Podcasts about Cyber

Audrey Tang, Taiwan's cyber ambassador, sits down with Margaret Hoover to talk about technology, democracy, and the fate of Taiwan amid new threats from China.Tang, who served as Taiwan's first minister of digital affairs, reflects on her work integrating technology into the government and the lessons learned from its successful response to the COVID-19 pandemic.She explains why she believes technological advances like social media can be used to bring people together instead of dividing them, and she discusses projects in California and Kentucky that have attempted to do that.Tang also addresses how Taiwan is preparing for potential attacks by China and why Taiwan's freedom is important to other democracies around the world.Support for Firing Line with Margaret Hoover is provided by Robert Granieri, The Tepper Foundation, Vanessa and Henry Cornell, The Fairweather Foundation, and Pritzker Military Foundation.

The Dutch courts finally did something useful: they told Meta to quit force-feeding algorithmic slop to everyone, so Facebook and Instagram users might actually see posts from friends again—if they can remember who those are. Meanwhile, OpenAI's Sora 2 rollout is the kind of chaos that makes you wonder if the company replaced QA with a TikTok filter, as outrage videos flood the internet faster than you can say “deepfake meltdown.” Apple banned ICEBlock for being too effective while ICE now wants its own social media surveillance tool—one that OpenAI shut down when Chinese accounts tried to build it. California's hammering Tesla for its abysmal insurance claims handling, OpenAI is gobbling up chunks of AMD, and consultants got caught using ChatGPT to fake reports before proudly partnering with Anthropic, who just landed Deloitte as its latest “enterprise AI” victim. Elsewhere in this circus: a Florida teen asked ChatGPT how to kill his friend, Taylor Swift fans are furious her new promo video used AI slop (“too rich to be this cheap”), and Apple's “Find My” led cops to a mountain of smuggled iPhones.In Media Candy, Brian's stunned The Diplomat scored a third season, The Long Walk is being pitched as Stand By Me meets Squid Game, California finally bans loud streaming commercials, and Amazon censored Bond posters to remove guns because apparently irony is dead. AI “musicians” are signing record deals while Zelda Williams begs people to stop resurrecting her dad with deepfake garbage. In Apps & Doodads, Jony Ive's OpenAI gadget is delayed (good), Rivian insists we'll “appreciate” not having CarPlay (we won't), Spotify and ChatGPT are teaming up to read your soul through playlists, and Jason warns everyone that the Echo Show is basically an ad-spewing parasite. Apple's now facing a cybercrime probe in France for Siri's wiretapping habits, and if you're nostalgic for simpler times, ioquake3 will let you relive Quake III Arena glory on a modern rig. At the Library, Peter Cawdron's Dark Beauty: First Contact belly-flops as a Slaughterhouse-Five tribute, while Cory Doctorow's Enshittification nails exactly why everything sucks—even if his fixes are pure science fiction.Sponsors:CleanMyMac - clnmy.com/GrumpyOldGeeks - Use code OLDGEEKS for 20% off.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/717FOLLOW UPDutch court orders Meta to change its Facebook and Instagram timelinesOpenAI's Sora 2 Already Melting Down Into Outrageous DramaIN THE NEWSApple removes ICEBlock from the App Store after Trump administration's demandICE is planning to create a surveillance team that hunts for leads on social mediaOpenAI has disrupted (more) Chinese accounts using ChatGPT to create social media surveillance toolsCalifornia regulators threaten to revoke Tesla's insurance license for mishandling claimsOpenAI Gobbles Up a Stake in AMD as Its Spending Spree Shows No Sign of StoppingConsultants Forced to Pay Money Back After Getting Caught Using AI for Expensive “Report”Anthropic lands its biggest enterprise deployment ever with Deloitte dealTeen Arrested After Asking ChatGPT How to Kill His Friend, Police SayTaylor Swift Fans Furious as She's Caught Using Sloppy AI in Video for New AlbumApple's ‘Find My' Leads Cops to Cache of Thousands of Smuggled iPhonesMEDIA CANDYThe DiplomatThe Long WalkCalifornia bans loud commercials on streaming platformsAmazon Pulls Censored Bond Posters After Pulling the Guns From ThemMore AI artists are starting to get record dealsRobin Williams' daughter pleads for people to stop sending AI videos of her dadAPPS & DOODADSOpenAI's first device with Jony Ive could be delayed due to 'technical issues'Rivian says ‘customers will appreciate' lack of CarPlay eventuallySpotify and ChatGPT Team Up for Personalized Music and Podcast RecommendationsDon't buy an Echo Show (you can have mine)Apple faces cybercrime investigation in France after Siri complaintioquake3AT THE LIBRARYDark Beauty: First Contact by Peter CawdronEnshittification: Why Everything Suddenly Got Worse and What to Do About It by Cory DoctorowSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In the fourth and final installment of this Shoptalk series, host David Carothers and Zane Goldthorp of ProWriters tackle a critical issue facing agents every day: the vast difference between a standalone cyber policy and a simple BOP or package endorsement. They call out the laziness of settling for an endorsement, highlighting the massive coverage gaps it leaves and the E&O exposure it creates for the agent. Zane shares real-world horror stories of agents discovering their client's six-figure loss wasn't covered by their BOP. The conversation provides a clear, strategic path for agents to transition clients to proper coverage and use the inadequacy of endorsements as a powerful competitive wedge against other agents. Key Highlights: Standalone Policy vs. BOP Endorsement: A Massive Chasm The core of the episode is a stark warning: a BOP endorsement for cyber is not real protection. Zane explains that when compared side-by-side, endorsements lack critical coverage, have minuscule sublimits for events like social engineering, and often omit coverage entirely for sophisticated attacks like invoice manipulation, leaving clients dangerously exposed. The E&O Nightmare of "Good Enough" Coverage Zane shares his experience taking calls from frantic agents whose clients have suffered a major loss, only to find their BOP endorsement is useless. These situations not only lead to losing the client but also put the agency's own E&O policy on the line for failing to provide adequate counsel and coverage. Cyber as the Ultimate Competitive Wedge If you're prospecting an account and discover their current agent has them on a BOP endorsement, it's "game over." David and Zane explain how an agent with a standalone offering can easily tear the endorsement apart, create immense doubt in the incumbent, and win not just the cyber business but likely the entire account. Breach vs. Privacy vs. System Failure The conversation clarifies that a cyber claim doesn't always require a security breach. Standalone policies respond to a wider range of events, including privacy breaches (like a lost laptop) and dependent system failures. Using the real-world CrowdStrike outage as an example, they illustrate a massive business interruption scenario that would be covered by a standalone policy but never by a BOP. Connect with: Zane Goldthorp LinkedIn David Carothers LinkedIn Kyle Houck LinkedIn Visit Websites: Power Producer Base Camp ProWriters Killing Commercial Crushing Content Power Producers Podcast Policytee The Dirty 130 The Extra 2 Minutes

What if protecting your digital twin becomes the new cyber hygiene? In this week's episode, Ron welcomes back cybersecurity leader Jason Rebholz, CEO of Evoke, to discuss how AI is reshaping the fundamentals of cyber hygiene. From data breaches and deepfakes to everyday habits that protect our digital lives, Jason shares how small actions and smarter use of AI can make all the difference. Together, they uncover how our growing digital footprints are giving rise to digital twins, AI replicas that can mirror our behaviors, voices, and even decisions, and what that means for the future of trust, identity, and security. Impactful Moments: 00:00 - Introduction 01:00 - The Neon app data leak story 03:00 - Why our voices are the new passwords 05:00 - How AI can strengthen cyber hygiene 07:00 - Jason's mission to secure AI systems 09:00 - AI as a force multiplier for defenders 11:00 - Deepfakes and the new social engineering playbook 13:00 - Attackers' use of AI and what it means for us 15:00 - The rise of digital twins and identity threats 19:00 - How to defend against “yourself” online 20:00 - Final reflection: Trust in the AI age   Links: Connect with Jason on LinkedIn: https://www.linkedin.com/in/jrebholz/ Check out the TechCrunch article on the Neon app data leak story: https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

Rick Doten, cybersecurity startup advisor and AI researcher, joins the show to unpack how AI-assisted development is reshaping software—and what it means for security. From startups rushing to ship faster code to the unseen risks of “vibe coding,” Rick explains how engineering teams can balance innovation with secure, resilient design.If your dev team is using AI tools to boost velocity, this conversation might change how you think about your SDLC, code review, and even your threat model.Key Takeaways• AI-assisted coding speeds up output but can multiply security risks if context isn't baked in.• Startups often trade speed for security early on—and that can be expensive to unwind later.• Traditional fundamentals like OWASP and BSIMM still apply, even as architectures evolve with agents and MCP.• AI creates a widening gap between companies that can secure their models and those that can't.• “Vibe coding”—non-devs using AI to build—introduces a new wave of shadow code leaders must prepare for.Timestamped Highlights[02:09] The real range of how startups are using AI-assisted tools—and why security is often an afterthought.[05:12] Why AI-generated code is not just another form of third-party code.[09:40] The hidden risk: code volume grows faster than your ability to secure it.[15:51] How AI is widening the gap between resource-rich enterprises and everyone else.[18:25] The new fragility of systems—where architecture and resilience start to break.[22:07] Rethinking SDLC: integrating AI tools without losing security fundamentals.[25:29] “Vibe coding” and what happens when non-engineers start shipping code.Memorable Insight“AI isn't lazy like humans—it doesn't just fix one thing. It rewrites everything. That's why every line has to be re-scrutinized.”Pro TipsIf your startup doesn't have a dedicated security function yet, start with the basics: integrate OWASP checks into your CI/CD, use non-human accounts correctly, and automate code review gates early. Don't wait until production to harden your systems.Call to ActionIf this episode sparked ideas for your dev or security team, share it with someone who's experimenting with AI-assisted tools. Follow The Tech Trek for more conversations at the intersection of engineering, AI, and leadership.

Patricia Frost, EVP and CHRO of Seagate, is one of the most fascinating and highest-performing CHROs we've met. Patricia has decades of experience as a US Army military leader, most recently as Director of Cyber, Electronic Warfare and Information Operations. How does her extensive military, warfare, and leadership experience pay off? As you'll hear, Patricia is a hands-on leader, ready to make decisions and challenge dogma in dozens of important ways. In many ways she exemplifies the future leadership model for all C-level leaders, especially the CHRO. Patricia shares how she is navigating the opportunities presented by AI, reshaping talent strategies, and fostering a culture of innovation. Her background as a senior military leader prepared her to build on the team available today, supporting employee mobility, agility, and HR capabilities. Notable Quotes “You go to combat with the team you have, not necessarily the team you want. You can't just hire in someone and say I want to bring you in my team and put you in close combat. Your team is your team. And you build that team. You build on their skill sets. We do a lot of upskilling in the military. It's your team. You know everyone's strengths and weaknesses.” “Middle managers are really the powerhouse of any company. And I don't know that we spend enough time on our managers, probably our frontline managers, and then the middle management. How well do they understand their teams and the skills within their teams and understand also what people are passionate about? Where would they like to go? What opportunities can be open to them?” “I am front and center. I think every CHRO needs to be front and center in the AI conversation. They need to be leading. They need to be talking about, will AI take away certain functions within HR? First, we had to take the anxiety down from our workforce. So my approach this year is leave no one behind. I am going to give everyone the opportunity. We're going to give everyone the same set of tools and training, and I will help you get there. Everyone has a choice.” Like this podcast? Rate us on Spotify or Apple or YouTube. Additional Information Secrets Of The High Performing CHRO CHRO Insights Research Report CHRO Insights Video (Youtube) Introducing Galileo for Managers, The Leadership Guru At Your Fingertips Chapters (00:00:04) - What Works: Patricia Frost on Leading Through Crisis and AI(00:00:55) - Patricia on What Works: The Military Experience(00:03:31) - Top Executives: Valuing Your Team in an AI Crisis(00:10:47) - What is HR's role in AI learning and development?(00:16:27) - CFO vs HR Professional: The Chro and CFO Relationship(00:20:56) - How to Make Enterprise IT Decisions with Galileo(00:23:58) - Top Executives: Chief Business Leader(00:25:23) - Top Chros: Patricia Frost Interview

Join us for another episode of the Unsecurity Podcast as Megan, Brad, and Seth Bowling, lead researcher and developer at FRSecure, dive into the evolving landscape of cybersecurity for city and county governments.Seth shares how Mirrored Defense's innovative heat map visualizes the attack surface across the U.S. and presents surprising findings from their research. The trio discusses the challenges and vulnerabilities faced by local governments, the importance of proactive security measures, and how Project Broken Mirror aims to raise awareness by providing public service solutions.The crew also discusses Seth's efforts to kick-start FRSecure's vulnerability management and conditional access policy initiatives.Whether you're a cybersecurity professional or an interested citizen, this episode offers valuable insights into protecting our critical infrastructure.Don't miss out on this engaging discussion and find out how you can get involved!--Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

If you like what you hear, please subscribe, leave us a review and tell a friend!Cybercriminals are exploiting popular platforms and software, from WordPress and Oracle-linked systems to Android apps, and even targeting law firms and Salesforce through phishing, zero-day, and extortion attacks. Meanwhile, security firms and tech companies including OpenAI and Microsoft are actively disrupting these operations, though missteps like false end-of-life flags in Defender highlight ongoing cybersecurity challenges.

Send us a textPeaches is back in the Ones Ready Team Room with another no-BS drop that'll make the Pentagon sweat. From the government shutdown that's starving paychecks to the beefy boys rolling off bread trucks in Chicago, this episode rips through every headline the brass wishes you'd ignore. Peaches calls out the “financially illiterate” lifestyle of troops living beyond their means, laughs at the Army Corps' endless postponements, and lights up DoD's hilariously outdated cybersecurity systems. Then it's on to the Marines flexing “maritime domain awareness” for an attaboy, the Air Force's missileer cancer scare, and the Space Force trying to sound cool with “hypersonic challenges.” Oh—and the Coast Guard Cutter Midgett (yes, really) returns from busting drug runners like it's the sequel to Narcos. Top it off with Peaches' unfiltered rant on false IG complaints, whistleblowers, and accountability. The episode ends with updates on the sold-out Nashville Operator Training Summit and a sneak peek at the next Vegas OTS—because rest is for civilians.⏱️ Timestamps: 00:00 – Hydration, Hoist, and Old Man Midnight Sips 02:30 – The Shutdown Circus: Paychecks, WIC, and Why You're Broke 04:50 – Fat Troops and Bread Trucks in Chicago 07:15 – Cybersecurity Theater: Outdated Systems and Cheesy Training 09:25 – Marines Celebrate “Maritime Domain Awareness” (Whatever That Means) 11:50 – Missileers, Cancer, and the HunterSeven Lifeline 13:10 – Tac-P Documentary: Filthy Legends, Must-Watch History 14:15 – Inspector General Reform: Bye-Bye Anonymous Whiners 17:00 – Presidential Directives, Bureaucratic Chaos, and Infrastructure BS 18:50 – Nashville OTS Recap + Sneak Peek: Vegas Summit Locked In

DHS reassigns cyberstaff to immigration duties. A massive DDoS attack disrupts several major gaming platforms. Discord refuses ransom after a third-party support system breach. Researchers examine Chaos ransomware and creative log-poisoning web intrusions. The FCC reconsiders its telecom data breach disclosure rule. Experts warn of teen recruitment in pro-Russian hacking operations. Ukraine's parliament approves the establishment of Cyber Forces. Troy Hunt criticizes data breach injunctions as empty gestures. Our guest is Sarah Graham from the Atlantic Council's Cyber Statecraft Initiative (CSI) discussing their report, "Mythical Beasts: Diving into the depths of the global spyware market." And, Spy Dog's secret site goes off leash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Sarah Graham from the Atlantic Council's Cyber Statecraft Initiative (CSI) discussing their work and findings on "Mythical Beasts: Diving into the depths of the global spyware market." Selected Reading Homeland Security Cyber Personnel Reassigned to Jobs in Trump's Deportation Push (Bloomberg) Massive DDoS Attack Knocks Out Steam, Riot, and Other Services (Windows Report) Hackers claim Discord breach exposed data of 5.5 million users (Bleeping Computer) The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous (FortiGuard Labs) The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors (Huntress) Court Pauses FCC Data Breach Rules as Agency Takes New Look | Regulation (Cablefax) Arrests Underscore Fears of Teen Cyberespionage Recruitment (Data Breach Today) Ukraine's parliament backs creation of cyber forces in first reading (The Kyiv Independent) Troy Hunt: Court Injunctions are the Thoughts and Prayers of Data Breach Response (Troy Hunt) Spy Dog: Children's books pulled over explicit weblink (BBC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option. https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 Framelink Figma MCP Server CVE-2025-53967 Framelink Figma s MCP server suffers from a remote code execution vulnerability.

What would happen if your freight data got hacked before your trucks even hit the road? In this episode, NMFTA's Joe Ohr digs into how cybersecurity threats are evolving fast across freight and supply chains, from stolen tequila loads rerouted through digital trickery to insider risks hiding in forgotten system logins! We talk about why cyber protection isn't just an IT problem anymore, but also a business survival issue, how AI is changing the game for detecting and responding to cyberattacks, and the upcoming NMFTA Cybersecurity Conference in Austin, a must-attend event where industry leaders share practical defense strategies, run hands-on tabletop exercises, and build real plans companies can use immediately. Cyber threats are only getting smarter, and if you're not training, auditing access, and collaborating with others in the industry, you're already behind, so keep tuning in to our conversation!   About Joe Ohr Joe Ohr has more than two decades of experience in technical operations, customer success management, customer support, and product support. Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity. Prior to Ohr's role at NMFTA, he served as in numerous engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs. Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals. He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs.  

Eric O'Neill is the author of "Gray Day: My Undercover Mission to Expose America's First Cyber Spy," which details his undercover role in investigating Robert Hanssen, a senior FBI agent who was secretly spying for Russia. In this episode, O'Neill joins host Scott Schober to discuss the investigation, how he ultimately took down Hanssen, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

The evolving role of technology in modern defense environments, highlighting innovations in communications, automation, and open-source frameworks. Drawing from personal experience, the conversation emphasizes how real-world conflicts are reshaping how tech is deployed, adopted, and understood across military operations.  This week, Dave, Esmee, and Rob speak with Ben Sparke, Enterprise Azure Cloud & AI Specialist for UK Defence at Microsoft, about  how his military background informs a human-centered approach to technology in the evolving defence sector—highlighting the shift from mission-driven to tech-driven innovation.  TLDR:00:37 – Introduction of Ben Sparke and face-to-face podcasting02:40 – Rob gets confused about Digital Twins representing you in court08:15 – Tech's evolving role in defence, with Ben 34:41 – Why improvisation and human adaptability matter 43:30 – Ben's hundred-mile bike race over the weekend  Guest Ben Sparke: https://www.linkedin.com/in/ben-sparke/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

If you like what you hear, please subscribe, leave us a review and tell a friend!North Korean and other hacker groups, including Crimson Collective, DragonForce, LockBit, and Qilin, continue large-scale crypto thefts and ransomware campaigns, targeting cloud services and private data. Meanwhile, companies like Microsoft, Google, and GitHub face outages, security flaws, and introduce bug bounty programs as attackers exploit vulnerabilities across services and AI platforms.

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, talk about the UK's plans to introduce a mandatory digital identity card. This is not the first time a proposal for mandatory ID has come up in the UK, and Ralph has thoughts about it. Paul on the other hand is a little surprised about the uproar, since mandatory ID has been introduced in the Netherlands many moons ago.UK Government press release"‘A hacker's dream': Britons on Keir Starmer's plan for digital ID cards" - The Guardian - 27 September 2025  If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Send us a textSaint Carlo Acutis.One Heart One Mind Vision.In a world increasingly tethered to the digital realm, where algorithms shape our thoughts and screens dictate our attention, there emerges a figure who bridges the gap between the sacred and the silicon—Saint Carlo Acutis. This teenage saint, often dubbed the "patron of the internet," didn't just live a life of profound devotion; he harnessed the tools of modernity to spread the Gospel with a fervor that feels almost revolutionary, even today. At Journeys of Faith (Bob and Penny Lord Store), we find ourselves captivated by his story, not just as a testament to youthful holiness, but as a blueprint for evangelization in an age of endless scrolling.Carlo Acutis, who passed away at just 15 in 2006, was a tech-savvy kid with a heart ablaze for Christ. He built websites to catalog Eucharistic miracles and Marian apparitions, turning the internet into a cathedral of faith long before most of us understood the power of a URL. His mission was clear: to reach souls wherever they were, even in the uncharted corners of cyberspace. For us at Journeys of Faith, founded by Bob and Penny Lord in 1980 with a mission to evangelize through multimedia and pilgrimages, Carlo's story resonates deeply. Our motto, One Heart, One Mind, One Spirit, With One Vision!, echoes the unity and purpose that Carlo embodied—a vision of drawing all hearts to the Eucharist, the Source and Summit of our faith.As devout Catholics seeking spiritual growth, we are called to look at saints not just as historical figures, but as companions on our journey. Carlo Acutis, canonized in 2020, is a companion for our digital age, showing us that holiness isn't confined to ancient catacombs or medieval monasteries. It can thrive in the glow of a laptop screen. Through our ministry at Journeys of Faith, where we've spent decades producing books, videos, and resources on Catholic saints and holy sites, we see Carlo as a beacon—a reminder that the tools of today can serve the timeless truths of the Church. Join us as we explore how this young saint's life and legacy can inspire us to evangelize with one heart and one mind, transforming the internet into a space of divine encounter.Thanks for supporting Journeys of Faith. Click tfor the full article.Browse our Saint Carlo Acutis Collection of Prayer Cards and StatuesOpen by Steve Bailey Support the show

China & the Hill is now on Substack!  China & the Hill is a weekly newsletter covering Washington DC's China-focused debates, actions, and reactions. Readers will receive a curated digest of each week's most pressing U.S.-China news and its impact on businesses and policy, and can listen to the top stories in podcast form on the U.S.-China Podcast.

If you like what you hear, please subscribe, leave us a review and tell a friend!Major tech and cybersecurity incidents continue to surface, including vulnerabilities in Google Chrome, Redis, and Salesforce, along with widespread data breaches at DraftKings and Doctors Imaging Group. Law enforcement and researchers are responding to ransomware campaigns, credential stuffing attacks, and cyber thefts, highlighting the ongoing risks to organizations and individuals alike.

Qantas given until Friday to pay up or hacks will leak customers' data onto the dark web.

Qantas given until Friday to pay up or hacks will leak customers' data onto the dark web.

More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/

If you like what you hear, please subscribe, leave us a review and tell a friend!Hackers and threat actors continue to target major tech companies, exposing source code, stealing data, and exploiting vulnerabilities in platforms like Huawei, Red Hat, and Unity. High-profile breaches, scams, and hacking contests highlight the growing sophistication of cyberattacks, affecting gamers, social media users, and enterprise systems worldwide.

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems. https://strikeready.com/blog/0day-ics-attack-in-the-wild/ Unity Editor Vulnerability CVE-2025-59489 The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions https://unity.com/security/sept-2025-01

At the ACAMS Las Vegas Assembly, Justine sat down with Carole House, Senior Distinguished Fellow, ACAMS. Their discussion includes the AFC implications of generative artificial intelligence, including increasing sophistication of deepfakes and the resulting ‘authenticity crisis', how we can build resilience to the threat, and trends in cyber-enabled sanctions evasion. Carole House recently joined ACAMS as a Senior Distinguished Fellow. Among Carole's many prominent and senior roles, she previously served as the White House National Security Council (NSC) special advisor for cybersecurity and critical infrastructure policy.

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP's modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD's SWFT, SRG, and RMFSubscribe now

One of the most requested episodes is finally here! Cyber Trance special takes us back to Japan and series of trance remix albums of the most popular pop artists hailing from Avex Trax! Get your own "I'M HERE FOR THE CLASSICS t-shirt: https://www.redbubble.com/i/t-shirt/Noisetalgia-I-m-Here-For-The-Classics-White-Logo-by-allaboutnoise/153248347.FB110.XYZ To download this podcast without voiceovers and also access the next episode 2 weeks before everyone else visit: https://www.patreon.com/noisetalgia Thank you for your support! iTunes podcast: https://podcasts.apple.com/pl/podcast/noisetalgia-with-indecent-noise/id1662313355 Push vs. Globe - Tranceformation Ayumi Hamasaki - Far Away (Rank 1 Remix) Every Little Thing - Face The Change (Dirt Devils vs. Above & Beyond Remix) Ayumi Hamasaki - Kanariya (System F Remix) Ayumi Hamasaki - M (Above & Beyond Remix) Ayumi Hamasaki - Hanabi (Lange Remix) Globe - Sweet Pain (Push Remix) Ayumi Hamasaki - Appears (Armin van Buuren's Rising Star Mix) Ayumi Hamasaki - Trauma (DuMonde Dub Mix) Girl Next Door - Jonetsu No Daisho (Ferry Corsten Remix) Ami Suzuki - Fantastic (Ferry Corsten Remix) Globe - Many Classic Moments (Vincent De Moor's Budou Vox Mix) Globe vs. Push - Dreams From Above (Cyber Trance Original Mix) Ayumi Hamasaki - Connected (Ferry Corsten Remix) Ayumi Hamasaki - Whatever (Ferry Corsten Remix) Ayumi Hamasaki - UNITE! (Airwave Remix) Angels - Angels Theme (G-Aria) (Clokx Remix) Day After Tomorrow - Faraway (Dirt Devils Remix) Cyber X feat. J. Watley - Waves Of Love (Svenson & Gielen Remix) Ayumi Hamasaki - Naturally (Wippenberg Remix) Ayumi Hamasaki - Carols (Push Instrumental Mix)

If you like what you hear, please subscribe, leave us a review and tell a friend! Multiple tech and financial firms have faced significant cybersecurity incidents, including data breaches, zero-day exploits, and ransomware extortion. Hackers targeted platforms such as Discord, Salesforce, Zimbra, and Abracadabra DeFi, while organizations like Qantas, Flagstar, and ParkMobile responded with legal actions or settlements to mitigate the impact.

The DataTribe Challenge is a launchpad for elite cybersecurity and cyber-adjacent startups ready to break out. 2025 marks the 8th annual edition of the event with a change in venue and some exciting new updates. We take you on a journey from inception with Leo Scott, Managing Director and Chief Innovation Officer at DataTribe, and 3 past DataTribe Challenge winners at different levels on their growth tracks following their participation in the event. You'll meet Anita D'Amico, former CEO of Code DX (acquired by Synopsis in 2021) and 2019 winner; Greg Baker, Co-Founder of Balance Theory and 2022 winner; and Brian Proctor, Founder and CEO of Frenos and 2024 winner. Learn more about your ad choices. Visit megaphone.fm/adchoices

Viewpoint This Sunday with Malcolm Out Loud – Pres. Trump, along with the OMB, says this is an opportune time to drastically reduce government agencies. Senator Ron Johnson talks about the dysfunction and seriousness of the moment. How Many of Our Cities are Encircled By A Ring of Foreign Surveillance Telecom Networks? Chris Hoar, a telecom expert, along with Lt. Dave Smith talks about the threat...

Viewpoint This Sunday with Malcolm Out Loud – Pres. Trump, along with the OMB, says this is an opportune time to drastically reduce government agencies. Senator Ron Johnson talks about the dysfunction and seriousness of the moment. How Many of Our Cities are Encircled By A Ring of Foreign Surveillance Telecom Networks? Chris Hoar, a telecom expert, along with Lt. Dave Smith talks about the threat...

Need for Pentagon Leadership in Fortifying US Infrastructure Against Adversaries Guest Name: Henry SokolskiSummary: Russia is allegedly already waging hybrid war against the EU via cable cutting and cyber assaults, which is expected to reach the US. The US is unprepared organizationally. The Pentagon (Secretary of Defense) should lead hardening and proliferation efforts for targets like the electric grid and nuclear plants, but they are currently resistant to doing so publicly. 1960

Need for Pentagon Leadership in Fortifying US Infrastructure Against Adversaries Guest Name: Henry SokolskiSummary: Russia is allegedly already waging hybrid war against the EU via cable cutting and cyber assaults, which is expected to reach the US. The US is unprepared organizationally. The Pentagon (Secretary of Defense) should lead hardening and proliferation efforts for targets like the electric grid and nuclear plants, but they are currently resistant to doing so publicly.

In this captivating episode of Healthy Mind, Healthy Life, award-winning author and National Geographic explorer Chip Walter joins Avik to explore a bold and unsettling question: Are we evolving into cyber sapiens—beings that transcend biology through technology? From brain implants to AI-human integration, Chip discusses how the next phase of human evolution might blur the line between man and machine. They also delve into the race for digital immortality, Silicon Valley's ambition to defeat death, and what it all means for our future as a species. About the Guest:Chip Walter is a six-time author, filmmaker, former CNN bureau chief, and National Geographic explorer. His work explores the wonders of human evolution, the ethics of artificial intelligence, and the pursuit of longevity. His latest novel Doppelgänger imagines a future where a man uploads his mind into a cyborg to solve his own murder. Chip also documents his global travels at vagabondadventure.com. Key Takeaways: Cyber Sapiens may be the next evolutionary leap as humans integrate with machines to stay relevant. The concept of uploading consciousness is no longer just sci-fi—serious scientists and tech moguls are investing in this pursuit. Longevity research aims not just to extend life, but to cure aging at its root. Evolution isn't just biological anymore—technology is now the primary driver. If misused, these advancements could lead to inequality or even humanity's obsolescence. Connect with Chip Walter: Visit: https://vagabond-adventure.com/ Check out his book Doppelgänger for a gripping sci-fi perspective on our techno-future. Want to be a guest on Healthy Mind, Healthy Life? DM on PodMatchDM Me Here: https://www.podmatch.com/hostdetailpreview/avikTune to all our 15 podcasts: https://www.podbean.com/podcast-network/healthymindbyavikSubscribe To Newsletter: https://healthymindbyavik.substack.com/Join Community: https://nas.io/healthymind Stay Tuned And Follow Us!• YouTube – https://www.youtube.com/@healthymind-healthylife• Instagram – https://www.instagram.com/healthyminds.pod• Threads – https://www.threads.net/@healthyminds.pod• Facebook – https://www.facebook.com/podcast.healthymind• LinkedIn – https://www.linkedin.com/in/reemachatterjee/ | https://www.linkedin.com/in/avikchakrabortypodcaster #podmatch #healthymind #healthymindbyavik #wellness #AIethics #cybersapiens #longevity #digitalimmortality #transhumanism #futureofhumanity #chipwalter

The world is a dumpster fire, confirmed. Following California's landmark AI safety bill SB 53, the head of Nvidia is allegedly "quaking in his boots"—which is a good sign, unlike the news that the "Nirvana Baby" Spencer Elden's lawsuit was finally dismissed. Meanwhile, corporate America continues its pivot to chaos: Spotify shuffled its execs, Meta is charging UK users for ad-free Facebook and Instagram, and the UK is introducing digital ID cards (Hello, Mark of the Beast). The entire internet is now dominated by bots, proving the Cracker Barrel logo outrage was manufactured, a fact that's somehow less depressing than the FCC accidentally leaking iPhone schematics. Naturally, Alphabet just paid $22 million to settle President Trump's YouTube lawsuit, confirming that legal threats are the new VC funding. Disney is panicking over an "AI Actress," sending cease and desist letters to Character.AI, while OpenAI rolls out its new Sora app and ChatGPT's ability to buy things for you, proving it's determined to turn the internet into one seamless, copyright-infringing shopping mall, and it's now worth more than Elon Musk's SpaceX.The ensuing boredom demands new media, though the pacing is terrible in everything: Slow Horses Season 5 and Human: Neanderthal Encounters are great, but even the original Matrix and Frankenstein trailer (by Guillermo del Toro) feel slow, confirming the Princess Bride litmus test. MXV's Riot Fest photos were rad, and Disney lost 1.7M subs after suspending Kimmel, which is why YouTube Music is testing AI hosts (who will only be wrong), and the Pivot Tour is happening. Our Apps & Doohickeys department confirms security is an afterthought: macOS 26 unlocked the Journal app, but the smart glasses race is fully on, and Logitech's new keyboard can be recharged by any light (finally, tech that works!). Amazon Fire TV is expected to ditch Android for Linux, Meta introduced the AI-filled Vibes feed, and Tile trackers were found to have a stalking flaw—a fact only slightly more depressing than the swift failure of the Neon call-recording app and the continued existence of the Comet browser. Finally, The Dark Side with Dave celebrated the low-budget charm of Blue Thunder and the necessity of Disney Park Ride Overlays, while Dave embarked on his quest to unbox the Home Depot R2D2. We thank our patrons for keeping this beautiful noise alive and pay tribute to the amazing Jane Goodall.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/716FOLLOW UPCalifornia Governor Newsom signs landmark AI safety bill SB 53Nvidia Is Quaking in Its Boots‘Nirvana Baby' Spencer Elden's ‘Nevermind' Suit Dismissed AgainIN THE NEWSSpotify Appoints New CEOs as Daniel Ek Becomes Executive ChairMeta announces paid subscriptions for both Instagram and Facebook in the UKUK announces plans for digital ID cardsOpenAI's New Sora App Lets You Deepfake Yourself for EntertainmentThe First 24 Hours of Sora 2 Chaos: Copyright Violations, Sam Altman Shoplifting, and MoreOpenAI Rolls Out ChatGPT's Ability to Buy Stuff for YouOpenAI Is Now Worth More on Paper Than SpaceX, Catches Up to Elon Musk HimselfDisney sends cease and desist letter to Character.AICreator of “AI Actress” Responds to Near-Universal BacklashFCC accidentally leaked iPhone schematics, potentially giving rivals a peek at company secretsAlphabet will pay $22 million to settle President Trump's YouTube lawsuitCracker Barrel Outrage Was Almost Certainly Driven by Bots, Researchers SayMEDIA CANDYMXV's Riot Fest PhotosSlow Horses Season 5Frankenstein | Guillermo del Toro | Official Trailer | NetflixHuman: Neanderthal EncountersPivot TourYouTube Music is testing AI hosts that present relevant stories, trivia and commentaryHow Many Streaming Subscribers Did Disney Lose After Suspending Kimmel?APPS & DOODADSmacOS 26 unlocks the real potential of Apple's Journal appThe smart glasses race is really on nowLogitech's new keyboard can be recharged by any kind of lightAmazon Fire TV devices expected to ditch Android for Linux in 2025Meta introduces Vibes feed for AI generated contentNeon, an App That Pays to Record Your Phone Calls Hit #2 on the App Store, Taken Down Over Security FlawTile trackers reportedly have a security flaw that can let stalkers track your locationComet - The browser that works for youTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Princess BrideBlue ThunderThe Best Disney Park Ride Overlays, and Where to Find ThemHome Depot R2D2 Unboxing and Assembly!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages TOTOLINK X6000R Vulnerabilities Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers. https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ DrayOS Vulnerability Patched Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

The National Security Hour with Major Fred Galvin – For centuries, America's enemies revealed themselves through uniforms on the battlefield. Later, terrorist organizations blended into civilian populations. But today, in the era of cyber warfare, our enemies strike from the shadows—stealthy, anonymous, and devastating. Now, the next great battlefield isn't fought with tanks or rifles, but with...

Watch out for cyber scammers for those who are off work due to the Government shutdown. The ASL association has postponed its walk this weekend due to shut down. American Airlines is changing the way to book flights based of AI.  Make sure to also keep up to date with ALL our podcasts we do below that have new episodes every week:The Thought ShowerLet's Get WeirdCrisis on Infinite Podcasts

In this episode of Resilient Cyber, I sit down with repeat guest Snehal Antani, who serves as the Co-Founder & CEO of Autonomous Pen Testing leader Horizon3.ai.We will discuss the latest developments in AI and Autonomous Pen Testing, as well as the tremendous growth and success of Horizon3.ai, as Snehal balances technical topics with business-centric hard won wisdom of growing an industry leading organization.

 Colonel Jeff McCausland observes that Europe is preparing to deal with Russia's hybrid warfare (drones, cyber, incursions) independently, driven by the belief that the Trump administration is prioritizing homeland defense. European leaders are discussing a "drone wall" and achieving 5% GDP defense spending. McCausland also analyzes the 20-point Gaza peace plan, which involves an immediate hostage release, phased Israeli withdrawal, and a multinational peacekeeping force, noting Russia would likely gain from regional stabilization. 1941 ATLANTIC CHARTER

 Colonel Jeff McCausland observes that Europe is preparing to deal with Russia's hybrid warfare (drones, cyber, incursions) independently, driven by the belief that the Trump administration is prioritizing homeland defense. European leaders are discussing a "drone wall" and achieving 5% GDP defense spending. McCausland also analyzes the 20-point Gaza peace plan, which involves an immediate hostage release, phased Israeli withdrawal, and a multinational peacekeeping force, noting Russia would likely gain from regional stabilization. 1863 CULPEPPER VIRGINIA

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL

WAKE UP! SEPTEMBER'S ENDED! In Soviet Russia, Word Thanks YOU! Warm Sounding Wood. The Great Kimining. Rock Puzzles Scissors. Mercy Buckets. Domo Obrigado, Mr MaxTrollboto! Mix Master Fetus. Brian's got all 8 slots filled. Van's Car Songs. Excess 3 Dog Night Dog Pooh. Dunaway doesn't like Cyber. Fosters: It's Australian For F-Off! Making Out with Horses on the Moon. Our Cheese is Safe With Tom and more on this episode of The Morning Stream. Hosted on Acast. See acast.com/privacy for more information.

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

WAKE UP! SEPTEMBER'S ENDED! In Soviet Russia, Word Thanks YOU! Warm Sounding Wood. The Great Kimining. Rock Puzzles Scissors. Mercy Buckets. Domo Obrigado, Mr MaxTrollboto! Mix Master Fetus. Brian's got all 8 slots filled. Van's Car Songs. Excess 3 Dog Night Dog Pooh. Dunaway doesn't like Cyber. Fosters: It's Australian For F-Off! Making Out with Horses on the Moon. Our Cheese is Safe With Tom and more on this episode of The Morning Stream. Hosted on Acast. See acast.com/privacy for more information.

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability. https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328 Nimbus Manticore / Charming Kitten Malware update Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates. https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/

A Chinese state-sponsored group exploited enterprise devices in a global espionage effort. The UK Government guarantees £1.5 billion financing to help Jaguar Land Rover's recovery efforts. A maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We've got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. Cyber crooks offer a BBC journalist an early retirement package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Brandon Karpf, friend of the show, and he joins to discuss the Cybersecurity ecosystem in Japan. Selected Reading Chinese hackers breached critical infrastructure globally using enterprise network gear (CSO Online) UK government bails out Jaguar Land Rover with $2 billion loan (Metacurity) Maximum severity GoAnywhere MFT flaw exploited as zero day (Bleeping Computer) The AI boom is unsustainable unless tech spending goes ‘parabolic,' Deutsche Bank warns: ‘This is highly unlikely' (Fortune) Akira ransomware breaching MFA-protected SonicWall VPN accounts (Bleeping Computer) Dutch teens arrested for trying to spy on Europol for Russia (Bleeping Computer) Harrods: Hackers contact firm after 430,000 customer records stolen (BBC) Africa cybercrime crackdown includes hundreds of arrests, Interpol says (The Record) Cyberbit acquires RangeForce. Terra Security raises $30 million. (N2K Pro)  'You'll never need to work again': Criminals offer reporter money to hack BBC (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Grumpy Old Geeks is back with another round of righteous griping and eyebrow-raising headlines in Episode 715: Our Wizard Lies. We kick things off in FOLLOW UP, where TikTok is still the geopolitical hot potato that both the U.S. and China promise to sort out “someday, maybe,” while Wired's global editorial director explains how tech's growing political clout is playing out under Trump. From there, it's a cavalcade of absurdities: DOGE as federal workforce demolition derby, and crypto bros trying to turn Charlie Kirk's death into meme-stock retirement plans. Late-stage capitalism is nothing if not creative.Then in IN THE NEWS, Amazon gets spanked with a $2.5 billion fine for Prime trickery, Microsoft yanks cloud services from an Israeli military unit, and Palantir goes full lifestyle brand—yes, you too can cosplay as a drone strike enthusiast with a $99 pair of gym shorts. Silicon Valley philosophers warn AI regulation would literally summon the Antichrist, while banks whisper the bubble might pop before the devil even arrives. Meanwhile, YouTube toys with letting COVID and election denialists back into the algorithm, “SIM farms” threaten New York's cell networks, and unlucky tourists are finding themselves trafficked into cyber-scam slavery across Southeast Asia. Progress!MEDIA CANDY tries to lighten the mood—sort of—serving up everything from Elio, Tron: Ares, and Disney price hikes to AI musicians cashing million-dollar checks. Lionsgate, on the other hand, learns you can't feed four John Wicks into an algorithm and get an anime out the other side. Over in THE DARK SIDE WITH DAVE, we get furries on the DC Metro, Disney plotting your every park step via Ray-Ban spy glasses, a Ponzi scheme in RadioShack cosplay, and even a Jim Henson Company anniversary auction. We close out with shout-outs and sighs, because sometimes the world doesn't deserve a mic drop—just a slow shake of the head.Sponsors:Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/715FOLLOW UPUS and China agree to agree on a TikTok dealWIRED global editorial director on tech's growing political power under TrumpThe Story of DOGE, as Told by Federal WorkersCrypto Bros Are Trying to Monetize Charlie Kirk's DeathIN THE NEWSAmazon to pay $2.5 billion for allegedly duping millions to sign up for PrimeMicrosoft cuts off cloud services to Israeli military unit after report of storing Palestinians' phone callsPalantir Wants to Be a Lifestyle BrandSilicon Valley's latest argument against regulating AI: that would literally be the AntichristAI Experts Urgently Call on Governments to Think About Maybe Doing Something‘Workslop': AI-Generated Work Content Is Slowing Everything DownDeutsche Bank Issues Grim Warning for AI IndustryYouTube may reinstate channels banned for spreading covid and election misinformation‘SIM Farms' Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds SayThey traveled to Thailand. They wound up cyber scam slaves in Myanmar.MEDIA CANDYElioSupermanHuman: OriginsHuman: JourneysAlien: EarthThe Traitors IrelandDisney is raising the price of Disney+, Hulu subscriptions next monthWicked: For Good | Final TrailerLilith Faire: Building a MysteryTron: AresAI Artist Signs Million-Dollar Record DealLionsgate Is Finding Out It's Really Hard to Make Movies With AIJimmy Kimmel May Be Back. Trump's Attacks on the First Amendment Aren't Over By Merrill MarkoeJimmy Kimmel is Back!THE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingDisney Explores Using Ray-Ban Meta Glasses To Guide Guests Around Its ParksThe Happiest Story on Earth: 70 Years of DisneylandThe Mandalorian and Grogu | Official Trailer | In Theaters May 22, 2026The Jim Henson Company 70th Anniversary AuctionFeds Say Company That Bought RadioShack Was Running $112 Million Ponzi SchemeFurries ride the DC MetroSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.