most effective sales team for achieving revenue goals, adjust plans in real time, and gain clear visibility into sales productivity and efficiency through AI Insights. This allows them to make smarter hiring and investment decisions based on data rather than assumptions, identify risks and opportunities before they impact revenue, and track execution with confidence. Lative was launched in 2022 by industry veterans Werner Schmidt and Laura Tortosa Sancho, bringing together over 32 years of senior operations experience from Sage, Citrix, and Deloitte. They recognised a common pain point: manual, fragmented sales planning that lacks real-time visibility and tracking execution. Frustrated by high-performing teams wasting time on outdated spreadsheets and models, Werner and Laura created Lative to deliver real-time sales intelligence and automated planning with AI. For end users, this means smarter planning, instant insights, and the ability to make faster, better decisions with customers seeing up to 24% increases in sales productivity across segments. "We saw the same issue over and over again, in every company we worked in - sales planning was slow, manual, and stuck in spreadsheets," said Werner Schmidt, Co-Founder and CEO of Lative. "We built Lative to change that, and to give sales teams real-time visibility and confidence so every decision is informed, not guessed in this critical activity for go to market organisations. Every sales organisation needs to plan and track execution, and it's mainly done in spreadsheets today. Now there's a better way." The sales performance management market, valued at over $2.3 billion in 2023, is projected to exceed $7 billion by 2030, showing the demand for solutions that automate and optimise sales execution. In just 15 months, Lative has achieved 10x growth, a clear sign of the demand for such a product. The company was recently ranked second to Salesforce on G2's Sales Planning Grid. Lative has also forged strategic integration partnerships with data platform leaders Salesforce, HubSpot, and Snowflake to enable seamless data sharing for revenue teams. "Lative is driving a paradigm shift to sales planning and optimisation teams that is long overdue. By helping teams identify what's working and what isn't in real-time, problems are identified before they become too large to manage," said Dr. Alexander Buchberger, Partner at Senovo. "RevOps leaders love Lative when they see it. New AI Consumption models now need better tooling to manage complexity. Lative helps industry leaders like Seismic, Intercom and Version 1 see true sales productivity and capacity in real-time to deliver efficient growth. Werner, Laura, and their team are defining a new category with an exciting AI roadmap." said Andrew O'Neill, Principal at Act. "Lative allows us to see our productive sales capacity in real-time which is fundamental to how we scale the business and invest in the right areas to accelerate growth." said Mathieu Cognac, Vice President of Revenue Operations at Seismic. See more stories here. More about Irish Tech News Irish Tech News are...

Operation Endgame expands global takedowns. The U.S. is creating a Scam Center Strike Force. Microsoft rolls out its delayed “Prevent screen capture” feature for Teams. Proton Pass patches a clickjacking flaw. Researchers uncover previously undisclosed zero-day flaws in both Citrix and Cisco Identity Services Engine. Android-based digital picture frames contain multiple critical vulnerabilities. Lumma Stealer rebounds after last month's doxxing campaign. Our guest is Garrett Hoffman, Senior Manager of Cloud Security Engineering from Adobe, talking about achieving cloud security at scale. X marks the spot… where your passkey stops working.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Garrett Hoffman, Senior Manager of Cloud Security Engineering from Adobe, talking about achieving cloud security at scale. You can hear the full conversation with Garrett here. Selected Reading End of the game for cybercrime infrastructure: 1025 servers taken down - Operation Endgame's latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium (Europol) US announces ‘strike force' to counter Southeast Asian cyber scams, sanctions Myanmar armed group (The Record) Microsoft rolls out screen capture prevention for Teams users (Bleeping Computer) Proton Pass patches DOM-based clickjacking zero-day vulnerability (Cyberinsider) Amazon discovers APT exploiting Cisco and Citrix zero-days (AWS Security Blog) CISA warns feds to fully patch actively exploited Cisco flaws (Bleeping Computer) Popular Android-based photo frames download malware on boot (Bleeping Computer) Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics (Trend Micro) Elon Musk's X botched its security key switchover, locking users out (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/ Testing Quantum Readyness A website tests your services for post-quantum computing-resistant cryptographic algorithms https://qcready.com/

