Podcasts about cve

CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691

Chris and Hector call out Microsoft for “gross cybersecurity negligence,” explain Kerberoasting in plain English, and discuss CISA's CVE overhaul. Plus, hackers on the battlefield, and how U.S. tech helped build China's surveillance state. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Tatiana Lang D´Agostini - Diretora do Centro de Vigilância Epidemiológica - CVE

Tatiana Lang D´Agostini - Diretora do Centro de Vigilância Epidemiológica - CVE

In this episode, Ryan Williams Sr. and Shannon Tynes discuss various cybersecurity topics, including the alarming trend of children hacking their schools, the need for better cybersecurity education, and the modernization of the CVE program. They also explore the role of AI in streamlining cybersecurity processes and the importance of maintaining human oversight in the face of technological advancements. The conversation emphasizes the necessity of integrating cybersecurity awareness from a young age and the implications of AI on job security in the industry. Articles: Children hacking their own schools for 'fun', watchdog warns https://www.bbc.com/news/articles/c203pedz58go?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEe7Ly42G9GlofCB1rIZhMDsrg-bJMAwvEgVumVaxRWAIIWMXcuZBKjXJlpfOI_aem_lEj9EXX6c-qmjpk2RaEhuw CISA ‘fired up' to chart new vision for CVE program https://federalnewsnetwork.com/cybersecurity/2025/09/cisa-fired-up-to-chart-new-vision-for-cve-program/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEen7LI1vMqV-DQtzTCdnFSFgvZTfkb52by2PffmzE5VCynIdSM_YqtCeZClek_aem_NZP4CQbbcgXLijOXxvaUgw AI for ATO: Pentagon seeks AI to streamline cumbersome cybersecurity processes https://breakingdefense.com/2025/09/ai-for-ato-pentagon-seeks-ai-to-streamline-cumbersome-cybersecurity-processes/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEea8SUOgG_gan7Stba7KlCTxMaFz2IGGG_iPZ56jm9yk4LWFIE3sVLpOSunpw_aem_32ncyU7mNbxtn-H9RazynQ Buy the guide: https://theothesideofthefirewall.com Please LISTEN

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

In this episode of Manufacturing Hub Podcast, hosts Vladimir Romanov and Dave Griffith sit down with Gavin Dilworth to explore the evolving world of ICS and OT cybersecurity. This is a topic that impacts every sector of manufacturing and critical infrastructure, yet many organizations still struggle with where to start, how to assess risk, and how to balance IT and OT responsibilities.Gavin brings decades of experience in automation engineering and cybersecurity, having worked across energy, oil and gas, water, and manufacturing. He shares his unique journey from being an operator and control systems engineer to becoming a specialist in OT cybersecurity. The conversation spans a wide range of issues, from asset inventory and managed switches to people, process, and technology frameworks that help organizations take the first step toward maturity.We discuss why IT and OT teams often clash and what it takes to bridge the gap. Gavin explains the realities of budgets, the challenges of compliance, and why self-reporting frameworks often fail to reflect true maturity. He also highlights the role of legislation in Europe, rising insurance premiums, and how cybersecurity assessments can influence financial and strategic decisions at the executive level.The episode provides clear insights into best practices such as building a proper asset inventory, structuring security awareness training for OT teams, and applying a risk-based approach to patch management. Gavin also outlines the importance of functional safety, process hazard analysis, and the role of frameworks like ISA/IEC 62443. For engineers, leaders, and decision makers, this conversation makes it clear that cybersecurity is not just a technology problem but a people and process challenge that requires long term discipline and investment.If you want to understand what real world OT cybersecurity looks like, what mistakes to avoid, and how to set a path toward resilience, this episode is packed with valuable takeaways.Timestamps 00:00 Introduction and upcoming ICC event 02:20 Gavin's career journey from operator to cybersecurity expert 06:00 What ICS and OT cybersecurity really mean 09:00 Managed switches, firewalls, and securing industrial devices 11:00 The importance of people, process, and technology in security programs 13:30 Asset inventories and the first practical steps in cybersecurity 17:00 Insurance, legislation, and financial implications of OT risk 23:00 The problem with self reporting and maturity frameworks 27:00 Risk based patching strategies and CVE management 31:00 Physical keys, tokens, and access control challenges 37:00 IT versus OT ownership of cybersecurity 45:00 Certifications, training, and resources for professionals 53:00 Unified Namespace and cybersecurity considerations 58:00 Predictions for the next five years in OT cybersecurity 01:02:00 Career advice for engineers and cybersecurity professionalsReferences mentioned in this episode Industrial Network Security, Eric D. Knapp (Third Edition): https://www.isa.org/products/industrial-network-security-third-edition Security PHA Review: https://www.isa.org/products/security-pha-review-for-consequence-based-cyberse Managing Cybersecurity in the Process Industries, ISA: https://www.isa.org/products/managing-cybersecurity-in-the-process-indust Industrial Cybersecurity: Efficiently secure critical infrastructure systems, Steve Mustard: https://www.isa.org/products/industrial-cybersecurity-efficiently-secure-criti Assessment Plus: https://assessmentplus.co.nz Ignition 8.3 by Inductive Automation: https://inductiveautomation.comAbout the hosts Vladimir Romanov is an electrical engineer and MBA with over a decade of experience in manufacturing and industrial automation. He has worked with Procter and Gamble, Kraft Heinz, Post Holdings, and now leads Joltek, a consulting and integration firm focused on digital transformation and modern manufacturing systems.Dave Griffith is an experienced systems integrator, consultant, and advisor in the industrial automation space. He has worked with manufacturers across multiple sectors, helping organizations align technology with business strategy.About the guest Gavin Dilworth is the founder of Assessment Plus, based in New Zealand. With a background spanning automation, controls, and cybersecurity, he helps organizations design architectures, implement policies, and build resilience in OT environments. He also mentors professionals looking to enter or advance in the ICS cybersecurity field. Connect with him here: https://www.linkedin.com/in/gavin-dilworth/

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Show Notes: https://securityweekly.com/asw-347

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The Salt Typhoon cyber campaign, attributed to Chinese state-backed hackers, has been declared a national defense crisis by the FBI and allied intelligence agencies.A group identifying itself as “Scattered LapSus Hunters” has posted a threat on Telegram demanding that Google terminate two of its employees.A newly discovered WhatsApp vulnerability, now tracked as CVE-2025-55177, has triggered urgent security advisories, particularly for iPhone users.More than 1,000 developers were compromised in just over four hours on August 26 during an unprecedented, AI-assisted software supply chain attack targeting the npm ecosystem.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Glitterpill Podcast – Choosing to Do Something Real in a Rainbow Randolph World with Elsa Korinke, Somatic Practitioner If you've spent one too many hours in “industry convenings” that feel more like a Broadway revival than a strategy session, this one's for you.  I sit down with Elsa Korinke, a somatic practitioner, to talk about what real healing looks like when the CVE world can't stop throwing its endless Parade of Hope. From the body's quiet wisdom to the field's obsession with pageantry, we trace the slapstick dance between sincerity and spectacle. And yes, we even ask: what can a cartoon purple rhino teach extremism researchers about surviving burnout, reclaiming joy, and remembering why any of this work matters in the first place? Absurd? Of course. Necessary? More than ever. Catch Elsa's new offerings here. Join us in the Glitterpill community this September and begin the process of joyful self discovery. ✨ Get the Glitterpill Workbook (DIY Type-A Edition) ✨ Go to Venmo Send $27 to @Glitterpill-Shop In the payment title, write:   Workbook – your@email.com (Example: Workbook – alex.lee@gmail.com) Check your inbox The workbook will be sent to the email you included in the payment title. Option 2 – Inside the Community You can also grab the workbook right here in the community, for $10 a month or $90 annually.  Just follow the pinned instructions, and you'll get instant access without leaving the platform.

Referências do EpisódioCritical SAP S/4HANA vulnerability now exploited in attacksCritical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild - patch immediatelyRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It's 8ft skeleton season.02:18 - BHIS - Talkin' Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets'13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we're working through it.'20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I'm a Stanford student. A Chinese agent tried to recruit me as a spy

For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday.  But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.   

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.CISA has added CVE-2025-54948, a critical vulnerability in Trend Micro Apex One, to its Known Exploited Vulnerabilities (KEV) catalog, signaling that the flaw has been actively exploited in the wild.PyPI has introduced new security measures to detect and respond to expired domains tied to user accounts, aiming to shut down a known supply chain attack vector: domain resurrection.A recently discovered post-exploitation tool named RingReaper is gaining attention for its sophisticated evasion strategy: abusing the Linux kernel's io_uring interface to operate undetected by standard endpoint detection and response (EDR) systems.A cyberattack on the Netherlands' Openbaar Ministerie (OM), the Public Prosecution Service, has unexpectedly disrupted speed enforcement across the country.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Send us a textIn this episode, I will dive into Continuous Threat Exposure Management (CTEM) and how it revolutionizes vulnerability prioritization. I discuss the essential steps—scoping, discovery, prioritization, validation, and mobilization—required for effective risk management. Learn how to align your security efforts with mission-based goals and leverage CTEM to protect your organization's critical assets. Gain insights into overcoming implementation challenges and the necessity of integrating various security tools while maintaining strategic oversight.00:00 Introduction and Viewer Question00:37 Understanding Risk Reduction Beyond Tools02:54 The Importance of Prioritization03:05 Five Steps to Effective Risk Management06:06 Challenges and Considerations in CTEM Implementation07:39 The Human Element in Risk Management09:12 Conclusion and Final ThoughtsDo you want to succeed in your next Cybersecurity Risk Assessment?Here is a quick start guide: https://www.execcybered.com/ECE/3-step-framework-sp/3-step-framework/

Greetings, and welcome back to the podcast. This episode we are joined by Mr. Chris Doornbos - CEO of E3 Lithium - a CVE listed Lithium company with a market cap of ~$100 million.Chris is an entrepreneur, aviator, and founder of emerging ideas and technology, with a passion for collaboration and innovation. Chris is the founder of E3 Lithium, a world-leading lithium resource and technology development company. Chris emphasizes risk management, developing and managing an exceptional technical team, and well-strategized project generation, with a clear focus on developing and capturing value for shareholders. Chris has a broad range of experience in capital raising, project execution, and M&A. Chris is a founding member of the Battery Metals Association of Canada and former Chair of the Canada ISO mirror committee for TC333 (lithium standards).Chris received his Bachelor of Science from the University of Alberta.Among other things we learned about Critical Minerals, Alberta Made Lithium & Investor Returns.Thank you to our sponsors.Without their support this episode would not be possible:Connate Water SolutionsATB Capital MarketsEPACAstro Rentals JSGSupport the show

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.• Attackers are actively exploiting CVE-2023-46604, a remote code execution vulnerability in Apache ActiveMQ first disclosed in October 2023, that is used to compromise cloud-hosted Linux servers.• AshES Cybersecurity has publicly disclosed a critical zero-day vulnerability in Elastic's Endpoint Detection and Response (EDR) platform, specifically in the Microsoft-signed kernel driver elastic-endpoint-driver.sys.• At least a dozen ransomware groups are now deploying kernel-level EDR killers - tools designed specifically to disable endpoint detection and response solutions - as part of their malware arsenal.• Microsoft has released an in-depth technical analysis of PipeMagic, a modular backdoor linked to ransomware operations carried out by Storm-2460, a financially motivated threat group associated with RansomEXX.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open:• Nerd Out EP 61. The 2/3 of the Year Awards!Main Topics:FBI PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally. Info Ops: • Most Adults in 25 Countries Say Spread of False Information Is a Top National Threat. The findings come from Pew's seventh iteration of its Global Attitudes Survey: International Opinion on Global Threats, which was last published in 2022. • Foreign disinformation enters AI-powered era. At least one China-based technology company, GoLaxy, seems to be using generative AI to build influence operations in Taiwan and Hong Kong… Documents also show that GoLaxy has created profiles for at least 117 members of Congress and over 2,000 American political figures and thought leaders.• Toxic politics and TikTok engagement in the 2024 U.S. election• Why wind farms attract so much misinformation and conspiracy theory UN - Terror threat posed by ISIL ‘remains volatile and complex,' Security Council hears. The threat posed by the terrorist group ISIL – known more widely in the Middle East as Da'esh – remains dynamic and diverse, with Africa currently experiencing the highest level of activity worldwide.• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General for Counter-Terrorism, United Nations Office of Counter-Terrorism. • PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General, United Nations Office of Counter-Terrorism.• UN Report: ISIS Fighters' Migration to Afghanistan and the Taliban's Failure• ISIS-K poses major threat with 2,000 fighters in Afghanistan, UN saysFEMA Employees Warn That Trump Is Gutting Disaster Response. After Hurricane Katrina, Congress passed a law to strengthen the nation's disaster response. FEMA employees say the Trump administration has reversed that progress. Employees at the Federal Emergency Management Agency wrote to Congress on Monday warning that the Trump administration had reversed much of the progress made in disaster response and recovery since Hurricane Katrina pummeled the Gulf Coast two decades ago. The letter to Congress, titled the “Katrina Declaration,” rebuked President Trump's plan to drastically scale down FEMA and shift more responsibility for disaster response — and more costs — to the states. It came days before the 20th anniversary of Hurricane Katrina, one of the deadliest and costliest storms to ever strike the United States.Quick Hits:• 25% of security leaders replaced after ransomware attack• Gate 15: Hack Yourself First: Pen Testing for Prevention • FB-ISAO: Ransomware Incident Review January to June 2025• Dissecting PipeMagic: Inside the architecture of a modular backdoor framework• Maryland Transit Administration says cybersecurity incident is affecting some of its servicesNevada state government offices closed after network security incident• Audit of Antisemitic Incidents 2024• MIT report: 95% of generative AI pilots at companies are failing• Report: Russian Sabotage Operations In Europe Have Quadrupled Since 2023• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials• Risky Bulletin: NIST releases face-morphing detection guideline• CVE-2025–41688: Bypassing Restrictions in an OT Remote Access Device• Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Germany may ban adblockers https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/   Nebraska man gets jailtime for crypto mining scam https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/   Cyber insurers want CVE exemptions https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve   Drinking alcohol in the US hits all time low https://news.gallup.com/poll/693362/drinking-rate-new-low-alcohol-concerns-surge.aspx   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Michael - https://www.linkedin.com/in/michael-chen-82098a2/

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-409

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Show Notes: https://securityweekly.com/bsw-409

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-409

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It's great to know there's a CVE in a library you're using, but it's even better if you can say whether or not that vulnerability actually impacts your application. They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it's playing the CVE game as well. This episode is also available on Youtube. Show notes

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on the note that the last 3 months haven't been confidence inspiring. It's likely in 6 months everyone will be scrambling to deal with a difficult situation. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-cve-patrick-garrity/

Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/

 Welcome to episode 315 of The Cloud Pod, where the forecast is always cloudy! Your hosts, Justin and Matt, are here to bring you the latest in cloud and AI news, including news about AI from the White House, the newest hacker exploits, and news from CloudWatch, CrowdStrike, and GKE – plus so much more. Let's get into it!  Titles we almost went with this week: SharePoint and Tell: Government Secrets at Risk Zero-Day Hero: How Hackers Found SharePoint’s Achilles’ Heel Amazon Q Gets an F in Security Class Spark Joy: GitHub’s Marie Kondo Approach to App Development No Code? No Problem! GitHub Lights a Spark Under App Creation GKE Turns 10: Still Not Old Enough to Deploy Itself A Decade of Containers: Pokémon GO Caught Them All Kubernetes Engine Hits Double Digits, Still Can’t Count Past 9 Pods Account Names: The Missing Link in AWS Cost Optimization Flash Gordon Saves Your VMs from the Azure-verse The Flash: Fastest VM Monitor in the Multiverse Ctrl+AI+Delete: Rebooting America’s Artificial Intelligence Strategy The AImerican Dream: White House Plots Path to Silicon Supremacy CrowdStrike’s Year of Living Resiliently Kernel Panic at the Disco: A Recovery Story The Search is Over (But Your Copilot License Isn’t) Ground Control to Major Tom: You’re Fired GPU Booking.com: Reserve Your Neural Network’s Next Vacation Calendar Man Strikes Again: This Time He’s Scheduling Your TPUs AirBnB for AI: Short-Term Rentals for Your Machine Learning Models  Claude’s World Tour: Now Playing in Every Region Going Global: Claude Gets Its Passport Stamped on Vertex AI SQS Finally Learns to Share: No More Queue Hogging The Noisy Neighbor Gets Shushed: Amazon’s Fair Play for Queues CloudWatch Gets Its AI Degree in Observability Teaching Old Logs New Tricks: CloudWatch Goes GenAI The Agent Whisperer: CloudWatch’s New AI Monitoring Powers NotebookLM Gets Its PowerPoint License Slides, Camera, AI-ction: NotebookLM Goes Visual The SSL-ippery Slope: Azure’s Managed Certs Go Public or Go Home Breaking Bad Certificates: DigiCert’s New Rules Leave Some Apps High and Dry Firewall Rules: Now with a Rough Draft Feature Azure’s New Policy: Think Before You Deploy General News  00:50 Hackers exploiting a SharePoint zero-day are seen targeting government agencies | TechCrunch Microsoft SharePoint servers are being actively exploited through a zero-day vulnerability (CVE-2025-53770), with initial attacks primarily targeting government agencies, universities, and energy companies, according to security researchers. The vulnerability affects on-premises SharePoint installations only, not cloud versions, with researchers identifying 9,000-10,000 vulnerable instances accessible from the internet that require immediate patching or disconnection. Initial exploitation appears t

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software - to its Known Exploited Vulnerabilities (KEV) catalog.Researchers at Nozomi Networks have disclosed over a dozen security flaws in Tridium's Niagara Framework, a vendor-agnostic building management platform used in sectors ranging from industrial automation to energy and smart infrastructure.Between April 2024 and April 2025, ransomware attacks on the oil and gas industry increased by an unprecedented 935%, according to new research from cybersecurity firm Zscaler.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

Reversing SharePoint Toolshell Exploits CVE-2025-53770 and CVE-2025-53771 A quick walk-through showing how to decode the payload of recent SharePoint exploits https://isc.sans.edu/diary/Analyzing%20Sharepoint%20Exploits%20%28CVE-2025-53770%2C%20CVE-2025-53771%29/32138 Compromised JavaScript NPM is Package The popular npm package is was compromised by malware. Luckily, the malicious code was found quickly, and it was reversed after about five hours. https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack Microsoft Quick Machine Recovery Microsoft added a new quick machine recovery feature to Windows 11. If the system is stuck in a reboot loop, it will boot to a rescue partition and attempt to find fixes from Microsoft. https://learn.microsoft.com/en-gb/windows/configuration/quick-machine-recovery/?tabs=intune

Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771 Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ WinZip MotW Privacy Starting with version 7.10, WinZip introduced an option to no longer include the download URL in zip files as part of the Mark of the Web (MotW). https://isc.sans.edu/diary/WinRAR%20MoTW%20Propagation%20Privacy/32130 Interlock Ransomware Several government agencies collaborated to create an informative and comprehensive overview of the Interlock ransomware. Just like prior writeups, this writeup is very informative, including many technical details useful to detect and block this ransomware. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a Sophos Firewall Updates Sophos patched five different vulnerabilities in its firewalls. Two of them are critical, but these only affect a small percentage of users. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771 Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ How Quickly Are Systems Patched? Jan took Shodan data to check how quickly recent vulnerabilities were patched. The quick answer: Not fast enough. https://isc.sans.edu/diary/How%20quickly%20do%20we%20patch%3F%20A%20quick%20look%20from%20the%20global%20viewpoint/32126 HP Enterprise Instant On Access Points Vulnerability HPE patched two vulnerabilities in its Instant On access points (aka Aruba). One allows for authentication bypass, while the second one enables arbitrary code execution as admin. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy AppLocker sample policies suffer from a simple bug that may enable some rule bypass, but only if signatures are not enforced. While reviewing Microsoft s suggested configuration, Varonis Threat Labs noticed a subtle but important issue: the MaximumFileVersion field was set to 65355 instead of the expected 65535. https://www.varonis.com/blog/applocker-bypass-risks Ghost Crypt Malware Leverages Zoho WorkDrive The Ghost malware tricks users into downloading by sending links to Zoho WorkDrive locations. https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis