Podcasts about Cyber

OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/ Testing Quantum Readyness A website tests your services for post-quantum computing-resistant cryptographic algorithms https://qcready.com/

If you like what you hear, please subscribe, leave us a review and tell a friend!

Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/ SAP November 2025 Patch Day SAP fixed a critical vulnerability, fixed default credentials in its SQL Anywhere Monitor https://onapsis.com/blog/sap-security-patch-day-november-2025/ Ivanti Endpoint Manager Updates https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US

Send us a text

Send us a textMeet Rapid7's Deral Heiland—a self-described “visual historian” who balances high-tech research with hands-on artifacts from Roman coins to Civil War relics

Cipher Brief CEO & Publisher Suzanne Kelly talks with two former directors of the National Security Agency and former Commanders of U.S. Cyber Command about the cyber threat from China, and just what they think Americans need to know. Retired General Tim Haugh – a new Cipher Brief Expert, spoke recently about the threat with 60 Minutes.  He is now also working with investors and teaching at Yale University. And retired General Paul Nakasone is the founding director of the Institute for National Security at Vanderbilt University. Both men have a serious warning for America.

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

From Wall Street to Main Street, the latest on the markets and what it means for your money. Updated regularly on weekdays, featuring CNBC expert analysis and sound from top business newsmakers. Anchored by CNBC's Jessica Ettinger. Hosted by Simplecast, an AdsWizz company. See https://pcm.adswizz.com for information about our collection and use of personal data for advertising.

If you like what you hear, please subscribe, leave us a review and tell a friend!

It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade. https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt https://nvd.nist.gov/vuln/detail/CVE-2025-59396 JavaScript expr-eval Vulnerability The JavaScript expr-eval library was vulnerable to a code execution issue. https://www.kb.cert.org/vuls/id/263614

Send us a textFormer Army veteran and cybersecurity strategist Nia Luckey joins Joey Pinz Conversations live at Cyber Bay 2025 to explore how calm, creativity, and courage intersect in today's fast-moving digital world.From 13 years in the U.S. Army to leading major security operations for Cisco, JSOC, and AT&T, Nia reveals how adaptability, humility, and trust fuel progress in both tech and life. She reflects on her TEDx Sugar Creek journey, turning raw burnout into a message that now inspires thousands.We dive into:1️⃣ How her military mindset evolved into collaborative cybersecurity leadership2️⃣ Why AI and quantum bring both opportunity and risk3️⃣ The life lessons behind her motto — “Choose your hard.”Nia reminds us that real success starts with stillness, service, and consistent action — whether hiking mountain peaks or leading global security teams.

Fraudology is presented by Sardine. Request a 1:! product demo at sardine.ai In this episode of Fraudology, host Karisse Hendrick unpacks a wave of major fraud news and security trends. From the execution sentences of Myanmar's scam compound kingpins and Starlink's device crackdown, to Singapore's $150 million asset freeze targeting the Prince Group, Hendrick explores both the progress and the persistence of global fraud operations.She also highlights new U.S. fraud schemes impersonating federal agents, the identity theft of Titans quarterback Cam Ward, and serious cybersecurity warnings about AI browsers' vulnerabilities. With ransomware payments falling and identity attacks surging, Hendrick reflects on how AI will increasingly shape both sides of the fight against fraud.Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line. Connect with her on LinkedIn She brings her experience, expertise, and extensive network of experts to this podcast weekly, on Tuesdays.

In this episode of Resilient Cyber, I sit down with Kamal Shah, Cofounder and CEO at Prophet Security, to discuss the State of AI in SecOps. There continues to be a tremendous amount of excitement and investment in the industry around AI and cybersecurity, with Security Operations (SecOps) arguably seeing the most investment among the various cybersecurity categories.Kamal and I will walk through the actual state of AI in SecOps, how AI is impacting the future of the SOC, what hype vs. reality is, and much more.

Got a question or comment? Message us here!In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world. If you've ever wondered how someone can just walk right in and blend into a company they don't work for… this one's for you. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Newly discovered malicious .NET packages attempt to deliver a time-delayed attack targeting ICS systems. https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Side Channel Leaks in Encrypted Traffic to LLMs Traffic to LLMs can be profiled to discover the nature of prompts sent by a user based on the amount and structure of the encrypted data. https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

Stop data brokers from exposing your personal information. Go to my sponsor⁣ https://aura.com/matt to get a 14-day free trial and see how much of yours is being sold⁣ ⁣ John Boseak is a notorious cyber criminal & the most prolific manufacturer of counterfeit credit cards in the international cyber crime industry.⁣ ⁣ Johns Channel https://www.youtube.com/boseakconundrum⁣ ⁣

Send us a textIn this episode of Serious Privacy, Ralph O'Brien and Dr. K Royal discuss the weekly news, including the Google settlement in Texas, ClearviewAI and much more. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Chris Rock is a cyber mercenary who has worked in the Middle East, US and Asia for the last 30 years, working for both government and private organizations. He is the Chief Information Security Officer and co-founder of SIEMonster. In this episode, Rock joins host Heather Engel to discuss his book, "The Baby Harvest," which sheds light on how criminals are making and raising virtual babies to adulthood to be put on the shelf for money laundering, fraud and drug and firearm importation. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Ars Technica reported that Meta will soon be using AI interactions to personalize content and ad recommendations without giving users a way to opt out. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

This episode proves that nothing gold can stay, especially your 401k, as we kick things off with the revelation that October saw the worst tech layoffs since 2003, all while "Big Short" genius Michael Burry decided to bet a billion dollars on the inevitable AI bubble bursting. The villains of the week are legion: the FCC is officially making it easier for internet companies to charge us even more hidden fees; Elon Musk not only got his $1 trillion pay package approved—despite Tesla sales collapsing nearly 90% in some countries—but he also teased a flying car, clearly living in his own "Golden Dome" fantasy, which the Pentagon is happily subsidizing; and in a stunning display of entitlement, Mark Zuckerberg opened an illegal school, which is somehow less shocking than Meta's claim that their massive porn stash was purely for "personal use," not AI training. The bad news doesn't stop there, with Texas suing Roblox over 'pixel pedophiles,' though at least a rural Michigan healthcare system is doing some good by using drones to improve care.Jumping over to Media Candy, since we're all emotionally scarred by the sheer awful-ness of The Witcher S4—a season so bad it "broke" The Critical Drinker—we need some comfort viewing. We're deep-diving into the political chess of The Diplomat and escaping into the sheer volume of competitive cooking shows, including the standard Halloween and Holiday Baking Championships, plus the delightfully ridiculous Harry Potter: Wizards of Baking S2; we also took a look at Pluribus, Knife Edge, Black Rabbit, and the trailer for Tron: Ares, while cheering the fact that Brendan Fraser and Rachel Weisz are set to revive The Mummy franchise for a fourth film. In Apps & Doodads, we're all mourning the eventual death of simple, good tech as we're warned to enjoy Apple CarPlay while we still can, but at least the Lego ‘Star Trek' Set is finally here for our inner child; the real question, though, is why Automattic Inc. thinks they can claim ownership of the actual word 'Automatic.'Finally, The Dark Side with Dave Bittner reminds us that everything old is new again and ripe for monetization, whether it's Miss Piggy potentially bringing back The Muppets to the movies or the sleek, blacked-out remake of the Commodore 64, not to mention that cool Tron Arcade Cabinet Miniature Model. However, the present is still a complete dumpster fire: a Google AI model allegedly accused a senator of sexual assault, and internal documents show that Meta is earning a fortune on a massive deluge of fraudulent ads, proving that the only thing getting healthier is our paranoia, though Dave did throw in a curveball with some special jar lids and seeds for growing organic sprouts. We finish, as always, with the obligatory Closing Shout-Outs because even cynical geeks need validation.Sponsors:MasterClass - Get an additional 15% off any annual membership at MASTERCLASS.com/GRUMPYOLDGEEKSGusto - Try Gusto today at gusto.com/grumpy, and get three months free when you run your first payroll.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/721FOLLOW UPOctober Layoffs Were the Worst Since 2003 and Hit Tech Workers HardIN THE NEWSThe Big Short Guy Just Bet $1 Billion That the AI Bubble PopsTrump's FCC is officially moving to make it easier for internet companies to charge hidden feesPentagon will reportedly award SpaceX a $2 billion contract to help develop the 'Golden Dome'Elon Musk teases a flying car on Joe Rogan's showTesla's Sales Collapsed Nearly 90 Percent in Some Countries Last MonthTesla shareholder meeting updates: Elon Musk gets his $1 trillion pay packageTexas AG sues Roblox, accusing it of prioritizing 'pixel pedophiles' over child safetyMark Zuckerberg Opened an Illegal School at His Palo Alto Compound. His Neighbors RevoltedMeta Says Porn Stash was for ‘Personal Use,' Not Training AI ModelsHow a rural Michigan healthcare system is using drones to improve careMEDIA CANDYThe DiplomatHalloween Baking ChampionshipHoliday Baking ChampionshipHarry Potter: Wizards of Baking S2PluribusKnife Edge: Chasing Michelin StarsBlack RabbitTron: AresThe Witcher S4The Witcher Season 4 - A Show So Awful, It Broke Me by The Critical DrinkerBrendan Fraser, Rachel Weisz Set to Revive The Mummy Franchise with Fourth FilmAPPS & DOODADSEnjoy CarPlay While You Still CanThe Lego ‘Star Trek' Set Is Here, and It's Exactly What You WantAutomattic Inc. Claims It Owns the Word 'Automatic'THE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingMiss Piggy May Bring ‘The Muppets' Back to the MoviesRelive the Commodore 64's glory days with a slimmer, blacked-out remakeShow and Tell: Tron Arcade Cabinet Miniature ModelGoogle removes AI model after it allegedly accused a senator of sexual assaultSprouting Jar Lid (32oz Glass Jars) with 4 Pack Stainless Steel Sprouting Stands for Wide and Wide Mouth Mason Jar for Growing Organic Sprouts, Stainless Steel, 4 PackOrganic Radish Sprout Seeds (16 oz) – Non-GMO, Heirloom Seeds for Sprouting and MicrogreensMeta is earning a fortune on a deluge of fraudulent ads, documents showSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20Diary%5D/32454 RondoDox v2 Increases Exploits The RondoDox (or RondoWorm) added a substantial amount of new exploits to its repertoire. https://beelzebub.ai/blog/rondo-dox-v2/ Google Chrome Updates Google released an update for Google Chrome addressing five vulnerabilities. https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities Cisco patched two critical vulnerabilities in its Contact Center Express software. These vulnerabilities may lead to a full system compromise. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

In this episode of Resilient Cyber, I sit down with longtime industry AppSec leader and Founder/CTO of Contrast Security, Jeff Williams, along with Contrast Security's Sr. Director of Product Security Naomi Buckwalter, to discuss all things Application Detection & Response (ADR), as well as the implications of AI-driven development.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation vulnerabilities in Microsoft Teams https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/ NViso Report: VSHELL NViso published an amazingly detailed report describing the remote control implant VSHELL. The report includes details about the inner workings of the tool as well as detection ideas. https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool

durée : 00:03:35 - Un monde connecté - par : François Saltiel - Le 6 novembre, c'est la Journée nationale de lutte contre le (cyber) harcèlement scolaire, l'occasion de revenir sur ce fléau autour de différentes études.

In this urgent and eye-opening episode of Life of a CISO, Dr. Eric Cole dives into one of the most consequential moments in U.S. cybersecurity history: the expiration of the Information Sharing Act of 2015, which quietly lapsed the same day the government shut down. Dr. Cole explains how this coincidence has effectively cut off the flow of critical cyber threat intelligence between the U.S. government and private sector, leaving organizations blind to emerging attacks and operating at a major disadvantage. He breaks down the data-driven realities every CISO must communicate to their executive teams: The collapse of formal information sharing protections and the resulting liability risks for companies. The severe reduction of federal cybersecurity capacity, with 65% of CISA furloughed. The surge in cyberattacks from foreign adversaries exploiting U.S. vulnerability. Practical strategies for regaining the upper hand—reducing attack surfaces, deploying AI-based threat detection, and reassessing over-reliance on cloud providers following suspicious AWS and Microsoft outages. Dr. Cole urges CISOs to lead with data, not emotion, and to act decisively in this new era of "cyber wartime." Whether you're an executive or a security professional, this episode delivers the critical insights and strategic playbook you need to safeguard your organization when the nation's early warning system has gone dark.  

 In this second episode of the special AI mini-series, we now explore the human side of transformation, where technology meets purpose and people remain at the center. From future jobs and critical thinking to working with C-level leaders, how human intervention and high-quality data drive success in an AI-powered world.This week, Dave, Esmee, and Rob talk to Indhira Mani, CDO at Intact Insurance UK, about the Love for data, insights on leadership, resilience, and preparing the next generation for what's next.    TLDR:01:30 Introduction of Indhira Mani and Scotch whisky05:45 Explaining the State of AI mini-series with Craig07:12 Conversation with Indi about her boyfriend called Data 38:33 Umbrella Sharing in Japan and the trust on AI45:15 The British Insurance Award and Women in Tech finalist GuestIndhira Mani: https://www.linkedin.com/in/indhira-mani-data/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

If you like what you hear, please subscribe, leave us a review and tell a friend!

Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump's first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn't achieve Trump's broader policy goal of ousting Venezuelan leader Nicolás Maduro. They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies. This episode is also available on Youtube. Show notes

A majority of Irish organisations have enhanced cybersecurity measures in recent months yet under-investment in key areas of training and compliance, ongoing talent shortages and AI-powered cyber threats continue to be areas of concern for Irish cyber leaders. That's according to EY Ireland's inaugural Cyber Leaders Index, which surveyed 165 of Ireland's senior cyber leaders with a particular focus on the corporate, health and life sciences and government sectors. 83% of Irish cyber leaders report enhancing cybersecurity measures over the past six months, with nearly a third (32%) noting an increase in budgets, while two thirds (67%) report investment holding steady. However, more than 70% of cyber leaders report difficulties securing budget for staff cyber awareness training. 43% cited challenges in securing budget for hiring and retaining skilled personnel, which remains a key challenge for cyber leaders. Nearly half (48%) of cyber leaders identified AI and data security as a top priority for the year ahead, and many organisations are adapting their practices in response to the EU AI Act. Yet 44% say they face challenges securing budget for AI-related security initiatives, suggesting that investment is not keeping pace with strategic intent. This may reflect internal competition for AI budgets, rather than reluctance to invest in cybersecurity, and embedding cybersecurity into AI efforts positions the function as a driver of growth and advantage. Almost seven in ten (68%) of respondents said that protecting against supply chain and vendor-related threats is a top priority within their cybersecurity programmes, however only 4% identify third-party vendor risk as one of their main concerns. Compliance with relevant regulations and data privacy laws such as NIS2 was cited as a priority by 39% of respondents, while the EU AI Act is also having an impact with nearly half (47%) of the leaders surveyed stating they have updated their data handling and monitoring practices and four in ten (39%) having updated their data protection impact assessment systems. Puneet Kukreja, Technology Consulting Partner and Head of Cyber at EY Ireland said: "In an AI-driven world where algorithms and code are reshaping both attacks and defences, cyber risk is no longer something to eliminate, it must be managed with precision. This shift demands that cyber leaders evolve from engineers and managers to architects of trust, with a seat and a voice at the top table where strategic decisions are made and budgets are shaped. Cyber threats are escalating, with major breaches reported almost every week, and it's clear that defences are only as strong as their weakest point. Yet investment is not always going where it matters most, with gaps in staff training and talent retention remaining areas of concern." Carol Murphy, Consulting Partner and Head of Markets at EY Ireland said: "Irish organisations are strengthening their cyber resilience, with most reporting enhanced defences and stable or increased budgets. The challenge now is to direct that investment towards people and partnerships, ensuring teams are trained, supported and equipped to manage the growing demands of compliance and third-party risk. Organisations must prioritise the continuous training and wellbeing of their cyber teams, recognising that resilience depends as much on people as it does on technology." Burnout Risk As Cyber Threats Remain A Top Concern Burnout and fatigue amongst cyber leaders have been identified as growing resilience risks for Irish organisations, with 37% of those surveyed reporting concern about the gaps in their organisation's cyber risk coverage. More than one in four (26%) of respondents reported negative impacts on their mental health. Puneet Kukreja said: "Our research shows that stress is fast becoming a hidden cyber risk for organisations. Cyber risk is constant, and that unrelenting pressure is taking a toll on the people who defend against it. Burnout does...

From ransomware to technical breakdowns, Allianz identifies supply chain disruptions as a major factor behind losses across manufacturing, retail, and professional services sectors. To watch the full interview … Read More » The post Inside Allianz's Cyber Report – Supply Chain Risks on the Rise appeared first on Insurance Journal TV.

From ransomware to technical breakdowns, Allianz identifies supply chain disruptions as a major factor behind losses across manufacturing, retail, and professional services sectors. To watch the full interview … Read More » The post Inside Allianz's Cyber Report – Supply Chain Risks on the Rise appeared first on Insurance Journal TV.

Reconnaissance faciale, police prédictive, Chat Control : quel prix pour nos libertés ?Caméras intelligentes, reconnaissance faciale, police prédictive : la surveillance algorithmique s'installe partout en France. Promises comme des outils de sécurité, elles posent pourtant une question centrale : jusqu'où peut-on sacrifier nos libertés au nom de la protection ?Félix Treguer (Quadrature du Net) décrypte avec nous les dérives de la technosurveillance. Nous explorons l'essor massif de la vidéosurveillance, les risques discriminatoires liés aux algorithmes, l'absence totale d'évaluation malgré des milliards dépensés, et les implications politiques de mesures comme le Chat Control.

Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them. https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics Google Android Patch Day Google released its usual monthly Android updates this week https://source.android.com/docs/security/bulletin/2025-11-01

On this episode of Bounced From The Roadhouse:Special Guests in 4B:truckVegas new Cyber forcecoffee drivingStupid CriminalWeird TextE-Shoes Stupid CriminalWYR - Would you rather give up caffeine or give up… adult activities for a month?Spotify StreamsDrake Fake StreamersThat's a Great QuestionWorker Refuses to return coworker salariesTik Tok PurchaseRice HondaQuestions? Comments? Leave us a message! 605-343-6161Don't forget to subscribe, leave us a review and some stars Hosted on Acast. See acast.com/privacy for more information.

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this week's episode of the Security Squawk Podcast, Bryan Hornung, Randy Bryan, and Reginald Andre break down three major cybersecurity incidents that show how no industry is immune — from universities and government contractors to the British Library itself. We dig into a 1.2 million-record donor data breach, a ransomware-driven shutdown, and the growing supply-chain risk for MSPs and IT providers. Tune in for sharp analysis, real-world lessons, and actionable advice to protect your business from being the next victim. Cybersecurity podcast, data breach, ransomware, MSP, vendor risk, university breach, British Library, Conduent, IT security trends ️ New to streaming or looking to level up? Check out StreamYard and get $10 discount! https://streamyard.com/pal/d/65161790...

XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Number Generator Bug The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html SleepyDuck malware invades Cursor through Open VSX Yet another Open VSX extension stealing crypto credentials https://secureannex.com/blog/sleepyduck-malware/

If you like what you hear, please subscribe, leave us a review and tell a friend!

The FCC plans to roll back cybersecurity mandates that followed Salt Typhoon. The alleged cybercriminal MrICQ has been extradited to the U.S. Ransomware negotiators are accused of conducting ransomware attacks. Ernst & Young accidentally exposed a 4-terabyte SQL Server backup. A hacker claims responsibility for last week's University of Pennsylvania breach. The UK chronicles cyberattacks on Britain's drinking water suppliers. Monday business brief. Our guest is Caleb Tolin, host of Rubrik's Data Security Decoded podcast. Hackers massage the truth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Tolin, host of Rubrik's Data Security Decoded podcast, as he is introducing himself and his show joining the N2K CyberWire network. You can catch new episodes of Data Security Decoded the first and third Tuesdays of each month on your favorite podcast app. Selected Reading FCC plans vote to remove cyber regulations installed after theft of Trump info from telecoms (The Record) Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody (Krebs on Security) Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks, FBI says (Chicago Sun Times) Ernst & Young cloud misconfiguration leaks 4TB SQL Server backup on Microsoft Azure (Beyond Machines) Penn hacker claims to have stolen 1.2 million donor records in data breach (Bleeping Computer) Hackers are attacking Britain's drinking water suppliers (The Record) JumpCloud acquires Breez. Chainguard secures $280 million in growth financing. Sublime Security closes $150 million Series C round. (N2K Pro) Hackers steal data, extort $350,000 from massage parlor clients (Korea JoongAng Daily) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440 BADCANDY Webshell Implant Deployed via The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy Improvements to Open VSX Security In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident. https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025

Problemi di Cyber security, come proteggersi al meglio. Travisate senza Previ, le segnalazioni censurate trovano finalmente spazio.

If you like what you hear, please subscribe, leave us a review and tell a friend!

What does cybersecurity look like beyond Earth's atmosphere? That's the question at the heart of this conversation with Kristiina Omri, Vice President of Special Programs at CybExer Technologies, and Aare Reintam, the company's COO. We met in Tallinn on the eve of the Software Defined Space Conference to explore how Estonia, in collaboration with the European Space Agency, is helping define the future of space cybersecurity through the world's first Space Cyber Range. The story begins unexpectedly—with a childhood memory of marmalade in a tube, the same kind sent to Soviet astronauts in orbit. For Aare Reintam, that small detail became the first spark of fascination with space, one that decades later evolved into CybExer's partnership with ESA. Together they've created a digital testing environment where satellites, ground stations, and communication protocols can be stress-tested for cyber resilience long before launch.  It's a bold move in an era when satellites underpin everything from GPS and precision farming to air travel and climate observation, yet often rely on decades-old technology vulnerable to attack. Kristiina Omri explains how the Space Cyber Range replicates real-world missions, allowing engineers and analysts to train under simulated attack conditions that feel indistinguishable from their actual control systems. The range combines the precision of digital twins with the competitive intensity of cyber exercises, preparing teams for threats that can ripple from orbit to everyday life on Earth. The conversation covers everything from the growing space-debris crisis to the global shortage of cybersecurity professionals, and the urgent need to blend space engineering with cyber education. We also discuss the deeper strategic implications. What happens when quantum computing enters the battlefield? How should Europe prepare for the convergence of cyber and kinetic threats in orbit? And what lessons can be learned from Estonia's leadership in NATO cyber defense as it extends that expertise to the stars? By the end of the discussion, one theme stands out clearly: the future of cybersecurity is no longer confined to our planet. From digital twins to orbital trust networks, CybExer Technologies and the European Space Agency are proving that the next frontier for cyber readiness lies in space itself.

This week's episode started with the usual existential sigh before tumbling straight into the corporate bloodbath. Amazon chopped 14,000 jobs under the noble banner of “embracing AI,” which CEO Andy Jassy insists isn't about money—despite swimming Scrooge McDuck–style in profit. GM's cutting 1,700 workers, YouTube's dangling “voluntary” buyouts, and economists can't decide if AI is killing jobs or if the economy's just trash. Microsoft's winning either way, sitting pretty on OpenAI's planned $1 trillion IPO, while Meta stock cratered because Zuckerberg's still shoveling billions into the AI bonfire instead of quietly burying the metaverse. Meanwhile, Elon managed to cram a week's worth of disasters into a single news cycle: Tesla's being probed for its idiotic “Mad Max” mode, recalling thousands more Cybertrucks because they can't figure out glue, launching Grokipedia (Wikipedia's evil twin), and turning Truth Social into a crypto casino. Somewhere between the chaos, more people tuned into a fake NVIDIA livestream than the real one, and the only vaguely uplifting story was a grieving family using an AI chatbot to hack a $195K hospital bill down to $33K.In media misery, we soothed our nuclear anxiety with A House of Dynamite, tolerated Welcome to Derry, rolled our eyes at Stranger Things 5, and confirmed Slow Horses still rules. Music listeners, please stop streaming fascism—cancel Spotify. On the tech toy front, Grammarly's having an identity crisis as “Superhuman,” Affinity caved to the subscription gods, and Apple's prepping to inject ads into Maps because the world wasn't already annoying enough. The chaos didn't stop there: a rogue Goodreads librarian rewrote Trump's book listings to protest censorship, Cursor 2.0 actually impressed us with a working currency converter, and Enshittification: Why Everything Suddenly Got Worse and What to Do About It turned out to be the perfect title for the entire digital era.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordMasterClass - Get an additional 15% off any annual membership at MASTERCLASS.com/GRUMPYOLDGEEKSCleanMyMac - clnmy.com/GrumpyOldGeeks - Use code OLDGEEKS for 20% off.Show notes at https://gog.show/720FOLLOW UPWhat both sides of America's polarized divide share: Deep anxieties about the meaning of life and existence itself720° © 1986 Atari Games.IN THE NEWSAmazon cuts its workforce by 14,000 in further embrace of AIIs AI Leading to Layoffs or Does the Economy Just Suck?Amazon CEO Now Says AI Is Not Responsible for Recent LayoffsAmazon Accused of Trapping Drivers in AI PanopticonGM lays off 1,700 workers making EVs and batteries in Michigan, TennesseeTesla Recalls Thousands More Cybertrucks, Is Bad at Gluing ThingsYouTube is offering employees buyouts as part of an AI-focused reorganizationEveryone Is Laying People Off This Week. Researchers Say They're Going to Regret ItOpenAI completes restructure, solidifying Microsoft as a major shareholderOpenAI lays groundwork for juggernaut IPO at up to $1 trillion valuationMeta Stock Plummets as Investors Horrified at How Much Zuckerberg Is Spending on Misfired AIFederal investigators are looking into Tesla's Mad Max mode, which reportedly defies speed limitsGrokipedia Is the Antithesis of Everything That Makes Wikipedia Good, Useful, and HumanMore people watched a fake NVIDIA livestream than the real thingTrump's Media Company Set To Roll Out Polymarket-Like Prediction Market on Truth SocialSurprising no one, researchers confirm that AI chatbots are incredibly sycophanticGrieving family uses AI chatbot to cut hospital bill from $195,000 to $33,000 — family says Claude highlighted duplicative charges, improper coding, and other violationsMEDIA CANDYA House of DynamiteWelcome to DerryStranger Things 5 | Official Trailer | NetflixSlow HorsesDon't Stream Fascism: Cancel SpotifyAPPS & DOODADSGrammarly has rebranded to SuperhumanAffinity's image-editing apps go “freemium” in first major post-Canva updateApple is reportedly getting ready to introduce ads to its Maps appRogue Goodreads Librarian Edits Site to Expose 'Censorship in Favor of Trump Fascism'Introducing Cursor 2.0 and ComposerEnshittification: Why Everything Suddenly Got Worse and What to Do About It by Cory DoctorowThe Disenshittify ProjectCurrency ConverterSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436 Proton Breach Observatory Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public. https://proton.me/blog/introducing-breach-observatory Microsoft Exchange Server Security Best Practices A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server. https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d MOVEit Vulnerability Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past. https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025

How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432 Microsoft Azure Front Door Outage Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services. https://azure.status.microsoft/en-us/status Docker-Compose Vulnerability A vulnerability in docker-compose may be used to trick users into creating files outside the docker-compose directory https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q

Sarah Powazek, Director of the Public Interest Cybersecurity Program at UC Berkeley's Center for Long-Term Cybersecurity, and Michael Razeeq, Nonresident Fellow at the Public Interest Cybersecurity Program, join Lawfare's Justin Sherman to discuss the cyber threats facing states, what options and resources states currently have to address cybersecurity problems, and how the concept of state cyber corps and volunteer programs fits into the picture. They also discuss how states can stand up a cyber corp or volunteer program, including recruiting and retaining talent; the impact of federal workforce and spending cuts on states' cybersecurity capacities; and what future state and federal action on cybersecurity could do to improve states' cyber postures.For more on this topic, see:Sarah Powazek and Grace Menna, “The Roadmap to Community Cyber Defense,” June 2025, UC Berkeley Center for Long-Term CybersecurityCyber Resilience Corps websiteTo receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.