Podcasts about Cyber

Sam's mom, Ms. Judy, shares some wisdom with us on her 86th birthday!How MUCH should you cyber-snoop a person before a date?!The best treats for an overweight dog.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

To try everything Brilliant has to offer for free for a full 30 days, visit https://brilliant.org/davidbombal or scan the QR code onscreen – You'll also get 20% off an annual premium subscription. Recorded at Black Hat with David Bombal, this conversation with Caitlin Sarian (@CybersecurityGirl) traces her path from aerospace engineering and LA Galaxy cheerleading to cybersecurity leader and viral creator. She explains how posting 3×daily on TikTok led to ~500K followers and a role at TikTok (global cybersecurity advocacy & culture), why she left after a year, and how she's now helping others via Cyber Career Club. // Caitlin Sarian's SOCIALS // Website: https://www.cybersecuritygirl.com/ Instagram: / cybersecuritygirl YouTube: / cybersecuritygirl LinkedIn: / caitlin-sarian TikTok: / cybersecuritygirl // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:29 - Intro 01:01 - Brilliant Ad 02:22 - Caitlin's History with TikTok 06:25 - Caitlin's Story 10:19 - Caitlin's Professional Journey 18:09 - How to be an Influencer 19:42 - Why you Need a Team 21:22 - Why you Need to Network 23:58 - All the Areas of Cyber 24:49 - Caitlin's Advice to her Younger Self 27:22 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cybersecurity #blackhat #cybersecuritygirl

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss a pair of lawsuits targeting ChatGPT's maker, cyber crime news, and one US politician's novel solution to combat hackers. Hollingworth and Croft kick things off by addressing a pair of lawsuits targeting OpenAI and the tragic case of a teenager who was allegedly aided in their suicide by ChatGPT's advice. The pair then catch up with the latest news: from a string of cyber attacks that targeted Western Sydney University to Google's warning of increased Iranian cyber attacks and a round-up of this week's local ransomware attacks targeting Aussie businesses. Hollingworth and Croft end the podcast discussing Australia's “right to disconnect” laws and the bold plan of one American politician to bring back the Age of Sail's letters of marque to recruit cyber privateers. Enjoy the episode, The Cyber Uncut team

Sponsors:• ◦ Visit Buildertrend to get a 60-day money-back guarantee on your Buildertrend account• ◦ Marvin Windows and Doors• ◦ Sub-Zero Wolf Cove Showroom PhoenixConnect with Tyler Woodruff:https://www.leavitt.com/woodruff/staff/tyler-woodruffConnect with Brad Leavitt:Website | Instagram | Facebook | Houzz | Pinterest | YouTube

On this episode of SDP TopicsYoung Thug “snitch” accusations Will Smith A.I concerts.Bel Air trailer comingCardi be testimony in courtSkip bayless & Gilbert arenas new showDJ Khaled dropped new singlesNetflix docs - Jussie- Degrassi Doc- Dallas cowboys - The biggest loser doc - Cyber bully catfish doc Boosie pleads guiltyMichah Parsons to the packers Drake fake death Row chainDrake vs Rob MarkmanMark Wahlberg & Lakeith StanfeildMakkonan working in the kitchen Pat Mahomes stalkers

Send us a textOn this episode of seriousprivacy, Paul Breitbarth is away, so Ralph O' Brien and Dr. K Royal bring you a mish mash week in privacy. Topics include current news and a little bit about the differences in GDPR compliance vs what the US privacy laws require.  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242 FreePBX Vulnerability An upatched vulnerability in FreePBX is currently being exploited. FreePBX offers mitigation advice and has also just released a beta patch. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 Passwordstate Vulnerability Clickstudios patched an authentication bypass vulnerability in its password manager, Passwordstate. The vulnerability can be used to access the emergency password page. https://www.clickstudios.com.au/passwordstate-changelog.aspx

Three Buddy Problem - Episode 60: We dissect a fresh multi-agency Salt Typhoon advisory (with IOCs and YARA rules!), why it landed late, why the wall of logos matters (and doesn't), and what's actually usable for defenders: new YARA, tool hashes, naming ambiguity across reports, the mention of Chinese vendors, and a Dutch note that smaller ISPs were hit. Plus, Costin details his hunting stack and philosophy (historic IOC/malware hoarding, fast pivots, and AI as analyst “wingman”) and a new Chinese APT report that may intersect with LightBasin and the murky PSOA world. We also debate Google's proposed “cyber disruption unit” versus Microsoft's DCU (legal vs. “ethical” takedowns, PR, and business models); react to Anthropic's report on real attacker use of Claude; note Amazon's APT29 watering-hole disruption; and close on a fresh WhatsApp-to-ImageIO zero-click chain and practical phone OPSEC. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Mike at Iceberg Cyber was struggling to find product market fit...He wasn't growing the way he wanted to.He decided to buckle down and learn all about marketing despite his technical background. He paired that with actually listening to his target market. That combination created a massive boom in his business - up 500% in a single year!Mike is a great dude and a good friend now. He was gracious enough to come visit our office while he was in Florida, so we had to get a podcast in!

