Podcasts about cve

In this repeat episode, Jack Herrington sits down with Tanner Linsley to talk about the evolution of TanStack and where it's headed next. They explore how early projects like React Query and React Table influenced the headless philosophy behind TanStack Router, why virtualized lists matter at scale, and what makes forms in React so challenging. Tanner breaks down TanStack Start and its client-first approach to SSR, routing, and data loading, and shares his perspective on React Server Components, modern authentication tradeoffs, and composable tooling. The episode wraps with a look at TanStack's roadmap and what it takes to sustainably maintain open source at scale. We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey! https://t.co/oKVAEXipxu Let us know by sending an email to our producer, Elizabeth, at elizabeth.becz@logrocket.com, or tweet at us at PodRocketPod. Check out our newsletter! https://blog.logrocket.com/the-replay-newsletter/ Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form, and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. Chapters 01:00 – What is TanStack? Contributors, projects, and mission 02:05 – React Query vs React Table: TanStack's origins 03:10 – TanStack principles: headless, cross-platform, type safety 03:45 – TanStack Virtual and large list performance 05:00 – Forms, abandoned libraries, and lessons learned 06:00 – Why TanStack avoids building auth 07:30 – Auth complexity, SSO, and enterprise realities 08:45 – Partnerships with WorkOS, Clerk, Netlify, and Cloudflare 09:30 – Introducing TanStack Start 10:20 – Client-first architecture and React Router DNA 11:00 – Pages Router nostalgia and migration paths 12:00 – Loaders, data-only routes, and seamless navigation 13:20 – Why data-only mode is a hidden superpower 14:00 – Built-in SWR-style caching and perceived speed 15:20 – Loader footguns and server function boundaries 16:40 – Isomorphic execution model explained 18:00 – Gradual adoption: router → file routing → Start 19:10 – Learning from Remix, Next.js, and past frameworks 20:30 – Full-stack React before modern meta-frameworks 22:00 – Server functions, HTTP methods, and caching 23:30 – Simpler mental models vs server components 25:00 – Donut holes, cognitive load, and developer experience 26:30 – Staying pragmatic and close to real users 28:00 – When not to use TanStack (Shopify, WordPress, etc.) 29:30 – Marketing sites, CMS pain, and team evolution 31:30 – Scaling realities and backend tradeoffs 33:00 – Static vs dynamic apps and framework fit 35:00 – Astro + TanStack Start hybrid architectures 36:20 – Composability with Hono, tRPC, and Nitro 37:20 – Why TanStack Start is a request handler, not a platform 38:50 – TanStack AI announcement and roadmap 40:00 – TanStack DB explained 41:30 – Start 1.0 status and real-world adoption 42:40 – Devtools, Pacer, and upcoming libraries 43:50 – Sustainability, sponsorships, and supporting maintainers 45:30 – How companies and individuals can support TanStackSpecial Guests: Jack Herrington and Tanner Linsley.

Fake Claude Code Installs, Arpa Phishing, Zombie ZIP Malware Evasion, and Iran/Israel Cyber Retaliation This episode covers four major security stories: the "InstaFix" campaign using Google sponsored ads and cloned Claude Code install pages to trick developers into pasting terminal commands that deploy the TeraStealer credential-stealing malware; a phishing technique abusing the special-use .arpa domain and IPv6 reverse DNS to evade email and domain-based defenses, using attacker-controlled DNS zones, traffic distribution systems, and lures like surveys and account notices; the "Zombie ZIP" technique that manipulates ZIP headers to bypass AV/EDR scanning, tied to CVE-2026-0866 and demonstrated to evade most VirusTotal engines; and a surge in pro-Iranian and pro-Russian hacktivist retaliation targeting Israel and regional entities with DDoS, defacements, breach claims, and disinformation, alongside Israel's humorous counter-psychological video response. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:19 Headlines And Intro 00:51 Fake Claude Install Scam 04:25 Arpa Domain Phishing 08:30 Zombie Zip Malware Trick 10:57 Cyber Retaliation Surge 13:44 Israel's PSYOP Video 14:25 Wrap Up And Sponsor

Show DescriptionThe Zero Day Clock is ticking — and the numbers should make every security leader uncomfortable. In this episode, I sit down with Sergej Epp, CISO at a leading security firm, who built the Zero Day Clock after a weekend experiment using AI to discover vulnerabilities firsthand. What he found shocked him: with no professional vulnerability research background and just a few hours of work, he was successfully finding zero days across major security projects using AI models and basic scaffolding.Sergej breaks down his concept of the "Verifier's Law" — the idea that offense has the cheapest verifier in cybersecurity because feedback is binary and instant (you either popped a shell or you didn't), while defense operates in a space where validation is expensive, ambiguous, and slow. We dig into what this asymmetry means for the industry, why 20 years of warnings from Ross Anderson, Bruce Schneier, Halvar Flake, and others have gone unheeded, and whether coordinated disclosure models are broken now that AI can reverse engineer a patch into a working exploit in minutes.We also discuss the tension between regulation and deregulation playing out in the U.S. and EU, why the answer might be outcome-based accountability rather than prescriptive compliance, and what a realistic defensible posture actually looks like when the mean time to exploit for actively exploited vulnerabilities is under two days — while most organizations are still operating on 30-day patch cycles.Show NotesSergej shares how a weekend AI experiment led him to discover multiple zero days across major security projects with no professional vulnerability research experience — and why that should alarm the entire industryThe "Verifier's Law" explained: offense has cheap, deterministic validators (pop a shell, exfiltrate data, trigger an XSS) while defense faces expensive, ambiguous validation (parsing SIM alerts, measuring security posture), giving AI-accelerated offense a structural advantageThe Zero Day Clock synthesizes 3,500+ CVE-exploit pairs and shows the mean time to exploit for actively exploited vulnerabilities is now under two days — while organizations still operate on 14-to-30-day patch cycles20 years of ignored warnings: from Ross Anderson's 2001 economics paper through Bruce Schneier, Halvar Flake's "the patch is the advisory" insight, and DARPA's Cyber Grand Challenge — the industry has consistently failed to act on clear signalsAI can now reverse engineer patches to identify underlying flaws and generate working exploits in minutes, potentially breaking coordinated disclosure models and compressing the window between patch release and active exploitation to near zeroThe regulation paradox: the EU risks overregulating AI in ways that hamper defenders while attackers face no such constraints, while the U.S. is pushing deregulation that may remove the only forcing function for vendor accountability — Sergej and Chris discuss outcome-based regulation as a potential middle pathDefenders have a data advantage: by understanding their own environments, infrastructure, and processes, security teams can detect AI-driven attacks through behavioral anomalies like hallucinated API calls, non-existent user accounts, and other artifacts of AI-generated attack playbooksThe Zero Day Clock's real power is as a board-level communication tool — a single slide that translates the patching gap into a number executives and policymakers can't ignore, shifting the conversation from "are we compliant?" to "are we fast enough?"

