Podcasts about Cyber

Send us a textPeaches is back in the Ones Ready Team Room with another no-BS drop that'll make the Pentagon sweat. From the government shutdown that's starving paychecks to the beefy boys rolling off bread trucks in Chicago, this episode rips through every headline the brass wishes you'd ignore. Peaches calls out the “financially illiterate” lifestyle of troops living beyond their means, laughs at the Army Corps' endless postponements, and lights up DoD's hilariously outdated cybersecurity systems. Then it's on to the Marines flexing “maritime domain awareness” for an attaboy, the Air Force's missileer cancer scare, and the Space Force trying to sound cool with “hypersonic challenges.” Oh—and the Coast Guard Cutter Midgett (yes, really) returns from busting drug runners like it's the sequel to Narcos. Top it off with Peaches' unfiltered rant on false IG complaints, whistleblowers, and accountability. The episode ends with updates on the sold-out Nashville Operator Training Summit and a sneak peek at the next Vegas OTS—because rest is for civilians.⏱️ Timestamps: 00:00 – Hydration, Hoist, and Old Man Midnight Sips 02:30 – The Shutdown Circus: Paychecks, WIC, and Why You're Broke 04:50 – Fat Troops and Bread Trucks in Chicago 07:15 – Cybersecurity Theater: Outdated Systems and Cheesy Training 09:25 – Marines Celebrate “Maritime Domain Awareness” (Whatever That Means) 11:50 – Missileers, Cancer, and the HunterSeven Lifeline 13:10 – Tac-P Documentary: Filthy Legends, Must-Watch History 14:15 – Inspector General Reform: Bye-Bye Anonymous Whiners 17:00 – Presidential Directives, Bureaucratic Chaos, and Infrastructure BS 18:50 – Nashville OTS Recap + Sneak Peek: Vegas Summit Locked In

DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its telecom data breach disclosure rule. Experts warn of teen recruitment in pro-Russian hacking operations. Ukraine's parliament approves the establishment of Cyber Forces. Troy Hunt criticizes data breach injunctions as empty gestures. Our guest is Sarah Graham from the Atlantic Council's Cyber Statecraft Initiative (CSI) discussing their report, "Mythical Beasts: Diving into the depths of the global spyware market." And, Spy Dog's secret site goes off leash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Sarah Graham from the Atlantic Council's Cyber Statecraft Initiative (CSI) discussing their work and findings on "Mythical Beasts: Diving into the depths of the global spyware market." Selected Reading Homeland Security Cyber Personnel Reassigned to Jobs in Trump's Deportation Push (Bloomberg) Massive DDoS Attack Knocks Out Steam, Riot, and Other Services (Windows Report) Hackers claim Discord breach exposed data of 5.5 million users (Bleeping Computer) The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous (FortiGuard Labs) The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors (Huntress) Court Pauses FCC Data Breach Rules as Agency Takes New Look | Regulation (Cablefax) Arrests Underscore Fears of Teen Cyberespionage Recruitment (Data Breach Today) Ukraine's parliament backs creation of cyber forces in first reading (The Kyiv Independent) Troy Hunt: Court Injunctions are the Thoughts and Prayers of Data Breach Response (Troy Hunt) Spy Dog: Children's books pulled over explicit weblink (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option. https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 Framelink Figma MCP Server CVE-2025-53967 Framelink Figma s MCP server suffers from a remote code execution vulnerability.

What would happen if your freight data got hacked before your trucks even hit the road? In this episode, NMFTA's Joe Ohr digs into how cybersecurity threats are evolving fast across freight and supply chains, from stolen tequila loads rerouted through digital trickery to insider risks hiding in forgotten system logins! We talk about why cyber protection isn't just an IT problem anymore, but also a business survival issue, how AI is changing the game for detecting and responding to cyberattacks, and the upcoming NMFTA Cybersecurity Conference in Austin, a must-attend event where industry leaders share practical defense strategies, run hands-on tabletop exercises, and build real plans companies can use immediately. Cyber threats are only getting smarter, and if you're not training, auditing access, and collaborating with others in the industry, you're already behind, so keep tuning in to our conversation!   About Joe Ohr Joe Ohr has more than two decades of experience in technical operations, customer success management, customer support, and product support. Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity. Prior to Ohr's role at NMFTA, he served as in numerous engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs. Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals. He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs.  

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems. https://strikeready.com/blog/0day-ics-attack-in-the-wild/ Unity Editor Vulnerability CVE-2025-59489 The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions https://unity.com/security/sept-2025-01

The DataTribe Challenge is a launchpad for elite cybersecurity and cyber-adjacent startups ready to break out. 2025 marks the 8th annual edition of the event with a change in venue and some exciting new updates. We take you on a journey from inception with Leo Scott, Managing Director and Chief Innovation Officer at DataTribe, and 3 past DataTribe Challenge winners at different levels on their growth tracks following their participation in the event. You'll meet Anita D'Amico, former CEO of Code DX (acquired by Synopsis in 2021) and 2019 winner; Greg Baker, Co-Founder of Balance Theory and 2022 winner; and Brian Proctor, Founder and CEO of Frenos and 2024 winner. Learn more about your ad choices. Visit megaphone.fm/adchoices

Viewpoint This Sunday with Malcolm Out Loud – Pres. Trump, along with the OMB, says this is an opportune time to drastically reduce government agencies. Senator Ron Johnson talks about the dysfunction and seriousness of the moment. How Many of Our Cities are Encircled By A Ring of Foreign Surveillance Telecom Networks? Chris Hoar, a telecom expert, along with Lt. Dave Smith talks about the threat...

