Podcasts about cve

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - ISIS அமைப்புடன் தொடர்புடைய 11 பெண்களும் 21 குழந்தைகளும் சிரியாவிலிருந்து கடந்த மே மாதம் ஆஸ்திரேலியாவுக்கு திரும்பியுள்ளனர். இதனால் சமூகப் பாதுகாப்பு குறித்து கவலைகள் எழுந்துள்ளன. அவர்களின் வருகை ஊடகங்களில் பெரும் பரபரப்பையும், பல்வேறு கருத்துகளையும் முன்வைத்துள்ளது . வன்முறைத் மற்றும் தீவிரவாதத்தைத் தடுக்கும் (CVE) திட்டங்களில் இந்தப் பெண்கள் கட்டாயமாக பங்கேற்க வேண்டிய அவசியம் இல்லாதது குறித்து அரசியல்வாதிகளும் சமூக உறுப்பினர்களும் கவலை தெரிவித்துள்ளனர்.

More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ How Deceptive Installers Are Targeting macOS Users https://www.huntress.com/blog/deceptive-installers-macos-infostealers My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Network Chuck video sold me on it, I wiped my Mac Mini (again), and baby's first Hermes adventure began! Here's what we get into today: Why I left OpenClaw — After getting the Mac Mini set up, OpenClaw left me feeling pretty meh: burning through API requests, random mid-conversation shutdowns, and a marketplace where the top listings were flagged as "potentially malicious." Hard pass. Network Chuck's five reasons Hermes rocks — His video summarized why Hermes stands out: (1) Nous Research has serious open source model cred predating OpenClaw, (2) more flexible persistent memory via markdown files + optional Honcho integration for building a profile of you over time, (3) a mission around humanistic and democratic AI, (4) a self-improvement loop where it writes its own skills after figuring things out, and (5) it just doesn't break — it feels like a product, not a project. The install — I used Claude to build a Mac Mini install guide from the Network Chuck transcript, and had Hermes up and running in about 15 minutes (one small Ollama hiccup aside). The install wizard lets you choose cloud models like Claude or ChatGPT, or go fully local with something like Gemma — I'm planning a hybrid setup with two Telegram bots. First real-world use: sitting in a truck running errands — With Hermes running on the Mac Mini and connected via Telegram, I asked it what it could do. It suggested Uptime Kuma for LAN monitoring — weirdly well-timed since I'd just been thinking about flaky IoT devices. I said "go install it," and it did — narrating its own troubleshooting out loud the whole time like a little robot intern. Remote access and Home Assistant — Had it install Home Assistant for smarthome control too, with plans to wire up TwinGate for remote access (it had a TailScale skill ready to fire in about two seconds, but I'm trying to keep VPN services consolidated). Daily digest via email — Hooked Hermes into a dedicated Gmail account and set up a 6 a.m. cron job that sends me a personalized morning digest: weather for my watched locations, recent breach/CVE news from select sites, and a summary of my favorite pentesting-focused Mastodon accounts. Needs tuning, but the first digest landed this morning and it's really good! The privacy angle — The real long-term win I see here is a hybrid model: feed raw, unsanitized pentest data to a local private model, let it analyze and sanitize, then hand off the clean version to a cloud model for deeper insight. Best of both worlds without the data exposure anxiety. Check out the Network Chuck video that started it all, and as always, if you're doing cool AI + security stuff, I'd love to hear about it. Find our pentesting services and training at 7MinSec.com, pentesting tips and scripts at 7MinSec.wiki, and if you want to support the show, head over to 7MinSec.club.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - بازگشت ۳۲ زن و کودک از سوریه که با گروه خودخوانده داعش مرتبط هستند، باعث ایجاد نگرانی در مورد امنیت جامعه و بحث در مورد فعالیت های اجباری مبارزه با افراط گرایی خشونت آمیز (CVE) برای افراد در معرض خطر شده است.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - 자칭 ‘이슬람국가(IS)'와 연관된 시리아 출신 여성과 어린이 32명이 귀국함에 따라 지역사회 안전에 대한 우려가 제기되고 있습니다. 위험군 대상자에 대한 ‘폭력적 극단주의 예방(CVE)' 의무 프로그램 시행을 둘러싼 논의가 진행되고 있습니다.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - 32名與自稱「伊斯蘭國」組織有關聯的婦孺從敘利亞返回澳洲，此事引發了社群對社區安全的擔憂，並引發了關於針對高風險人士實施強制性「反暴力極端主義」(CVE) 措施的討論。

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - بازگشت ۳۲ زن و کودک از سوریه که با گروه موسوم به «دولت اسلامی» (داعش) ارتباط داشته‌اند، نگرانی‌هایی را درباره امنیت جامعه برانگیخته و بحث‌هایی را پیرامون اجباری شدن برنامه‌های «مقابله با افراط‌گرایی خشونت‌آمیز» (CVE) برای افراد در معرض خطر ایجاد کرده است.

Referências do EpisódioShinyHunters Targets Education Sector with Oracle PeopleSoft ExploitOracle Security Alert Advisory - CVE-2026-35273Oracle mitigates PeopleSoft zero-day exploited in data theft attacksVelvet Ant's Operation Highland: How a China-Nexus Actor Infiltrated an Internal Network UndetectedInside OnyxC2: The New Stealer Targeting 210 AppsOceanLotus: From external espionage to domestic targetingArctic Wolf Observes an Increase in Palo Alto Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257From SQLi to RCE – Exploiting LangGraph's CheckpointerRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain attacks evolve. And a massive data breach triggers a record fine in South Korea. Our guest is Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done. AI analyzes the FIFA World cup, one cliché at a time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done across humans, automation, and AI agents. You can read more from Ping Identity here. If you enjoyed this conversation, be sure to check out the full interview here. Selected Reading Landmark German ruling declares Google's AI Overviews are Google's own words and makes it liable for false answers (The Decoder) White House Reins In AI-Testing Unit as National-Security Concerns Grow (Wall Street Journal) Anthropic Releases ‘Safe' Version of Its Mythos A.I. Technology (The New York Times) PRC-linked influence operations are targeting AI debates in the US (OpenAI) Technical Analysis of MLTBackdoor (ThreatLabz) CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry (Rapid7) Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels (Socket) Veeam Patches Critical RCE Vulnerability in Backup & Replication published: yesterday (Beyond Machines) ‘Amazon.com of South Korea' Is Fined a Record $409 Million (The New York Times) The 2026 big soccer tournament, in clichés. (Sinch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA's BOD 26-04 replaces severity-based patching with an exploit-evidence model and remediation clocks as short as three days, fleet-wide, no exceptions. Peter Pflaster and Jason Kikta unpack the four urgency signals, the 16-row decision tree, and the shift from "justify the patch" to "justify why you can't." They also cover what it means for contractors, cyber insurance, and the future of Patch Tuesday. If you own patching or vulnerability management, start here.

Instagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, with only MFA-protected accounts resisting. Step Security details a new Miasma-derived worm wave called Hades that targets config files for 14 AI coding tools, can inject instructions to hijack assistants, lies to AI security tools, and includes a "dead man switch" wipe if stolen GitHub tokens are revoked; Microsoft also removed some GitHub repos after 73 open-source projects were compromised to inject an info stealer. University of Toronto and Vector Institute researchers demonstrated an AI worm using a free local model that spread across a simulated network via known flaws and misconfigurations. Google issued an emergency Chrome patch for actively exploited CVE-2026-11645 in V8, and insurers are tightening claims scrutiny and increasingly excluding AI-related liabilities. 00:00 Instagram AI Hack Fallout 01:36 AI Worm Hades Evolves 02:55 Microsoft Repo Compromise 03:54 Lab Built AI Worm Demo 05:27 Emergency Chrome Zero Day 07:07 Cyber Insurance Tightens Up 08:02 AI Liability Coverage Shrinks 09:16 Wrap Up and Sign Off

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - シリアの収容所から、武装組織イスラム国（IS）と関係のあるオーストラリア人の女性と子ども32人が帰国しました。地域社会の安全を懸念する声のほか、リスクを持つ個人にCVE（暴力的過激主義対策）プログラムへの参加を義務付けるべきだとの声が上がっています。SBSの日本語放送は火木金の午後１時からSBS3で生放送！火木土の夜10時からはおやすみ前にSBS1で再放送が聞けます。SBS日本語放送ポッドキャストから過去のストーリーを聞くこともできます。無料でダウンロードできるSBS Audio Appもどうぞ。SBS 日本語放送のFacebookとInstagramもお忘れなく。

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - 32 phụ nữ và trẻ em từ Syria, có liên hệ với nhóm tự xưng Nhà nước Hồi giáo (IS), vừa hồi hương, đã làm dấy lên lo ngại về an ninh cộng đồng và mở màn các cuộc thảo luận về hoạt động chống chủ nghĩa cực đoan bạo lực (CVE) bắt buộc đối với những cá nhân có nguy cơ cao.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - Die Rückkehr von 32 Frauen und Kindern aus Syrien, die der selbsternannten Gruppe des Islamischen Staates angehören, hat in der Gemeinschaft Sicherheitsbedenken und Diskussionen über verpflichtende Aktivitäten zur Bekämpfung des gewalttätigen Extremismus (Countering Violent Extremisms, CVE) für gefährdete Personen ausgelöst.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - Powrót 32 kobiet i dzieci z Syrii, którzy są powiązani z samozwańczą grupą Państwa Islamskiego, wywołał obawy dotyczące bezpieczeństwa społeczności i wiele dyskusji na temat obowiązkowych działań przeciwdziałania brutalnemu ekstremizmowi (CVE) dla osób zagrożonych.Posłuchaj audycji radiowej w dowolnym czasie, naciśnij tutajSłuchaj audycji radia SBS Polish na żywo w poniedziałki, środy, czwartki, piątki i niedziele o godz. 14.00 (czasu wschodnioaustralijskiego) na paśmie SBS Radio 1 (Audycja czwartkowa jest powtarzana w niedzielę o godz. 14.00)Aby słuchać w radiu analogowym znajdź pasmo SBS Radio 1 naciskając link: Pasmo nadawania audycji w Twoim mieścieAby słuchać w radiu cyfrowym DAB znajdź 'SBS Radio1'Aby słuchać w telewizji cyfrowej znajdź: SBS Radio 1 na kanale 301Aby słuchać w internecie wejdź na stronę: SBS Polishalbo naciśnij: Polskie Radio SBS i PodcastyAby sluchać w Twoim telefonie przez aplikację - zainstaluj bezpłatną aplikację SBS Audio App

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - 32名与“伊斯兰国”组织有关联的女性和儿童从叙利亚返回澳大利亚，引发了外界对社区安全的担忧，并围绕是否应对高风险个体实施强制性的反暴力极端主义项目（CVE）展开讨论。（点击上方收听音频）

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - Повернення 32 жінок та дітей із Сирії, пов'язаних із самопроголошеним угрупованням "Ісламська держава", викликало занепокоєння щодо безпеки громади та дискусії щодо обов'язкових заходів із протидії насильницькому екстремізму (CVE) для осіб, які перебувають у групі ризику.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - Kendini İslam Devleti olarak ilan eden grupla bağlantılı 32 kadın ve çocuğun Suriye'den dönüşü, toplum güvenliği konusunda endişelere ve risk altındaki bireyler için zorunlu Şiddet İçeren Aşırılıkla Mücadele (CVE) faaliyetleri konusunda tartışmalara yol açtı.

Podcast: Industrial Cybersecurity InsiderEpisode: Is Your IIoT Strategy Creating More Security Risks?Pub date: 2026-06-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino address one of the most overlooked problems in OT security: the IIoT devices your security tools don't automatically detect.Most OT intrusion detection platforms do a reasonable job of identifying core control-layer assets such as PLCs, drives, and motor control centers. The problem is everything else. Laptops plugged into the network, third-party devices brought in by contractors, and a growing range of connected IIoT equipment often go completely undetected. Those are the gaps where risk accumulates.Craig and Dino explain why the belief that machines are air-gapped is a dangerous myth, how PLCs acting as gateways prevent intrusion detection platforms from seeing the devices behind them, and why an asset inventory is not the same as knowing your real risk and CVE exposure in multi-vendor environments.They reframe OT cybersecurity as a process-integrity problem and show how unmanaged network activity, third-party remote access, and even routine IT security scans can quietly degrade OEE and trigger unplanned downtime that costs millions.Using predictive-maintenance analogies such as thermal, harmonics, and vibration sensing, they make the case for treating digital anomalies the same way mature plants already treat mechanical ones.They close by examining why so many OT detection tools become shelfware, how to escape alert fatigue, and the two practical paths to real IT/OT convergence: building the right relationships with OEMs, system integrators, and AEC partners, and designing security-ready facilities from the ground up.It's a practical listen for CISOs, plant and engineering leaders, and OT/IT teams responsible for securing manufacturing and critical infrastructure.Chapters:(00:00:00) - Why No Industrial Asset Is Truly Air-Gapped(00:01:08) - IoT vs. IIoT: How OT Assets Get Classified(00:03:15) - The Control-Layer Blind Spot: Drives, Robots, and Motor Controls(00:05:25) - How PLC Gateways Hide Assets From Intrusion Detection(00:07:30) - Asset Inventory Isn't Risk: The CVE Gap in Multi-Vendor Plants(00:08:55) - When Cyber Blind Spots Become Costly Downtime(00:10:05) - Process Integrity: How Security Scans Disrupt Production(00:11:35) - Predictive Maintenance Meets Digital Anomaly Detection(00:17:45) - Avoiding OT Shelfware and Alert Fatigue(00:19:45) - IT/OT Convergence: Choosing a Partner and Building Secure-by-DesignLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus, allegations against IBM and AT&T, a dark web drug dealer gets 26 years, and the Monday business brief. Tim Starks from CyberScoop discusses the ongoing debate over staffing and budget cuts at CISA. NATO lets Ukraine play the bad guy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Tim Starks from CyberScoop, who is discussing the ongoing debate over staffing and budget cuts at CISA, the political battles surrounding the agency's future, and what the Trump administration's plans could mean for U.S. cybersecurity efforts. Selected Reading Meta AI Bug Exposes Over 20,000 Instagram Accounts (Infosecurity Magazine) NSO Group back in Meta's crosshairs after alleged WhatsApp targeting (The Register) CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) (Help Net Security) Everest Forms Vulnerability Exploited to Hack WordPress Sites (SecurityWeek) C0XMO botnet spreads via DD-WRT router flaw, kills rival malware (Bleeping Computer) New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams (Hackread) Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks (GovInfo Security)  California man sentenced to over 26 years for dark web drug trafficking (SC Media) AI observability platform Coralogix raises $200 million in a Series F round. (N2K Pro Business Briefing)   Nato narrowly beats Russia-style enemy in cyber attack simulation (Financial Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - Le retour de 32 femmes et enfants de Syrie, liés au groupe autoproclamé « État islamique », a suscité des inquiétudes quant à la sécurité de la communauté et donné lieu à des débats sur les mesures obligatoires de lutte contre l'extrémisme violent (CVE) destinées aux personnes à risque.

The return of 32 women and children from Syria, who are linked to the self-proclaimed Islamic State group, has prompted concerns around community safety and discussions around mandatory Countering Violent Extremism (CVE) activities for at-risk individuals. - أثارت عودة 32 امرأة وطفلاً من سوريا إلى أستراليا، ممن يرتبطون بتنظيم الدولة الإسلامية المعروف بـ "داعش"، مخاوف واسعة النطاق حول سلامة المجتمع، وفتحت الباب مجدداً أمام مناقشات مكثفة بشأن إلزامية أنشطة مكافحة التطرف العنيف (CVE) للأفراد المصنفين كمعرضين للخطر.

Puntata 618 con Marco e Giuliana in conduzione.Iniziamo dalla scoperta del mesone Bc*+ , stato eccitato del mesone Bc da parte dell'esperimento ATLAS al CERN.Per approfondire:- REFERENCE PAPER: https://arxiv.org/pdf/2605.16228- https://koppenburg.ch/particles.htmlUna canzone può davvero mandare in crash un computer? Ian parte da un brano “Rythm Nation” di Janet Jackson del 1989 e, insieme a Leonardo, fa un deep dive tra frequenze di risonanza, hardware e fenomeni un po' inaspettati.Per approfondire:- CASO NIST - CVE-2022-38392: https://nvd.nist.gov/vuln/detail/CVE-2022-38392- BRANO: Janet Jackson - Rhythm Nation https://www.youtube.com/watch?v=OAwaNWGLM0c&list=RDOAwaNWGLM0c&start_radio=1- REFERENCE PAPER: https://eng.sut.ac.th/me/JRAME/images/Document/06paper4.pdf- ADAM NEELY: https://www.youtube.com/watch?v=-y3RGeaxksY&t=109sLast but not least, continuiamo con un po' di fisica e domande esistenziali che partono dall'equazione di Dirac.Diventa un supporter di questo podcast: https://www.spreaker.com/podcast/scientificast-la-scienza-come-non-l-hai-mai-sentita--1762253/support.

Today's brief leads with Orange County, where Garden Grove's GKN Aerospace hazmat emergency de-escalates and all evacuation orders lift, returning the final 16,000 residents home with no injuries. New Mexico's Seven Cabins Fire reaches 64 percent containment and Lincoln County rescinds all evacuations. CISA adds an actively exploited vulnerability to its KEV catalog, the central United States faces a multi-day severe-weather threat, Kilauea holds at ADVISORY, and FEMA assistance deadlines approach in Washington and Hawaii. EM Morning Brief is your concise daily update on national and state-by-state emergency management news. Produced by Sitch Radio, an EOC Voices podcast.Key Takeaways• California hazmat: All Garden Grove GKN Aerospace evacuation orders lifted June 4; about 16,000 residents returned, no injuries, but tank cleanup remains delayed.• New Mexico wildfire: Seven Cabins Fire at ~31,867 acres and 64% contained; all evacuations rescinded June 4; Capitan Mountain forest closure still in effect.• Cyber / CISA: CISA added CVE-2026-45247 (Mirasvit) to the KEV catalog June 3 with an active-exploitation flag and a federal remediation deadline.• Severe weather: NWS and SPC flag a multi-day large-hail, wind, tornado, and flash-flood threat across the central Plains and mid-Mississippi Valley through the weekend.• Volcano: Kilauea remains at ADVISORY / Aviation Color Code YELLOW; eruption paused, episode 49 possible within ~10 to 15 days of June 1.• FEMA deadlines: Washington December-storm applications close June 10; Hawaii Kona Low Individual Assistance closes June 14.• Lifelines: City of Aiken, SC water main break June 4 affected ~60 connections; precautionary boil-water advisory to follow restoration.SponsorsThe NIMS Store - https://thenimsstore.com/SourcesNIFC / Wildfire• NIFC Incident Management Situation Report — National daily wildfire situation report and preparedness level• NIFC National Fire News — National wildland fire activity summaryCISA• CISA Adds One Known Exploited Vulnerability to Catalog (June 3, 2026) — CVE-2026-45247 Mirasvit deserialization flaw added to KEV• CISA Known Exploited Vulnerabilities Catalog — Authoritative KEV catalog and remediation deadlinesUSGS — Volcano• USGS Kilauea Volcano Updates — Hawaiian Volcano Observatory status and alert level for KilaueaSevere Weather• NWS National Forecast — National Weather Service hazards and severe-weather summary• SPC Day 1 Convective Outlook — Storm Prediction Center severe-weather outlook for the central U.S.Tropical / NHC• National Hurricane Center — Atlantic and Eastern Pacific tropical weather outlooksFEMA• FEMA — Hawaii Kona Low deadline extended to June 14 — Individual Assistance deadline for Maui and Honolulu counties• FEMA — One month remains to apply in Washington — June 10 deadline for December storms and floodingUSGS — Earthquakes• USGS Significant Earthquakes — 2026 — No significant U.S. seismic events in the last 24 hoursCalifornia• ABC7 — Garden Grove chemical tank updates — OCFA lifts all evacuation orders June 4; residents return• City of Garden Grove — Hazardous Materials Incident — Official municipal incident information pageNew Mexico• NM Fire Info — Lincoln County rescinds Seven Cabins evacuations (June 4) — Evacuation orders rescinded; acreage and containment update• Lincoln National Forest — Fire — Forest Service fire and closure informationSouth Carolina• City of Aiken — Water Main Break Advisory (June 4) — York Street NE main break affecting ~60 connections This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit emnetwork.substack.com/subscribe

A bi-weekly news show informing you on the latest in Bitcoin, privacy and open source tech hosted by Ungovernables, Max and Q. AOBFTF with ZachQ eurotripNew Foundation websiteNEWSU.S. Treasury seizes nearly 1B in Iran-linked crypto, Tether freezes 344M USDT on Tron https://bitcoinmagazine.com/news/u-s-treasury-the-united-states-iranThe Mined in America Act would put the Bitcoin network at riskhttps://www.therage.co/mined-in-america-act-bitcoin-at-risk/CVE in Core Lightning: Optech #407 disclosurehttps://bitcoinops.org/en/newsletters/2026/05/29/Introducing Cube: Burak unveils a trustless Bitcoin smart contract L2https://medium.com/cube-bitcoin/introducing-cube-8b3702e470a5Published: May 2026Anonymous plaintiff sues for title to $293 billion in dormant Bitcoinhttps://bitcoinmagazine.com/news/anonymous-plaintiff-seeks-legal-bitcoinPublished: 2026-05-28The U.S. Constitution inscribed on the Bitcoin blockchain via expanded OP_RETURN https://bitcoinmagazine.com/news/someone-inscribed-the-constitution-bitcoinPublished: 2026-05-29RELEASESBitcoin Protocol, Core, Knots, SecurityCore Lightning v26.06rc2 — 2026-05-22Release candidate 2 for CLN 26.06. Documentation and gRPC interface refinements on top of rc1's graceful command, sendamount RPC, and BOLT12 payer-proof support. Routing-node operators should test on a non-production node before adopting.Eclair 0.14.0 — 2026-05-21Significant Lightning release from ACINQ. Final versions of channel splicing, simple taproot channels, and zero-fee commitments all ship in this version. This is the Eclair side of the same protocol work showing up in CLN and LDK. If you run an Eclair routing node, this is the upgrade to track.Hardware Signers and Hardware-Wallet AppsColdcard MK5 launch — 2026-05-29New flagship hardware. Larger Gorilla Glass screen, redesigned buttons, improved NFC, dual secure element architecture retained. Already supported in Bitcoin Safe 2.0.0rc0 from earlier this fortnight.Frostsnap 0.3.0 — 2026-05-27Headline change: deterministic firmware build with cryptographic digest verification. So end users can independently verify the firmware binary matches the source. That is the right direction for any hardware signer carrying real money.Keystone 3 v2.4.4 — 2026-05-26Wallet connection removal, Zcash SLIP39 support added, device verification fixes.Trezor Suite v26.5.1 — 2026-05-27 (FTD re-surfacing)Adds ERC-681 QR code support in the send form. Show editorial: only relevant if you use Trezor for Ethereum-side workflows, not a Bitcoin-only change.Ledger Live Desktop 4.5.0 — 2026-05-21Bridge integration refactoring across desktop and mobile.Ledger Live Mobile 4.6.0 — 2026-05-28Async API updates and bridge resolution improvements.Software WalletsSparrow Wallet 2.5.0 — 2026-05-21Headline feature: Silent Payments receiving wallets, including support for airgapped hardware wallet signers. Adds frigate.2140.dev as a Silent Payments capable public Electrum server, auto-selected when required. Plus a BIP32 derivation fallback when retrieving signing nodes for high-index inputs. This is the biggest privacy upgrade of the fortnight in any consumer-facing Bitcoin wallet, and the airgapped-signer support means Coldcard and similar users get it without going hot.Sparrow Frigate 1.5.3 — 2026-05-30Adds a privacy-preserving hourly aggregate of historical scan stats, locally generated server.features response when the backend returns a method-not-found error, improvements to the hosts field in server.features.Bitcoin Seed Tool 2.3.0 — 2026-05-19 (borderline, in grace)Educational interface redesign with violet accent color and integrated learning features.Nunchuk Android 2.5.2 — 2026-05-27"Bug fixes and improvements," nothing detailed publicly.Liana Business v0.1 — 2026-05-20First alpha of Liana's business product line. Environment variable support for signet testing. New product tier from Wizard Sardine for business-focused multisig with timelocked recovery.Peach Bitcoin 0.69.0 (build 350) — 2026-05-19Encrypted backup of custom payout addresses, restoration guidance, camera permission fix, push notification translations.Lightning, L2, ScalingPhoenix 2.8.0 — 2026-05-22UI fixes on Android: scanning inverted QR codes, a button to use the entire available balance when paying Lightning.Phoenixd 0.8.0 — 2026-05-20Upgraded lightning-kmp dependency to 1.12.0.ZEUS 13.0.2 — 2026-05-21Stable release of the RC chain we previewed last fortnight. New default RGS server at rgs.zeusln.com with 15-minute graph updates instead of 3-hour. Improved clipboard, NFC, UI improvements.Arkade arkd v0.9.6 — 2026-05-26Package and component renaming, CI workflow improvements, golang version bump.Arkade TS SDK @arkade-os/sdk 0.4.32 — 2026-05-29Maintenance bump.Arkade TS SDK @arkade-os/boltz-swap 0.3.37 — 2026-05-29Maintenance bump on the Boltz-swap helper.ThunderHub v0.18.4 — 2026-05-29Native display formatting for trading distribution, better CLTV headroom in route building.Blink Mobile 2.4.49 — 2026-05-30Bug fix: removes ABI-prefixed versionCode overrides.LNbits v1.5.5-rc1 — 2026-05-24Release candidate.Mostro v0.17.4 — 2026-05-22Payout confirmation to winner, solver-directed dispute slash, concurrent taker bonds with first-to-lock wins, MOSTRO_NSEC_PRIVKEY environment variable, Yadio price tolerance fix.Bisq v1.10.1 — 2026-05-30Raises trade amount limits to 0.250 BTC after the v1.10.0 post-exploit reset. Adjusts risk-based reduction factors. Fixes a BSQ swap validation bug.Bisq v1.10.0 — 2026-05-17 (carries over from last fortnight as final tag on cutoff day)The post-incident hardening release we covered last fortnight: trade protocol validation, PGP supply-chain verification, 0.125 BTC initial cap, macOS Apple Silicon support.EcashCashu TS v4.5.1 — 2026-05-23Deprecates the current checkProofsStates method in favour of a v5-compatible one. Wallet builders should plan the migration.Fedimint SDK canary release — 2026-05-27React Native transport: flattened RPC payload, persistent callback. Rolling canary channel.Bitcoin Dev InfrastructureBDK FFI 3.0.0 — 2026-05-29Major version of the BDK language bindings. Anyone shipping a wallet on top of BDK should read the migration notes carefully.Liquid GDK 0.77.4 — 2026-05-27Rate-limiting error handling, Rust dependency updates, UTXO retrieval fixes, build improvements.Self-Hosting and Sovereignty InfraJoinMarket-NG 0.31.1 — 2026-05-30Privacy-critical fix: prevents a Sybil DoS where relayed !hp2 floods could starve a maker's own post-ioauth commitment broadcasts. Also installs whiptail in maker and taker container images so the jm-ng TUI works out of the box. JoinMarket-NG continues to ship hardening on a tight cadence.Tor Browser 15.0.14 — 2026-05-19 (borderline, in grace)Important Firefox security updates rolled in.Mullvad Browser 15.0.14 — 2026-05-19 (borderline, in grace)Firefox 140.11.0esr base, NoScript 13.6.19.1984.Nostr (Bitcoin-relevant)Amethyst 1.11.0 — 2026-05-20Restores Lightning Address and LNURL fields in Edit Profile. Useful: those fields were missing for a stretch and creators relying on zaps as a revenue stream were getting cut off in profile edits.EDUCATIONTFTC retrospective: Why Keonne Rodriguez is in prison for building Samourai Wallet — 2026-05-28Bitcoin Optech Newsletter #407 — 2026-05-29CLN vulnerability disclosure (already in news), transcripts from a May Bitcoin Core developer meeting covering SwiftSync, cluster mempool, Erlay redesign, package relay. Eclair 0.14.0 and CLN 26.06rc2 release context.Bitcoin Optech Newsletter #406 — 2026-05-22BIP322 advances to Complete status with human-readable prefixes and PSBT support. TCP hole punching for Bitcoin nodes behind NATs (we flagged this Delving Bitcoin thread last fortnight). Services section highlights Ibis Wallet (BDK-based with coin control and Tor), LDK Server, Mempool.space taproot visualization.Bitcoin Optech #406 recap podcast — 2026-05-26Discussion of BIP322 updates, TCP hole punching, Ibis Wallet, LDK Server, Mempool.space v3.3.0, peer-observer infrastructure.Bitcoin Optech #405 recap podcast — 2026-05-19Bitcoin Core CVE-2024-52911 discussion and the UTXO-set P2P sharing draft BIP with Fabian Jahr.Rainey's book on financial censorshipMentioned by Gladstein on 2026-05-21 as quoting his work on the war on cash and the blocksize war. Plug in education / further reading.TO DONATE TO ROMAN'S DEFENSE FUND: https://freeromanstorm.com/donateHELP GET SAMOURAI A PARDONSIGN THE PETITION ----> https://www.change.org/p/stand-up-for-freedom-pardon-the-innocent-coders-jailed-for-building-privacy-tools DONATE TO THE FAMILIES ----> https://www.givesendgo.com/billandkeonneSUPPORT ON SOCIAL MEDIA ---> https://billandkeonne.org/VALUE…

Announcing Bitskrieg https://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogs https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical Security Patch Update Advisory - May 2026 https://www.oracle.com/security-alerts/cspumay2026.html GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257 https://security.paloaltonetworks.com/CVE-2026-0257

Topics covered in this episode: CVE-2026-48710: A Maintainer's Perspective daily-stars-explorer Markdown to pdf with pandoc and typst postman2pytest Extras Joke Watch on YouTube About the show Brian #1: CVE-2026-48710: A Maintainer's Perspective Marcelo Trylesinski suggested by Lee Luocks Short version: users of Starlette: upgrade to Starlette 1.0.1 security professionals: we can't treat open source projects like corporations This top link is a Starlette security advisory with the title Missing Host header validation poisons request.url.path, bypassing path-based security checks The CVE apparently caused some negative press targeting starlette. However, “the vulnerability came from the application pattern and the deployment, never from something Starlette intended.” A quote from an OSTIF article: “This bug is a classic “responsibility gap” where if this maintainer didn't patch, thousands of exposed projects would have to individually secure their projects. In doing this work, they've voluntarily taken on the responsibility to protect the ecosystem from long-term systemic harm. As with all open source projects, they owed us nothing and could have left this to be everyone else's problem and took the extraordinary steps of helping the ecosystem.” Both X40 D-Sec and Ars Technica expected immediate fixes and responses from Starlette. That's not good. We can do better. Michael #2: daily-stars-explorer Explore the full history of any GitHub repository.

Originally recorded: Friday May 29, 2026In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A large-scale software supply chain attack dubbed “Megalodon” infected thousands of GitHub repositories with credential-stealing malware in a highly automated campaign that unfolded over a six-hour period on May 18, 2026.Researchers from OX Security have identified a malicious npm package named “mouse5212-super-formatter” that was designed to steal files from Anthropic Claude AI environments by targeting the “/mnt/user-data” directory.Convenience store giant 7-Eleven disclosed a data breach tied to an attack that occurred on April 8, 2026, involving systems that contained franchise-related documents. SecurityWeek article Matt references.CISA has issued an urgent warning about a critical vulnerability in the LiteSpeed cPanel Plugin, tracked as CVE-2026-48172, which is already being actively exploited in the wild.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Microsoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Microsoft and "Nightmare Eclipse," the criticism from prominent security researchers including Kevin Beaumont and Katie Moussouris, and what the controversy could mean for the future of vulnerability disclosure. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. The episode also explores a new category of insider risk after U.S. prosecutors charged Google security engineer Michael Spagnuolo with allegedly using confidential Google search trend data to earn more than $1.2 million on the prediction market Polymarket. The case highlights how prediction markets may create unexpected incentives around non-financial corporate information. Also covered: active exploitation of Palo Alto Networks' GlobalProtect VPN authentication bypass vulnerability CVE-2026-0257, now added to CISA's Known Exploited Vulnerabilities (KEV) catalogue, and a malware campaign that abuses legitimate ChatGPT sharing pages and Google Ads to trick users into downloading malicious software. Researchers also report similar abuse of Anthropic's Claude Artifacts feature. Chapters 00:00 Top Headlines Rundown 00:26 Microsoft vs Zero-Day Researcher 01:28 Responsible Disclosure Fallout 03:32 Why This Dispute Matters 04:32 Polymarket Insider Trading Case 06:07 Prediction Markets Create New Insider Risks 06:55 Palo Alto VPN Authentication Bypass 08:25 ChatGPT Pages Used to Deliver Malware 09:51 Wrap Up and Sign Off Cybersecurity Today is Canada's leading daily cybersecurity news podcast, covering ransomware, vulnerabilities, nation-state threats, cybercrime, security research, privacy, and critical infrastructure security. #Cybersecurity #Microsoft #PaloAltoNetworks #ChatGPT #OpenAI #Google #Polymarket #ThreatIntelligence #InfoSec #CyberSecurityToday

The latest In Touch With iOS Dave Ginsburg is joined by Jeff Gamet, Guy Serle, Marty Jencius, Jill McKinley, and Eric Bolden to talk Apple's latest beta releases, Vision Pro gaming with Steam Link and PS5 Remote Play, Siri and AI rumors for iOS 27, Mac hardware news, CarPlay customization tips, Apple Wallet IDs, Thunderbolt 5 docks, and much more as WWDC 2026 gets closer. The show notes are at InTouchwithiOS.com  Direct Link to Audio  Links to our Show Give us a review on Apple Podcasts! CLICK HERE we would really appreciate it! Click this link Buy me a Coffee to support the show we would really appreciate it. intouchwithios.com/coffee  Another way to support the show is to become a Patreon member patreon.com/intouchwithios Website: In Touch With iOS YouTube Channel In Touch with iOS Magazine on Flipboard Facebook Page BlueSky Mastodon X Instagram Threads Summary In this episode of In Touch With iOS, Dave Ginsburg is joined by Jeff Gamet, Guy Serle, Marty Jencius, Jill McKinley, and Eric Bolden for a fun and wide-ranging discussion covering the latest Apple news, rumors, tips, and plenty of laughs as WWDC 2026 quickly approaches. The show kicks off with discussion around Apple's latest beta releases for iOS, iPadOS, macOS, visionOS, watchOS, and tvOS. While the updates appear mostly focused on bug fixes and stability improvements, the panel speculates Apple may already be quietly laying groundwork for major WWDC announcements behind the scenes. Vision Pro continues to dominate conversation this week with the arrival of the native Steam Link app, giving users a new way to stream PC games directly into Apple's headset. The panel discusses the growing gaming possibilities for Vision Pro, including PS5 remote play support and whether Apple's expensive headset could eventually become a more serious entertainment and gaming platform. Leaked images of black Vision Pro components also spark speculation about possible future hardware revisions or prototype devices Apple may still be testing internally. Security and messaging updates are another major focus this week. The crew discusses Apple's expanded transparency around CVE security reporting, encrypted RCS messaging support in Messages, and how users can verify end-to-end encryption is active. The conversation quickly turns humorous as the group debates Apple's new alerts for users who max out blocked contacts, leading to stories about spam texts, political messages, and the endless battle against robocalls. On the Mac side, the panel covers the M5 MacBook Air reaching one of its lowest prices yet, making it an especially attractive option for Apple users looking to upgrade. Dave also shares excitement about the massive Virtual OS Museum project, which allows users to explore and run classic operating systems from decades past, including older versions of macOS, Windows, Linux, Atari, and more. The discussion then shifts into AI and Apple's future plans. OWC's upcoming Stack AI hardware generates interest as the panel explores how local AI processing and large language models may shape the future of Mac hardware. From there, the conversation moves into new rumors surrounding iOS 27, including reports of a redesigned Siri experience, a standalone chatbot-style Siri app, Dynamic Island integration ideas, and Apple's ongoing effort to compete in the rapidly evolving AI space. The panel debates whether Apple is truly behind competitors like ChatGPT and Gemini, or simply pursuing a more privacy-focused and ecosystem-driven approach. The crew also spends time discussing Apple's redesigned app icons and the growing confusion surrounding Creative Studio apps like Final Cut Pro and Logic Pro. Jeff Gamet passionately argues Apple has "completely lost the plot" with icon design, while Marty Jencius defends the idea of evolving aesthetics, leading to one of the funniest debates of the episode. Practical user tips round out the show, including how to customize CarPlay layouts, manage widgets and apps, enable 120Hz ProMotion refresh rates on iPhone, and use Apple Wallet driver's licenses in supported states. The panel shares real-world experiences using digital IDs and Apple Pay, including a hilarious story about a cashier insisting Apple Pay users still needed to "pay with money." Finally, the crew previews Macstock 2026 and Creator Camp, encouraging listeners to join the Apple community event this summer. With discussions covering Vision Pro gaming, Siri rumors, AI strategy, CarPlay, Mac hardware, Apple Wallet, and much more, Episode 425 delivers another packed week of Apple news, insight, and entertaining conversation from the In Touch With iOS team. Topics and Links In Touch With Vision Pro this week.  visionOS 26.6 Beta Release Notes | Apple Developer Documentation The native Steam Link app for Apple Vision Pro is now available More All-Black Apple Vision Pro Parts Surface Online Apple Vision Pro & PlayStation 5 are the perfect combo with Portal Remote Play app Beta this week. iOS 26.6 Beta 1 was released this week Apple Seeds First iOS 26.6 and iPadOS 26.6 Betas to Developers Apple Releases First watchOS 26.6, tvOS 26.6 and visionOS 26.6 Betas Apple adds new CVE details to several macOS, iOS, iPadOS, visionOS, and watchOS updates iOS 26.5 gave Messages app encrypted RCS, here's how to check it's working iOS 26.6 Will Alert You When You've Maxed Out Blocked Contacts Apple Releases New Firmware for AirTag 2 In Touch With Mac this week First macOS Tahoe 26.6 Beta Now Available for Developers Apple's M5 MacBook Air Hits New Low Price of $899.99 The Virtual OS Museum is a fantastic project that lets you run Mac OS, A/UX, NeXTSTEP, more We have many questions about OWC's new Stack AI speed booster Add multiple high-res screens to your Mac with these new Thunderbolt 5 docks Other Topics Apple Updates Trade-In Values for iPhone, iPad, Mac, and Apple Watch Apple Publishes Document to Help Users Tell Creator Studio Apps Apart  Leaks: iOS 27 leak reveals new Siri design, Camera app, more Detailed iOS 27 renders show Siri's big makeover  iPadOS 26.5 has convenient upgrade when using Magic Keyboard, more Tips Time Permitting  Tips to customize CarPlay for your vehicle How to Activate 120Hz Refresh Rate on iPhone News Apple Just Expanded iPhone Driver's License Feature to 14th U.S. State After the Whistle with Brendan Hunt and Rebecca Lowe returns Announcements Macstock X is here celebrating its 10th anniversary ! Dave, Chuck, Jeff, Marty, and Jill are all speaking this year!. With Three Full Days of expert-led Presentations and Workshops, Macstock's sessions are crammed full of productivity-enhancing content. NEW this year is a partnership with sponsor Ecamm. Ecamm Creator Camp: Mac Edition on July 9, 2026 there are only 100 tickets available for the bundle. There are 2 passes available: Macstock weekend pass July 10,11,12, 2026 or the Macstock Ecamm Bundle starting July 9 (only 100 tickets available)  Come join us. Register HERE and use our offer code INTOUCH to save $50 Our Host Dave Ginsburg is an IT professional supporting Mac, iOS and Windows users and shares his wealth of knowledge of iPhone, iPad, Apple Watch, Apple TV and related technologies. Visit the YouTube channel https://youtube.com/intouchwithios follow him on Mastodon @daveg65, , BlueSky @daveg65  and the show @intouchwithios   Our Regular Contributors Jeff Gamet is a podcaster, technology blogger, artist, and author. Previously, he was The Mac Observer's managing editor, and Smile's TextExpander Evangelist. You can find him on Mastadon @jgamet Pixelfed @jgamet@pixelfed.social and Bluesky @jgamet.bsky.social‬ Podcasts The Context Machine Podcast  Retro Rewatch Retro Rewatch His YouTube channel https://youtube.com/jgamet Website: https://jeffgamet.com  Marty Jencius, Ph.D., is a professor of counselor education at Kent State University, where he researches, writes, and trains about using technology in teaching and mental health practice. His podcasts include Vision Pro Files, The Tech Savvy Professor and Circular Firing Squad Podcast. Find him at jencius@mastodon.social  https://thepodtalk.net  Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him by email at eabolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast.   Jill McKinley works in enterprise software, server administration, and IT A lifelong tech enthusiast, she started her career with Windows but is now an avid Apple fan. Beyond technology, she shares her insights on nature, faith, and personal growth through her podcasts—Buzz Blossom & Squeak, Start with Small Steps, and The Bible in Small Steps. Watch her content on YouTube at @startwithsmallsteps and follow her on X @schmern. Find all her work at http://jillfromthenorthwoods.com  Chuck Joiner is the host of MacVoices and hosts video podcasts with influential members of the Apple community. Make sure to visit macvoices.com and subscribe to his podcast. You can follow him on Twitter @chuckjoiner and join his MacVoices Facebook group. Guy Serle is one of the hosts of the new The Gmen Show along with GazMaz and email GMenshow@icloud.com  @MacParrot and @VertShark on X  Vertshark on YouTube, Google Voice +1 Area code  703-828-4677

This episode covers a CISA contractor's accidental exposure of AWS GovCloud credentials and internal system details on GitHub, the FBI's efforts to patch vulnerable routers, and a critical NGINX vulnerability with public proof-of-concept code. The team also discusses Microsoft's handling of a disputed Azure Backup security finding, the challenges of vulnerability disclosure and CVE assignment, and GitHub's ban of security researcher Nightmare Eclipse following the publication of unpatched Windows vulnerability research.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-928

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Show Notes: https://securityweekly.com/psw-928

This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-928

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Possible ACR Stealer From Page Impersonating Claude https://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extension https://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows. Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets. Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims. Timestamps: 00:00 Top Headlines Rundown 00:27 Emergency Drupal Patch Order 02:22 Microsoft Server Update Bug 04:02 Canada Lawful Access Battle 05:18 Google's Security Concerns 06:25 Salt Typhoon Lessons 07:35 Iran-Linked AI Malware 09:26 SEO Poisoning Attack 10:09 Wrap Up and Sign Off

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

Is AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of potential software flaws at machine speed. The episode breaks down the real numbers behind the hype: over 10,000 candidate vulnerabilities flagged, 1,726 confirmed high or critical findings, 97 patched issues, and the growing concern that AI-driven bug hunting could overwhelm already stretched security teams. One example: a critical WolfSSL certificate forgery vulnerability (CVE-2026-5194, CVSS 9.1). Also in this episode: Canadian authorities arrest Ottawa suspect Jacob Butler, also known as "Dort," allegedly linked to the Kim Wolf botnet operation blamed for nearly 30 terabits-per-second distributed denial-of-service (DDoS) attacks and more than 25,000 incidents. We also cover active exploitation of a Ghost CMS SQL injection vulnerability (CVE-2026-26980), with attackers reportedly compromising hundreds of websites using ClickFix malware lures, including high-profile targets. And finally, an Iran-linked cyber espionage campaign dubbed "Screening Serpents" uses highly personalised fake recruitment approaches to target aerospace, defence, and telecom professionals with new remote access malware. If you work in cybersecurity, infrastructure, or IT leadership, this is one to watch. 00:00 Vunpocalypse Headlines 00:28 AI Finds Vulnerabilities 01:32 False Positives and Costs 02:39 WolfSSL Critical CVE 03:51 Patch Volume Pressure 04:28 Kim Wolf Botnet Arrest 05:13 Botnet Scale and Swatting 06:48 International Takedowns 07:41 Ghost CMS Mass Exploits 09:07 ClickFix Infection Chain 10:25 How to Remediate Ghost 10:39 Iran Spear Phishing Ops 12:51 Closing and Sign Off #Cybersecurity #CyberSecurityToday #AIsecurity #GhostCMS #DDoS #CyberEspionage #Anthropic #ClaudeAI #IranCyberThreat #InfoSec

Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in modern software organizations. Also today: Microsoft begins phasing out SMS-based authentication for personal accounts, calling text-message authentication a growing fraud risk as it shifts toward phishing-resistant passkeys. Researchers also disclose a nine-year-old Linux privilege escalation flaw, CVE-2026-46333, nicknamed SSH-Keysign-Pwn, which can allow root-level access with local machine access. And Proton publicly threatens to leave Canada rather than comply with proposed surveillance legislation it says would undermine its no-logs privacy promise. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. If cybersecurity, privacy, and digital infrastructure matter to your business, this is the daily briefing you need. Timestamps: 00:00 Top Stories Rundown 00:24 GitHub Supply Chain Breach 01:09 Developer Workstations at Risk 02:31 Microsoft Ditches SMS MFA 04:15 Linux Root Escalation Flaw 06:11 Proton vs Canada Surveillance Bill 08:03 Wrap Up and Sign Off #cybersecurity #github #microsoft #linux #protonvpn #privacy #databreach #supplychainattack #infosec #cybernews

GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Released https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

A dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has patched critical remote code execution flaws. In this episode of Cybersecurity Today, David Shipley breaks down four major cybersecurity stories that security teams need to know. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Microsoft has confirmed active exploitation of a new Exchange Server zero-day, CVE-2026-42897, affecting Exchange Server 2016, Exchange Server 2019, and Exchange Subscription Edition. There is currently no patch, only mitigations through the Exchange Emergency Mitigation Service, with some trade-offs for Outlook Web App users. Security researcher Marcus Hutchins highlights an unusually disciplined ransomware affiliate operation using tradecraft more commonly associated with nation-state attackers, including a custom SentinelOne endpoint detection and response (EDR) killer and a stripped-down toolset designed to leave fewer forensic traces. In one of the more astonishing insider threat stories of the week, former OPEX Corporation contractors Muneeb and Sohaib Akhtar were allegedly caught deleting 96 U.S. government databases after leaving a Microsoft Teams recording running. Also in this episode: Fortinet has released urgent patches for critical unauthenticated remote code execution vulnerabilities in FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). If you're responsible for enterprise security, patch management, incident response, or cyber risk, this is one you need to see. Chapters: 00:00 Sponsor Message 00:24 Headlines Intro 00:49 Ransomware Nation-State Discipline 04:18 Exchange Zero-Day Mitigation 07:01 Fired Contractors Caught Recording 09:21 Fortinet Critical Vulnerabilities 11:07 Wrap Up and Sign Off 11:38 Sponsor Deep Dive Ad #Cybersecurity #MicrosoftExchange #ZeroDay #Ransomware #Fortinet #CyberAttack #Infosec #DavidShipley #CybersecurityToday

AWS Morning Brief for the week of May 18th , with Corey Quinn. Links:Announcing general availability of Amazon EC2 M3 Ultra Mac instancesAmazon EventBridge Scheduler adds 619 new SDK API actions, including Lambda Managed InstancesAmazon Redshift launches RG instances powered by AWS GravitonAmazon Route 53 Domains adds support for 34 new Top Level Domains including .app, .dev, and .health.ENA Express for Amazon EC2 instances now supports traffic between Availability ZonesStreaming CloudWatch metrics to VPC-based OpenTelemetry collectors using LambdaHow HotelTrader cut inter-AZ cost 95% and latency by 49% with Valkey GLIDE on Amazon ElastiCacheIntroducing Claude Platform on AWS: Anthropic's native platform, through your AWS accountAmazon CloudFront Premium flat-rate pricing plan now supports higher, configurable usage allowancesScalable cross-cloud data migration to Amazon S3 with distributed rcloneDirty Frag and other issues in Amazon Linux kernelsCVE-2026-8178 - Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC DriverFragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux KernelOngoing updates on Copy.fail and variantsIssue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 &: CVE-2026-8597)