In this transformative episode of Healthy Mind, Healthy Life, host Avik Chakraborty sits down with holistic life and career coach Susanna Kenyon-Moir to unpack the hidden drivers of burnout, limiting beliefs, and subconscious patterns holding us back. Susanna shares powerful insights from her journey through high-pressure corporate roles into a more aligned, soulful life. Discover how breathwork, NLP, emotional intelligence, and somatic healing can help you reclaim your energy, set boundaries, and shift from fear to action. This conversation invites every overwhelmed achiever to slow down, reconnect, and write a new story. About the Guest:Susanna Kenyon-Moir is a holistic life and career coach, NLP practitioner, and founder of Coaching by Susanna. After 15+ years in leadership roles at Salesforce, Citrix, and VMware, she pivoted to empower professionals to break free from burnout, rewire limiting beliefs, and align their lives through breathwork, emotional intelligence, and subconscious reprogramming. She guides clients worldwide to embrace clarity, purpose, and balance. Key Takeaways: Burnout is often fueled by both external pressures and deep internal patterns. Slowing down isn't weakness—it's essential for clarity, healing, and realignment. Limiting beliefs like “I'm too old” or “I can't afford change” keep high achievers stuck. Awareness, nervous system healing, and rewiring beliefs are key to bold moves. Breathwork, meditation, and somatic practices are powerful tools for releasing fear and restoring energy. Connect with Susanna:Visit coachingbysusanna.com to explore coaching, masterclasses, and retreats. Take your first step toward an aligned, empowered life. Want to be a guest on Healthy Mind, Healthy Life? DM me on PodMatch!DM Me Here: https://www.podmatch.com/hostdetailpreview/avikTune to all our 15 podcasts: https://www.podbean.com/podcast-network/healthymindbyavikSubscribe To Newsletter: https://healthymindbyavik.substack.com/Join Community: https://nas.io/healthymind Stay Tuned And Follow Us!• YouTube – https://www.youtube.com/@healthymind-healthylife• Instagram – https://www.instagram.com/healthyminds.pod• Threads – https://www.threads.net/@healthyminds.pod• Facebook – https://www.facebook.com/podcast.healthymind• LinkedIn – https://www.linkedin.com/in/reemachatterjee/ | https://www.linkedin.com/in/avikchakrabortypodcaster #podmatch #healthymind #healthymindbyavik #wellness

If you like what you hear, please subscribe, leave us a review and tell a friend!

n episode 188 of The Citrix Session, host Bill Sutton and solutions architect Randy Price dive into how healthcare IT leaders are simplifying clinician access and improving patient care through the power of Citrix, Unicon ELUX OS, and Imprivata integration.They unpack how Citrix's acquisition of Unicon delivers secure, centralized endpoint management with Scout, and how Imprivata's “tap and go” authentication enhances speed, security, and user experience. From architecture insights to real-world use cases, this episode explores why seconds matter in healthcare and how Citrix's end-to-end ecosystem empowers IT teams and clinicians alike.

Send us a text

In this episode of The Citrix Session, host Bill Sutton is joined by Randy Price and Stuart Donaldson from XenTegra to unpack the Citrix Virtual Apps and Desktops 2507 Long-Term Service Release (LTSR). Together, they break down what's new, what's changed, and why it matters—from HDX enhancements and Secure HDX encryption to Device Trust, Uber Agent integration, and reduced IT overhead through unified image management.Listeners will learn:What makes an LTSR different from current releases—and why Citrix is moving to an annual cadenceHow HDX Direct and Secure HDX improve user experience and securityThe power of Device Trust and passkeys for continuous endpoint validationHow Uber Agent and Citrix Director deliver deeper insights for IT teamsWhat's next for Citrix licensing and endpoint management with Unicon ELUXWhether you're planning your next upgrade or just staying informed, this episode offers an expert breakdown of Citrix's latest evolution.

Derrick Thompson is a seasoned technology leader with nearly 20 years of experience driving innovation and growth in the IT and cloud industries. Having held influential roles at IBM, Citrix, and Google Cloud, Derrick brings a proven track record of shaping partner ecosystems, advancing technical enablement, and scaling business development strategies across diverse sectors. Currently […]

Host Bill Sutton is joined by Todd Smith of Citrix and XenTegra Solutions Architect Randy Price to unpack Citrix's move to the License Activation Service and what it means for on-prem environments. They explain who is affected, why Citrix is modernizing licensing, and how to prepare without disruption. You will hear version requirements, air-gapped options, firewall considerations, and what happens if your license server goes down. The team also covers often-overlooked entitlements in Universal Hybrid Multi-Cloud and how a quick micro-assessment can surface value you already own.What you will learnWhat changes on April 15, 2026 and who needs to actHow LAS reduces license file headaches and improves visibilityRequired versions for CVAD, License Server, NetScaler, PVS, XenServer, and UniConHow to register and validate connectivity to Citrix CloudAir-gapped “dark mode” path and when approvals applyLocal Host Cache behavior if the license server is unreachableA practical plan: discovery, version gap analysis, upgrades, testingGuestsTodd Smith, Account Technology Strategy Manager, CitrixRandy Price, Solutions Architect, XenTegraShow notesCitrix licensing transition overview and deadlines: https://xentegra.com/resources/citrix-licensing-transition-to-las-by-april-15-2026/

In this episode of Inside the Network, we sit down with Sumit Dhawan, CEO of Proofpoint, one of the largest private cybersecurity companies in the world. With over $2 billion in ARR, Proofpoint protects 85 of the Fortune 100 and is on a bold path toward $5 billion in revenue by 2030.Sumit's journey is a masterclass in modern leadership. Having graduated with degrees in engineering and business from IIT Roorkee, the University of Minnesota, and the University of Florida, Sumit led major business lines at Citrix and VMware, including overseeing VMware's $70 billion divestiture to Broadcom, before making the leap to cybersecurity. In 2023, he joined Proofpoint as CEO and began executing an ambitious strategy: consolidate the sprawl of human-centric security, go deep instead of broad, and prepare the company for its next chapter of growth.In our conversation, Sumit shares why he believes empathy is the most underrated CEO trait, how acting like a founder, even inside large enterprises, shaped his leadership, and what it means to have “Apple Watch governance” under Thoma Bravo. He explains how Proofpoint has evolved from email security leader to a broader platform for human and data protection, including its acquisitions of Tessian (AI-native email protection), Hornetsecurity (MSP-focused email security), and Normalyze (DSPM).Sumit also pulls back the curtain on the AI threat landscape, including how prompt injection attacks are already targeting copilots and agents, why AI is both supercharging attackers and empowering defenders, and how Proofpoint built intent-based detection models to defend against sophisticated zero-link phishing. Finally, he lays out three categories of viable cybersecurity startups today: gap-fillers, AI defenders, and category disruptors, and why the last two are more likely to be successful.Whether you're scaling a cyber startup, selling into the enterprise, or navigating PE-backed growth, this episode is full of hard-earned wisdom from a leader who's operated at every level of the stack.

In this episode of JavaScript Jabber, I sit down with Amazon product leader Gunnar Berger to dive into the fast-evolving world of vibe coding and how it's reshaping the relationship between developers and product managers. Gunnar brings a wealth of experience from his years in IT, Citrix, and now Amazon, and shares a unique perspective on how AI tools are changing the way products get built—from idea to prototype.We talk about the shifting role of product managers, how AI is compressing traditional workflows, and what it means for developers, UX designers, and even junior devs entering the industry. From rapid prototyping to AI-assisted documentation, Gunnar opens up about both the opportunities and the challenges this new paradigm introduces. Whether you're a developer, product manager, or just curious about where AI is taking us, this conversation is packed with insights you won't want to miss.Links & ResourcesGunnar Berger on LinkedInCloud CodeCursorKiro.devIf you enjoyed this episode, don't forget to rate, review, and follow JavaScript Jabber on your favorite podcast app. And of course—share it with a friend who'd love to learn more about the future of coding and product management!Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It's 8ft skeleton season.02:18 - BHIS - Talkin' Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets'13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we're working through it.'20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I'm a Stanford student. A Chinese agent tried to recruit me as a spy

In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

I cover the announcement of Windows 11 25H2 entering preview, worrying details about Citrix Netscaler vulnerabilities, a company changing AI approach after public failures and much more! Reference Links: https://www.rorymon.com/blog/windows-11-25h2-now-in-preview-citrix-netscaler-vulnerabilities-disclosed-amazing-ai-stethoscope/

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO and founder, Nemertes Thanks to our show sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. All links and the video of this episode can be found on CISO Series.com  

The FBI shares revelations on Salt Typhoon's reach.  Former NSA and FBI directors sound alarm on infrastructure cybersecurity gaps. Google is launching a new cyber “disruption unit”. A new report highlights cyber risks to the maritime industry. A Pennsylvania healthcare provider suffers a data breach affecting over six hundred thousand individuals. Citrix patches a critical vulnerability under active exploitation. The U.S. sanctions a North Korean-linked fraud network. Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf, speaking with T-Minus host Maria Varmazis connecting three seemingly disparate stories. Who needs a tutor when you've got root access? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert talking with T-Minus host Maria Varmazis. Brandon decided to do a stump the host play for this month's space and cybersecurity segment. Selected Reading Chinese Spies Hit More Than 80 Countries in ‘Salt Typhoon' Breach, FBI Reveals (WSJ) NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations (NSA) Critical Infrastructure Leaders and Former National Security Officials Address Escalating Cyber Threats at Exclusive GCIS Security Briefing (Business Wire) Google previews cyber ‘disruption unit' as U.S. government, industry weigh going heavier on offense (CyberScoop) Maritime cybersecurity is the iceberg no one sees coming (Help Net Security) Healthcare Services Group reports data breach exposing information of over 624 K individuals (Beyond Machines) Over 28,000 Citrix devices vulnerable to new exploited RCE flaw (Bleeping Computer) US sanctions fraud network used by North Korean 'remote IT workers' to seek jobs and steal money (TechCrunch) The Era of AI-Generated Ransomware Has Arrived (WIRED) Spanish police arrest student suspected of hacking school system to change grades (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada's state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day. Show notes Risky Bulletin: FCC removes 1,200 voice providers from US phone network

Send us a textThe moment Aaron Plush was pulled from his second-grade classroom to test early Macintosh computers, his path in technology was set. This formative experience sparked a journey that would lead him through global program management roles and transformational leadership positions at major corporations like Citrix.Aaron brings a refreshingly authentic approach to the complex world of project management and organizational transformation. His methodology begins with something surprisingly simple yet often overlooked: listening. "There's no bigger mistake any leader can make than implementing change without understanding the organization's landscape," he explains. This people-centric philosophy has become his hallmark in an industry often dominated by technical solutions seeking problems.What makes Aaron's approach particularly powerful is his integrated leadership style that seamlessly blends faith, discipline, and business acumen. When managing high-stakes initiatives, he maintains perspective through methodical execution: "We don't take the entire plate and throw it in our face. We do it bite-sized pieces." This calm, measured approach, combined with radical accountability, has proven effective across Fortune 500 companies and complex technology implementations.His perspective on emerging technologies like AI is equally thoughtful. Rather than focusing on the technology itself, Aaron emphasizes understanding the problem first, then leveraging AI as an enhancement tool. "It's about using technology for the purposes of what you need it for," he advises, encouraging adoption without fear.Perhaps most compelling is Aaron's commitment to developing others. When asked what qualities he looks for in mentees, his answer is striking: "I don't." Anyone expressing a desire to grow receives his support, regardless of their current position or potential. This generosity of spirit extends to his view of success itself—"my journey is about bringing others along with me."Connect with Aaron at www.aaronrplush.com or through his Authentic Realness podcast to learn more about his approach to leadership, technology, and personal development. His story reminds us that even in our increasingly digital world, authentic human connection remains the foundation of meaningful transformation.Thanks for tuning in to this episode of Follow The Brand! We hope you enjoyed learning about the latest marketing trends and strategies in Personal Branding, Business and Career Development, Financial Empowerment, Technology Innovation, and Executive Presence. To keep up with the latest insights and updates from us, be sure to follow us at 5starbdm.com. See you next time on Follow The Brand!

In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts

In Episode 185 of The Citrix Session, Andy Whiteside, Bill Sutton, and Todd Smith explore how Citrix NetScaler is evolving into a true Swiss Army knife for security—delivering protection not just for Citrix workloads, but for all applications. The conversation dives into the looming challenge of quantum computing and the “harvest now, decrypt later” threat, where bad actors collect encrypted data today to exploit when quantum capabilities emerge.Todd and Bill unpack how NetScaler is leading the way with post-quantum cryptography (PQC) readiness, new encryption standards aligned with NIST guidelines, and GA support for quantum-resistant algorithms. They also cover key advancements like HTTP/3 over QUIC, enhanced DNS security, reCAPTCHA v3 integration, and the Netscaler Console for fleet-wide visibility, compliance, and automation.Whether you're concerned about securing sensitive data, meeting future compliance requirements, or leveraging cutting-edge application firewall capabilities, this episode will help you understand why now—not later—is the time to prepare for the quantum era.

In Episode 184 of The Citrix Session, host Bill Sutton is joined by Citrix experts Geremy Meyers and Todd Smith to explore the newly enhanced integration between Citrix DaaS and Amazon WorkSpaces Core Managed Instances.The team dives into what's new in this “version 2” release, how it enables flexible, cost-effective VDI deployment, and why it's a game-changer for customers with AWS and Microsoft licensing commitments.Key topics include:What Account Technology Strategists (ATS) really doThe evolution from WorkSpaces Core to Core Managed InstancesSupport for Machine Creation Services (MCS) and non-persistent desktopsHybrid identity management with Intune and Azure ADHow Citrix maintains a unified admin and user experience across cloudsAWS savings plans and funding resources for pilotsWhether you're planning a cloud migration or optimizing your existing DaaS strategy, this episode is packed with valuable insights for IT leaders and practitioners alike.

In Episode 183 of The Citrix Session, host Bill Sutton is joined by Citrix experts Geremy Meyers and Todd Smith to break down how IT leaders can make smarter decisions when rolling out Windows 365. They explore the growing importance of deep visibility, flexible deployment models, and persona-based strategies to support modern hybrid environments. This discussion highlights how Citrix technology enhances Windows 365 with features like HDX optimization, unified access through Workspace, and policy-based control—all while simplifying complex enterprise needs.What you'll learn:Why a “one-size-fits-all” approach doesn't work for Windows 365 rolloutsHow Citrix enables seamless access to Windows 365, SaaS, on-prem, and cloud appsThe role of user personas in right-sizing application deliveryWhere Tech Zone fits into your strategy for technical insights and deployment guidesHow Citrix licenses support unlimited Windows 365 connections

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon's cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she' we mean ‘China') Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week's episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD's cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China's Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider' Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch' user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

In Episode 182 of The Citrix Session, host Bill Sutton and Citrix's Todd Smith dive into the expanded capabilities of XenServer 8.4, Citrix's enterprise-grade hypervisor. No longer just for Citrix workloads, XenServer is now fully supported for all workloads under both Citrix Platform Licensing and UHMC—making it a strong contender for organizations exploring alternatives to VMware and Hyper-V.

In Episode 181 of The Citrix Session, hosts Bill Sutton and Todd Smith dive into the key takeaways from the blog “What's New and Next with Citrix: Q&A from our May 2025 Webinar.” From release cadence updates and licensing clarity to enhanced integration with Windows 365 and Nutanix, this episode is packed with forward-looking insights for Citrix admins and tech leaders.

In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777

Network Infraxploit Our undergraduate intern, Matthew Gorman, wrote up a walk through of CVE-2018-0171, an older Cisco vulnerability, that is still actively being exploited. For example, VOLT TYPHOON recently exploited this problem. https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844 Windows Update Issues / Windows 10 Update Microsoft updated its "Release Health" notes with details regarding issues users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update. https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521 https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5 Dell Updates Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem. https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248 Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL. https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/