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Insider Threat: AI-equipped Employees - Gate 15 - 04 Mar 2026 • Communication and Collaboration Key Themes in GridEx VIII Lessons Learned Report • Health-ISAC Annual Report 2025 Shows Surge in Threat Intel and Tabletop Drills, Putting Resilience in Focus • The Gate 15 Special Edition: Iran, ISACs, & insomnia: What's happening, and not happening, in information sharing — Gate 15 | 06 Mar 2026• White House Unveils President Trump's Cyber Strategy for America — The White House | 06 Mar 2026o Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House o Ranking Member Thompson Statement on Trump's 3-Page Cyber Strategy — Democrats on the House Homeland Security Committee, 06 Mar 2026 • Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House | 06 Mar 2026Main Topics:Operation Epic Fury & Related: • White House blocks intelligence report warning of rising US homeland terror threat linked to Iran war • Iran may be activating sleeper cells in the United States, officials warn • Cyber threat bulletin: Iranian cyber threat response to US–Israel strikes February 2026, Canadian Centre for Cyber Security, 03 Mar 2026• Alert: NCSC advises UK organisations to take action following conflict in the Middle East, NCSC, 02 Mar 2026• U.S. threat intelligence units identify hacktivists as prime cyber vector in Iran conflict • Iran-linked hacktivists could target US state and local targets, experts warn • Trump Says ‘I Guess' Americans Should Worry About Iran Attacks Cyber Reports• NCC Group Annual Threat Monitor Review of 2025 NCC Group, 05 Mar 2026• Patch, track, repeat: The 2025 CVE retrospective — Cisco Talos, 05 Mar 2026• Look What You Made Us Patch: 2025 Zero-Days in Review Google Cloud Blog, 05 Mar 2026• Coalition report finds sharp rise in ransomware demands as most businesses refuse to pay — Reinsurance News | 07 Mar 2026• INC Ransom Affiliate Model Enabling Targeting of Critical Networks Australian Cyber Security Centre, 05 Mar 2026Quick Hits:• Top 10 artificial intelligence security actions: A primer Canadian Centre for Cyber Security, 05 Mar 2026• Artificial Intelligence and Machine Learning Supply Chain Risks and Mitigations Australian Signals Directorate, 04 Mar 2026• How AI Assistants Are Moving the Security Goalposts — Krebs on Security | 07 Mar 2026• Preparation hardening destructive attacks — Google Cloud Threat Intelligence | 08 Mar 2026• Tornadoes kill 6 people in Michigan and Oklahoma as powerful storms hit nation's midsection

Referências do EpisódioAI as tradecraft: How threat actors operationalize AIAn Investigation Into Years of Undetected Operations Targeting High-Value SectorsCVE-2026-20122 | CVE-2026-20126 | CVE-2026-20128 - Cisco Catalyst SD-WAN VulnerabilitiesMobile spyware campaign impersonates Israel's Red Alert rocket warning systemMiddle East Conflict Fuels Opportunistic Cyber AttacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Cybersecurity Today Month in Review: Iran Conflict Cyber Spillover, IoT Cameras, AI Hacking Tools, and Resilience Planning In this weekend month-in-review episode, host Jim Love and panelists David Shipley, Laura Payne, Neil Bisson, and Chris "CJ" Johnson discuss cyber and infrastructure impacts tied to the US/Israel–Iran conflict, including reported compromise of traffic camera networks for targeting, Iran's defensive internet shutdown, propaganda via a hacked prayer app, and GPS/AIS spoofing that misdirected ships in the Strait of Hormuz, raising oil and helium supply-chain concerns. They warn of potential Iranian retaliation via DDoS, ransomware, and critical infrastructure attacks (especially water/OT), amplified by insecure IoT and camera vulnerabilities (e.g., Hikvision). The group critiques weakened government cyber capabilities (including CISA turmoil and CVE program risk), highlights AI-enabled attack automation (CyberStrike AI) shrinking time-to-exploit, and stresses practical resilience planning, including protecting AI API keys after an $82,000 billing incident and noting a law-enforcement takedown of LeakBase. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:18 Meet the Panel 01:41 MSPs and Security Assumptions 03:36 War and Cyber Spillover 06:52 Iran Internet Shutdown Explained 08:27 GPS Spoofing in Strait 10:32 Retaliation Risks to West 17:02 IoT Cameras as Targets 18:56 What IT Providers Should Do 22:03 Who Should Worry Most 26:18 Regulation and IoT Standards 28:58 Supply Chain and State Actors 31:36 CISA and CVE Turmoil 35:53 Ring Backlash and Big Tech 37:43 OpenAI Alerts and Privacy 39:25 AI Cultural Blind Spots 40:05 Therapy Duty to Report 41:17 Licensing AI Advice 42:16 Data Centers Under Fire 43:59 Continuity Without Claude 45:05 Power Grid Reality Check 46:47 MSPs and AI Dependence 49:58 Hype Versus Security Markets 51:02 CyberStrike AI Tooling 56:37 Nation State Plausible Deniability 59:58 Exploit Speed and Software Debt 01:03:37 Practical Tips and Wrap Up

Maeve's Work:She has been in the field of countering violent extremism (CVE), focusing on prevention and practitioner research, for the last five years.She wrote a book titled Black Pilled Masculinity Media and Incels, which breaks down the ideology and includes interviews with 32 young self-identified incels.She sees the incel community as an "extremist misogyny, manosphere" space and focuses on understanding the people involved in these spaces.The conversation covers:The "Black Pill" (the incel idea of seeing the "harsh reality of the world") and the sense of intellectual superiority it gives some members.The "Fear of Missing Out" (FOMO), which Maeve describes as a core tenet of incel ideology, where they believe everyone else is "at the party" and they are not.The concept of incels as a "canary in the coal mine" for increasing societal isolation and poor social skills in younger generations.The self-defeating nature of the ideology, which often leads to incels developing unrealistically strict criteria for a partner and becoming "worse position now" than before.The role of social media and passive consumption/lurking in increasing feelings of depression and anxiety, especially when comparing one's own life to the curated, often fake, "influencer" lifestyle.The importance of learning and practicing social skills to combat isolation.RISE RADIOEach week we discuss some of the most important issues we face in our society today.Listen on: Apple Podcasts SpotifySupport the show

AI is reshaping both sides of the cybersecurity battlefield — and fast. In this episode, we break down five stories that prove it: the first Chrome zero-day of 2026 (CVE-2026-2441), a near-perfect CVSS 9.9 in Microsoft's Semantic Kernel SDK (CVE-2026-26030), a supply chain attack on AI coding assistant Cline that silently installed autonomous agents on thousands of developer machines, the first-ever Android malware using Google's Gemini AI at runtime (PromptSpy), and a Russian-speaking threat actor who used commercial AI tools to breach over 600 FortiGate firewalls across 55 countries in just five weeks. Whether you're a developer, security professional, or just someone who uses a browser — this one's worth your time.

Du denkst, dein IoT-Kram ist harmlos: ein Thermometer, ein Staubsaugerroboter, ein bisschen Smart Home. Aber was, wenn genau diese Geräte der perfekte Tunnel aus deinem Netzwerk sind, weil sie selten sauber segmentiert werden, kaum jemand Egress Traffic prüft und Authentifizierung oft mit Autorisierung verwechselt wird?In dieser Episode nehmen wir drei Sicherheitsvorfälle auseinander und ziehen konkrete Learnings daraus:Den Aquarium-Thermometer-Case im Casino mit ungewöhnlichem Outbound Traffic, alternative Exfiltration Kanäle und die Frage, ob IoT wirklich das Einfallstor war oder eher der Exit. Ein Jeep Cherokee Hack von 2015, inklusive offenen Port 6667, DBus-Zugriff, Firmware ohne Signierung, CAN-Bus und einem Diagnosemodus, der plötzlich die Bremsen ausknipst. Ein MQTT Case rund um Staubsaugerroboter, Pub/Sub, Wildcards und fehlende ACLs, also Mandantenisolierung zum Weglaufen.Am Ende bleibt eine unbequeme, aber sehr praktische Checkliste: Segmentierung, Zero Trust, Least Privilege, Monitoring und Logging, Secure Boot und vor allem Egress Traffic als First Class Control.Und jetzt Hand aufs Herz: Was ist deine beste Ausrede, warum dein Netzwerk noch nicht segmentiert ist?Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

Show Notes - https://forum.closednetwork.io/t/episode-52-opsec-fail-epstein-files-why-decentralized-systems-are-a-threat-to-power-networks-age-verify-is-coming-to-everything/177Website / Donations / Support - https://closednetwork.io/support/BTC Lightning Donations - closednetwork@getalby.com / simon@primal.netThank You Patreons! - https://www.patreon.com/closednetworkMichael Bates - Privacy Bad AssDavid - Privacy Bad AssInferno Potato - Privacy Bad AssTK - Privacy Bad AssDavid - Privacy Bad AssVO - Privacy Bad AssMrMilkMustache - Privacy SupporterHutch - Privacy AdvocateTOP LIGHTNING BOOSTERS !!!! THANK YOU !!!@bon@sn@x@fireflygowartime@unkown@anonymousBBB - Buy Me. A Coffee - $30.00Thank You To Our Moderators:Unintelligentseven - Follow on NOSTR primal.net/p/npub15rp9gyw346fmcxgdlgp2y9a2xua9ujdk9nzumflshkwjsc7wepwqnh354dMaddestMax - Follow on NOSTR primal.net/p/npub133yzwsqfgvsuxd4clvkgupshzhjn52v837dlud6gjk4tu2c7grqq3sxavtJoin Our CommunityClosed Network Forum - https://forum.closednetwork.ioJoin Our Matrix Channels!Main - https://matrix.to/#/#closedntwrk:matrix.orgOff Topic - https://matrix.to/#/#closednetworkofftopic:matrix.orgSimpleX Group Chat - https://smp9.simplex.im/g#SRBJK7JhuMWa1jgxfmnOfHz7Bl5KjnKUFL5zy-Jn-j0Join Our Mastodon server!https://closednetwork.socialFollow Simon On The SocialsMastodon - https://closednetwork.social/@simonNOSTR - Public Address - npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 - primal.net/simonTwitter / X - @ClosedNtwrkInstagram - https://www.instagram.com/closednetworkpodcast/YouTube - https://www.youtube.com/@closednetworkEmail - simon@closednetwork.ioApple rolls out age-verification tools worldwide to comply with growing web of child safety lawshttps://techcrunch.com/2026/02/24/apple-rolls-out-age-verification-tools-worldwide-to-comply-with-growing-web-of-child-safety-laws/iOS 26.3—Update Now Warning Issued To All iPhone Usershttps://www.forbes.com/sites/kateoflahertyuk/2026/02/13/ios-263-update-now-warning-issued-to-all-iphone-users/Using the vulnerability, tracked as CVE-2026-20700, an attacker could execute arbitrary code. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” Apple said on its support page.iOS 26.4 Beta - End-To-End RCS Encryption For Messageshttps://www.macrumors.com/guide/ios-26-4-beta-features/#:~:text=End%2Dto%2DEnd%20RCS%20Encryption%20for%20MessagesPopular password managers fall short of “zero-knowledge” claimshttps://cyberinsider.com/popular-password-managers-fall-short-of-zero-knowledge-claims/https://www.youtube.com/watch?v=nLJ_sLr72-gWatch Out: Your Friends Might Be Sharing Your Number With ChatGPThttps://www.pcmag.com/news/watch-out-your-friends-might-be-sharing-your-number-with-chatgpt?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=ABitLocker, the FBI, and the Illusion of Controlhttps://cryptomator.org/blog/2026/02/15/bitlocker-fbi-and-the-illusion-of-control/Google patches first Chrome zero-day exploited in attacks this yearhttps://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the fedshttps://vmfunc.re/blog/personaTL;DR: discord's KYC provider (persona) is very naked, very poorly secured federal intelligence outfit, and also a siphon for openai data for them and their partners like worldcoinThe most interesting part (for me) is that it legit crosschecks a discord ID check (actually involves checking your face, IP, device signature, etc....) against chainanlysis dossiers for any partial matches to devices/people/accounts/names involved with tracked crypto addresses.So, if chainalysis gets a device signature, and then you verify your discord on the same device (yielding the same signature), both FinCEN, Chainalysis, OpenAI, and basically everyone now knows your crypto tx your device sig your real identityBill Summary: SB26-051 – Age Attestation on Computing DevicesPurpose:SB26-051 requires operating system providers (such as mobile device platforms) to implement an age attestation system that signals a user's age bracket to apps in order to enhance protections for minors.What the Bill Requires1. Operating System Providers Must:Provide an accessible interface at account setup requiring the account holder to enter the user's birth date or age.Generate an “age signal” that communicates the user's age bracket (not exact age) to applications in a covered app store.Provide developers access to this age signal through a real-time API.Share only the minimum amount of information necessary to comply.Not share the age signal with third parties except as required by the bill.2. Application Developers Must:Request the age signal when the app is downloaded and launched.Treat the age signal as knowledge of the user's age range across all platforms and access points.If they have clear and convincing evidence that a user's age differs from the signal, they must rely on that updated information.Not request more information than necessary.Not share the age signal with third parties except as required by the bill.Enforcement & PenaltiesIf violated:Up to $2,500 per minor per negligent violationUp to $7,500 per minor per intentional violationEnforced through civil action by the Colorado Attorney GeneralIn Simple TermsThe bill creates a standardized age-verification signal built into device operating systems. Instead of each app independently collecting age data, the operating system provides an age bracket to apps — while limiting unnecessary data sharing.The goal is to:Strengthen protections for minorsLimit excessive data collectionCreate a consistent age-verification framework across apps

Rob Slaughter Rob Slaughter, CEO and co-founder of Defense Unicorns, discusses the modernization of the Department of War and the company’s role in facilitating technology integration with Don Witt of the Channel Daily News, a TR publication. Rob and Don comment on the modernization focusing on technology advancements and AI applications. They discussed how the nature of warfare has changed, transitioning from traditional systems to autonomous drones and other advanced technologies. Rob explained that the rapid pace of technological development means that outdated capabilities are no longer acceptable in modern conflicts. Don then asks Rob Slaughter about their platform solution UDS. Rob explains that UDS enables faster integration of modern software and AI solutions into military systems. Rob explained that UDS can integrate with both legacy and modern systems, significantly reducing the time needed for technology deployment compared to traditional methods. They discussed the challenges of deploying technology to the government and how Defense Unicorns helps streamline the process, making it easier for companies to contribute to national defense. This holds true for enterprise software as well. About: Defense Unicorns was created by people who knew firsthand how desperately the people protecting our world needed software that could move as fast as the threat. At the time it was impossible. They imagined a solution that could update in minutes, be CVE-free as a baseline, and thrive in air-gapped and edge environments. And then they built it. Defense Unicorns was officially founded, building on their deep experience delivering software in air-gapped, mission-critical environments. After helping stand up Platform One and Big Bang, the team began aligning real-world services work with product R&D—starting with Zarf, an air-gap-native delivery tool. This product-led approach, grounded in the needs of mission operators, drove early growth. For more information go to: https://defenseunicorns.com

Microsoft just dropped patches for SIX actively exploited zero-day vulnerabilities — and that's just the beginning. In this week's Hacking News, we break down the February 2026 Patch Tuesday emergency, North Korea's Lazarus Group poisoning npm and PyPI through fake job recruiters, nation-state hackers weaponizing Google's Gemini AI (including malware that writes its own payloads), a massive Dutch telecom breach affecting 6.2 million people, and a U.S. government contractor breach that ballooned from 4 million to potentially tens of millions affected. This is Exploit Brokers by Forgebound Research — cybersecurity news, threat intelligence, and insights. Whether you're a security analyst, developer, or just someone who wants to stay informed, this episode has something for you.

On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Meta's director of AI safety tells her ClawdBot not to delete her mail… so of course it does Peter Williams cops 7 years in jail for selling L3 Harris Trenchant's exploits to Russia Ivanti got hacked in 2021 via… bugs in Ivanti This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can't. This episode is also available on Youtube. Show notes AI-augmented threat actor accesses FortiGate devices at scale "this reads to me like: they ran existing tools.... but with a cool dashboard :D" Anthropic accuses Chinese labs of trying to illicitly take Claude's capabilities | CyberScoop Detecting and preventing distillation attacks Hegseth warns Anthropic to let the military use the company's AI tech as it sees fit, AP sources say Anthropic Rolls Out Embedded Security Scanning for Claude AWS's AI Coding Bot Kiro Caused a 13-Hour Outage Running OpenClaw safely: identity, isolation, and runtime risk Former Adobe, Cisco and Salesforce CISO talks AI pentesting History Repeats: Security in the AI Agent Era Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch The (tangential) fix: Microsoft adds Copilot data controls to all storage locations Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds Persona emails customers saying they don't work with ICE or DHS amid ‘surveillance' claims Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 Ivanti hacked in 2021 via its own product Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

NIST is falling behind on vulnerability scoring — and the gap is growing. In this episode, Peter and Steph break down what that means for IT and security teams relying on CVE data to prioritize patching, and how Automox is solving it.We cover:Why NIST's National Vulnerability Database has a growing backlog and what's causing itHow incomplete vulnerability data creates blind spots in your patch management programAutomox's new partnership with VulnCheck to deliver real-time vulnerability intelligenceWhat KEV (Known Exploitable Vulnerabilities) data is and why your leadership team cares about itExpanding from fewer than 10 third-party apps to 70% coverage across 500+ supported applicationsThe rollout plan from third-party apps to macOS, Windows, and LinuxWhether you're running a mature vulnerability management program or just getting started, this episode lays out how the vulnerability data landscape is shifting and what you can do to stay ahead of real-world threats.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When people look back on 2025 they will see many changes in the FedRAMP process.  It looks like a new administration examined the process, got feedback from companies, and launched new initiatives to speed up the process. During today's interview, Irina Denisenko (Knox CEO) details FedRAMP's challenges and something called "FedRAMP 20x." Knox runs the largest FedRAMP-managed cloud, enabling 90-day authorizations by hosting customers' production environments. Denisenko explains the story of the origin of Knox Systems:   she was running a training company and the Air Force wanted to use her product.  It would have taken so long to complete the FedRAMP requirements that she just bought a company that was FedRAMP compliant. It is hard to believe that the process is so frustrating that fewer than 500 apps are authorized at moderate/high FedRAMP The initiative from the GSA is called FedRAMP 20x  It shifts to continuous monitoring and continuous authorization, moving from annual audits (sampled every 3 years) and monthly CVE spreadsheets to real-time, machine-readable data. What Knox offers is a tried-and-true platform that has reduced time for compliance in order to better serve federal needs. 

Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/ Grandstream GXP1600 VoIP Phones https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories:  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised. 00:00 Sponsor Message: Meter's Full-Stack Networking 00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims 00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE 02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations 03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed 05:07 Did SSA Data Leak? Whistleblower vs. Official Denial 06:54 Host Take: What If the "Foundational" Database Was Compromised? 07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo

Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in iOS/iPadOS https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes

Welcome to episode 343 of The Cloud Pod, where the forecast is always cloudy! Justin, Ryan, and Matt are in the studio this week bringing you all the latest in Cloud and AI news, including some of the smaller clouds like Cloudflare and Crusoe Cloud, as well as announcements from the big guys like Google's Gemini DeepThink, Anthropic's big pay day, and Microsoft's Notepad problem. We've got all this plus Matt screwing up his outro AGAIN, so let's get started!  Titles we almost went with this week Chrome’s WebMCP Protocol: Teaching AI Agents to Stop Doom-Scrolling the DOM and Actually Get Work Done Claude Enterprise Self-Service: Because Sometimes You Just Want to Buy AI Without Small Talk AWS EC2 Goes Inception Mode: Now You Can Virtualize Your Virtualization Without Going Broke Amazon EC2 Nested Virtualization: Because Your Virtual Machine Was Lonely and Needed Its Own Virtual Machine CloudWatch Alarm Mute Rules: Because Your Deployment Doesn’t Need a Standing    Ovation at 3 AM Anthropic’s $380 Billion Valuation Proves AI Funding Has Gone Claude Nine AWS EC2 Nested Virtualization Finally Escapes the Expensive Hardware Jail Cloudflare Teaches AI Agents the Magic Words: Accept text/markdown and Save 13,000 Tokens Crusoe Cloud’s MCP Server: Teaching AI Assistants to Stop Asking for the Manager and Just Fix Your Infrastructure Azure’s New Agentic Copilot: Because Manually Clicking Through Dashboards Was So 2023 Chrome’s WebMCP Gives AI Agents a GPS for Websites Because Apparently They’ve Been Lost in the HTML This Whole Time  Anthropic Cuts Out the Middleman: Claude Enterprise Now Available Without the Enterprise Sales Dance AWS Gives CloudWatch the Silent Treatment: New Mute Rules Let Alarms Sleep Through Maintenance Windows AWS CloudWatch Hits Snooze: Mute Rules End On-Call Nightmares AWS Gives CloudWatch the Silent Treatment General News  00:45 Bloat Risk? Microsoft’s Notepad Upgrade Also Introduced a Vulnerability | PCMag Microsoft’s recent Notepad modernization introduced CVE-2026-20841, a vulnerability in the new Markdown support feature that allows malicious links in files to execute remote code.  The flaw has been patched in the February 2026 security updates, but it highlights the security trade-offs when adding features to historically simple applications. The vulnerability exploits Notepad’s Markdown rendering capability, which Microsoft added in May to support lightweight markup language formatting. When Notepad opens a specially crafted Markdown file, embedded malicious links can trigger unverified protocols that load and execute remote files on the system. This incident raises questions about feature bloat in core Windows utilities, particularly as Microsoft continues adding network-dependent capabilities like AI-powered text writing to Notepad. Security researchers are debating

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited 02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging 04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer 06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments 07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks 09:11 Wrap-Up, Thanks, and Sponsor Message

Google issued a security update for Chrome to fix a high-severity vulnerability, CVE-2026-2441, which allows remote code execution through a crafted HTML page. The flaw, discovered by Shaheen Fazim, is actively exploited. Users should update Chrome to version 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux. Chromium-based browser users should apply updates. Apple also released patches for a separate zero-day vulnerability affecting its platforms.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

Karnevalskater trifft Open-Source-Kater: Zwischen FOSDEM-Raumsuche, MySQL-Gerüchten und ethischen Grundsatzdebatten stolpern wir durch Tech-Trends und AI-News. Dazu gibt's Abo-Detox, Desktop-Frust und die Erkenntnis: Digitale Souveränität beginnt manchmal mit „Kündigen“-Button statt Keynote. Blast from the Past MySQL - Bericht vom FOSDEM Stand Rant extended - same as posting blogposts on linkedin applies - of course - to medium. Static Site Generators with AsciiDoc support Toter der Woche Google Pixel 3a Untoter der Woche notepads Windows Notepad Ursache Markdown feature Microsoft seite Notepad++ AI der Woche AI agent seemingly tries to shame open source developer for rejected pull request AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty) Selfish AI Anthropic raises $30B Series G funding at $380B post-money valuation (Anthropic) Nvidia shares are down after a report that its OpenAI investment stalled. Here's what's happening News Wero: Commerzbank macht mit

Rusland hackt het Poolse stroomnetwerk maar Polen houdt de lichten aan en China infiltreert jarenlang telecom providers wereldwijd met 8 jaar oude vulnerabilities. The Telegraph schreeuwt dat Boris Johnson's telefoon gehackt is, maar het verhaal is interessanter én enger - het gaat niet om telefoons maar om de providers zelf. Marco legt uit waarom ISPs de "holy grail" zijn voor spionage (metadata kills people), Jelle neemt het Telegraph-artikel vakkundig uit elkaar en Ronald vertelt waarom één gecompromitteerde provider toegang geeft tot miljoenen klanten. Van TACACS+ traffic capture tot GRE tunnels, van Cisco Guest Shell containers tot BGP routing manipulatie - dit is "one of the more successful campaigns in the history of espionage" en het had voorkomen kunnen worden door gewoon te patchen. AIVD en MIVD tekenden mee op de advisory, dus ja, dit raakt ook Nederland. Bronnen Sandworm Poland Power Grid - SecurityWeek: "Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid" (23 jan 2026): https://www.securityweek.com/russian-sandworm-hackers-blamed-for-cyberattack-on-polish-power-grid/ Salt Typhoon - Telecom Espionage - The Telegraph: "China hacked Downing Street phones for years" (27 jan 2026): https://www.telegraph.co.uk/news/2026/01/26/china-hacked-downing-street-phones-for-years/ - AIVD/MIVD: "Nederlandse providers doelwit van Salt Typhoon": https://www.aivd.nl/actueel/nieuws/2025/08/28/nederlandse-providers-doelwit-van-salt-typhoon - Joint Cybersecurity Advisory: CISA/NSA/FBI/NCSC-UK/AIVD/MIVD + 15 landen - "Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide" - CVE-2024-21887: Ivanti Connect Secure command injection - CVE-2024-3400: Palo Alto Networks GlobalProtect RCE - CVE-2023-20198 & CVE-2023-20273: Cisco IOS XE authentication bypass + privilege escalation - CVE-2018-0171: Cisco IOS Smart Install RCE (8 jaar oud!)

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.OpenClaw, an open source AI agent formerly known as MoltBot and ClawdBot, has rapidly become the fastest-growing project on GitHub, amassing over 113,000 stars in under a week.A critical vulnerability in the React Native Community CLI NPM package, tracked as CVE-2025-11953 with a CVSS score of 9.8, has been actively exploited in the wild since late December 2025, according to new findings by VulnCheck. JFrog article.Following the disclosure in the Notepad++ v8.8.9 release announcement, further investigation confirmed a sophisticated supply chain attack that targeted the application's update mechanism.Google, in coordination with multiple partners, has undertaken a large-scale disruption effort targeting the IPIDEA proxy network, which it identifies as one of the largest residential proxy networks globally.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In October 2025, CyberPress reported a critical security vulnerability in the Redis Server, an open-source in-memory database that allowed authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine. In 2024, another prominent temporal memory safety flaw was found in the Netfilter subsystem in the Linux kernel: CVE-2024-1086. Bugs related to temporal memory safety, such as use-after-free and double-free vulnerabilities, are challenging issues in C and C++ code. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Lori Flynn, a senior software security researcher in the SEI's CERT Division, and David Svoboda, a senior software engineer, also in CERT, sit down with Tim Chick, technical manager of CERT's Applied Systems Group, to discuss recent updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal memory.  

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2February 11, 2026 | 12:00 - 1:00 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2Top Headlines: VulnCheck | Metro4Shell: Exploitation of React Native's Metro Server in the Wild: https://www.vulncheck.com/blog/metro4shell_eitw Notepad | Notepad++ Hijacked by State-Sponsored Hackers: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ ThreatLabz | Operation Neusploit: APT28 Uses CVE-2026-21509: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250 ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodYTranscript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-opensslLinks:- https://cryptography.io/en/latest/statements/state-of-openssl/- Py Cryptography: https://cryptography.io- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/- https://packages.gentoo.org/packages/media-libs/libsdl- https://www.youtube.com/watch?v=RUIguklWwx0- https://datatracker.ietf.org/doc/rfc9180/- https://docs.openssl.org/3.3/man3/OSSL_PARAM/- https://openssl.foundation/- https://github.com/openssl/openssl/issues/17064- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny- https://github.com/topazproject/topaz- https://github.com/actions/runner/issues/1069- https://crystalhotsauce.com/- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467- https://en.wikipedia.org/wiki/Ship_of_Theseus- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d- https://www.ibm.com/products/open-sdk-for-rust-aix- https://dadrian.io/blog/posts/corporate-support-xz/- https://peps.python.org/- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/- https://go.dev/blog/fips140- https://dadrian.io/blog/posts/roll-your-own-crypto/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Scanning Webserver with pwd as a Starting Path Attackers are adding the output of the pwd command to their web scans. https://isc.sans.edu/diary/x/32654 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509 Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 Exposed Clawdbot Instances Many users of the AI tool clawdbot expose instances without access control. https://x.com/theonejvo/status/2015485025266098536

Analysis of Single Sign-On Abuse on FortiOS Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Outlook OOB Update Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches. https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491 VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) A VMWare vCenter vulnerability patched last June is now actively exploited. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.North Korean threat actors are targeting macOS software developers in a new malware campaign that abuses Visual Studio Code (VS Code) confi gurations to deliver JavaScript-based backdoors, according to research from Jamf.Sinkholes are usually seen as the end of a malicious campaign - the point where domains are seized and abuse stops.China's pen-testing and red-team ecosystem has always been hard to observe, especially since many teams stopped participating in international CTFs post-2018.A critical zero-day vulnerability, CVE-2025-64155, has been discovered in Fortinet's FortiSIEM platform by Horizon3.ai, allowing unauthenticated remote code execution and privilege escalation to root.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Today we are talking about Integrations into Drupal, Automation, and Drupal with Orchestration with guest Jürgen Haas. We'll also cover CRM as our module of the week. For show notes visit: https://www.talkingDrupal.com/537 Topics Understanding Orchestration Orchestration in Drupal Introduction to Orchestration Services Drupal's Role in Orchestration Flexibility in Integration Orchestration Module in Drupal Active Pieces and Open Source Integration Security Considerations in Orchestration Future of Orchestration in Drupal Getting Involved with Orchestration Resources Orchestration N8N https://www.cve.org/CVERecord?id=CVE-2026-21877 https://www.cve.org/CVERecord?id=CVE-2026-21858 Drupal as an application Tools Orchestration ECA Maestro AI Flowdrop Guests Jürgen Haas - lakedrops.com jurgenhaas Hosts Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi MOTW Correspondent Martin Anderson-Clutz - mandclu.com mandclu Brief description: Have you ever wanted a Drupal-native way to store, manage, and interact with people who might not all be registered users? There's a module for that. Module name/project name: CRM - Contact Relationship Management Brief history How old: created in Apr 2007 by Allie Micka, but the Steve Ayers aka bluegeek9 took over the namespace Versions available: 1.0.0-beta2, which works with Drupal 11.1 or newer Maintainership Actively maintained, latest release just a day ago Security coverage: opted in, but needs a stable release Test coverage Number of open issues: 73 open issues, but all bugs have been marked as fixed Usage stats: 10 sites Module features and usage Listeners may remember some mention of the CRM module in the conversation about the Member Platform initiative back in episode 512 As a reminder, something other than standard Drupal user accounts is useful for working with contact information for people where you may not have all the criteria necessary for a Drupal user account, for example an email address. Also, a dedicated system can make it easier to model relationships between contacts, and provide additional capabilities. It's worth noting that this module defines CRM as Contact Relationship Management, not assuming that the data is associated with "customers" or "constituents" as some other solutions do At its heart, CRM defines three new entity types: contacts, contact methods, and relationships. Each of these can have fieldable bundles, and provides some default examples: Person, Household, and Organization for contacts; Address, Email, and Telephone for contact methods; and Head of household, Spouse, Employee, and Member for relationships Out of the box CRM includes integrations with other popular modules like Group and Context, in addition to a variety of Drupal core systems like views and search As previously mentioned CRM is intended to be the foundational data layer of the Member Platform, but is also a key element of the Open Knowledge distribution, meant to allow using Drupal as a collaborative knowledge base and learning platform

In the security news: Rainbow tables for everyone Lilygo releases a new T-Display that looks awesome AI generated malware for real Detecting BadUSB when its not a dongle A telnetd vulnerability Google Fast Pair and how I took control of your headset Should we make CVE noise? Exploiting the Fortinet patch DIY data diode Bambu NFC reader for your Flipper Payloads in PNG files Don't leave the lab door open - amazing research and new tool release Fixing your breadboards Finding vulnerabilities in AI using AI Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is still a really bad idea. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-910

The renewable energy sector faces a critical cybersecurity gap. As wind farms, solar installations, and battery energy storage systems proliferate across the globe, they create a decentralized network of digitally controlled assets that remain largely unprotected. Rafael Narezzi, Co-Founder and CEO of Cyber Energia, brings more than two decades of technology leadership experience to address this growing vulnerability in critical infrastructure.Cyber Energia takes a fundamentally different approach to OT security. While most cybersecurity companies stop at identifying risks through CVE scores and vulnerability assessments, Cyber Energia starts from the risk and translates it into financial terms that executives can act upon. The platform connects technical findings to compliance frameworks including NIS 2.0, IEC 62443, and NERC CIP, providing asset owners with a clear maturity landscape and actionable intelligence.Rafael Narezzi explains that asset owners in the renewable sector operate differently than traditional IT environments. Financial companies often acquire energy assets as investments without maintaining technical staff on-site. When compliance regulations now hold these owners personally liable for cybersecurity failures, they need tools that speak their language: dollars, risk, and return on investment. Cyber Energia prices its services per megawatt, demonstrating its commitment to speaking the language of energy.The decentralization of energy generation presents unique challenges. Rafael Narezzi points to recent cyber attacks on Poland's distributed grid as evidence that threat actors understand how to manipulate multiple remote locations simultaneously to destabilize power networks. Battery energy storage systems present particular risks, as compromised dispatch commands could create grid imbalances similar to the fictional scenario depicted in Ocean's 11. Yet many sites lack even basic cyber hygiene protections.Cyber Energia helps customers understand the financial impact of potential attacks. A 98-megawatt wind turbine site, for example, could lose 1.9 million dollars from just one week of downtime. This quantification enables executives to make informed decisions about relatively modest security investments that significantly reduce their risk exposure. The platform provides a single-view dashboard for organizations managing hundreds of sites across different regions, technologies, and regulatory environments.Rafael Narezzi observes that a CEO before a cyber attack is fundamentally different from a CEO after one. Organizations often underestimate digital risks compared to physical ones, despite living in an increasingly connected world. Regulations like NIS 2.0 now impose personal liability on directors and can revoke operating licenses, removing any excuse for neglecting cybersecurity. The awareness is changing, but Cyber Energia continues working to close the gap between compliance requirements and actual security posture across the renewable energy sector.This is a Brand Story. A Brand Story is a ~35-40 minute in-depth conversation designed to tell the complete story of the guest, their company, and their vision. Learn more: https://www.studioc60.com/creation#fullGUESTRafael Narezzi, Co-Founder and CEO of Cyber Energiahttps://www.linkedin.com/in/narezzi/RESOURCESCyber Energiahttps://cyberenergia.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSRafael Narezzi, Cyber Energia, Sean Martin, brand story, brand marketing, marketing podcast, brand story, OT cybersecurity, renewable energy security, critical infrastructure protection, NIS 2.0 compliance, IEC 62443, wind farm cybersecurity, solar energy security, battery energy storage systems, BESS security, decentralized energy grid, cyber risk quantification, energy sector compliance, NERC CIP, operational technology security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week's cybersecurity news, including: Santa brings hackers MongoDB memory leaks for Christmas Vercel pays out a million bucks to improve its React2Shell WAF defences 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG Cambodian scam compound kingpin gets extradited to China, and we don't think it'll go well for him Krebs picks apart the Kimwolf botnet and residential proxy networks So many healthcare data leaks that we have a roundup section This week's episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft's ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code! This episode is also available on Youtube. Show notes US, Australia say ‘MongoBleed' bug being exploited | The Record from Recorded Future News Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar Inside Vercel's sleep-deprived race to contain React2Shell | CyberScoop gpg.fail Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post NSA cyber directorate gets new acting leadership | The Record from Recorded Future News Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22 The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch Tech provider for NHS England confirms data breach | TechCrunch Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I'm in negotiations to get it' - NZ Herald

Malicious Process Environment Block Manipulation The process environment block contains metadata about particular processes, but can be manipulated. https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/ YARA-X 1.11.0 Release: Hash Function Warnings The latest version of YARA will warn users if a hash rule attempts to match an invalid hash. https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616 VideoLAN Security Bulletin VLC 3.0.22 CVE-2025-51602 VideoLAN fixed several vulnerabilities in its VLC software. https://www.videolan.org/security/sb-vlc3022.html Apache NimBLE Bluetooth vulnerabilities NimBLE is a Bluetooth stack popular in IoT devices. An update fixes some eavesdropping and pairing vulnerabilities. https://mynewt.apache.org/cve/

Topics covered in this episode: port-killer How we made Python's packaging library 3x faster CodSpeed Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: port-killer A powerful cross-platform port management tool for developers. Monitor ports, manage Kubernetes port forwards, integrate Cloudflare Tunnels, and kill processes with one click. Features: