Podcasts about cve

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst LINKS Cisco Advisory Cisco Security Advisory – CVE-2026-20127 Authentication bypass vulnerability in Cisco Catalyst SD-WAN https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems) https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Threat Hunt Guide (Technical PDF) Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance) https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF 00:00 Sponsor Message 00:19 Cisco SD-WAN Under Attack 02:48 MCP Azure Takeover Demo 05:28 CarGurus Data Dump 07:16 Secret Service Scam Recovery 09:24 Closing Sponsor Thanks

Show Notes - https://forum.closednetwork.io/t/episode-52-opsec-fail-epstein-files-why-decentralized-systems-are-a-threat-to-power-networks-age-verify-is-coming-to-everything/177Website / Donations / Support - https://closednetwork.io/support/BTC Lightning Donations - closednetwork@getalby.com / simon@primal.netThank You Patreons! - https://www.patreon.com/closednetworkMichael Bates - Privacy Bad AssDavid - Privacy Bad AssInferno Potato - Privacy Bad AssTK - Privacy Bad AssDavid - Privacy Bad AssVO - Privacy Bad AssMrMilkMustache - Privacy SupporterHutch - Privacy AdvocateTOP LIGHTNING BOOSTERS !!!! THANK YOU !!!@bon@sn@x@fireflygowartime@unkown@anonymousBBB - Buy Me. A Coffee - $30.00Thank You To Our Moderators:Unintelligentseven - Follow on NOSTR primal.net/p/npub15rp9gyw346fmcxgdlgp2y9a2xua9ujdk9nzumflshkwjsc7wepwqnh354dMaddestMax - Follow on NOSTR primal.net/p/npub133yzwsqfgvsuxd4clvkgupshzhjn52v837dlud6gjk4tu2c7grqq3sxavtJoin Our CommunityClosed Network Forum - https://forum.closednetwork.ioJoin Our Matrix Channels!Main - https://matrix.to/#/#closedntwrk:matrix.orgOff Topic - https://matrix.to/#/#closednetworkofftopic:matrix.orgSimpleX Group Chat - https://smp9.simplex.im/g#SRBJK7JhuMWa1jgxfmnOfHz7Bl5KjnKUFL5zy-Jn-j0Join Our Mastodon server!https://closednetwork.socialFollow Simon On The SocialsMastodon - https://closednetwork.social/@simonNOSTR - Public Address - npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 - primal.net/simonTwitter / X - @ClosedNtwrkInstagram - https://www.instagram.com/closednetworkpodcast/YouTube - https://www.youtube.com/@closednetworkEmail - simon@closednetwork.ioApple rolls out age-verification tools worldwide to comply with growing web of child safety lawshttps://techcrunch.com/2026/02/24/apple-rolls-out-age-verification-tools-worldwide-to-comply-with-growing-web-of-child-safety-laws/iOS 26.3—Update Now Warning Issued To All iPhone Usershttps://www.forbes.com/sites/kateoflahertyuk/2026/02/13/ios-263-update-now-warning-issued-to-all-iphone-users/Using the vulnerability, tracked as CVE-2026-20700, an attacker could execute arbitrary code. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” Apple said on its support page.iOS 26.4 Beta - End-To-End RCS Encryption For Messageshttps://www.macrumors.com/guide/ios-26-4-beta-features/#:~:text=End%2Dto%2DEnd%20RCS%20Encryption%20for%20MessagesPopular password managers fall short of “zero-knowledge” claimshttps://cyberinsider.com/popular-password-managers-fall-short-of-zero-knowledge-claims/https://www.youtube.com/watch?v=nLJ_sLr72-gWatch Out: Your Friends Might Be Sharing Your Number With ChatGPThttps://www.pcmag.com/news/watch-out-your-friends-might-be-sharing-your-number-with-chatgpt?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=ABitLocker, the FBI, and the Illusion of Controlhttps://cryptomator.org/blog/2026/02/15/bitlocker-fbi-and-the-illusion-of-control/Google patches first Chrome zero-day exploited in attacks this yearhttps://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the fedshttps://vmfunc.re/blog/personaTL;DR: discord's KYC provider (persona) is very naked, very poorly secured federal intelligence outfit, and also a siphon for openai data for them and their partners like worldcoinThe most interesting part (for me) is that it legit crosschecks a discord ID check (actually involves checking your face, IP, device signature, etc....) against chainanlysis dossiers for any partial matches to devices/people/accounts/names involved with tracked crypto addresses.So, if chainalysis gets a device signature, and then you verify your discord on the same device (yielding the same signature), both FinCEN, Chainalysis, OpenAI, and basically everyone now knows your crypto tx your device sig your real identityBill Summary: SB26-051 – Age Attestation on Computing DevicesPurpose:SB26-051 requires operating system providers (such as mobile device platforms) to implement an age attestation system that signals a user's age bracket to apps in order to enhance protections for minors.What the Bill Requires1. Operating System Providers Must:Provide an accessible interface at account setup requiring the account holder to enter the user's birth date or age.Generate an “age signal” that communicates the user's age bracket (not exact age) to applications in a covered app store.Provide developers access to this age signal through a real-time API.Share only the minimum amount of information necessary to comply.Not share the age signal with third parties except as required by the bill.2. Application Developers Must:Request the age signal when the app is downloaded and launched.Treat the age signal as knowledge of the user's age range across all platforms and access points.If they have clear and convincing evidence that a user's age differs from the signal, they must rely on that updated information.Not request more information than necessary.Not share the age signal with third parties except as required by the bill.Enforcement & PenaltiesIf violated:Up to $2,500 per minor per negligent violationUp to $7,500 per minor per intentional violationEnforced through civil action by the Colorado Attorney GeneralIn Simple TermsThe bill creates a standardized age-verification signal built into device operating systems. Instead of each app independently collecting age data, the operating system provides an age bracket to apps — while limiting unnecessary data sharing.The goal is to:Strengthen protections for minorsLimit excessive data collectionCreate a consistent age-verification framework across apps

Rob Slaughter Rob Slaughter, CEO and co-founder of Defense Unicorns, discusses the modernization of the Department of War and the company’s role in facilitating technology integration with Don Witt of the Channel Daily News, a TR publication. Rob and Don comment on the modernization focusing on technology advancements and AI applications. They discussed how the nature of warfare has changed, transitioning from traditional systems to autonomous drones and other advanced technologies. Rob explained that the rapid pace of technological development means that outdated capabilities are no longer acceptable in modern conflicts. Don then asks Rob Slaughter about their platform solution UDS. Rob explains that UDS enables faster integration of modern software and AI solutions into military systems. Rob explained that UDS can integrate with both legacy and modern systems, significantly reducing the time needed for technology deployment compared to traditional methods. They discussed the challenges of deploying technology to the government and how Defense Unicorns helps streamline the process, making it easier for companies to contribute to national defense. This holds true for enterprise software as well. About: Defense Unicorns was created by people who knew firsthand how desperately the people protecting our world needed software that could move as fast as the threat. At the time it was impossible. They imagined a solution that could update in minutes, be CVE-free as a baseline, and thrive in air-gapped and edge environments. And then they built it. Defense Unicorns was officially founded, building on their deep experience delivering software in air-gapped, mission-critical environments. After helping stand up Platform One and Big Bang, the team began aligning real-world services work with product R&D—starting with Zarf, an air-gap-native delivery tool. This product-led approach, grounded in the needs of mission operators, drove early growth. For more information go to: https://defenseunicorns.com

On this week's show, Patrick Gray, Adam Boileau and James WIlson discuss the week's cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Meta's director of AI safety tells her ClawdBot not to delete her mail… so of course it does Peter Williams cops 7 years in jail for selling L3 Harris Trenchant's exploits to Russia Ivanti got hacked in 2021 via… bugs in Ivanti This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can't. This episode is also available on Youtube. Show notes AI-augmented threat actor accesses FortiGate devices at scale "this reads to me like: they ran existing tools.... but with a cool dashboard :D" Anthropic accuses Chinese labs of trying to illicitly take Claude's capabilities | CyberScoop Detecting and preventing distillation attacks Hegseth warns Anthropic to let the military use the company's AI tech as it sees fit, AP sources say Anthropic Rolls Out Embedded Security Scanning for Claude AWS's AI Coding Bot Kiro Caused a 13-Hour Outage Running OpenClaw safely: identity, isolation, and runtime risk Former Adobe, Cisco and Salesforce CISO talks AI pentesting History Repeats: Security in the AI Agent Era Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch The (tangential) fix: Microsoft adds Copilot data controls to all storage locations Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds Persona emails customers saying they don't work with ICE or DHS amid ‘surveillance' claims Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 Ivanti hacked in 2021 via its own product Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message Meter 00:20 Discord Age Verification Backlash 01:37 Persona Code Raises Alarms 03:08 SolarWinds Serv-U Critical RCEs 04:51 Splunk Windows Priv Esc 06:18 Smart TV Screenshot Surveillance 08:35 Wrap Up and Sponsor Thanks

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

NIST is falling behind on vulnerability scoring — and the gap is growing. In this episode, Peter and Steph break down what that means for IT and security teams relying on CVE data to prioritize patching, and how Automox is solving it.We cover:Why NIST's National Vulnerability Database has a growing backlog and what's causing itHow incomplete vulnerability data creates blind spots in your patch management programAutomox's new partnership with VulnCheck to deliver real-time vulnerability intelligenceWhat KEV (Known Exploitable Vulnerabilities) data is and why your leadership team cares about itExpanding from fewer than 10 third-party apps to 70% coverage across 500+ supported applicationsThe rollout plan from third-party apps to macOS, Windows, and LinuxWhether you're running a mature vulnerability management program or just getting started, this episode lays out how the vulnerability data landscape is shifting and what you can do to stay ahead of real-world threats.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When people look back on 2025 they will see many changes in the FedRAMP process.  It looks like a new administration examined the process, got feedback from companies, and launched new initiatives to speed up the process. During today's interview, Irina Denisenko (Knox CEO) details FedRAMP's challenges and something called "FedRAMP 20x." Knox runs the largest FedRAMP-managed cloud, enabling 90-day authorizations by hosting customers' production environments. Denisenko explains the story of the origin of Knox Systems:   she was running a training company and the Air Force wanted to use her product.  It would have taken so long to complete the FedRAMP requirements that she just bought a company that was FedRAMP compliant. It is hard to believe that the process is so frustrating that fewer than 500 apps are authorized at moderate/high FedRAMP The initiative from the GSA is called FedRAMP 20x  It shifts to continuous monitoring and continuous authorization, moving from annual audits (sampled every 3 years) and monthly CVE spreadsheets to real-time, machine-readable data. What Knox offers is a tried-and-true platform that has reduced time for compliance in order to better serve federal needs. 

V této epizodě SecurityCastu rozebíráme vyšetřování platformy X kvůli nástroji Grok, který měl generovat sexualizované obrázky skutečných osob. Podíváme se také na AI-asistovaný útok, při kterém bylo bez použití zero-day kompromitováno přes 600 FortiGate firewallů, na kritickou zranitelnost CVE-2026-22769 v Dell RecoverPoint s maximálním skóre 10.0 a na problém s tím, že přibližně 40 % Android telefonů už nedostává bezpečnostní aktualizace. Nechybí ani novinka od Anthropic, která nasazuje AI nástroj pro hledání zranitelností v kódu.

Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/ Grandstream GXP1600 VoIP Phones https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories:  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised. 00:00 Sponsor Message: Meter's Full-Stack Networking 00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims 00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE 02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations 03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed 05:07 Did SSA Data Leak? Whistleblower vs. Official Denial 06:54 Host Take: What If the "Foundational" Database Was Compromised? 07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo

Was ist in der KW 08 in der Datenschutzwelt passiert, was ist für Datenschutzbeauftragte interessant? DSK/EDPB: Ergebnisse der CEF‑Aktion 2025 zum Recht auf Löschung https://www.edpb.europa.eu/system/files/2026-02/edpb_cef-report_2025_right-to-erasure_en.pdf Zugang zu einem Beamten-Zugangskonto ermöglichte Abgriff von Millionen Bankdaten DPC ermittelt nun auch gegen X Änderung bei einsehbaren WHOIS-Daten der Registrierungsstelle DENIC Kurios: Versehentlicher Versand eines Download-Links führt zur Festnahme LDI NRW genehmigt TÜV‑Nord‑Kriterien für Datenschutz‑Zertifizierung Sicherheitslücke in DJI Saugrobotern Microsoft warnt vor kritischer Sicherheitslücke in Windows Admin Center (CVE‑2026‑26119) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 Weitere Infos, Blog und Newsletter finden Sie unter: https://migosens.de/newsroom/ X: https://x.com/ds_talk?lang=de Übersicht aller Themenfolgen: https://migosens.de/datenschutz-podcast-themenfolgen/ Folge hier kommentieren: https://migosens.de/loschung-im-fokus-der-aufsichtsbehorden-ds-news-kw-08-2026/ (als eigener Feed: https://migosens.de/show/tf/feed/ddt/) Instagram: https://www.instagram.com/datenschutztalk_podcast/

Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in iOS/iPadOS https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes

Neste episódio do DevSecOps Podcast, fomos direto no ponto: SCA não é sinônimo de caçar CVE em biblioteca open source. Durante anos, muita empresa reduziu Software Composition Analysis a “rodar ferramenta e ver se tem vulnerabilidade no npm ou no Maven”. Só que o jogo ficou mais complexo. Hoje falamos de dependências transitivas invisíveis, pacotes abandonados, licenças incompatíveis, ataques à cadeia de suprimentos e componentes proprietários que ninguém inventaria no SBOM porque “não é open source”. Spoiler: risco não pergunta licença. Discutimos:Por que SCA precisa olhar além do GitHub e entender o ecossistema inteiro da aplicaçãoO papel real do SBOM e onde ele falha na práticaSupply chain attacks e o que mudou depois de casos como Log4ShellDependências internas, pacotes privados e artefatos binários esquecidosLicenciamento como risco jurídico, não só técnicoComo integrar SCA de forma estratégica no pipeline e não virar mais um relatório ignoradoSe AppSec é armadura, SCA é o exame de sangue do software. E não adianta medir só colesterol quando o problema pode estar no fígado. Esse episódio é para quem já rodou ferramenta, já viu dashboard bonito e percebeu que ainda assim algo está faltando. Porque está mesmo.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Conviso, Gold Security, Digitalwolk e PurpleBird Security.

Welcome to episode 343 of The Cloud Pod, where the forecast is always cloudy! Justin, Ryan, and Matt are in the studio this week bringing you all the latest in Cloud and AI news, including some of the smaller clouds like Cloudflare and Crusoe Cloud, as well as announcements from the big guys like Google's Gemini DeepThink, Anthropic's big pay day, and Microsoft's Notepad problem. We've got all this plus Matt screwing up his outro AGAIN, so let's get started!  Titles we almost went with this week Chrome’s WebMCP Protocol: Teaching AI Agents to Stop Doom-Scrolling the DOM and Actually Get Work Done Claude Enterprise Self-Service: Because Sometimes You Just Want to Buy AI Without Small Talk AWS EC2 Goes Inception Mode: Now You Can Virtualize Your Virtualization Without Going Broke Amazon EC2 Nested Virtualization: Because Your Virtual Machine Was Lonely and Needed Its Own Virtual Machine CloudWatch Alarm Mute Rules: Because Your Deployment Doesn’t Need a Standing    Ovation at 3 AM Anthropic’s $380 Billion Valuation Proves AI Funding Has Gone Claude Nine AWS EC2 Nested Virtualization Finally Escapes the Expensive Hardware Jail Cloudflare Teaches AI Agents the Magic Words: Accept text/markdown and Save 13,000 Tokens Crusoe Cloud’s MCP Server: Teaching AI Assistants to Stop Asking for the Manager and Just Fix Your Infrastructure Azure’s New Agentic Copilot: Because Manually Clicking Through Dashboards Was So 2023 Chrome’s WebMCP Gives AI Agents a GPS for Websites Because Apparently They’ve Been Lost in the HTML This Whole Time  Anthropic Cuts Out the Middleman: Claude Enterprise Now Available Without the Enterprise Sales Dance AWS Gives CloudWatch the Silent Treatment: New Mute Rules Let Alarms Sleep Through Maintenance Windows AWS CloudWatch Hits Snooze: Mute Rules End On-Call Nightmares AWS Gives CloudWatch the Silent Treatment General News  00:45 Bloat Risk? Microsoft’s Notepad Upgrade Also Introduced a Vulnerability | PCMag Microsoft’s recent Notepad modernization introduced CVE-2026-20841, a vulnerability in the new Markdown support feature that allows malicious links in files to execute remote code.  The flaw has been patched in the February 2026 security updates, but it highlights the security trade-offs when adding features to historically simple applications. The vulnerability exploits Notepad’s Markdown rendering capability, which Microsoft added in May to support lightweight markup language formatting. When Notepad opens a specially crafted Markdown file, embedded malicious links can trigger unverified protocols that load and execute remote files on the system. This incident raises questions about feature bloat in core Windows utilities, particularly as Microsoft continues adding network-dependent capabilities like AI-powered text writing to Notepad. Security researchers are debating

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.  Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens. 00:00 Sponsor: Meter + Today's Cybersecurity Headlines 00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited 02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging 04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer 06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments 07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks 09:11 Wrap-Up, Thanks, and Sponsor Message

Google issued a security update for Chrome to fix a high-severity vulnerability, CVE-2026-2441, which allows remote code execution through a crafted HTML page. The flaw, discovered by Shaheen Fazim, is actively exploited. Users should update Chrome to version 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux. Chromium-based browser users should apply updates. Apple also released patches for a separate zero-day vulnerability affecting its platforms.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

Karnevalskater trifft Open-Source-Kater: Zwischen FOSDEM-Raumsuche, MySQL-Gerüchten und ethischen Grundsatzdebatten stolpern wir durch Tech-Trends und AI-News. Dazu gibt's Abo-Detox, Desktop-Frust und die Erkenntnis: Digitale Souveränität beginnt manchmal mit „Kündigen“-Button statt Keynote. Blast from the Past MySQL - Bericht vom FOSDEM Stand Rant extended - same as posting blogposts on linkedin applies - of course - to medium. Static Site Generators with AsciiDoc support Toter der Woche Google Pixel 3a Untoter der Woche notepads Windows Notepad Ursache Markdown feature Microsoft seite Notepad++ AI der Woche AI agent seemingly tries to shame open source developer for rejected pull request AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty) Selfish AI Anthropic raises $30B Series G funding at $380B post-money valuation (Anthropic) Nvidia shares are down after a report that its OpenAI investment stalled. Here's what's happening News Wero: Commerzbank macht mit

Rusland hackt het Poolse stroomnetwerk maar Polen houdt de lichten aan en China infiltreert jarenlang telecom providers wereldwijd met 8 jaar oude vulnerabilities. The Telegraph schreeuwt dat Boris Johnson's telefoon gehackt is, maar het verhaal is interessanter én enger - het gaat niet om telefoons maar om de providers zelf. Marco legt uit waarom ISPs de "holy grail" zijn voor spionage (metadata kills people), Jelle neemt het Telegraph-artikel vakkundig uit elkaar en Ronald vertelt waarom één gecompromitteerde provider toegang geeft tot miljoenen klanten. Van TACACS+ traffic capture tot GRE tunnels, van Cisco Guest Shell containers tot BGP routing manipulatie - dit is "one of the more successful campaigns in the history of espionage" en het had voorkomen kunnen worden door gewoon te patchen. AIVD en MIVD tekenden mee op de advisory, dus ja, dit raakt ook Nederland. Bronnen Sandworm Poland Power Grid - SecurityWeek: "Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid" (23 jan 2026): https://www.securityweek.com/russian-sandworm-hackers-blamed-for-cyberattack-on-polish-power-grid/ Salt Typhoon - Telecom Espionage - The Telegraph: "China hacked Downing Street phones for years" (27 jan 2026): https://www.telegraph.co.uk/news/2026/01/26/china-hacked-downing-street-phones-for-years/ - AIVD/MIVD: "Nederlandse providers doelwit van Salt Typhoon": https://www.aivd.nl/actueel/nieuws/2025/08/28/nederlandse-providers-doelwit-van-salt-typhoon - Joint Cybersecurity Advisory: CISA/NSA/FBI/NCSC-UK/AIVD/MIVD + 15 landen - "Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide" - CVE-2024-21887: Ivanti Connect Secure command injection - CVE-2024-3400: Palo Alto Networks GlobalProtect RCE - CVE-2023-20198 & CVE-2023-20273: Cisco IOS XE authentication bypass + privilege escalation - CVE-2018-0171: Cisco IOS Smart Install RCE (8 jaar oud!)

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Microsoft reshuffles security leadership. It doesn't spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude's go at a C compiler This week's episode is sponsored by Ent.AI, an AI startup that isn't quite ready to tell us all what they're doing. But nevertheless, founder Brandon Dixon joins to discuss AI's role in security. Where does language-based understanding take us that previous methods couldn't? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot's digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year's zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore's Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.OpenClaw, an open source AI agent formerly known as MoltBot and ClawdBot, has rapidly become the fastest-growing project on GitHub, amassing over 113,000 stars in under a week.A critical vulnerability in the React Native Community CLI NPM package, tracked as CVE-2025-11953 with a CVSS score of 9.8, has been actively exploited in the wild since late December 2025, according to new findings by VulnCheck. JFrog article.Following the disclosure in the Notepad++ v8.8.9 release announcement, further investigation confirmed a sophisticated supply chain attack that targeted the application's update mechanism.Google, in coordination with multiple partners, has undertaken a large-scale disruption effort targeting the IPIDEA proxy network, which it identifies as one of the largest residential proxy networks globally.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In October 2025, CyberPress reported a critical security vulnerability in the Redis Server, an open-source in-memory database that allowed authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine. In 2024, another prominent temporal memory safety flaw was found in the Netfilter subsystem in the Linux kernel: CVE-2024-1086. Bugs related to temporal memory safety, such as use-after-free and double-free vulnerabilities, are challenging issues in C and C++ code. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Lori Flynn, a senior software security researcher in the SEI's CERT Division, and David Svoboda, a senior software engineer, also in CERT, sit down with Tim Chick, technical manager of CERT's Applied Systems Group, to discuss recent updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal memory.  

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2February 11, 2026 | 12:00 - 1:00 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2Top Headlines: VulnCheck | Metro4Shell: Exploitation of React Native's Metro Server in the Wild: https://www.vulncheck.com/blog/metro4shell_eitw Notepad | Notepad++ Hijacked by State-Sponsored Hackers: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ ThreatLabz | Operation Neusploit: APT28 Uses CVE-2026-21509: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250 ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

Russian-state hackers, identified as APT28, exploited a Microsoft Office vulnerability, CVE-2026-21509, within 48 hours of a security update, compromising devices in diplomatic, maritime, and transport organizations across several countries. The attack used encrypted exploits and payloads executed in memory to evade detection. The campaign began on January 28, targeting organizations in nine countries, including Poland, Slovenia, and Ukraine, affecting defense ministries, transportation operators, and diplomatic entities.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

When a popular antivirus and even Notepad++ turn into infection vectors after supply chain breaches, it's clear no software is safe from attack—or from its own update system. Steve and Leo unpack the risks hiding right inside your next auto-update. An anti-virus system infects its own users. Apple's next iOS release "fuzzes" cellular locations. cURL discontinues bug bounties under bogus AI flood. AI discovers and fixes 15 CVE-worthy 0-days in OpenSSL. Ireland did NOT already pass their spying legislation. AI irreversibly deletes all project files. Says it's sorry. Windows has a serious global clipboard security problem. ISPs have the ability to monetize their subscriber's identities. MongoDB has lowered the hacking skill level bar to the floor Show Notes - https://www.grc.com/sn/SN-1063-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com/twit meter.com/securitynow bitwarden.com/twit material.security guardsquare.com

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves.Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodYTranscript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-opensslLinks:- https://cryptography.io/en/latest/statements/state-of-openssl/- Py Cryptography: https://cryptography.io- https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf- https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/- https://packages.gentoo.org/packages/media-libs/libsdl- https://www.youtube.com/watch?v=RUIguklWwx0- https://datatracker.ietf.org/doc/rfc9180/- https://docs.openssl.org/3.3/man3/OSSL_PARAM/- https://openssl.foundation/- https://github.com/openssl/openssl/issues/17064- https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny- https://github.com/topazproject/topaz- https://github.com/actions/runner/issues/1069- https://crystalhotsauce.com/- https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467- https://en.wikipedia.org/wiki/Ship_of_Theseus- https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d- https://www.ibm.com/products/open-sdk-for-rust-aix- https://dadrian.io/blog/posts/corporate-support-xz/- https://peps.python.org/- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/- https://go.dev/blog/fips140- https://dadrian.io/blog/posts/roll-your-own-crypto/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Send us a textWhat happens when custom malware turns IoT into a springboard for OT, and gas pumps become levers for panic? We open with a timely look at Iranian-linked operations targeting PLCs and use that story to ground a full, practical tour of CISSP Domain 6.4: how to analyze scan output and generate reports that actually drive action.We break down the anatomy of a high-value vulnerability report—clean executive summaries, CVE and CVSS clarity, and the business context that separates theoretical risk from real-world impact. From there, we map a repeatable cadence for internal scans full of misconfigurations, default creds, and end-of-life software, plus a strategy to turn noisy findings into steady wins through prioritization, trend metrics, and small, fast fixes that build momentum.On the perimeter, we focus on external scans across web apps, APIs, cloud edges, and third parties. You'll hear hard-earned tactics for handling M&A exposure, vendor VPNs, misconfigured buckets, and certificate drift without breaking production. We share validation steps that avoid false positives and chaos in prod, then show how to formalize exceptions with risk assessments, compensating controls, and an auditable register that satisfies PCI DSS, HIPAA, SOX, and GDPR expectations.We close with ethical disclosure done right—timelines, ISO/IEC 29147 alignment, and when to coordinate versus publish—so you protect users and your organization without stepping into legal traps. If you're studying for the CISSP or building a vulnerability management program that survives contact with reality, this guide will help you prioritize what matters, communicate clearly, and keep improving.Enjoyed the show? Subscribe, share with a teammate, and leave a quick review so others can find it. Tell us: what metric best proves your remediation progress?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

It was a busy week in the cybers! Today we start with the targeted exploitation of another Fortinet vulnerability (CVE-2026-24858) that enables simple authentication bypass (1:15), then we discuss Google's disruption of a large residential proxy network called IPIDEA that has been abused by hundreds of threat actors (5:40), then we talk about the continued attacks on an older WinRAR bug by both cybercrime and APT groups (10:11). Finally, we shout out some of our favorite fellow creators in security community: the Three Buddy Problem podcast, John Hammond, and Matt Johansen. Support the show

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Microsoft just dropped an emergency patch for an Office zero-day being exploited in the wild. A WordPress plugin has a CVSS 10.0 vulnerability — that's the golden goose of hacking. 900,000 Chrome users had their ChatGPT conversations stolen by malicious extensions with Google's Featured badge. And two cybersecurity professionals pleaded guilty to moonlighting as ransomware affiliates. Welcome to 2026. It's gonna be a fun year. In this episode: CVE-2026-21509: Microsoft Office zero-day (security feature bypass) CVE-2026-23550: WordPress Modular DS critical vulnerability Prompt Poaching: Chrome extensions stealing AI conversations Brightspeed breach: Crimson Collective claims 1M+ records Insider threat: Security pros turned BlackCat/ALPHV affiliates Key takeaway: Update your stuff. A patch does you no good if it isn't installed. Subscribe for weekly cybersecurity news, vulnerability breakdowns, and threat intelligence.   https://forgeboundresearch.com/podcasts/

Scanning Webserver with pwd as a Starting Path Attackers are adding the output of the pwd command to their web scans. https://isc.sans.edu/diary/x/32654 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509 Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 Exposed Clawdbot Instances Many users of the AI tool clawdbot expose instances without access control. https://x.com/theonejvo/status/2015485025266098536

Analysis of Single Sign-On Abuse on FortiOS Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Outlook OOB Update Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches. https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491 VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) A VMWare vCenter vulnerability patched last June is now actively exploited. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.North Korean threat actors are targeting macOS software developers in a new malware campaign that abuses Visual Studio Code (VS Code) confi gurations to deliver JavaScript-based backdoors, according to research from Jamf.Sinkholes are usually seen as the end of a malicious campaign - the point where domains are seized and abuse stops.China's pen-testing and red-team ecosystem has always been hard to observe, especially since many teams stopped participating in international CTFs post-2018.A critical zero-day vulnerability, CVE-2025-64155, has been discovered in Fortinet's FortiSIEM platform by Horizon3.ai, allowing unauthenticated remote code execution and privilege escalation to root.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Today we are talking about Integrations into Drupal, Automation, and Drupal with Orchestration with guest Jürgen Haas. We'll also cover CRM as our module of the week. For show notes visit: https://www.talkingDrupal.com/537 Topics Understanding Orchestration Orchestration in Drupal Introduction to Orchestration Services Drupal's Role in Orchestration Flexibility in Integration Orchestration Module in Drupal Active Pieces and Open Source Integration Security Considerations in Orchestration Future of Orchestration in Drupal Getting Involved with Orchestration Resources Orchestration N8N https://www.cve.org/CVERecord?id=CVE-2026-21877 https://www.cve.org/CVERecord?id=CVE-2026-21858 Drupal as an application Tools Orchestration ECA Maestro AI Flowdrop Guests Jürgen Haas - lakedrops.com jurgenhaas Hosts Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi MOTW Correspondent Martin Anderson-Clutz - mandclu.com mandclu Brief description: Have you ever wanted a Drupal-native way to store, manage, and interact with people who might not all be registered users? There's a module for that. Module name/project name: CRM - Contact Relationship Management Brief history How old: created in Apr 2007 by Allie Micka, but the Steve Ayers aka bluegeek9 took over the namespace Versions available: 1.0.0-beta2, which works with Drupal 11.1 or newer Maintainership Actively maintained, latest release just a day ago Security coverage: opted in, but needs a stable release Test coverage Number of open issues: 73 open issues, but all bugs have been marked as fixed Usage stats: 10 sites Module features and usage Listeners may remember some mention of the CRM module in the conversation about the Member Platform initiative back in episode 512 As a reminder, something other than standard Drupal user accounts is useful for working with contact information for people where you may not have all the criteria necessary for a Drupal user account, for example an email address. Also, a dedicated system can make it easier to model relationships between contacts, and provide additional capabilities. It's worth noting that this module defines CRM as Contact Relationship Management, not assuming that the data is associated with "customers" or "constituents" as some other solutions do At its heart, CRM defines three new entity types: contacts, contact methods, and relationships. Each of these can have fieldable bundles, and provides some default examples: Person, Household, and Organization for contacts; Address, Email, and Telephone for contact methods; and Head of household, Spouse, Employee, and Member for relationships Out of the box CRM includes integrations with other popular modules like Group and Context, in addition to a variety of Drupal core systems like views and search As previously mentioned CRM is intended to be the foundational data layer of the Member Platform, but is also a key element of the Open Knowledge distribution, meant to allow using Drupal as a collaborative knowledge base and learning platform

In the security news: Rainbow tables for everyone Lilygo releases a new T-Display that looks awesome AI generated malware for real Detecting BadUSB when its not a dongle A telnetd vulnerability Google Fast Pair and how I took control of your headset Should we make CVE noise? Exploiting the Fortinet patch DIY data diode Bambu NFC reader for your Flipper Payloads in PNG files Don't leave the lab door open - amazing research and new tool release Fixing your breadboards Finding vulnerabilities in AI using AI Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is still a really bad idea. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-910

The renewable energy sector faces a critical cybersecurity gap. As wind farms, solar installations, and battery energy storage systems proliferate across the globe, they create a decentralized network of digitally controlled assets that remain largely unprotected. Rafael Narezzi, Co-Founder and CEO of Cyber Energia, brings more than two decades of technology leadership experience to address this growing vulnerability in critical infrastructure.Cyber Energia takes a fundamentally different approach to OT security. While most cybersecurity companies stop at identifying risks through CVE scores and vulnerability assessments, Cyber Energia starts from the risk and translates it into financial terms that executives can act upon. The platform connects technical findings to compliance frameworks including NIS 2.0, IEC 62443, and NERC CIP, providing asset owners with a clear maturity landscape and actionable intelligence.Rafael Narezzi explains that asset owners in the renewable sector operate differently than traditional IT environments. Financial companies often acquire energy assets as investments without maintaining technical staff on-site. When compliance regulations now hold these owners personally liable for cybersecurity failures, they need tools that speak their language: dollars, risk, and return on investment. Cyber Energia prices its services per megawatt, demonstrating its commitment to speaking the language of energy.The decentralization of energy generation presents unique challenges. Rafael Narezzi points to recent cyber attacks on Poland's distributed grid as evidence that threat actors understand how to manipulate multiple remote locations simultaneously to destabilize power networks. Battery energy storage systems present particular risks, as compromised dispatch commands could create grid imbalances similar to the fictional scenario depicted in Ocean's 11. Yet many sites lack even basic cyber hygiene protections.Cyber Energia helps customers understand the financial impact of potential attacks. A 98-megawatt wind turbine site, for example, could lose 1.9 million dollars from just one week of downtime. This quantification enables executives to make informed decisions about relatively modest security investments that significantly reduce their risk exposure. The platform provides a single-view dashboard for organizations managing hundreds of sites across different regions, technologies, and regulatory environments.Rafael Narezzi observes that a CEO before a cyber attack is fundamentally different from a CEO after one. Organizations often underestimate digital risks compared to physical ones, despite living in an increasingly connected world. Regulations like NIS 2.0 now impose personal liability on directors and can revoke operating licenses, removing any excuse for neglecting cybersecurity. The awareness is changing, but Cyber Energia continues working to close the gap between compliance requirements and actual security posture across the renewable energy sector.This is a Brand Story. A Brand Story is a ~35-40 minute in-depth conversation designed to tell the complete story of the guest, their company, and their vision. Learn more: https://www.studioc60.com/creation#fullGUESTRafael Narezzi, Co-Founder and CEO of Cyber Energiahttps://www.linkedin.com/in/narezzi/RESOURCESCyber Energiahttps://cyberenergia.com/Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSRafael Narezzi, Cyber Energia, Sean Martin, brand story, brand marketing, marketing podcast, brand story, OT cybersecurity, renewable energy security, critical infrastructure protection, NIS 2.0 compliance, IEC 62443, wind farm cybersecurity, solar energy security, battery energy storage systems, BESS security, decentralized energy grid, cyber risk quantification, energy sector compliance, NERC CIP, operational technology security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week's cybersecurity news, including: Santa brings hackers MongoDB memory leaks for Christmas Vercel pays out a million bucks to improve its React2Shell WAF defences 39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPG Cambodian scam compound kingpin gets extradited to China, and we don't think it'll go well for him Krebs picks apart the Kimwolf botnet and residential proxy networks So many healthcare data leaks that we have a roundup section This week's episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft's ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code! This episode is also available on Youtube. Show notes US, Australia say ‘MongoBleed' bug being exploited | The Record from Recorded Future News Merry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsar Inside Vercel's sleep-deprived race to contain React2Shell | CyberScoop gpg.fail Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch Chinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future News Ni8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research Labs ServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoop Alleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future News FCC IoT labeling program loses lead company after China probe | Cybersecurity Dive Trump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington Post NSA cyber directorate gets new acting leadership | The Record from Recorded Future News Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future News ECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22 The Kimwolf Botnet is Stalking Your Local Network – Krebs on Security Who Benefited from the Aisuru and Kimwolf Botnets? – Krebs on Security Coupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future News Ransomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future News Nearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future News Illinois health department exposed over 700,000 residents' personal data for years | TechCrunch Tech provider for NHS England confirms data breach | TechCrunch Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I'm in negotiations to get it' - NZ Herald

Malicious Process Environment Block Manipulation The process environment block contains metadata about particular processes, but can be manipulated. https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/ YARA-X 1.11.0 Release: Hash Function Warnings The latest version of YARA will warn users if a hash rule attempts to match an invalid hash. https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616 VideoLAN Security Bulletin VLC 3.0.22 CVE-2025-51602 VideoLAN fixed several vulnerabilities in its VLC software. https://www.videolan.org/security/sb-vlc3022.html Apache NimBLE Bluetooth vulnerabilities NimBLE is a Bluetooth stack popular in IoT devices. An update fixes some eavesdropping and pairing vulnerabilities. https://mynewt.apache.org/cve/

Topics covered in this episode: port-killer How we made Python's packaging library 3x faster CodSpeed Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: port-killer A powerful cross-platform port management tool for developers. Monitor ports, manage Kubernetes port forwards, integrate Cloudflare Tunnels, and kill processes with one click. Features: