Podcasts about Cyber

Gessat, Michael www.deutschlandfunk.de, Computer und Kommunikation

The inevitable decline of civilization takes center stage as the show kicks off with the miserable results of the FACEBOOK SETTLEMENT, confirming Brian's $4.01 payout, followed by a discussion of the SPORTS BETTING SCANDAL, where MLB players are rigging games over prop bets, confirming that gambling is now actively killing sports; moving to the news, the guys celebrate the DENMARK SOCIAL MEDIA BAN and SCHOOL PHONE BANS, which are already proving that teenagers need mandatory digital detoxes, prompting comparisons to Footloose and the revelation that teens are now passing handwritten notes and taking Polaroids. Naturally, things aren't going well for the hyper-rich, as evidenced by the TESLA EXECUTIVE EXODUS and the launch of WAYMO FREEWAYS, which will surely bring chaos to LA, and the ongoing saga of massive capital destruction via OPENAI LOSSES and META AI FAILURES, prompting Mark Zuckerberg to announce his desperate bid to CURE ALL DISEASES with AI, a feat less audacious than the fraud of AI startup FIREFLY AI TRANSCRIPT, which admitted its original "AI" was just human transcriptionists.They then hit a laundry list of digital woes, including the dubious convenience of APPLE PASSPORTS, the creeping dread of Sam Altman's failing WORLDCOIN EYEBALL SCANS, the ridiculous crypto fraud DEFI OFFICE SPACE that literally copied a movie plot, and Coinbase's inexplicable decision to bring back high-risk ICOs; the absurdity continued with the OPENAI LAWSUIT over a suicidal chatbot that suggested the user "Rest easy, King," and the political maneuvering of the REPUBLICAN BROADBAND REDIRECT, which will gut internet access for the underserved to fund the Treasury, but the real threat to humanity remains the clandestine PREVENTATIVE GENE HACKING startup funded by tech billionaires aiming to create modified babies offshore.In Media Candy, they share reviews of the excellent DIPLOMAT, ZOOTOPIA, and the just-released LUSH DOCUMENTARY, confirming our combined Gen-X fragility, before celebrating two definitive wins for reality: the fact that physicists have finally CRUSHED THE SIMULATION THEORY, and the literary brilliance of Joyce Carol Oates' tweet, which expertly called out Elon Musk as uneducated and uncultured.All this and more on this episode of Grumpy Old GeeksSponsors:CleanMyMac - clnmy.com/OLDGEEKS - Use code OLDGEEKS for 20% off.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/722FOLLOW UPBaseball Is CompromisedIN THE NEWSDenmark set to ban social media for users under 15 years of ageBanning Phones in Schools Is Drastically Changing the Behavior of KidsThe Head of the Cybertruck Program Quit Tesla. The Model Y Leader Left Hours LaterWaymo's driverless cars will start driving on freeways in three US citiesApple introduces a new Digital ID feature to make boarding flights easierOpenAI Will Lose $74 Billion the Same Year That Anthropic Breaks Even: ReportMeta's AI Ambitions Appear to Be in a TailspinZuckerberg, Chan bet AI can cure all diseaseStartup Secretly Working to Gene-Hack Human BabySam Altman's Creepy Orb Startup Has Only Scanned 2 Percent of Its Ideal Number of Eyeballs$120 Million Crypto Hack Blamed on Office Space-Style ExploitCoinbase Wants to Bring Back an Old Crypto Trend That Ended in DisasterSeven more families are now suing OpenAI over ChatGPT's role in suicides, delusionsUS states could lose $21 billion of broadband grants after Trump overhaulPhysicists Say They've Proven Whether We're Living in a SimulationElon Musk Got One-Shotted by an Extremely Mean TweetMEDIA CANDYZootopiaThe DiplomatPluribusVictoria BeckhamLush: A Far from Home MovieWelcome to Derry'V for Vendetta' Is Becoming a TV ShowDune: Prophecy' Kicks off Season 2 Production‘Alien: Earth' Has Been Renewed for Season 2‘Poker Face' Canceled at Peacock; Rian Johnson Will Seek New Home for Series — With Peter Dinklage StarringThe Running Man | Final Trailer (2025 Movie) - Edgar Wright, Glen PowellToy Story 5 | Teaser Trailer | In Theaters June 19Paramount+ announces price increases for every streaming planAPPS & DOODADSHow to adjust the Liquid Glass effect in iOS 26.1How to stretch the clock on your lock screen in iOS 26Tesla Reportedly Adding Apple CarPlay, Bucking Industry TrendFounder Admits His “AI Transcription” Startup Was Just Him Joining People's Meetings and Taking Notes by HandFTC Announces Crackdown on Deceptive AI Claims and SchemesTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Official ‘Star Wars' Magazine Is Coming to an End After Over 30 YearsFuzzball Bandolier ShawlTalk about your crotch-rocket...AI-Powered Toys Caught Telling 5-Year-Olds How to Find Knives and Start Fires With MatchesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Through Multiple Scripts An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks https://isc.sans.edu/diary/32480 sudo-rs vulnerabilities Two vulnerabilities were patched in sudo-rs, the version of sudo written in Rust, showing that while Rust does have an advantage when it comes to memory safety, there are plenty of other vulnerabilities to worry about https://ubuntu.com/security/notices/USN-7867-1 https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw?ref=itsfoss.com SANS Holiday Hack Challenge https://sans.org/HolidayHack

  Will future wars be decided by who controls space—cyber and outer—and which superpower has better paired geostrategic thinking with emerging technologies? Anne Neuberger, the Hoover Institution's William C. Edwards Distinguished Visiting Fellow and a former White House and Pentagon cyber policy advisor, joins GoodFellows regulars Sir Niall Ferguson, John H. Cochrane, and Lt. Gen. H.R. McMaster to discuss what she sees as a “cyber gap” between China and America, the need for the US to rethink traditional weapons platforms (hello, drones), plus how Dwight Eisenhower's warning of a “military industry complex” is being redefined by the tech sector's growing role in present-day and future warfare. After that: the three fellows weigh the significance of a utopian socialist recently elected mayor of a very capitalist New York City, a new “algocracy” (algorithms running the government) in Albania, the UK's fabled BBC in hot water over alleged editorial bias, plus whether the “war of the tomorrow” may be in . . . Venezuela? Subscribe to GoodFellows for clarity on today's biggest social, economic, and geostrategic shifts — only on GoodFellows.

Accused of stealing hundreds of millions of dollars – Russia's most wanted hackers. Just who are Evil Corp? In season 3 of Cyber Hack, we follow the years' long trail with investigators as they try to track down the man alleged to be at the centre of it all, hacker Maksim Yakubets. Search for Cyber Hack wherever you get your BBC podcasts. And don't forget to follow or subscribe, so you never miss an episode.

Two key cyber laws are back as president signs bill to end shutdown Microsoft's screen capture prevention for Teams users is finally rolling out FBI calls Akira top five ransomware variant out of 130 targeting U.S. businesses Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines   Find the stories behind the headlines at CISOseries.com.

In 2026, governments across Asia grapple with escalating cybersecurity challenges amid rapid digital transformation and geopolitical tensions. AI-powered threats, including sophisticated phishing and deepfakes, pose significant risks, with IDC forecasting that 76.5% of Asia/Pacific enterprises lack confidence in detecting such attacks. Ransomware continues to evolve, targeting critical infrastructure, while supply chain vulnerabilities expose sensitive data—Gartner predicts 45% of global organisations will face software supply chain attacks by 2025, a trend persisting into 2026. Cloud adoption amplifies hybrid environment breaches, compounded by espionage-driven incursions, as Verizon reports 25% of APAC cyberattacks motivated by spying, with public administration the most targeted sector. Regulatory mandates demand robust compliance, straining resources in an era of legacy systems and talent shortages.In this PodChats for FutureCISO, Aaron Bugal, Field CISO, APJ, Sophos, walks us through some of the coming cybersecurity issues government CISOs as well as those in the private sector, will find important in 2026.1.       How can government CISOs effectively measure and improve their cybersecurity resilience, moving beyond compliance-based checklists to ensure the continuous delivery of essential citizen services during an attack?2.       What strategies, have proven, most effective for securing legacy systems that remain critical to national operations, given they cannot be immediately replaced?3.       With Gartner highlighting that by 2026, 50% of C-level executives will have performance requirements tied to cybersecurity risk, how can government CISOs best align their security metrics with national-level outcomes? 4.       How can CISOs proactively defend against state-aligned (sponsored) actors who are increasingly targeting digital public services and critical infrastructure for espionage and disruption?5.       Name one CISO strategy for managing third-party and supply chain risk, particularly as organisations, both private and public, rely on an ecosystem of partners to deliver complex, cloud-native government services?6.       Given IDC's prediction that by 2026, 70% of organisations will consider environmental sustainability in their cloud purchase decisions, how can CISOs balance security, sovereignty, and sustainability in their technology procurements?7.       How are government CISOs addressing the critical cybersecurity skills gap, and what new models for talent acquisition and retention must be developed to compete with the private sector? a.       How to avoid burnout?8.       To what extent have CISOs integrated security into the entire application lifecycle (DevSecOps) for their national digital identity and other citizen-facing platforms?9.       Name a governance and technical framework for the safe and ethical adoption of AI, both to enhance a government's cyber defences and to mitigate its potential malicious use by threat actors?10.   How are government CISOs collaborating with regional counterparts and international bodies to share threat intelligence and establish coordinated response protocols for cross-border cyber incidents?11.   What is that one final advice for government CISOs as their update their cybersecurity strategies for 2026?

OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/ Testing Quantum Readyness A website tests your services for post-quantum computing-resistant cryptographic algorithms https://qcready.com/

Cyberthreats are everywhere, and while they may be inevitable, their impact can be manageable. Institutions who are prepared for cybersecurity disruptions are proactive and collaborative about their response. This episode of the Forward Thinking Podcast features FCCS SVP of Marketing and Communications Stephanie Barton, Lisa Parrinello, FCCS VP of Risk Management & Insurance Services and Naomi Baumann, FCCS VP of Claims & Insurance Services. Together they discuss how Farm Credit's Captive Insurance Company is helping institutions strengthen their cyberdefenses and what boards of directors need to know to stay ahead of the cybersecurity game.    Episode Insights Include:   The bigger picture of cyberthreats Cyberthreats used to be considered an IT-only problem, but that isn't the case anymore.  These enterprise-wide issues demand board-level attention.  Ransomware, extortion, targeted financial systems and AI deep-fake impersonations are some of today's biggest cyberthreats.  The goal today isn't just protection, it's resilience. A prepared institution can respond and recover from cyberthreats no matter where they hit.    The role of Farm Credit's Captive Insurance Company As the captive, they provide institutions cyber insurance and management services that go beyond what commercial insurance markets can offer.  They offer tailored protection designed specifically for the unique cooperative structure of Farm Credit.  Collaborative claims management proactively responds to any incident or threat of incident.  Their strategic access to commercial markets allows them to purchase insurance as well.  Over the years, Captive has saved an average of $50 million in insurance coverage.  Consistent system-wide learning whenever instances occur.    Resilience tools and strategies  Resilience requires a multi-layered approach based on assents and security needs.  Threat detection and response pinpoint vulnerability, endpoint detection, and tabletop exercises.  Human-centric risk management and ongoing employee training are critical for cyber risk management.  Employees and people are always going to be the weakest link in cybersecurity.  Data protection and resilience in communications in sensitive information need to be encrypted and backup tested.  Cybersecurity is not an impenetrable armor, it is an anatomy with multiple systems working together to respond and continue operating in a culture of proactive risk management.    The pivotal role of the board  Directors need to prioritize an approved annual cyber risk manual.  Ongoing development and maintenance of a robust program is essential.  Boards should receive quarterly reports on threats, vulnerabilities and mitigation actions.  Cyber oversight needs to be integrated into business technology planning.  FCA should be notified within 36 hours of any cyber incident.    The culture of cybersecurity Institutions build resilience when everyone is involved.  Third party oversight and engagement with cyber-focused legal counsel is crucial.  Most breeches don't happen in bad systems, they happen when good people let down their guard.  Muscle memory kicks in when crisis hits, but only when preparation has occurred.  Ultimately, cybersecurity is everyone's business.    This podcast is powered by FCCS.   Resources   Connect with Lisa Parrinello — Lisa Parrinello   Connect with Naomi Baumann — Naomi Baumann   Get in touch   info@fccsconsulting.com   "The goal isn't just protection – it's resilience." — Naomi Baumann   "The Captive provides consistent system-wide learning whenever instances occur." —  Lisa Parrinello    "Human-centric risk management and ongoing employee training are critical for cyber risk management." — Naomi Baumann   "Employees and people are always going to be the weakest link in cybersecurity." — Naomi Baumann   "Even without a deep technical knowledge, boards can strengthen resilience by asking the right questions and staying engaged." —  Lisa Parrinello    "Institutions build resilience when everyone is involved." — Naomi Baumann   Resilience is just as much about people as it is about systems." — Naomi Baumann

If you like what you hear, please subscribe, leave us a review and tell a friend!

A strong incident response (IR) program isn't just about processes—it's about mindset. In this episode, Lincare Holdings' Head of Information Security, Prentis Brooks, joins RSAC Executive Chairman Dr. Hugh Thompson to unpack what true IR maturity looks like. From building agile teams to aligning strategy and technology, they reveal how leading organizations stay prepared for the threats ahead.

Robert Misik im Gespräch mit Paul FeigelfeldTECHNOFASCHISMUS, KI-AUTORITARISMUS UND GEGENKULTURELLE TECHNIKEN Der Forscher Paul Feigelfeld, Jahrgang 1979, nennt ihn Technofaschismus – den Hang von Silicon-Valley-Oligarchen zum Autoritarismus. Angespornt durch den neuen republikanischen US-Präsidenten Donald Trump greifen die kalifornischen Konzerne nach der Macht. Plattformen wie Google oder Facebook saugen, so Feigelfeld, die Daten von Usern nicht nur ab, um sie an den bestbietenden Unternehmer oder Geheimdienst zu verkaufen.Protagonisten der Cyber-Ökonomie wie Paypal-Gründer Peter Thiel würden ihren Einfluss auch dazu benutzen, um demokratische Institutionen anzugreifen: „Die Plattformen, die Sie nutzen, die Daten, die Sie bereitstellen, und die Gewinne, die Sie erzielen, tragen dazu bei, den internationalen Faschismus zu finanzieren, Hass zu verstärken, unseren Planeten auszulaugen und immense Umweltverschmutzung zu verursachen“, sagt Feigelfeld.Der Kulturwissenschaftler fordert politischen Widerstand gegen das Informationsmonopol der großen Plattformen ein. Er belässt es nicht bei theoretischen Überlegungen, sondern gibt auch praktische Ratschläge. Wie diese aussehen und wie wir uns gegen den Datenmissbrauch schützen können, bespricht er mit dem Autor und Journalisten Robert Misik. Auch Künstliche Intelligenz, für Feigelfeld eine psycho-imperialistische Technologie, steht dabei im Fokus. Statt KI als rein menschliche Erfindung zu betrachten, geht es dem Forscher um die vielfältigen Wirkkräfte, die unsere technologischen Systeme geprägt haben.Paul Feigelfeld (geb. 1979, Wien, Österreich) studierte Kulturwissenschaften und Informatik an der Humboldt-Universität zu Berlin, wo er bis 2013 für Friedrich Kittler und Wolfgang Ernst arbeitete. Bis Ende 2016 war er wissenschaftlicher Koordinator des Digital Cultures Research Lab am Centre for Digital Cultures der Leuphana Universität Lüneburg. Von 2021–2024 hatte er die Professur für Wissenskulturen im digitalen Zeitalter am Institut für Designforschung der HBK Braunschweig inne und ist Gastprofessor am Lehrstuhl für Medientheorien der Humboldt-Universität zu Berlin. Aktuell bekleidet er die Professur für Digitalität und kulturelle Vermittlung (Medienwissenschaft) an der Universität Mozarteum Salzburg. Feigelfeld lebt und arbeitet in Wien und Salzburg.Robert Misik, Autor und Journalist

Neste episódio, recebemos o pesquisador C4ng4c3ir0, um verdadeiro veterano do mundo dos Bug Bounties e atualmente #.1 no Ranking Brasileiro. Ele abriu o jogo sobre como é a rotina de quem caça vulnerabilidades, os desafios de lidar com triagens demoradas e programas mal estruturados, e o que separa um bom caçador de um simples “report spammer”. Discutimos o equilíbrio entre reconhecimento, ética e técnica, e como as empresas podem aprender com quem vive na linha de frente da segurança.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Conviso, Gold Security, Digitalwolk e PurpleBird Security.

Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/ SAP November 2025 Patch Day SAP fixed a critical vulnerability, fixed default credentials in its SQL Anywhere Monitor https://onapsis.com/blog/sap-security-patch-day-november-2025/ Ivanti Endpoint Manager Updates https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US

Send us a text

Send us a textMeet Rapid7's Deral Heiland—a self-described “visual historian” who balances high-tech research with hands-on artifacts from Roman coins to Civil War relics

Cipher Brief CEO & Publisher Suzanne Kelly talks with two former directors of the National Security Agency and former Commanders of U.S. Cyber Command about the cyber threat from China, and just what they think Americans need to know. Retired General Tim Haugh – a new Cipher Brief Expert, spoke recently about the threat with 60 Minutes.  He is now also working with investors and teaching at Yale University. And retired General Paul Nakasone is the founding director of the Institute for National Security at Vanderbilt University. Both men have a serious warning for America.

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

From Wall Street to Main Street, the latest on the markets and what it means for your money. Updated regularly on weekdays, featuring CNBC expert analysis and sound from top business newsmakers. Anchored by CNBC's Jessica Ettinger. Hosted by Simplecast, an AdsWizz company. See https://pcm.adswizz.com for information about our collection and use of personal data for advertising.

If you like what you hear, please subscribe, leave us a review and tell a friend!

"Avec l'IA, on a un multiplicateur de puissance, mais il faut garder une approche structurée et prudente." Le D.E.V. de la semaine est Benoît Larroque, CTO chez Konvu. Avec l'IA, la cybersécurité est entrée dans une nouvelle dimension où la détection et la correction des vulnérabilités peuvent enfin rattraper le rythme effréné de leur apparition. Benoît détaille comment l'intelligence artificielle permet de filtrer et prioriser efficacement les failles, tout en rappelant l'exigence cruciale de vérifications humaines pour éviter les faux positifs. Il insiste sur le feedback continu et la vigilance indispensable face à la rapidité des évolutions. Un échange lucide sur les apports réels et les nouvelles limites de la cyber à l'ère de l'IA.Chapitrages00:00:53 : Introduction à la Cybersécurité00:01:17 : L'Impact de l'IA sur la Cybersécurité00:02:51 : Avant l'IA : Une Autre Époque00:05:01 : Transformation grâce à l'IA00:05:55 : Humanisation du Processus00:07:01 : Simplification des Tâches00:08:45 : La Gestion des Vulnérabilités00:11:06 : Analyse des Composants Logiciels00:12:29 : La Complexité des Mises à Jour00:13:56 : Approche de Validation Manuelle00:17:30 : Détection des Vulnérabilités par l'IA00:20:53 : Nouvelles Méthodes d'Attaque00:25:33 : Gestion des Risques de Sécurité00:29:26 : Optimisation de l'Effort de Sécurité00:36:08 : L'utilisation des LLM00:43:52 : SAST et Prompt Injection00:49:45 : Recommandations de Lecture00:50:11 : Conclusion et Remerciements Liens évoqués pendant l'émission Designing Data Intensive ApplicationsRelease It! **Restez compliant !** Cet épisode est soutenu par Vanta, la plateforme de Trust Management qui aide les entreprises à automatiser leur sécurité et leur conformité. Avec Vanta, se mettre en conformité avec des standards comme SOC 2, ISO 27001 ou HIPAA devient plus rapide, plus simple, et surtout durable. Plus de 10 000 entreprises dans le monde utilisent déjà Vanta pour transformer leurs obligations de sécurité en véritable moteur de croissance.

We speak with Deepen Desai, Chief Security Officer & Executive Vice President of Cyber & AI Engineering at Zscaler on the latest zero trust and AI innovations empowering organisations to secure their digital transformation journeys and stay ahead of evolving threats.With nearly two decades of expertise in cybersecurity, Deepen is regarded as a pioneer in advancing threat intelligence, secure product development, and enterprise protection. Beyond his scope of leading cyber and AI engineering, Deepen also oversees the ThreatLabz team, a world-class security research group focused on identifying emerging threats, analyzing vulnerabilities, and delivering actionable insights to protect organizations at Zscaler. Under his leadership, Zscaler's award-winning zero-trust architecture continues to evolve, providing businesses with robust defenses against sophisticated attack vectors like ransomware, phishing, and advanced malware.Before joining Zscaler, Deepen held key security leadership positions at Dell SonicWALL, where he helped develop cutting-edge security solutions and strategies for businesses navigating an increasingly complex threat landscape. His breadth of experience in fields like security operations, threat research, and compliance has established him as a respected authority in the industry.#ZL2025 #zerotrustsecurity #mysecuritytv #zscaler

It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade. https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt https://nvd.nist.gov/vuln/detail/CVE-2025-59396 JavaScript expr-eval Vulnerability The JavaScript expr-eval library was vulnerable to a code execution issue. https://www.kb.cert.org/vuls/id/263614

Send us a textFormer Army veteran and cybersecurity strategist Nia Luckey joins Joey Pinz Conversations live at Cyber Bay 2025 to explore how calm, creativity, and courage intersect in today's fast-moving digital world.From 13 years in the U.S. Army to leading major security operations for Cisco, JSOC, and AT&T, Nia reveals how adaptability, humility, and trust fuel progress in both tech and life. She reflects on her TEDx Sugar Creek journey, turning raw burnout into a message that now inspires thousands.We dive into:1️⃣ How her military mindset evolved into collaborative cybersecurity leadership2️⃣ Why AI and quantum bring both opportunity and risk3️⃣ The life lessons behind her motto — “Choose your hard.”Nia reminds us that real success starts with stillness, service, and consistent action — whether hiking mountain peaks or leading global security teams.

Fraudology is presented by Sardine. Request a 1:! product demo at sardine.ai In this episode of Fraudology, host Karisse Hendrick unpacks a wave of major fraud news and security trends. From the execution sentences of Myanmar's scam compound kingpins and Starlink's device crackdown, to Singapore's $150 million asset freeze targeting the Prince Group, Hendrick explores both the progress and the persistence of global fraud operations.She also highlights new U.S. fraud schemes impersonating federal agents, the identity theft of Titans quarterback Cam Ward, and serious cybersecurity warnings about AI browsers' vulnerabilities. With ransomware payments falling and identity attacks surging, Hendrick reflects on how AI will increasingly shape both sides of the fight against fraud.Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

In this episode of Resilient Cyber, I sit down with Kamal Shah, Cofounder and CEO at Prophet Security, to discuss the State of AI in SecOps. There continues to be a tremendous amount of excitement and investment in the industry around AI and cybersecurity, with Security Operations (SecOps) arguably seeing the most investment among the various cybersecurity categories.Kamal and I will walk through the actual state of AI in SecOps, how AI is impacting the future of the SOC, what hype vs. reality is, and much more.

Cyber insurance is meant to provide assurance when incidents occur—but too often, organizations face confusion, denied claims, and unclear coverage. Attorney and cybersecurity expert, Matt Silverman, joins Zach and Lauro to break down why cyber policies are so complex, how evolving threats are outpacing the insurance industry, and what companies can do to navigate this uncertain landscape better.Connect with Matt Silverman:  https://www.linkedin.com/in/mdsilverman/Learn more about AIB Partners:  https://www.aib-partners.comPick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe!

Got a question or comment? Message us here!In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world. If you've ever wondered how someone can just walk right in and blend into a company they don't work for… this one's for you. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Internal data leaks from another Chinese security firm, a US Congressional Budget Office breach has not been contained, the Cyber infosharing act likely to be extended until January, and we have a new OWASP Top 10. Show notes Risky Bulletin: Another Chinese security firm has its data leaked

Wie steht es um die Cyber-Sicherheit in Deutschland? Das war heute Thema des Lageberichts des Bundesamtes für Sicherheit in der Informationstechnik - kurz BSI. Und es ist unser Thema des Tages mit unserem Moderator Oliver Fritzel. Denn neben einigen Erfolgen bleiben riesengroße Herausforderungen hierzulande. Wir haben ausführlich über den Lagebericht gesprochen und klären, wie wachsam auch jeder und jede Einzelne von uns sein sollte.

Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Newly discovered malicious .NET packages attempt to deliver a time-delayed attack targeting ICS systems. https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Side Channel Leaks in Encrypted Traffic to LLMs Traffic to LLMs can be profiled to discover the nature of prompts sent by a user based on the amount and structure of the encrypted data. https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

Stop data brokers from exposing your personal information. Go to my sponsor⁣ https://aura.com/matt to get a 14-day free trial and see how much of yours is being sold⁣ ⁣ John Boseak is a notorious cyber criminal & the most prolific manufacturer of counterfeit credit cards in the international cyber crime industry.⁣ ⁣ Johns Channel https://www.youtube.com/boseakconundrum⁣ ⁣

Send us a textIn this episode of Serious Privacy, Ralph O'Brien and Dr. K Royal discuss the weekly news, including the Google settlement in Texas, ClearviewAI and much more. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Ars Technica reported that Meta will soon be using AI interactions to personalize content and ad recommendations without giving users a way to opt out. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

Chris Rock is a cyber mercenary who has worked in the Middle East, US and Asia for the last 30 years, working for both government and private organizations. He is the Chief Information Security Officer and co-founder of SIEMonster. In this episode, Rock joins host Heather Engel to discuss his book, "The Baby Harvest," which sheds light on how criminals are making and raising virtual babies to adulthood to be put on the shelf for money laundering, fraud and drug and firearm importation. • For more on cybersecurity, visit us at https://cybersecurityventures.com

John Menefee, enterprise cyber lead, and Lauren Winchester, head of cyber risk services, both of Travelers, discuss key findings of the 2025 Travelers Risk Index, which shows cyberthreats are the top concern for businesses.

Ask Me Anything: vCISO Strategy, IR, and Cyber Leadership | DailyCyber 279 ~ Watch Now ~In this AMA edition of DailyCyber, we go deep on what's actually happening in cybersecurity leadership today.From emotional regulation in the SOC to unapproved AI tools in the workplace, this episode unpacks the real conversations CISOs and vCISOs are having behind closed doors.

This episode proves that nothing gold can stay, especially your 401k, as we kick things off with the revelation that October saw the worst tech layoffs since 2003, all while "Big Short" genius Michael Burry decided to bet a billion dollars on the inevitable AI bubble bursting. The villains of the week are legion: the FCC is officially making it easier for internet companies to charge us even more hidden fees; Elon Musk not only got his $1 trillion pay package approved—despite Tesla sales collapsing nearly 90% in some countries—but he also teased a flying car, clearly living in his own "Golden Dome" fantasy, which the Pentagon is happily subsidizing; and in a stunning display of entitlement, Mark Zuckerberg opened an illegal school, which is somehow less shocking than Meta's claim that their massive porn stash was purely for "personal use," not AI training. The bad news doesn't stop there, with Texas suing Roblox over 'pixel pedophiles,' though at least a rural Michigan healthcare system is doing some good by using drones to improve care.Jumping over to Media Candy, since we're all emotionally scarred by the sheer awful-ness of The Witcher S4—a season so bad it "broke" The Critical Drinker—we need some comfort viewing. We're deep-diving into the political chess of The Diplomat and escaping into the sheer volume of competitive cooking shows, including the standard Halloween and Holiday Baking Championships, plus the delightfully ridiculous Harry Potter: Wizards of Baking S2; we also took a look at Pluribus, Knife Edge, Black Rabbit, and the trailer for Tron: Ares, while cheering the fact that Brendan Fraser and Rachel Weisz are set to revive The Mummy franchise for a fourth film. In Apps & Doodads, we're all mourning the eventual death of simple, good tech as we're warned to enjoy Apple CarPlay while we still can, but at least the Lego ‘Star Trek' Set is finally here for our inner child; the real question, though, is why Automattic Inc. thinks they can claim ownership of the actual word 'Automatic.'Finally, The Dark Side with Dave Bittner reminds us that everything old is new again and ripe for monetization, whether it's Miss Piggy potentially bringing back The Muppets to the movies or the sleek, blacked-out remake of the Commodore 64, not to mention that cool Tron Arcade Cabinet Miniature Model. However, the present is still a complete dumpster fire: a Google AI model allegedly accused a senator of sexual assault, and internal documents show that Meta is earning a fortune on a massive deluge of fraudulent ads, proving that the only thing getting healthier is our paranoia, though Dave did throw in a curveball with some special jar lids and seeds for growing organic sprouts. We finish, as always, with the obligatory Closing Shout-Outs because even cynical geeks need validation.Sponsors:MasterClass - Get an additional 15% off any annual membership at MASTERCLASS.com/GRUMPYOLDGEEKSGusto - Try Gusto today at gusto.com/grumpy, and get three months free when you run your first payroll.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/721FOLLOW UPOctober Layoffs Were the Worst Since 2003 and Hit Tech Workers HardIN THE NEWSThe Big Short Guy Just Bet $1 Billion That the AI Bubble PopsTrump's FCC is officially moving to make it easier for internet companies to charge hidden feesPentagon will reportedly award SpaceX a $2 billion contract to help develop the 'Golden Dome'Elon Musk teases a flying car on Joe Rogan's showTesla's Sales Collapsed Nearly 90 Percent in Some Countries Last MonthTesla shareholder meeting updates: Elon Musk gets his $1 trillion pay packageTexas AG sues Roblox, accusing it of prioritizing 'pixel pedophiles' over child safetyMark Zuckerberg Opened an Illegal School at His Palo Alto Compound. His Neighbors RevoltedMeta Says Porn Stash was for ‘Personal Use,' Not Training AI ModelsHow a rural Michigan healthcare system is using drones to improve careMEDIA CANDYThe DiplomatHalloween Baking ChampionshipHoliday Baking ChampionshipHarry Potter: Wizards of Baking S2PluribusKnife Edge: Chasing Michelin StarsBlack RabbitTron: AresThe Witcher S4The Witcher Season 4 - A Show So Awful, It Broke Me by The Critical DrinkerBrendan Fraser, Rachel Weisz Set to Revive The Mummy Franchise with Fourth FilmAPPS & DOODADSEnjoy CarPlay While You Still CanThe Lego ‘Star Trek' Set Is Here, and It's Exactly What You WantAutomattic Inc. Claims It Owns the Word 'Automatic'THE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingMiss Piggy May Bring ‘The Muppets' Back to the MoviesRelive the Commodore 64's glory days with a slimmer, blacked-out remakeShow and Tell: Tron Arcade Cabinet Miniature ModelGoogle removes AI model after it allegedly accused a senator of sexual assaultSprouting Jar Lid (32oz Glass Jars) with 4 Pack Stainless Steel Sprouting Stands for Wide and Wide Mouth Mason Jar for Growing Organic Sprouts, Stainless Steel, 4 PackOrganic Radish Sprout Seeds (16 oz) – Non-GMO, Heirloom Seeds for Sprouting and MicrogreensMeta is earning a fortune on a deluge of fraudulent ads, documents showSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20Diary%5D/32454 RondoDox v2 Increases Exploits The RondoDox (or RondoWorm) added a substantial amount of new exploits to its repertoire. https://beelzebub.ai/blog/rondo-dox-v2/ Google Chrome Updates Google released an update for Google Chrome addressing five vulnerabilities. https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities Cisco patched two critical vulnerabilities in its Contact Center Express software. These vulnerabilities may lead to a full system compromise. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

In this episode of Resilient Cyber, I sit down with longtime industry AppSec leader and Founder/CTO of Contrast Security, Jeff Williams, along with Contrast Security's Sr. Director of Product Security Naomi Buckwalter, to discuss all things Application Detection & Response (ADR), as well as the implications of AI-driven development.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation vulnerabilities in Microsoft Teams https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/ NViso Report: VSHELL NViso published an amazingly detailed report describing the remote control implant VSHELL. The report includes details about the inner workings of the tool as well as detection ideas. https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool

durée : 00:03:35 - Un monde connecté - par : François Saltiel - Le 6 novembre, c'est la Journée nationale de lutte contre le (cyber) harcèlement scolaire, l'occasion de revenir sur ce fléau autour de différentes études.

Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them. https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics Google Android Patch Day Google released its usual monthly Android updates this week https://source.android.com/docs/security/bulletin/2025-11-01

XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Number Generator Bug The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html SleepyDuck malware invades Cursor through Open VSX Yet another Open VSX extension stealing crypto credentials https://secureannex.com/blog/sleepyduck-malware/

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week's University of Pennsylvania breach. The UK chronicles cyberattacks on Britain's drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain's drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440 BADCANDY Webshell Implant Deployed via The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy Improvements to Open VSX Security In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident. https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025

This week's episode started with the usual existential sigh before tumbling straight into the corporate bloodbath. Amazon chopped 14,000 jobs under the noble banner of “embracing AI,” which CEO Andy Jassy insists isn't about money—despite swimming Scrooge McDuck–style in profit. GM's cutting 1,700 workers, YouTube's dangling “voluntary” buyouts, and economists can't decide if AI is killing jobs or if the economy's just trash. Microsoft's winning either way, sitting pretty on OpenAI's planned $1 trillion IPO, while Meta stock cratered because Zuckerberg's still shoveling billions into the AI bonfire instead of quietly burying the metaverse. Meanwhile, Elon managed to cram a week's worth of disasters into a single news cycle: Tesla's being probed for its idiotic “Mad Max” mode, recalling thousands more Cybertrucks because they can't figure out glue, launching Grokipedia (Wikipedia's evil twin), and turning Truth Social into a crypto casino. Somewhere between the chaos, more people tuned into a fake NVIDIA livestream than the real one, and the only vaguely uplifting story was a grieving family using an AI chatbot to hack a $195K hospital bill down to $33K.In media misery, we soothed our nuclear anxiety with A House of Dynamite, tolerated Welcome to Derry, rolled our eyes at Stranger Things 5, and confirmed Slow Horses still rules. Music listeners, please stop streaming fascism—cancel Spotify. On the tech toy front, Grammarly's having an identity crisis as “Superhuman,” Affinity caved to the subscription gods, and Apple's prepping to inject ads into Maps because the world wasn't already annoying enough. The chaos didn't stop there: a rogue Goodreads librarian rewrote Trump's book listings to protest censorship, Cursor 2.0 actually impressed us with a working currency converter, and Enshittification: Why Everything Suddenly Got Worse and What to Do About It turned out to be the perfect title for the entire digital era.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordMasterClass - Get an additional 15% off any annual membership at MASTERCLASS.com/GRUMPYOLDGEEKSCleanMyMac - clnmy.com/GrumpyOldGeeks - Use code OLDGEEKS for 20% off.Show notes at https://gog.show/720FOLLOW UPWhat both sides of America's polarized divide share: Deep anxieties about the meaning of life and existence itself720° © 1986 Atari Games.IN THE NEWSAmazon cuts its workforce by 14,000 in further embrace of AIIs AI Leading to Layoffs or Does the Economy Just Suck?Amazon CEO Now Says AI Is Not Responsible for Recent LayoffsAmazon Accused of Trapping Drivers in AI PanopticonGM lays off 1,700 workers making EVs and batteries in Michigan, TennesseeTesla Recalls Thousands More Cybertrucks, Is Bad at Gluing ThingsYouTube is offering employees buyouts as part of an AI-focused reorganizationEveryone Is Laying People Off This Week. Researchers Say They're Going to Regret ItOpenAI completes restructure, solidifying Microsoft as a major shareholderOpenAI lays groundwork for juggernaut IPO at up to $1 trillion valuationMeta Stock Plummets as Investors Horrified at How Much Zuckerberg Is Spending on Misfired AIFederal investigators are looking into Tesla's Mad Max mode, which reportedly defies speed limitsGrokipedia Is the Antithesis of Everything That Makes Wikipedia Good, Useful, and HumanMore people watched a fake NVIDIA livestream than the real thingTrump's Media Company Set To Roll Out Polymarket-Like Prediction Market on Truth SocialSurprising no one, researchers confirm that AI chatbots are incredibly sycophanticGrieving family uses AI chatbot to cut hospital bill from $195,000 to $33,000 — family says Claude highlighted duplicative charges, improper coding, and other violationsMEDIA CANDYA House of DynamiteWelcome to DerryStranger Things 5 | Official Trailer | NetflixSlow HorsesDon't Stream Fascism: Cancel SpotifyAPPS & DOODADSGrammarly has rebranded to SuperhumanAffinity's image-editing apps go “freemium” in first major post-Canva updateApple is reportedly getting ready to introduce ads to its Maps appRogue Goodreads Librarian Edits Site to Expose 'Censorship in Favor of Trump Fascism'Introducing Cursor 2.0 and ComposerEnshittification: Why Everything Suddenly Got Worse and What to Do About It by Cory DoctorowThe Disenshittify ProjectCurrency ConverterSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.