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

For some completely unknown reason, we're morose today. So let's talk about dementia, CTE, and ransomware. Hey, they're important topics. We also talk about Naked Gun, so it's not all doom and gloom. One day we may even watch it.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Send us a textWhat do cooking steaks, German football, and MSP automation have in common? In this enriching episode, Joey Pinz chats with Mathias Zeumer about how life in the kitchen, yoga, and cybersecurity intersect in surprising ways. From 10 summers in a private club to managing human risk in the digital world, Mathias brings a grounded, practical philosophy to everything he does.

Send us a textIn this action-packed episode, Joey Pinz sits down with cybersecurity veteran and ex-MSP operator Chris Loehr. From his early days as a two-footed soccer midfielder to leading Solis Security through complex ransomware response cases, Chris shares insights forged in both cleats and crisis. ⚽

Send us a textIn this refreshingly candid episode of the Joey Pinz Discipline Conversations podcast, Joey dives deep with Nadav Shenker, CEO of Vircom, a leading provider of email security solutions.

Send us a textIn this thoughtful episode of the Joey Pinz Conversations podcast, Joey sits down with Stan Ivanov, founder and  CTO of ThreatMate, to explore a decades-long journey through software development, entrepreneurship, and personal evolution.

Tony chats with Lucas Roberts, Wholesale Broker at Anzen Insurance, they aim to offer the best technology combined with the best wholesale broker offering Cyber, Specialty Commercial, E&O, D&O and EPLI. Their software analyzes submission data and allows sending to various markets in one click while still having a broker that can really walk you through difficult risks.Lucas Roberts: https://www.linkedin.com/in/lucas-roberts-a70612a5/Anzen Insurance: https://anzen.com/

August 27, 2025: Dan Dodson, CEO of Fortified Health Security, discusses how healthcare organizations are rethinking cybersecurity strategy amid mounting financial pressures. Dan shares insights from their Nashville Executive Briefing Center, where healthcare leaders are uncovering critical gaps in their security programs. As AI tools spread faster than anyone anticipated—with physicians using platforms that security experts haven't even heard of—how do organizations balance innovation with control? With Medicare cuts looming and every cybersecurity dollar representing money moved away from patient care, are healthcare systems getting real value from their fragmented tool investments?  Key Points: 01:31 Executive Briefing Center Experience 06:27 Cyber Survivor Podcast 11:02 Midyear Horizon Report Insights 13:47 Lightning Round Questions X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

Returning from this year's DEF CON, hear from our Offensive Team Managers, Dowd and Findlay, and Pinky, IR Manager and co-host of The Hackle Box. Hear about new highlights, CTF's, and villages, and reflection from Brad as a Blue Team member navigating past challenges. Have something to say? Contact us at unsecurity@frsecure.com and follow us for more!LinkedIn: frsecure Instagram: frsecureofficialFacebook: frsecureBlueSky: frsecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Reading Location Position Value in Microsoft Word Documents Jessy investigated how Word documents store the last visited document location in the registry. https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224 Weaponizing image scaling against production AI systems AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/ IBM Jazz Team Server Vulnerability CVE-2025-36157 IBM patched a critical vulnerability in its Jazz Team Server https://www.ibm.com/support/pages/node/7242925

Space may look empty, but it's crowded, fragile, and under threat. Former Congresswoman Jane Harman and Lieutenant General (Ret.) Nina Armagno — former U.S. Space Force Director of Staff who oversaw missile warning, satellite operations, and space launches — reveal how satellites quietly keep the world running, and how quickly it could all go dark. Imagine waking up to no internet, no GPS, and no air travel. They share what's happening above our heads, and why we can't afford to ignore it.

A round-up of the main headlines in Sweden on August 26th, 2025. You can hear more reports on our homepage www.radiosweden.se, or in the app Sveriges Radio. Presenter/Producer: Kris Boswell.

If you like what you hear, please subscribe, leave us a review and tell a friend!

While everyone obsesses over AI security, the old-school cyber threats are piling up. In this episode of the Security Squawk Podcast, hosts Bryan Hornung and Randy Bryan break down four major incidents that prove ransomware, breaches, and network shutdowns aren't going anywhere. We cover: Nevada state offices crippled by a major security incident Farmers Insurance data breach affecting over 1 million people Data I/O ransomware attack shutting down systems Nissan's design studio breach claimed by the Qilin ransomware gang Plus, we connect the dots to show why ransomware attacks have surged nearly threefold in 2024 — and what businesses need to do to avoid being the next headline. Stay sharp, stay informed, and don't let the AI hype distract you from the real threats hitting businesses every day. ️ New to streaming or looking to level up? Check out StreamYard and get $10 discount! https://streamyard.com/pal/d/65161790...

The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded . https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228 .desktop files used in an attack against Linux Desktops Pakistani attackers are using .desktop files to target Indian Linux desktops. https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/ Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram A go module advertising its ability to quickly brute force passwords against random IP addresses, has been used to exfiltrate credentials from the person running the module. https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials Limiting Onmicrosoft Domain Usage for Sending Emails Microsoft is limiting how many emails can be sent by Microsoft 365 users using the onmicrosoft.com domain. https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft's entanglement in China. Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It's all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the world's most important software company stop doing things like this? Tune in to the Wide World of Cyber podcast to find out! This episode is also available on Youtube. Show notes

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Germany may ban adblockers https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/   Nebraska man gets jailtime for crypto mining scam https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/   Cyber insurers want CVE exemptions https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve   Drinking alcohol in the US hits all time low https://news.gallup.com/poll/693362/drinking-rate-new-low-alcohol-concerns-surge.aspx   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Michael - https://www.linkedin.com/in/michael-chen-82098a2/

Guest: Errol Weiss, Chief Security Officer (CSO) at Health-ISAC Topics: How adding digital resilience is crucial for enterprises? How to make the leaders shift from “just cybersecurity“  to “digital resilience”? How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money? How to make yourself a smaller target? Smaller target measures fit into what some call “basics.”  But “Basic” hygiene is actually very hard for many. What are your top 3 hygiene tips for making it happen that actually work? We are talking about under-resources orgs, but some are much more under-resourced, what is your advice for those with extreme shortage of security resources? Assessing vendor security - what is most important to consider today in 2025?  How not to be hacked via your vendor? Resources: ISAC history (1998 PDD 63) CISA Known Exploited Vulnerabilities Catalog Brian Krebs blog Health-ISAC Annual Threat Report  Health-ISAC Home  Health Sector Coordinating Council Publications Health Industry Cybersecurity Practices 2023 HHS Cyber Performance Goals (CPGs)  10 ways to make cyber-physical systems more resilient EP193 Inherited a Cloud? Now What? How Do I Secure It? EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights EP49 Lifesaving Tradeoffs: CISO Considerations in Moving Healthcare to Cloud EP233 Product Security Engineering at Google: Resilience and Security EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

The top lawmakers on a key House cybersecurity panel are hoping to remove a barrier to entry for cyber jobs in the federal government. Introduced last week, the Cybersecurity Hiring Modernization Act from Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio, would prioritize skills-based hiring over educational requirements for cyber jobs at federal agencies. Mace and Brown — the chair and ranking member of the House Oversight Cybersecurity, Information Technology, and Government Innovation Subcommittee, respectively — said the legislation would ensure the federal government has access to a “broader pool of qualified applicants” as the country faces “urgent cybersecurity challenges.” Mace said in a press release Thursday: “As cyber threats against our government continue to grow, we need to make sure our federal agencies hire the most qualified candidates, not just those with traditional degrees. This bill cuts red tape, opens doors to skilled Americans without a four-year diploma but with the expertise to get the job done, and strengthens our nation's cybersecurity workforce.” Brown said in a statement that expanding the cyber workforce is “imperative” to “meet our nation's growing need for safe and secure systems.” The bill aims to “remove outdated hiring policies, expand workforce opportunities to a wider pool of talented applicants, and help agencies hire the staff that they need,” she added. The bill calls on the Office of Personnel Management to annually publish any education-related changes that are made to minimum qualification requirements for federal cyber roles. OPM would also be charged with aggregating data on educational backgrounds of new hires for those cyber positions. Texas-based defense startup Saronic Technologies will produce multiple batches of autonomous maritime drones for the U.S. Navy by mid-2031 under an other transaction agreement (OTA) worth more than $392 million, according to officials and public contracting documents viewed by DefenseScoop. Details are sparse regarding the specific features, types and quantities of unmanned vessels Saronic will deliver — but they'll likely mark a major component of the Navy's AI-enabled, hybrid fleet that's being designed to counter security threats in and around the Pacific. OTA contract vehicles offer Defense Department buyers more flexibility and speed than traditional Federal Acquisition Regulation-based acquisitions. They're a key element in the Navy's broader plan to modernize and incentivize accelerated technology adoption to prepare for future fights. According to records posted on the Federal Procurement Data System, Naval Sea Systems Command and Saronic Technologies formalized this $392 million OTA — which has a completion date of May 30, 2031 — on May 16. Two months later, in July, NAVSEA made an award to Saronic worth nearly $197 million under the agreement, or about half of the total award ceiling. It's unclear if more awards have been made to date.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Jon Schipp, the “Ric Flair of Cybersecurity,” is the senior director of inorganic growth strategy at Rapid7. Jon mixes cyber technical mastery, business acumen, and stage presence to identity mergers and partnerships for his company's growing cybersecurity platform. He shares his story with hosts Jack Clabby of Carlton Fields and Kayley Melton, executive director of […]

As spaceports evolve into sophisticated hubs for space exploration, the integration of emerging technologies such as digital twins, artificial intelligence (AI), and robust cybersecurity measures is becoming essential for operational success. We speak to Guadalupe Casuso, Vice President, Technology & Innovation / Digital Labs & Strategic Partnerships at Parsons.  You can join Guada and Maria on August 27 for the Global Spaceport Alliance Webinar Spaceports as Smart Hubs. You can also read Guada's article on Harnessing Digital Twins, AI, and Cyber for Smarter Spaceport Operations Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The episode where we attempt to cleanse the earth via weather. Can severe head wounds be good sometimes? In this podcast, we speculate about the BJ ship, and so does Polly. This episode was recorded on 21 June 2025. Email us at thedoctorswatcher@gmail.com. I guess people listen to podcasts on YouTube now? Follow us on Tumblr at the-doctors-watcher. I finally made us a Bluesky account. Check out Circuit 23's music at http://soundcloud.com/circuit23 and email him at circuit.23@gmail.com. Listen to his album “Mens Vermis” at https://circuit23.bandcamp.com/album/mens-vermis.

What if convergence wasn't a single security professional but an interoperable partnership? We are delighted to speak with Toro Solution's Cyber lead Katie Barnett and Physical and Corporate Security Lead Gavin Wilson on their amazing partnership and converged service including:How to cross train in other security disciplines for operational successHow to sell converged or interoperable security services to a physical security focused clientWhen to look to a third party to augment your services and when to develop them in houseWhat 'cyber' security actually means and just how technical is it todayAbout Katie:LinkedInAbout Gavin:LinkedInMore about the Circuit:The Circuit Magazine is written and produced by volunteers, most of who are operationally active, working full time in the security industry. The magazine is a product of their combined passion and desire to give something back to the industry. By subscribing to the magazine you are helping to keep it going into the future. Find out more >Newsletter:If you liked this podcast, we have an accompanying weekly newsletter called 'On the Circuit' where we take a deeper dive into the wider industry. Opt in here >The Circuit team is:Jon MossShaun WestPhelim RoweElijah ShawConnect with Us: Circuit MagazineBBA ConnectNABA ProtectorBritish Bodyguard Association

Breaking Analysis with Dave Vellante, joined by theCube Research Principal Analyst - Cyber Resiliency, Data Protection, Data Management Christophe Bertrand 

Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220 watchTowr releases details about recent Commvault flaws Users of the Commvault enterprise backup solution must patch now after watchTowr released details about recent vulnerabilities https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/?123 Docker Desktop Vulnerability CVE-2025-9074 A vulnerability in Docker Desktop allows attackers to escape from containers to attack the host. https://docs.docker.com/desktop/release-notes/#4443

In this episode I sit down with Michael Bargury, Co-Founder and CTO at Zenity to discuss all things AI Agent Security. Michael and the Zenity team have recently disclosed various AI agent risks, vulnerabilities and threats.

Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple Patches 0-Day CVE-2025-43300 Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerability in ImageIO. https://support.apple.com/en-us/124925 Microsoft Copilot Audit Logs A user retrieving data via copilot obscures the fact that the user may have had access to data in a specific file https://pistachioapp.com/blog/copilot-broke-your-audit-log Password Managers Susceptible to Clickjacking Many password managers are susceptible to clickjacking, and only few have fixed the problem so far https://marektoth.com/blog/dom-based-extension-clickjacking/

In this episode of Reboot IT, host Dave Coriale, President of DelCor, sits down with Adam Kuhn, IT Director and DelCor alum, to discuss the evolving role of IT in associations. From foundational infrastructure to advanced cybersecurity strategies, Adam shares lessons learned from both sides of the fence—being an internal influencer and a business partner. The conversation explores how IT leaders can move beyond “keeping the lights on” to proactively shaping organizational maturity, especially in the face of overwhelming system data and increasing security demands.Summary:Cybersecurity as a Strategic InvestmentCybersecurity tools like Arctic Wolf elevate IT maturity beyond basic infrastructure.Associations must move from reactive to proactive security strategies.Cyber insurance requirements are evolving and often unclear, requiring IT guidance.IT Maturity: From Core Requirements to ElectivesAdam compares IT infrastructure to college coursework—core requirements vs. electives.Core includes cloud migration, Microsoft 365, and basic security tools.Electives like threat detection systems represent strategic growth and investment.Information Overload & the Need for SynthesisDevices generate massive amounts of data that are impossible to interpret manually.Security operations centers help synthesize logs and alerts across systems.IT teams need tools to manage and interpret this data effectively.IT's Role in Business Decision-MakingIT should be a trusted advisor, not a gatekeeper or veto power.Excluding IT from technology selection leads to costly integration surprises.IT's involvement ensures better alignment, risk mitigation, and long-term success.Building Cross-Departmental PartnershipsIT needs access to systems it doesn't own to ensure full security coverage.Business units must understand their role in cybersecurity and collaborate with IT.Partnership is essential—not optional—for organizational safety and resilience.Influencing Leadership & Budget DecisionsIT leaders must make cogent cases for investment in security and infrastructure.Budget support depends on trust and clear communication with leadership.Adam emphasizes gratitude for working in a supportive environment that values IT input.

In this episode, I sit down with Andrew Carney, Program Manager for DARPA's AI Cyber Challenge (AIxCC). DARPA's AIxCC recently concluded at Black Hat, and it brought together the industry's leading experts on AI and Cybersecurity with a focus on securing software that is critical to all Americans.Teams had to create novel AI systems to secure critical code, include software involved in critical infrastructure.

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

Send us a text

The first hour of this stream covers the title story & the last few hours are just a chat with the audience + a stream of consciousness. Hope you enjoy!

A senior official from Israel's National Cyber Directorate was arrested in Las Vegas during an FBI sting targeting child exploitation. Charged with luring a minor online, he posted bail and returned to Israel. Patrick Bet-David and the panel react to the case, bail questions, and political ties.

Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability An OS command injection vulnerability may be abused to gain access to the Cisco Secure Firewall Management Center software. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 F5 Access for Android vulnerability An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The attacker would need to intercept vulnerable clients specifically, since other clients would detect the man-in-the-middle (MITM) attack. https://my.f5.com/manage/s/article/K000152049

Covid Whistleblower Ian Smith joins Stew to discuss Jewish Pedophiles getting CAUGHT shutting down GROK, and Israel's latest attacks on Americans John Jubilee of Energized Health joins Stew Peters show to discuss why so many Americans feel so weighed down and stuck, physically and in their lives — and how to transform their health and lives completely with My 555 Challenge Paul List, Author of the AI book “Mount Doom,” joins Stew to discuss the latest in the dystopian takeover of AI and the nightmare that is creating for humanity   Western civilization has been infected by a parasitic invasion of foreign ideals and values that have been introduced into our culture by strange and morally degenerate people whose goal is world domination. We have been OCCUPIED. Watch the film NOW! https://stewpeters.com/occupied/

SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, leading to DoS, downgrade and other attacks. https://isc.sans.edu/diary/SNI5GECT%3A%20Sniffing%20and%20Injecting%205G%20Traffic%20Without%20Rogue%20Base%20Stations/32202 Plex Vulnerability Plex patched a vulnerability in the Plex Media Server. Make sure you have updated to at least 1.42.1. https://forums.plex.tv/t/plex-media-server-security-update/928341 FortiWeb Exploit Public A security researcher published details about the recent FortiWeb vulnerability, including demonstrating a PoC exploit. https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/ Flowise OS vulnerability https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/