Podcasts about cve

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

Referências do EpisódioChinese hackers exploiting VMware zero-day since October 2024VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)You name it, VMware elevates it (CVE-2025-41244)Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware SuiteCybercrime Observations from the Frontlines: UNC6040 Proactive Hardening RecommendationsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Stevens Roundtable: Understanding Commercial Vehicle Enforcement Trucker Tim welcomes Sergeant Barrett Smith from the Mesquite Police Department to discuss the crucial role of Commercial Vehicle Enforcement (CVE) in ensuring road safety. Sergeant Smith explains the importance of non-punitive inspections for driver and public safety, emphasizing the need for compliance and effective pre-trip inspections. The conversation explores the accountability and cooperation between CVE and drivers, sharing valuable insights on preparing for inspections and maintaining vehicle safety. Hear about the pivotal efforts of CVE to keep roads safer, benefiting both drivers and the motoring public. Trucking Brotherhood and New Beginnings at Stevens Transport Noah Easley, a new solo driver at Stevens Transport. Noah shares his transition into the trucking world, highlighting the camaraderie at Stevens and the industry's brotherhood vibe reminiscent of 'Smokey and the Bandit.' With insights on training with mentor Larry Ruffin and adapting to life on the road, Noah reflects on his journey and future aspirations. He also touches on his passion for rapping during long drives. Discover the blend of community, personal growth, and lifestyle in the trucking industry through Noah's story. Become a Team Driver Discover the transformative world of team driving with Stevens Transport in this insightful discussion. Learn how driving with a partner boosts efficiency, earning potential, and safety, while allowing for nearly constant travel and the enjoyment of America's stunning landscapes. Understand how federal regulations intersect with teamwork logistics, enabling over 5,500 miles a week. Insights on rest strategies, like bunk bed sleeping arrangements, are shared. Stevens Transport explains the advantages of choosing your driving partner and how this approach can elevate your trucking career. Explore team driving's benefits and start your journey to success now. Earn More/Team Up - https://vimeo.com/1020240977 Driver Spotlight - Jeremy J. Carter Meet Jeremy J. Carter, a dedicated Stevens Transport driver and trainer from Inverness, Florida. Celebrating 2 million miles, Jeremy shares his trucking journey, highlighting the support he's received and the experiences he's had along the way. Hear why he's working toward 3 million miles and why Stevens is still home after 18 years. See the video here: https://youtu.be/v0mmchHExQo?si=jTBODPWcS5Q7W2i5 Hall of Famer Richard Fertig: A Mentor for Future Drivers Richard Fertig, celebrates 15 years with Stevens Transport. Discover what makes Richard a standout figure in the trucking world, from his love for capturing scenic beauty on the road to his dedication to training new drivers. Richard shares insights into the supportive culture at Stevens, the importance of asking questions, and his willingness to help fellow drivers. Whether you're a seasoned driver or new to the industry, Richard's wisdom and open approach are invaluable. Tune in to explore a career that Pilot/Flying J Rewards App: https://pilotflyingj.com/rewards Become a Driver for Stevens Transport For questions on whether you meet our driver qualifications, please call our Recruiting Department at 1-800-333-8595 or visit: www.stevenstransport.com/drivers/ Stevens Transport 9757 Military Parkway, Dallas, TX 75227 http://www.stevenstransport.com/ http://www.becomeadriver.com/ Driver Recruiting: 1-800-333-8595.  Apply Here: https://intelliapp2.driverapponline.com Paragon Leasing Technician Careers: https://www.stevenstransport.com/careers/fleet-maintenance-jobs/

The White House Office of Management and Budget is instructing agencies to consider reducing staff for programs that have a lapse in funding in the event of a government shutdown, as tensions rise ahead of the Sept. 30 end to the fiscal year. “With respect to those Federal programs whose funding would lapse and which are otherwise unfunded, such programs are no longer statutorily required to be carried out,” the undated message said. The guidance goes on to say that consistent with applicable law, including a federal reduction in force statute, agencies are directed to use this opportunity to consider RIF notices for employees working in projects, programs or activities that have a funding lapse on Oct.1, don't have another source of funding, and are not consistent with President Donald Trump's priorities. The project, program or activity must meet all three criteria, the message said. The message places blame for a possible shutdown squarely on congressional Democrats, calling their demands “insane.” The OMB message explains that the One Big Beautiful Bill Act, legislation passed earlier this year that is at the heart of Trump's second-term agenda, provided “ample resources to ensure that many core Trump Administration priorities will continue uninterrupted.” Federal cyber authorities sounded a rare alarm last week, issuing an emergency directive about an ongoing and widespread attack spree involving actively exploited zero-day vulnerabilities affecting Cisco firewalls. Cisco said it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May. The vendor, which attributes the attacks to the same threat group behind an early 2024 campaign targeting Cisco devices it dubbed “ArcaneDoor,” said the new zero-days were exploited to “implant malware, execute commands, and potentially exfiltrate data from the compromised devices.” Cisco disclosed three vulnerabilities affecting its Adaptive Security Appliances — CVE-2025-20333, CVE-2025-20363 and CVE-2025-20362 — but said “evidence collected strongly indicates CVE-2025-20333 and CVE-2025-20362 were used by the attacker in the current attack campaign.” The Cybersecurity and Infrastructure Security Agency said those two zero-days pose an “unacceptable risk” to federal agencies and require immediate action. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Recebemos a brilhante Michelle Mesquita para provar, na prática, que AppSec não é sinônimo de “rodar um scanner e rezar”. Conversamos sobre como construir segurança desde o design, passando por threat modeling, SAST/DAST/SCA e políticas reprodutíveis — tudo sem cair na armadilha do PDF de vulnerabilidades que ninguém lê. Sim, nós também rimos (de nervoso) quando lembramos daqueles relatórios com 500 findings.Falamos ainda sobre carreira: onde começam as pessoas de AppSec, por que comunicação e influência importam tanto quanto CWE e CVE, e como programas como Security Champions destravam escala e cultura. Discutimos comunidades e referências (OWASP e afins), automação no pipeline, gamificação e até como usar IA para reduzir ruído e acelerar feedback útil para devs.E, claro, mantivemos o nosso jeitinho: didático, direto e levemente irônico. Se você quer sair do “firefighting” e colocar segurança como requisito funcional do seu produto, este episódio é para você. Prepare o café, abra o IDE e vem com a gente.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Referências do EpisódioWEBINAR Black Friday: Cibersegurança pra além do básico, sem esquecer o básicoCVE-2025-20352 - Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution VulnerabilityCVE-2025-20311 - Cisco IOS XE Software for Catalyst 9000 Series Switches Denial of Service VulnerabilityCVE-2025-20334 - Cisco IOS XE Software HTTP API Command Injection VulnerabilityCVE-2025-20160 - Cisco IOS and IOS XE Software TACACS+ Authentication Bypass VulnerabilityCVE-2025-20313 e CVE-2025-20314 - isco IOS XE Software Secure Boot Bypass VulnerabilitiesAnother BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal SectorsBRICKSTORM Indicator of Compromise ScannerRedNovember Targets Government, Defense, and Technology OrganizationAI vs. AI: Detecting an AI-obfuscated phishing campaignRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

In dieser "Passwort"-Folge geht es zunächst um große Pläne, die die US- amerikanische IT-Sicherheitsbehörde CISA für das CVE-System hat. Sylvester ist verhalten hoffnungsvoll, Christopher sieht die Gefahr, dass Macht missbräuchlich zementiert werden könnte. Machtmissbrauch witterten auch viele Kommentatoren beim nächsten Thema: Browserhersteller überlegen, XSLT auszubauen. Die Hosts sehen sich an, was XSLT überhaupt ist und diskutieren, ob es im Browser sinnvoll oder deplatziert scheint. Zum Schluss werfen Christopher und Sylvester einen Blick auf die sich aktuell häufenden Angriffe auf npm und erklären unter anderem, was die Sandwürmer aus Frank Herberts Dune damit zu tun haben. - Darknet Diaries deutsch: https://www.heise.de/news/Darknet-Diaries-heise-online-bringt-deutsche-Version-des-US-Podcasts-10626196.html - Chrome-Sandbox-Exploit: https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html - CISA-Positionspapier: https://www.cisa.gov/sites/default/files/2025-09/CISA_Common_Vulnerabilities_and_Exposures_CVE_Program_Vision-v6_CLEAN.pdf - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Hacktivists don't need zero-days to hurt you—they weaponize people. Host Lieuwe Jan Koning sits down with Yuri Wit (SOC analyst) and Rob Maas (Field CTO) to dissect APT Handala: how they hunt targets, deliver wipers, and brag about leaks. We map their moves to the Lockheed Martin Kill Chain and turn it into a Zero Trust defense playbook you can actually use—today.(00:00) - - 01:40 - Introduction (01:40) - - 02:27 - What is APT Handala? (02:27) - - 05:27 - Kill Chain Step 1: Reconnaissance (05:27) - - 06:43 - Kill Chain Step 2: Weaponization (06:43) - - 10:39 - Kill Chain Step 3: Delivery (10:39) - - 14:37 - Kill Chain Step 4: Exploitation (14:37) - - 17:34 - Kill Chain Step 5: Installation (17:34) - - 23:39 - Kill Chain Step 6: Command and control (23:39) - - 26:40 - Kill Chain Step 7: Act on objectives (26:40) - - 29:35 - How to respond to being hacked (29:25) - - 30:22 - Closing notes Key Topics Covered•  Handala's playbook: people-centric recon, phishing kits, wipers, boast-and-leak ops.•  Zero Trust counters: deny-by-default egress, newly-registered-domain blocks, hard EDR, passkeys.•  SOC tells: DNS DGA spikes, encrypted C2 on common apps, “human error” as the biggest CVE.•  Comms reality: when openness helps—and when strategic silence limits amplification.Additional Resources• ON2IT Zero Trust: https://on2it.net/zero-trust/• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html• Tor Project (onion services): https://www.torproject.org/• Threat Talks hub: https://threat-talks.com/Click here to view the episode transcript.

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy' due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America's second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices

CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691

Chris and Hector call out Microsoft for “gross cybersecurity negligence,” explain Kerberoasting in plain English, and discuss CISA's CVE overhaul. Plus, hackers on the battlefield, and how U.S. tech helped build China's surveillance state. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

If you like what you hear, please subscribe, leave us a review and tell a friend!Apple, Google, and other tech companies addressed actively exploited vulnerabilities and malware campaigns, including CVE-2025-43300 and hundreds of malicious Android apps involved in ad fraud. Threat actors, including ShinyHunters and North Korean phishing groups, leveraged stolen data, AI-forged military IDs, and ransomware to target individuals and organizations, while VC and cyber investment firms like Glilot Capital continued to raise significant funding.

In this episode, Ryan Williams Sr. and Shannon Tynes discuss various cybersecurity topics, including the alarming trend of children hacking their schools, the need for better cybersecurity education, and the modernization of the CVE program. They also explore the role of AI in streamlining cybersecurity processes and the importance of maintaining human oversight in the face of technological advancements. The conversation emphasizes the necessity of integrating cybersecurity awareness from a young age and the implications of AI on job security in the industry. Articles: Children hacking their own schools for 'fun', watchdog warns https://www.bbc.com/news/articles/c203pedz58go?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEe7Ly42G9GlofCB1rIZhMDsrg-bJMAwvEgVumVaxRWAIIWMXcuZBKjXJlpfOI_aem_lEj9EXX6c-qmjpk2RaEhuw CISA ‘fired up' to chart new vision for CVE program https://federalnewsnetwork.com/cybersecurity/2025/09/cisa-fired-up-to-chart-new-vision-for-cve-program/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEen7LI1vMqV-DQtzTCdnFSFgvZTfkb52by2PffmzE5VCynIdSM_YqtCeZClek_aem_NZP4CQbbcgXLijOXxvaUgw AI for ATO: Pentagon seeks AI to streamline cumbersome cybersecurity processes https://breakingdefense.com/2025/09/ai-for-ato-pentagon-seeks-ai-to-streamline-cumbersome-cybersecurity-processes/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExamlZRGlOeFB3cWZ0Qk1DeQEea8SUOgG_gan7Stba7KlCTxMaFz2IGGG_iPZ56jm9yk4LWFIE3sVLpOSunpw_aem_32ncyU7mNbxtn-H9RazynQ Buy the guide: https://theothesideofthefirewall.com Please LISTEN

In this IMS Insights Podcast, Senior Jury Consulting Advisor Chris Dominic is joined by Lead Life Care Planning and Vocational Expert Kacy Turner, MS, CRC, CVE, CLCP, to discuss the valuable role vocational experts play in traumatic injury litigation. Kacy explains how vocational assessments, through testing, transferable skills analysis, and rehabilitation planning, help attorneys, juries, and judges understand an injured individual's employability and earning capacity—both past and future.   Kacy also highlights why hands-on job placement experience and recognized credentials are essential for credibility in court, and how collaboration with economists and life care planners strengthens damages analyses. With IMS's integrated team of specialized experts, plaintiff and defense clients can benefit from comprehensive vocational assessments, life care plans, economic reports, and rebuttals that provide clarity and confidence in injury-related cases. Watch the original LinkedIn Live recording here: https://www.linkedin.com/events/imselevate-theimpactofvocationa7365729687089664001/theater/  Learn more about Kacy's expertise: https://imslegal.com/team/kacy-turner  Learn more about host Chris Dominic: https://imslegal.com/team/chris-dominic  Contact Us: https://imslegal.com/contact IMS has delivered strategic litigation consulting and expert witness services to leading global law firms and Fortune 500 companies for more than 30 years, in more than 45,000 cases. IMS consultants become an extension of your legal team from pre-suit investigation services to discovery and then on to arbitration and trial. Learn more at imslegal.com.

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

In this episode of Manufacturing Hub Podcast, hosts Vladimir Romanov and Dave Griffith sit down with Gavin Dilworth to explore the evolving world of ICS and OT cybersecurity. This is a topic that impacts every sector of manufacturing and critical infrastructure, yet many organizations still struggle with where to start, how to assess risk, and how to balance IT and OT responsibilities.Gavin brings decades of experience in automation engineering and cybersecurity, having worked across energy, oil and gas, water, and manufacturing. He shares his unique journey from being an operator and control systems engineer to becoming a specialist in OT cybersecurity. The conversation spans a wide range of issues, from asset inventory and managed switches to people, process, and technology frameworks that help organizations take the first step toward maturity.We discuss why IT and OT teams often clash and what it takes to bridge the gap. Gavin explains the realities of budgets, the challenges of compliance, and why self-reporting frameworks often fail to reflect true maturity. He also highlights the role of legislation in Europe, rising insurance premiums, and how cybersecurity assessments can influence financial and strategic decisions at the executive level.The episode provides clear insights into best practices such as building a proper asset inventory, structuring security awareness training for OT teams, and applying a risk-based approach to patch management. Gavin also outlines the importance of functional safety, process hazard analysis, and the role of frameworks like ISA/IEC 62443. For engineers, leaders, and decision makers, this conversation makes it clear that cybersecurity is not just a technology problem but a people and process challenge that requires long term discipline and investment.If you want to understand what real world OT cybersecurity looks like, what mistakes to avoid, and how to set a path toward resilience, this episode is packed with valuable takeaways.Timestamps 00:00 Introduction and upcoming ICC event 02:20 Gavin's career journey from operator to cybersecurity expert 06:00 What ICS and OT cybersecurity really mean 09:00 Managed switches, firewalls, and securing industrial devices 11:00 The importance of people, process, and technology in security programs 13:30 Asset inventories and the first practical steps in cybersecurity 17:00 Insurance, legislation, and financial implications of OT risk 23:00 The problem with self reporting and maturity frameworks 27:00 Risk based patching strategies and CVE management 31:00 Physical keys, tokens, and access control challenges 37:00 IT versus OT ownership of cybersecurity 45:00 Certifications, training, and resources for professionals 53:00 Unified Namespace and cybersecurity considerations 58:00 Predictions for the next five years in OT cybersecurity 01:02:00 Career advice for engineers and cybersecurity professionalsReferences mentioned in this episode Industrial Network Security, Eric D. Knapp (Third Edition): https://www.isa.org/products/industrial-network-security-third-edition Security PHA Review: https://www.isa.org/products/security-pha-review-for-consequence-based-cyberse Managing Cybersecurity in the Process Industries, ISA: https://www.isa.org/products/managing-cybersecurity-in-the-process-indust Industrial Cybersecurity: Efficiently secure critical infrastructure systems, Steve Mustard: https://www.isa.org/products/industrial-cybersecurity-efficiently-secure-criti Assessment Plus: https://assessmentplus.co.nz Ignition 8.3 by Inductive Automation: https://inductiveautomation.comAbout the hosts Vladimir Romanov is an electrical engineer and MBA with over a decade of experience in manufacturing and industrial automation. He has worked with Procter and Gamble, Kraft Heinz, Post Holdings, and now leads Joltek, a consulting and integration firm focused on digital transformation and modern manufacturing systems.Dave Griffith is an experienced systems integrator, consultant, and advisor in the industrial automation space. He has worked with manufacturers across multiple sectors, helping organizations align technology with business strategy.About the guest Gavin Dilworth is the founder of Assessment Plus, based in New Zealand. With a background spanning automation, controls, and cybersecurity, he helps organizations design architectures, implement policies, and build resilience in OT environments. He also mentors professionals looking to enter or advance in the ICS cybersecurity field. Connect with him here: https://www.linkedin.com/in/gavin-dilworth/

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Show Notes: https://securityweekly.com/asw-347

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Show Notes: https://securityweekly.com/asw-347

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The Salt Typhoon cyber campaign, attributed to Chinese state-backed hackers, has been declared a national defense crisis by the FBI and allied intelligence agencies.A group identifying itself as “Scattered LapSus Hunters” has posted a threat on Telegram demanding that Google terminate two of its employees.A newly discovered WhatsApp vulnerability, now tracked as CVE-2025-55177, has triggered urgent security advisories, particularly for iPhone users.More than 1,000 developers were compromised in just over four hours on August 26 during an unprecedented, AI-assisted software supply chain attack targeting the npm ecosystem.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Glitterpill Podcast – Choosing to Do Something Real in a Rainbow Randolph World with Elsa Korinke, Somatic Practitioner If you've spent one too many hours in “industry convenings” that feel more like a Broadway revival than a strategy session, this one's for you.  I sit down with Elsa Korinke, a somatic practitioner, to talk about what real healing looks like when the CVE world can't stop throwing its endless Parade of Hope. From the body's quiet wisdom to the field's obsession with pageantry, we trace the slapstick dance between sincerity and spectacle. And yes, we even ask: what can a cartoon purple rhino teach extremism researchers about surviving burnout, reclaiming joy, and remembering why any of this work matters in the first place? Absurd? Of course. Necessary? More than ever. Catch Elsa's new offerings here. Join us in the Glitterpill community this September and begin the process of joyful self discovery. ✨ Get the Glitterpill Workbook (DIY Type-A Edition) ✨ Go to Venmo Send $27 to @Glitterpill-Shop In the payment title, write:   Workbook – your@email.com (Example: Workbook – alex.lee@gmail.com) Check your inbox The workbook will be sent to the email you included in the payment title. Option 2 – Inside the Community You can also grab the workbook right here in the community, for $10 a month or $90 annually.  Just follow the pinned instructions, and you'll get instant access without leaving the platform.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It's 8ft skeleton season.02:18 - BHIS - Talkin' Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets'13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we're working through it.'20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I'm a Stanford student. A Chinese agent tried to recruit me as a spy

For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday.  But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.   

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.CISA has added CVE-2025-54948, a critical vulnerability in Trend Micro Apex One, to its Known Exploited Vulnerabilities (KEV) catalog, signaling that the flaw has been actively exploited in the wild.PyPI has introduced new security measures to detect and respond to expired domains tied to user accounts, aiming to shut down a known supply chain attack vector: domain resurrection.A recently discovered post-exploitation tool named RingReaper is gaining attention for its sophisticated evasion strategy: abusing the Linux kernel's io_uring interface to operate undetected by standard endpoint detection and response (EDR) systems.A cyberattack on the Netherlands' Openbaar Ministerie (OM), the Public Prosecution Service, has unexpectedly disrupted speed enforcement across the country.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.• Attackers are actively exploiting CVE-2023-46604, a remote code execution vulnerability in Apache ActiveMQ first disclosed in October 2023, that is used to compromise cloud-hosted Linux servers.• AshES Cybersecurity has publicly disclosed a critical zero-day vulnerability in Elastic's Endpoint Detection and Response (EDR) platform, specifically in the Microsoft-signed kernel driver elastic-endpoint-driver.sys.• At least a dozen ransomware groups are now deploying kernel-level EDR killers - tools designed specifically to disable endpoint detection and response solutions - as part of their malware arsenal.• Microsoft has released an in-depth technical analysis of PipeMagic, a modular backdoor linked to ransomware operations carried out by Storm-2460, a financially motivated threat group associated with RansomEXX.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open:• Nerd Out EP 61. The 2/3 of the Year Awards!Main Topics:FBI PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally. Info Ops: • Most Adults in 25 Countries Say Spread of False Information Is a Top National Threat. The findings come from Pew's seventh iteration of its Global Attitudes Survey: International Opinion on Global Threats, which was last published in 2022. • Foreign disinformation enters AI-powered era. At least one China-based technology company, GoLaxy, seems to be using generative AI to build influence operations in Taiwan and Hong Kong… Documents also show that GoLaxy has created profiles for at least 117 members of Congress and over 2,000 American political figures and thought leaders.• Toxic politics and TikTok engagement in the 2024 U.S. election• Why wind farms attract so much misinformation and conspiracy theory UN - Terror threat posed by ISIL ‘remains volatile and complex,' Security Council hears. The threat posed by the terrorist group ISIL – known more widely in the Middle East as Da'esh – remains dynamic and diverse, with Africa currently experiencing the highest level of activity worldwide.• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General for Counter-Terrorism, United Nations Office of Counter-Terrorism. • PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General, United Nations Office of Counter-Terrorism.• UN Report: ISIS Fighters' Migration to Afghanistan and the Taliban's Failure• ISIS-K poses major threat with 2,000 fighters in Afghanistan, UN saysFEMA Employees Warn That Trump Is Gutting Disaster Response. After Hurricane Katrina, Congress passed a law to strengthen the nation's disaster response. FEMA employees say the Trump administration has reversed that progress. Employees at the Federal Emergency Management Agency wrote to Congress on Monday warning that the Trump administration had reversed much of the progress made in disaster response and recovery since Hurricane Katrina pummeled the Gulf Coast two decades ago. The letter to Congress, titled the “Katrina Declaration,” rebuked President Trump's plan to drastically scale down FEMA and shift more responsibility for disaster response — and more costs — to the states. It came days before the 20th anniversary of Hurricane Katrina, one of the deadliest and costliest storms to ever strike the United States.Quick Hits:• 25% of security leaders replaced after ransomware attack• Gate 15: Hack Yourself First: Pen Testing for Prevention • FB-ISAO: Ransomware Incident Review January to June 2025• Dissecting PipeMagic: Inside the architecture of a modular backdoor framework• Maryland Transit Administration says cybersecurity incident is affecting some of its servicesNevada state government offices closed after network security incident• Audit of Antisemitic Incidents 2024• MIT report: 95% of generative AI pilots at companies are failing• Report: Russian Sabotage Operations In Europe Have Quadrupled Since 2023• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials• Risky Bulletin: NIST releases face-morphing detection guideline• CVE-2025–41688: Bypassing Restrictions in an OT Remote Access Device• Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Germany may ban adblockers https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/   Nebraska man gets jailtime for crypto mining scam https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/   Cyber insurers want CVE exemptions https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve   Drinking alcohol in the US hits all time low https://news.gallup.com/poll/693362/drinking-rate-new-low-alcohol-concerns-surge.aspx   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Michael - https://www.linkedin.com/in/michael-chen-82098a2/

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-409

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Show Notes: https://securityweekly.com/bsw-409

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It's great to know there's a CVE in a library you're using, but it's even better if you can say whether or not that vulnerability actually impacts your application. They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it's playing the CVE game as well. This episode is also available on Youtube. Show notes

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a