Viewpoint This Sunday with Malcolm Out Loud – Pres. Trump, along with the OMB, says this is an opportune time to drastically reduce government agencies. Senator Ron Johnson talks about the dysfunction and seriousness of the moment. How Many of Our Cities are Encircled By A Ring of Foreign Surveillance Telecom Networks? Chris Hoar, a telecom expert, along with Lt. Dave Smith talks about the threat...

Need for Pentagon Leadership in Fortifying US Infrastructure Against Adversaries Guest Name: Henry SokolskiSummary: Russia is allegedly already waging hybrid war against the EU via cable cutting and cyber assaults, which is expected to reach the US. The US is unprepared organizationally. The Pentagon (Secretary of Defense) should lead hardening and proliferation efforts for targets like the electric grid and nuclear plants, but they are currently resistant to doing so publicly. 1960

Need for Pentagon Leadership in Fortifying US Infrastructure Against Adversaries Guest Name: Henry SokolskiSummary: Russia is allegedly already waging hybrid war against the EU via cable cutting and cyber assaults, which is expected to reach the US. The US is unprepared organizationally. The Pentagon (Secretary of Defense) should lead hardening and proliferation efforts for targets like the electric grid and nuclear plants, but they are currently resistant to doing so publicly.

In this captivating episode of Healthy Mind, Healthy Life, award-winning author and National Geographic explorer Chip Walter joins Avik to explore a bold and unsettling question: Are we evolving into cyber sapiens—beings that transcend biology through technology? From brain implants to AI-human integration, Chip discusses how the next phase of human evolution might blur the line between man and machine. They also delve into the race for digital immortality, Silicon Valley's ambition to defeat death, and what it all means for our future as a species. About the Guest:Chip Walter is a six-time author, filmmaker, former CNN bureau chief, and National Geographic explorer. His work explores the wonders of human evolution, the ethics of artificial intelligence, and the pursuit of longevity. His latest novel Doppelgänger imagines a future where a man uploads his mind into a cyborg to solve his own murder. Chip also documents his global travels at vagabondadventure.com. Key Takeaways: Cyber Sapiens may be the next evolutionary leap as humans integrate with machines to stay relevant. The concept of uploading consciousness is no longer just sci-fi—serious scientists and tech moguls are investing in this pursuit. Longevity research aims not just to extend life, but to cure aging at its root. Evolution isn't just biological anymore—technology is now the primary driver. If misused, these advancements could lead to inequality or even humanity's obsolescence. Connect with Chip Walter: Visit: https://vagabond-adventure.com/ Check out his book Doppelgänger for a gripping sci-fi perspective on our techno-future. Want to be a guest on Healthy Mind, Healthy Life? DM on PodMatchDM Me Here: https://www.podmatch.com/hostdetailpreview/avikTune to all our 15 podcasts: https://www.podbean.com/podcast-network/healthymindbyavikSubscribe To Newsletter: https://healthymindbyavik.substack.com/Join Community: https://nas.io/healthymind Stay Tuned And Follow Us!• YouTube – https://www.youtube.com/@healthymind-healthylife• Instagram – https://www.instagram.com/healthyminds.pod• Threads – https://www.threads.net/@healthyminds.pod• Facebook – https://www.facebook.com/podcast.healthymind• LinkedIn – https://www.linkedin.com/in/reemachatterjee/ | https://www.linkedin.com/in/avikchakrabortypodcaster #podmatch #healthymind #healthymindbyavik #wellness #AIethics #cybersapiens #longevity #digitalimmortality #transhumanism #futureofhumanity #chipwalter

The world is a dumpster fire, confirmed. Following California's landmark AI safety bill SB 53, the head of Nvidia is allegedly "quaking in his boots"—which is a good sign, unlike the news that the "Nirvana Baby" Spencer Elden's lawsuit was finally dismissed. Meanwhile, corporate America continues its pivot to chaos: Spotify shuffled its execs, Meta is charging UK users for ad-free Facebook and Instagram, and the UK is introducing digital ID cards (Hello, Mark of the Beast). The entire internet is now dominated by bots, proving the Cracker Barrel logo outrage was manufactured, a fact that's somehow less depressing than the FCC accidentally leaking iPhone schematics. Naturally, Alphabet just paid $22 million to settle President Trump's YouTube lawsuit, confirming that legal threats are the new VC funding. Disney is panicking over an "AI Actress," sending cease and desist letters to Character.AI, while OpenAI rolls out its new Sora app and ChatGPT's ability to buy things for you, proving it's determined to turn the internet into one seamless, copyright-infringing shopping mall, and it's now worth more than Elon Musk's SpaceX.The ensuing boredom demands new media, though the pacing is terrible in everything: Slow Horses Season 5 and Human: Neanderthal Encounters are great, but even the original Matrix and Frankenstein trailer (by Guillermo del Toro) feel slow, confirming the Princess Bride litmus test. MXV's Riot Fest photos were rad, and Disney lost 1.7M subs after suspending Kimmel, which is why YouTube Music is testing AI hosts (who will only be wrong), and the Pivot Tour is happening. Our Apps & Doohickeys department confirms security is an afterthought: macOS 26 unlocked the Journal app, but the smart glasses race is fully on, and Logitech's new keyboard can be recharged by any light (finally, tech that works!). Amazon Fire TV is expected to ditch Android for Linux, Meta introduced the AI-filled Vibes feed, and Tile trackers were found to have a stalking flaw—a fact only slightly more depressing than the swift failure of the Neon call-recording app and the continued existence of the Comet browser. Finally, The Dark Side with Dave celebrated the low-budget charm of Blue Thunder and the necessity of Disney Park Ride Overlays, while Dave embarked on his quest to unbox the Home Depot R2D2. We thank our patrons for keeping this beautiful noise alive and pay tribute to the amazing Jane Goodall.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/716FOLLOW UPCalifornia Governor Newsom signs landmark AI safety bill SB 53Nvidia Is Quaking in Its Boots‘Nirvana Baby' Spencer Elden's ‘Nevermind' Suit Dismissed AgainIN THE NEWSSpotify Appoints New CEOs as Daniel Ek Becomes Executive ChairMeta announces paid subscriptions for both Instagram and Facebook in the UKUK announces plans for digital ID cardsOpenAI's New Sora App Lets You Deepfake Yourself for EntertainmentThe First 24 Hours of Sora 2 Chaos: Copyright Violations, Sam Altman Shoplifting, and MoreOpenAI Rolls Out ChatGPT's Ability to Buy Stuff for YouOpenAI Is Now Worth More on Paper Than SpaceX, Catches Up to Elon Musk HimselfDisney sends cease and desist letter to Character.AICreator of “AI Actress” Responds to Near-Universal BacklashFCC accidentally leaked iPhone schematics, potentially giving rivals a peek at company secretsAlphabet will pay $22 million to settle President Trump's YouTube lawsuitCracker Barrel Outrage Was Almost Certainly Driven by Bots, Researchers SayMEDIA CANDYMXV's Riot Fest PhotosSlow Horses Season 5Frankenstein | Guillermo del Toro | Official Trailer | NetflixHuman: Neanderthal EncountersPivot TourYouTube Music is testing AI hosts that present relevant stories, trivia and commentaryHow Many Streaming Subscribers Did Disney Lose After Suspending Kimmel?APPS & DOODADSmacOS 26 unlocks the real potential of Apple's Journal appThe smart glasses race is really on nowLogitech's new keyboard can be recharged by any kind of lightAmazon Fire TV devices expected to ditch Android for Linux in 2025Meta introduces Vibes feed for AI generated contentNeon, an App That Pays to Record Your Phone Calls Hit #2 on the App Store, Taken Down Over Security FlawTile trackers reportedly have a security flaw that can let stalkers track your locationComet - The browser that works for youTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Princess BrideBlue ThunderThe Best Disney Park Ride Overlays, and Where to Find ThemHome Depot R2D2 Unboxing and Assembly!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages TOTOLINK X6000R Vulnerabilities Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers. https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ DrayOS Vulnerability Patched Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

The National Security Hour with Major Fred Galvin – For centuries, America's enemies revealed themselves through uniforms on the battlefield. Later, terrorist organizations blended into civilian populations. But today, in the era of cyber warfare, our enemies strike from the shadows—stealthy, anonymous, and devastating. Now, the next great battlefield isn't fought with tanks or rifles, but with...

Watch out for cyber scammers for those who are off work due to the Government shutdown. The ASL association has postponed its walk this weekend due to shut down. American Airlines is changing the way to book flights based of AI.  Make sure to also keep up to date with ALL our podcasts we do below that have new episodes every week:The Thought ShowerLet's Get WeirdCrisis on Infinite Podcasts

In this episode of Resilient Cyber, I sit down with repeat guest Snehal Antani, who serves as the Co-Founder & CEO of Autonomous Pen Testing leader Horizon3.ai.We will discuss the latest developments in AI and Autonomous Pen Testing, as well as the tremendous growth and success of Horizon3.ai, as Snehal balances technical topics with business-centric hard won wisdom of growing an industry leading organization.

The National Security Hour with Major Fred Galvin – For centuries, America's enemies revealed themselves through uniforms on the battlefield. Later, terrorist organizations blended into civilian populations. But today, in the era of cyber warfare, our enemies strike from the shadows—stealthy, anonymous, and devastating. Now, the next great battlefield isn't fought with tanks or rifles, but with...

If you like what you hear, please subscribe, leave us a review and tell a friend!Multiple cybersecurity incidents continue to affect users worldwide, including spyware campaigns impersonating popular messengers, IoT and Oracle apps exploited in phishing and extortion attacks, and hospital and nursery data breaches exposing sensitive information. Companies like Google, Georgia Tech, Renault, and Chrome users are impacted by updates, settlements, or data leaks, highlighting ongoing risks in digital security.

 Colonel Jeff McCausland observes that Europe is preparing to deal with Russia's hybrid warfare (drones, cyber, incursions) independently, driven by the belief that the Trump administration is prioritizing homeland defense. European leaders are discussing a "drone wall" and achieving 5% GDP defense spending. McCausland also analyzes the 20-point Gaza peace plan, which involves an immediate hostage release, phased Israeli withdrawal, and a multinational peacekeeping force, noting Russia would likely gain from regional stabilization. 1863 CULPEPPER VIRGINIA

 Colonel Jeff McCausland observes that Europe is preparing to deal with Russia's hybrid warfare (drones, cyber, incursions) independently, driven by the belief that the Trump administration is prioritizing homeland defense. European leaders are discussing a "drone wall" and achieving 5% GDP defense spending. McCausland also analyzes the 20-point Gaza peace plan, which involves an immediate hostage release, phased Israeli withdrawal, and a multinational peacekeeping force, noting Russia would likely gain from regional stabilization. 1941 ATLANTIC CHARTER

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL

In this episode of Unspoken Security, host A.J. Nash sits down with Marley Salveter, Director of Marketing at Unspoken Security. They explore how digital privacy and security awareness look different for younger generations who have grown up in a world where sharing personal data is routine, not a choice. Marley shares her perspective on adapting to life online, where building a personal brand and protecting personal information often overlap for today's professionals.Marley explains how her generation views data privacy as an accepted tradeoff, not a conscious decision, and why traditional corporate security training rarely feels relevant. She discusses the real risks of living in public—how threats feel less urgent until they get personal and why the rapid response of tech platforms can mask the lasting impact of breaches. She and A.J. dig into the challenge of communicating security risks to a connected generation that rarely sees tangible consequences.Together, they reflect on how open conversations bridge generational gaps and why storytelling and relatable dialogue help people internalize security lessons. Marley argues that making security personal is key to lasting change—especially for those building their careers and brands in the public eye.Send us a textSupport the show

Before Siri had sass and Alexa started judging your music taste, the original virtual assistant was quietly revolutionizing the '90s—powered by many patents and a whole lot of foresight. Now, as AI goes from buzzword to boss, we ask, will it transform your job, your home… or just steal your knowledge?  This week, Dave, Esmee and Rob speak with Kevin Surace, Futurist, Inventor & "Father" of the Virtual Assistant, about exploring the evolution of AI, what the future might hold, and how disruptive innovation can shake up your organization in ways you might not expect.   TLDR: 00:40 – Introduction of Kevin Surace 05:12 – Rob gets confused by Google Maps reviews and selfies 08:15 – Deep dive into the evolution of AI with Kevin 52:00 – How intelligent agents can help manage digital noise and support mental well-being 1:07:30 – Wrapping up the book the Joy Success Cycle and heading to a concert  GuestKevin Surace: https://www.linkedin.com/in/ksurace/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

If you like what you hear, please subscribe, leave us a review and tell a friend!

As artificial intelligence reshapes workplaces and business strategies, firms increasingly depend on AI providers, making AI a tool of geopolitical influence. We'll discuss the impact across industries, as digital currencies affect monetary control and cyber threats challenge operational resilience. Host: William Foster, Senior Vice President, Sovereign Risk Group, Moody's Ratings Guests: Vincent Gusdorf, Associate Managing Director, Digital Finance and AI Analytics, Moody's Ratings; Leroy Terrelonge, Vice President-Analyst, Cyber Credit Risk, Moody's Ratings  Related research:Artificial Intelligence – Global – Nations push for AI sovereignty to capture economic, geopolitical gains 30 September 2025 Sovereigns - Global – Digital currency growth, inconsistent regulation amplify countries' financial risks 25 September 2025Artificial Intelligence – Corporates – Pace of AI advances, regional disparities will steer credit trends across industries 23 September 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

WAKE UP! SEPTEMBER'S ENDED! In Soviet Russia, Word Thanks YOU! Warm Sounding Wood. The Great Kimining. Rock Puzzles Scissors. Mercy Buckets. Domo Obrigado, Mr MaxTrollboto! Mix Master Fetus. Brian's got all 8 slots filled. Van's Car Songs. Excess 3 Dog Night Dog Pooh. Dunaway doesn't like Cyber. Fosters: It's Australian For F-Off! Making Out with Horses on the Moon. Our Cheese is Safe With Tom and more on this episode of The Morning Stream. Hosted on Acast. See acast.com/privacy for more information.

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

WAKE UP! SEPTEMBER'S ENDED! In Soviet Russia, Word Thanks YOU! Warm Sounding Wood. The Great Kimining. Rock Puzzles Scissors. Mercy Buckets. Domo Obrigado, Mr MaxTrollboto! Mix Master Fetus. Brian's got all 8 slots filled. Van's Car Songs. Excess 3 Dog Night Dog Pooh. Dunaway doesn't like Cyber. Fosters: It's Australian For F-Off! Making Out with Horses on the Moon. Our Cheese is Safe With Tom and more on this episode of The Morning Stream. Hosted on Acast. See acast.com/privacy for more information.

How does a CISO react to a live deepfake? In this eye-opening conversation with Alan Alford, CISO at NTT Global Data Centers, we kick off with a live deepfake demonstration that showcases the capabilities and limitations of this emerging technology.The demonstration serves as a springboard into a crucial discussion about the genuine threat deepfakes pose to organizations. While video deepfakes capture headlines, Alan reveals why audio deepfakes currently present the more dangerous and immediate risk vector for businesses. From CEO impersonation for fraudulent wire transfers to political misinformation campaigns, these technologies are already being weaponized in ways many security teams haven't prepared for.Our conversation takes an unexpected turn as Alan challenges one of cybersecurity's most persistent myths: that humans represent the "weakest link" in security. Instead, he champions the workforce as our strongest allies, sharing how simple recognition programs created security champions throughout his organization. His approach connects workplace security to employees' personal lives, dramatically increasing engagement and effectiveness.Alan offers a masterclass in balancing innovation with security, explaining how his organization approaches AI adoption through mandatory training programs and a top-down commitment from leadership. His race car analogy perfectly captures this balance: good security controls are like high-performance brakes that don't just slow you down—they enable you to take corners faster.For security leaders feeling overwhelmed by AI, Alan provides practical starting points that any organization can implement today. From experimenting with AI for personal hobbies to creating automated security reports through carefully crafted prompts, these small steps can build confidence and competence before tackling larger initiatives.Whether you're concerned about deepfake threats, searching for more effective security awareness approaches, or looking to safely implement AI in your organization, this conversation delivers actionable insights from a CISO who's successfully navigating these challenges daily. Listen now to transform how you think about humans, technology, and security in our rapidly evolving digital landscape.

Send us a textA poll shock, a policy gamble, a courtroom reckoning, and a boundary that saves a life this episode traces how power, data, culture, and healing collide. We open with a blunt read on fresh numbers putting Nigel Farage within striking distance and ask the tougher question: when the main parties feel unmoored, how do we vote with integrity rather than despair? That thread pulls straight into Keir Starmer's renewed digital ID push. We unpack the Tony Blair Institute's influence, the risks of centralising identity, and why “digital by default” without ironclad security and strict limits is a civil liberties problem, not a modernisation plan.The data story gets painfully real. Cyber attacks have moved from headlines to homes, taking down retailers and even a nursery targeted with stolen images and records. We talk practical defence password managers, multi‑factor authentication, data minimisation and call for sharper laws that fit the crime, especially when perpetrators operate within the UK. Accountability shows up in culture too. Noel Clarke's failed libel suit against The Guardian leaves a £3m cost order and a clearer message: credible reporting and survivor testimony can stand in court, and industry gatekeepers must stop waiting for the courts to do the safeguarding they should have led.Not everything is bleak. The Skims x Nike collaboration is a live case study in strategic branding: knowing your value, choosing partners that amplify it, and letting consistent delivery turn into reputation that travels without you. And then there's the personal work. We share the reality of going no contact with a narcissistic parent after a traumatic birth a choice framed not by bitterness but by the pursuit of peace, therapy, and a safe, joyful home for a child. Boundaries, like encryption, are protective by design.If you're here for smart political analysis, digital privacy insight, culture with a backbone, and honest talk about healing, you're in the right place. Listen, reflect, and tell us where you draw your own lines on data, on votes, on family. If this resonated, follow the show, share it with a friend who needs it, and leave a review to help more listeners find the conversation.Sponsorships - Email me: hello@toyatalks.com Cc: toyawashington10@gmail.comTikTok: toya_washington Twitter: @toya_w (#ToyaTalksPodcast) Snapchat: @toyawashington Instagram: @toya_washington & @toya_talks www.toyatalks.comhttps://toyatalks.com/ Music (Intro and Outro) Written and created by Nomadic Star Stationary Company: Sistah Scribble Instagram: @sistahscribble Website: www.sistahscribble.com

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal speak with Paul Iagnocco, Head of Customer Enablement at our sponsor TrustArc. Apart from catching up, the team speaks with our guest about the development and maintenance of data protection compliance programs, especially in this time where AI is becoming more and more important. Links:Linkedin AI training settingsSRB v EDPS on pseudonymous data (C-413/23) If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Cyber-security expert Tony Grasso on a BBC reporter was targeted by a ransomware operation, a cyber-attack on the Asahi brewing giant and a UK childcare chain has been hacked. 

If you like what you hear, please subscribe, leave us a review and tell a friend!Global organizations face a wave of cyber threats, including malware campaigns like EvilAI, ransomware gangs targeting media, and breaches of major companies such as WestJet, RemoteCOM, and Tesla. Governments and enterprises are also dealing with massive financial fraud, AI-driven security solutions, and evolving hacker tactics, highlighting the need for stronger digital defenses.

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability. https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328 Nimbus Manticore / Charming Kitten Malware update Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates. https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/

October is Cybersecurity awareness month. Get ready to explore the imperative of cyber resiliency in today's digital landscape, focusing on strategies for robust data infrastructures and shared responsibility to plan and recover from cyber attacks. Join Pure Storage cyber experts Scott Taylor and Jason Walker as they delve into the critical aspects of cyber resilience. Learn best practices around how to prepare your organization for potential threats, respond effectively during an attack, and recover swiftly to maintain business continuity. We explore essential hygiene factors, the role of SIEM technology, and the importance of a layered resilience strategy, including insights from key alliance partners like Varonis and Superna. We also cover ways that Pure Storage empowers users to withstand cyberattacks and accelerate both cyber and disaster recovery. Hear best practices on how to protect data from ransomware and cyber threats through high-performance, layered resilience, robust data security and immutability, and seamless security integrations. Scott and Jason also tackle common myths and misconceptions about cyber resilience, providing actionable advice to help IT leaders identify and address blind spots. Tune in for hot takes on industry trends and a "Storage Confessions" segment where listeners can share their own screw-up stories.

If you like what you hear, please subscribe, leave us a review and tell a friend!Cybercriminals and hackers are exploiting platforms like Facebook and Google Ads, targeting children, and taking down major companies such as Asahi, while governments and authorities respond with seizures, warnings, and new security guidance. Major incidents include the UK seizing £5.5 billion in Bitcoin, Japanese brewer Asahi hit by attacks, Harrods reporting a third-party breach, and global warnings on malware and vulnerabilities.

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• TribalNet 2025: Cybersecurity Is Central to IT Modernization for Tribes • Cyberattacks remain big threat for tribes: survey • CISA to furlough 65% of staff if government shuts down this week• Cyber shutdown showdownMain Topics:Domestic Hostile Events:• Deadly attack on Michigan church leaves investigators searching for motive• Michigan church shooter was Marine veteran who White House official says "hated people of the Mormon faith"• Update from FBI Detroit on Shooting and Fire at a Michigan Church• Michigan church shooting suspect went on anti-LDS tirade, political candidate said• Armed man busted after plowing car through police barricade outside Michigan church day after deadly shooting, blaze• Iraq War veteran Thomas Sanford ID'd as gunman who attacked Grand Blanc LDS church, killing 4 and setting it ablaze• What we know about Michigan church shooter Thomas Sanford. Authorities have provided no motive for the attack.• Who is Michigan church attacker Thomas Jacob Sanford: Iraq war vet 'suffered from PTSD' and wore 'Make Liberals Cry Again' shirt• A List of Notable Shooting Attacks on Houses of Worship in the US in the Past 20 Years• Marine veteran in custody after 3 killed, at least 8 injured in shooting at a waterfront bar in North Carolina, officials say & Southport mass shooting: Suspect identified in gunfire from boat that killed 3, injured 8, officials say• Eagle Pass casino shooting: 2 killed, 5 hurt; suspect in custody, authorities say & Two dead, six hurt in shooting at Texas tribal casino; suspect in custodyRansomware• 'You'll never need to work again': Criminals offer reporter money to hack BBC• Co-op says cyber-attack cost it £206m in lost sales Quick Hits:• CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices• Threat Insights: Active Exploitation of Cisco ASA Zero Days • CISA - SonicWall Releases Advisory for Customers after Security Incident• Widespread Supply Chain Compromise Impacting npm Ecosystem• Russia dares NATO to shoot • New Kremlin-Linked Influence Campaign Targeting Moldovan Elections Draws 17 Million Views on X and Infects AI Models• Bot Networks Are Helping Drag Consumer Brands Into the Culture Wars• Outrage Cycle: Cracker Barrel and its CEO Targeted Amidst Logo Controversy• CISA Releases Advisory on Lessons Learned from an Incident Response Engagement• Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations• Designating Antifa as a Domestic Terrorist Organization• Fact Sheet: President Donald J. Trump Designates Antifa as a Domestic Terrorist Organization• Ranking Member Thompson Statement on Trump Incorrectly Designating ‘Antifa' as a Domestic Terrorism Organization• DHS Issues Statement on Targeted Attack on Dallas ICE Facility3 people shot at Dallas ICE field office: ICE official • Trump Says He Is Ordering Troops to Portland, Escalating Domestic Use of Military• Trump Says He's Sending Troops To ‘War Ravaged' America City — Authorizes ‘Full Force'• Pentagon calls up 200 National Guard troops after Trump Portland announcement• Oregon leaders object to Trump's deployment of 200 National Guard troops in the state• Feds march into downtown Chicago; top border agent says people are arrested based on ‘how they look'• ICE tactics inflame tensions in New York, Chicago and other cities• Shane Tamura, gunman in shooting at NFL headquarters, had CTE: Medical examiner

DeMarcus Williams, a senior security engineer at Starbucks, has built a career defined by creativity, intuition, and persistence. With roles at the U.S. Department of Defense, AWS/Amazon, and now Starbucks, he specializes in offensive security, red teaming, and adversary emulation. In this episode, DeMarcus joins Jack Clabby of Carlton Fields and Cyber Florida's Sarina Gandy […]

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover's recovery efforts. A maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We've got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan. Selected Reading Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online) UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity) Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer) The AI boom is unsustainable unless tech spending goes ‘parabolic,' Deutsche Bank warns: ‘This is highly unlikely' (Fortune) Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer) Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer) Harrods: Hackers contact firm after 430,000 customer records stolen (BBC) Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record) Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro)  'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

What would it take for you to sell out your boss? Cyber criminals offer a BBC Correspondent a cut of the action in return for passcodes. And Zimbabwe's government is ordered to cut back on spending as it grapples with its budget.You can contact us on WhatsApp or send us a voicenote: +44 330 678 3033.Presenter: Sarah Rogers Producers: Niamh McDermott and Victoriya Holland Editor: Justin Bones

For decades, while the rest of the world's powers have distracted and tangled themselves with wars of choice and blunder, the People's Republic of China has been watching, learning, and building. To what end?Returning to Midrats to discuss this and more will be Dean Cheng.Dean is a Senior Advisor, United States Institute of Peace; Non-resident Senior Fellow, Potomac Institute for Policy Studies; Non-resident Fellow, George Washington University Space Policy Institute.He recently retired after 13 years with the Heritage Foundation, where he was a senior research fellow on Chinese political and security affairs, and wrote on various aspects of Chinese foreign and defense policy.Prior to joining the Heritage Foundation, he was a senior analyst with the China Studies Division (previously, Project Asia) at CNA from 2001-2009.Before joining CNA, he was a senior analyst with Science Applications International Corporation (SAIC) from 1996-2001. From 1993-1995, he was an analyst with the US Congress' Office of Technology Assessment in the International Security and Space Division, where he studied the Chinese defense industrial complex.He is the author of the book Cyber Dragon: Inside China's Information Warfare and Cyber Operations (NY: Praeger Publishing, 2016), as well as a number of papers and book chapters examining various aspects of Chinese security affairs.Show LinksXi Jinping hails ‘unstoppable' China at landmark military parade, Financial TimesMore than pageantry, China's military parade shows off new missiles, drones and other equipment, The IndependentYJ-15 missile, YJ-19, YJ-17, YJ-20 hypersonic missiles, Global TimesNASA Names Astronauts to Next Moon Mission, First Crew Under ArtemisSummaryIn this conversation, Dean Cheng and the hosts discuss the implications of China's recent military parade, the evolution of its nuclear capabilities, and the modernization of its conventional military forces. They focus on China's ambition to establish a new world order and the strategic importance of its space and cyber capabilities. The discussion also touches on the role of coercion and deterrence in China's military strategy, as well as the challenges posed by its growing influence on the global stage.TakeawaysChina's military parade reflects its growing power and ambition.The presence of foreign leaders at the parade indicates shifting alliances.China is expanding its nuclear capabilities significantly.The PLA is focusing on both conventional and nuclear modernization.China's approach to military strategy includes both coercion and deterrence.The Chinese space program aims for long-term presence on the moon.China's cyber capabilities are evolving rapidly and pose a threat.The PLA's indigenous production capabilities are improving.China's military strategy is influenced by its historical context.The geopolitical landscape is changing with China's rise.Chapters00:00: Introduction to the Discussion on China and Military Parades03:07: Analysis of the Recent Military Parade and Its Implications06:05: The Evolution of China's Nuclear Capabilities12:07: China's Conventional Military Strategy and Modernization16:04: China's Global Influence and New World Order20:06: The Role of Coercion and Deterrence in Chinese Strategy26:12: China's Space Program and Technological Advancements34:59: China's Cyber and Information Warfare Capabilities43:46: The Future of China's Military and Strategic Developments

On today's Look Ahead program, sponsored by HII, Byron Callan of the independent Washington research firm Capital Alpha Partners joins Defense & Aerospace Report Editor Vago Muradian to discuss the implications of what could be a prolonged government shutdown should President Trump and congressional leaders not be able to strike a deal; the president's shift on Ukraine and whether Europe can deter Russia without the United States; prospect of military action against Venezuela and drug operations in Latin America, and how criminal organizations could respond against the United States and its interests; takeaways from the Air Force Association's annual Air, Space & Cyber conference and tradeshow; and a look at the week ahead.

Cushioned Crashes: Can Cocooning with AI Create Safer Skies?  Chatbot Chill or Chatbot Chill-out: Confronting the Crisis of AI-Fuelled Delusions.  ChatGPT's Changing Chat: From Career Companion to Casual Confidant.  Hallucinations in the Halls: AI, Accuracy and the Administration of Justice.  Silicon Surge: Slimmer, Stronger Batteries Shaping Smartphones.  Television Time Travel: The Curious Comeback of Cathode-Ray Classics.  Shipping Security Surge: Safeguarding Seas from Sophisticated Cyber Spies.  Miniature Modular Might: The Promise and Pitfalls of Pocket-Sized Power Plants.  Cassette Comeback: DNA Data Delivers Decades of Digital Storage. 

Grumpy Old Geeks is back with another round of righteous griping and eyebrow-raising headlines in Episode 715: Our Wizard Lies. We kick things off in FOLLOW UP, where TikTok is still the geopolitical hot potato that both the U.S. and China promise to sort out “someday, maybe,” while Wired's global editorial director explains how tech's growing political clout is playing out under Trump. From there, it's a cavalcade of absurdities: DOGE as federal workforce demolition derby, and crypto bros trying to turn Charlie Kirk's death into meme-stock retirement plans. Late-stage capitalism is nothing if not creative.Then in IN THE NEWS, Amazon gets spanked with a $2.5 billion fine for Prime trickery, Microsoft yanks cloud services from an Israeli military unit, and Palantir goes full lifestyle brand—yes, you too can cosplay as a drone strike enthusiast with a $99 pair of gym shorts. Silicon Valley philosophers warn AI regulation would literally summon the Antichrist, while banks whisper the bubble might pop before the devil even arrives. Meanwhile, YouTube toys with letting COVID and election denialists back into the algorithm, “SIM farms” threaten New York's cell networks, and unlucky tourists are finding themselves trafficked into cyber-scam slavery across Southeast Asia. Progress!MEDIA CANDY tries to lighten the mood—sort of—serving up everything from Elio, Tron: Ares, and Disney price hikes to AI musicians cashing million-dollar checks. Lionsgate, on the other hand, learns you can't feed four John Wicks into an algorithm and get an anime out the other side. Over in THE DARK SIDE WITH DAVE, we get furries on the DC Metro, Disney plotting your every park step via Ray-Ban spy glasses, a Ponzi scheme in RadioShack cosplay, and even a Jim Henson Company anniversary auction. We close out with shout-outs and sighs, because sometimes the world doesn't deserve a mic drop—just a slow shake of the head.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/715FOLLOW UPUS and China agree to agree on a TikTok dealWIRED global editorial director on tech's growing political power under TrumpThe Story of DOGE, as Told by Federal WorkersCrypto Bros Are Trying to Monetize Charlie Kirk's DeathIN THE NEWSAmazon to pay $2.5 billion for allegedly duping millions to sign up for PrimeMicrosoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone callsPalantir Wants to Be a Lifestyle BrandSilicon Valley's latest argument against regulating AI: that would literally be the AntichristAI Experts Urgently Call on Governments to Think About Maybe Doing Something‘Workslop': AI-Generated Work Content Is Slowing Everything DownDeutsche Bank Issues Grim Warning for AI IndustryYouTube may reinstate channels banned for spreading covid and election misinformation‘SIM Farms' Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds SayThey traveled to Thailand. They wound up cyber scam slaves in Myanmar.MEDIA CANDYElioSupermanHuman: OriginsHuman: JourneysAlien: EarthThe Traitors IrelandDisney is raising the price of Disney+, Hulu subscriptions next monthWicked: For Good | Final TrailerLilith Faire: Building a MysteryTron: AresAI Artist Signs Million-Dollar Record DealLionsgate Is Finding Out It's Really Hard to Make Movies With AIJimmy Kimmel May Be Back. Trump's Attacks on the First Amendment Aren't Over By Merrill MarkoeJimmy Kimmel is Back!THE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingDisney Explores Using Ray-Ban Meta Glasses To Guide Guests Around Its ParksThe Happiest Story on Earth: 70 Years of DisneylandThe Mandalorian and Grogu | Official Trailer | In Theaters May 22, 2026The Jim Henson Company 70th Anniversary AuctionFeds Say Company That Bought RadioShack Was Running $112 Million Ponzi SchemeFurries ride the DC MetroSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Webshells Hiding in .well-known Places Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells. https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320 Cisco Patches Critical Exploited Vulnerabilities Cisco released updates addressing already-exploited vulnerabilities in the VPN web server for the ASA and FTD appliances. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW XCSSET Evolves Again Microsoft detected a new XCSSET variant, an infostealer infecting X-Code projects. https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/ Exploitation of Fortra GoAnywhere MFT CVE-2025-10035 watchTowr analyzed the latest GoAnywhere MFT vulnerability and exploits used against it. https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/

Exploit Attempts Against Older Hikvision Camera Vulnerability Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL. https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/32316 Cisco Patches Already Exploited SNMP Vulnerability Cisco patched a stack-based buffer overflow in the SNMP subsystem. It is already exploited in the wild, but requires admin privileges to achieve code execution. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte SonicWall Anti-Rootkit Update SonicWall released a firmware update for its SMA100 devices specifically designed to eradicate a commonly deployed rootkit. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0015 Extended Windows 10 Support Microsoft will extend free Windows 10 essential support for US and European customers. https://www.straitstimes.com/world/united-states/microsoft-offers-no-cost-windows-10-lifeline