Podcasts about Cyber

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825

The European Space Agency's (ESA's) Director General (DG) Josef Aschbacher delivered the opening remarks at the ‘General Assembly Defence, Space and Cybersecurity'. Satlink is partnering with Rivada Space Networks to provide a network with the necessary security and performance to support Spanish enterprises and Defense Forces. Armada AI and Sophia Space have launched a fully integrated Earth-to-space scalable compute infrastructure platform, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Elysia Segal brings us the Space Traffic Report from NASASpaceflight.com. Selected Reading ESA Director General's opening remarks at the General Assembly on Defence, Space & Cybersecurity Satlink Partners with Rivada for Next Generation Defense Connectivity Armada and Sophia Space Unveil First-Of-Its-Kind, Fully Integrated Earth-to-Space Edge AI Platform Slingshot LinkedIn Post Redwire Establishes Rapid Capabilities Facility in Albuquerque to Advance Space-Based Defense Systems ReOrbit, a Leading Provider of Sovereign Satellites and Connected Systems, Expands into the United Kingdom DSEI Takeaways: Space and Cyber and the Invisible Front Line Intellian and Eutelsat Developing Ultra-Portable Military-Grade LEO Manpack Terminal Planet Releases First Light Image From Pelican-3; Multiple Pelican Launches Slated for the Next Year Telekom Srbija Expands and Extends Partnership with SES Share your feedback. What do you think about T-Minus Space Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Nicholas Tsagourias - The Peaceful Settlement of Interstate Cyber Disputes

If you like what you hear, please subscribe, leave us a review and tell a friend!Chinese-linked fake job sites target former U.S. officials, while researchers uncover CHILLYHELL macOS backdoor and ZynorRAT for Windows and Linux. Apple and CERT-FR warn of spyware campaigns hitting iCloud devices, and Hello Gym leaks 1.6M audio files tied to member data. LNER discloses a breach of customer contact details, Panama's Finance Ministry is hit by INC Ransom, and the DOJ moves to seize $5M in Bitcoin stolen via SIM swaps. SwissBorg pledges to repay users after a $41M crypto theft at partner Kiln, Geordie launches a $6.5M-funded AI security platform.

The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its long-awaited Cybersecurity Maturity Model Certification (CMMC 2.0) rule. Akira ransomware group targets SonicWall devices. Officials warn solar-powered highway infrastructure should be checked for hidden radios. The Atlantic Council maps the global spyware market. Researchers uncover serious flaws in Apple's AirPlay. A European DDoS mitigation provider thwarts a record-breaking attack. My Caveat cohosts Ethan Cook and Ben Yelin unpack the cyber elements of the Big Beautiful Bill. Who fixes the vibe code?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ethan Cook joining Caveat hosts Dave Bittner and Ben Yelin for this month's Policy Deep Dive. Together, they unpack HR1, the “Big Beautiful Bill”, and how its investments in technology, supply chain security, and defensive resiliency reflect the Trump administration's push for long-term technological dominance. If you want to hear the full conversation, head over to Caveat. Selected Reading House moves ahead with defense bill that includes AI, cyber provisions (The Record) FTC should investigate Microsoft after Ascension ransomware attack, senator says (The Record) Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' (The Record) Pentagon Releases Long-Awaited Contractor Cybersecurity Rule (GovInfo Security) Akira Ransomware Group Utilizing SonicWall Devices for Initial Access (Rapid7) Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure (Reuters) Mythical Beasts: Diving into the depths of the global spyware market (Atlantic Council) Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance (SecurityWeek) DDoS defender targeted in 1.5 Bpps denial-of-service attack (Bleeping Computer) The Software Engineers Paid to Fix Vibe Coded Messes (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

Send us a textOn this episode of Serious Privacy, while both Paul Breitbarth and Ralph O'Brien of Reinbo Consulting are out, Dr. K Royal connects with Jordan Hall, a DPO based in the UK. Discussion centers around scope of DPO, where the field has developed, and thoughts on current events. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Join Mike Radak, Alliant Financial Institutions, and David Finz, Alliant Claims & Legal, as they break down three recent legal developments shaping insurance and cyber risk. They discuss how strict notice provisions can result in claim denials, the importance of securing coverage for regulatory investigations and what the MOVEit litigation reveals about duty to defend versus choice of counsel. Together, they provide key insights for policyholders navigating coverage gaps, defense strategies and the evolving risks in the financial institutions and cyber markets.

If you like what you hear, please subscribe, leave us a review and tell a friend!Multiple high-profile cyber incidents are impacting organizations worldwide, including ransomware attacks, data breaches, malware campaigns, and sophisticated DDoS operations. Notable events involve compromises of GitHub accounts affecting Salesloft and Drift, ransomware groups like LockerGoga, MegaCortex, and Nefilim, a massive DDoS hitting a defender platform, and breaches exposing sensitive financial and personal data in Vienna, VA, while Ukraine faces evolving Russian hacker tactics.

Microsoft Patch Tuesday As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270 Adobe Patches Adobe released patches for nine products, including Adobe Commerce, Coldfusion, and Acrobat. https://helpx.adobe.com/security/security-bulletin.html SAP Patches SAP patched vulnerabilities across its product portfolio. Particularly interesting are a few critical vulnerabilities in Netweaver, one of which scored a perfect 10.0 CVSS score. https://onapsis.com/blog/sap-security-notes-september-2025-patch-day/

- One of the biggest SaaS security incidents recently of course is the Salesloft Drive/Salesforce incident, which impacted hundreds of organizations and involved compromised OAuth tokens. Can you tell us a bit about the incident and the fallout?- In an AppOmni blog on the incident, you all discuss attackers taking advantage of persistent OAuth access, over-permissive access, limited monitoring, and unsecured secrets. Why do these problems continue to plague organizations despite incidents like this?This is part of a broader trend of increased SaaS supply chain attacks. What makes these attacks so enticing for malicious actors and challenging for organizations to prevent entirely?You recently published your State of SaaS Security Report, which projects SaaS to grow 20% YoY between 2025 and 2032. This is despite 75% of organizations reporting a SaaS security incident in the past year. Why do you think we're seeing continued growth in adoption but still lagging in SaaS security to accompany the adoption?The report discusses the rise of NHIs and GenAI and how this will exacerbate problems around SaaS Access and incidents. Can you unpack that for us?I was shocked to see the report find that just 13% of organizations use SSPM tooling despite SaaS's widespread adoption. When you talk to enterprises, for example, nearly everyone is doing some CSPM activity for IaaS. Why are so many neglecting hygiene and posture for their SaaS footprint?

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

If you like what you hear, please subscribe, leave us a review and tell a friend!Recent cybersecurity incidents highlight a surge in data breaches, malware attacks, and espionage campaigns affecting major tech platforms, investment services, and government entities. From Microsoft and Apple to Wealthsimple and Cornwell Tools, hackers continue to exploit vulnerabilities, prompting forensic investigations, sanctions, and increased digital defenses.

Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic. https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266

Cyber attacks on schools are on the rise — and when they happen, the impact is immediate and long-lasting.In this episode of School Business Insider, host John Brucato speaks with Johnty Mongan, Global Head of Cyber Risk Management at Gallagher Cyber Risk Management. With years of experience responding to some of the most challenging cyber incidents worldwide, Johnty pulls back the curtain on what really happens during an attack — from the first chaotic hours to the long-term fallout for students, staff, and communities.We cover:The anatomy of a school cyber attackWhy criminals target education and what they hope to gainThe turning points when attacks go from bad to worseThe lasting human and operational impactThe top five cyber controls schools should implement nowIf you've ever wondered how cyber criminals operate and what SBOs can do to protect their districts, this is a must-listen.Contact School Business Insider: Check us out on social media: LinkedIn Twitter (X) Website: https://asbointl.org/SBI Email: podcast@asbointl.org Make sure to like, subscribe and share for more great insider episodes!Disclaimer:The views, thoughts, and opinions expressed are the speaker's own and do not represent the views, thoughts, and opinions of the Association of School Business Officials International. The material and information presented here is for general information purposes only. The "ASBO International" name and all forms and abbreviations are the property of its owner and its use does not imply endorsement of or opposition to any specific organization, product, or service. The presence of any advertising does not endorse, or imply endorsement of, any products or services by ASBO International.ASBO International is a 501(c)3 nonprofit, nonpartisan organization and does not participate or intervene in any political campaign on behalf of, or in opposition to, any candidate for elective public office. The sharing of news or information concerning public policy issues or political campaigns and candidates are not, and should not be construed as, endorsements by ASBO Internatio...

If you like what you hear, please subscribe, leave us a review and tell a friend!Multiple major cybersecurity incidents are hitting software and services. GPUGate malware targets Google Ads and GitHub, Windows Defender has a hijack vulnerability, and 20 popular npm packages were compromised. Plex and Lovesac confirm breaches after ransomware attacks, hackers steal thousands of secrets via GhostAction, SpamGPT fuels phishing, employees leak AI-sensitive data, and Signal adds secure cloud backups.

More than 7.5 million global cyber incidents were reported in the first half of 2025, a 19% rise on the same period last year. To combat the surge in attacks, Integrity360 is announcing an exclusive Irish partnership with global bug bounty leader HackerOne. This partnership gives businesses direct local access to a trusted network of more than two million ethical hackers, delivering real-time vulnerability discovery and remediation before threats can be exploited. Cyber attacks are increasing in both sophistication and volume, with large organisations -particularly those with web-facing infrastructure - experiencing relentless attempts to identify and exploit weaknesses. While traditional penetration testing and red teaming remain essential, a well organised bug bounty programme takes cyber security to the next level. Integrity360's collaboration with HackerOne adds an 'always-on' layer of human-led testing, giving enterprises continuous visibility into emerging threats and an attacker's eye view of their systems. Drawing on HackerOne's global community of security researchers, Integrity360 identifies vulnerabilities that automated tools might miss. With access to over two million ethical hackers, security teams can prioritise and remediate critical risks faster - a capability that would be virtually impossible for any single organisation to replicate in-house. Furthermore, you only pay for exposures that are discovered, providing excellent return on investment. The collaboration expands the cyber security testing portfolio of Integrity360, enabling delivery of an end-to-end service that spans scheduled assessments, red teaming, and continuous researcher-led testing. While HackerOne underpins the platform with its unparalleled crowd-powered expertise, Integrity360 ensures seamless integration into clients' security programmes. "Technology alone can't match the creativity and persistence of a determined attacker," said Richard Ford, CTO at Integrity360. "By partnering with HackerOne, we are enabling organisations to tap into a vast, global community of security researchers who continuously probe for weaknesses. This is proactive defence in action, which is designed to uncover and fix issues before they become security incidents." John Addeo, VP of Global Channels at HackerOne, said: "Integrity360 brings deep enterprise security expertise, while our hacker community provides real-world insight that tools alone can't deliver. Together, we help organisations find and fix vulnerabilities faster, reducing their attack surface in an increasingly complex threat environment." The move reflects a wider industry shift from periodic, compliance-driven assessments to continuous, community-powered protection. As cyber threats continue to evolve, the ability to detect and respond to vulnerabilities in real-time will become a critical benchmark for effective cyber defence. See more stories here.

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares: Automated, AI-powered threat hunting with Nebulock Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn't have time to look at. Runtime security for hypervisors from Vali Cyber Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It's marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments. A secure mobile telco: Cape The only thing American cell providers love more than providing patchy coverage is getting their customers' data owned. Cape is here to change that. It's a security and anonymity-focussed virtual mobile network operator (MVNO) that's been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce. This episode is also available on Youtube Show notes

Running a business online comes with plenty of perks—but also some hidden risks we didn't fully realize until now. In this episode, we share what we learned after talking with a cyber specialist who gave us a serious wake-up call about just how vulnerable online businesses can be. We're spilling the details in our signature mother–daughter style. If you've ever wondered how safe your digital world really is, definitely tune in to this one.Everything Envy Links:Amazon Store: https://urlgeni.us/amzn/podcast_storefront_EEInstagram: https://urlgeni.us/instagram/podcast_IG_EETikTok:  https://urlgeni.us/tiktok/podcast_tiktok_EEPinterest:  https://urlgeni.us/pinterest/podcast_pinterest_Facebook Group:  https://urlgeni.us/facebook/podcast_FBdealsgroup_EESign up for our newsletter:  https://urlgeni.us/podcast_newsletter_EEOur website:  https://urlgeni.us/podcast_website_The TECH tools we use in our podcast recording studio: ⁠⁠https://urlgeni.us/amazon/podcast_influencertools_EEClick here to get our vision board template: https://urlgeni.us/podcast_visionboard_EEBelow are affiliate links to some really cool tools that we use in our business. We do earn a tiny commission if you click any of our affiliate links so THANK YOU in advance! :)Collecting all the data is probably one of the most important things you should do for your business! We use URLgenius to easily track ours!https://app.urlgeni.us/signup?urlg_referrer=everything_envyFloDesk is what we use to create our beautiful newsletters and emails: https://partners.flodesk.com/x7detoz05nk1Interested in the tool we use to collect email addresses and send them straight to FloDesk? Check out AppSumo using our affiliate link!  https://urlgeni.us/podcast_appsumo_EE

In this episode, I share news from my recent trip to the UK, noticing how it seems to have reached the epic proportions of a Black Mirror episode; from the absurd TV licensing program to the new Digital ID Brit cards that will track your behavior. I also explore how the UK may be serving as a testing ground for new levels of behavioral surveillance that could eventually spread globally. I dive into California's $900 “smart” license plates that track your every move, centralized government digital currencies, and my predictions for the next 20 years of Orwellian surveillance.Support the show on Patreon!In this week's episode:The UK's TV licensing system: Legal extortion through private contractorsThe Reviver R-plate: $900 to track yourself in California and ArizonaBrit Cards: UK's new “voluntary” Digital ID systemThe Bank of England's digital pound and programmable moneyHistorical patterns of control: From land ownership to neural interfacesWhy the UK is the blueprint for global surveillance rolloutPredictions for the next 20-50 years of biosurveillanceMatrix Community RoomsMatrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links:https://matrix.to/#/#lockdown-intro:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-general:matrix.orgShow Links:PsySecure ODSF Framework - https://odsf.psysecure.comLCD License Plate (not privacy friendly!) - https://reviver.com/rplate/Black Mirror S03E01 "Nosedive" - https://www.imdb.com/title/tt5497778/Bank of England's Digital Pound - https://www.bankofengland.co.uk/the-digital-poundBrit Card Digital ID System - https://www.labourtogether.uk/all-reports/britcardTV Licensing Detector Ads (1980s-90s): The Detector Van - https://www.youtube.com/watch?v=8NmdUcmLFkw"We know exactly where he is" - https://www.youtube.com/watch?v=qF3-S2sCnb8Keep One Eye Open - https://www.youtube.com/watch?v=mVfOmR7gAekMore Powerful Dector Vans! - https://www.youtube.com/watch?v=1Q9CsRRhWQI“One believes things because one has been conditioned to believe them.”- Mustapha Mond (Brave New World ★ Support this podcast on Patreon ★

If you like what you hear, please subscribe, leave us a review and tell a friend!Authorities disrupt major pirated streaming networks, investigate malicious emails targeting trade talks with China, and confirm breaches exposing millions of students and customer data. Microsoft Azure services face outages from undersea cable cuts. iCloud calendars and cracked software are being abused for phishing attacks, while Venezuela's president claims his Huawei phone is secure from US cyber spies. Czech authorities warn against using Chinese technology in critical infrastructure.

Federal agencies have embarked on numerous initiatives in recent years to recruit and develop more cyber talent, but those efforts have been hobbled by a lack of good data, and now they face an uncertain future amid the Trump administration sweeping workforce changes. For more on what's happening with the cyber workforce Federal News Network's Justin Doubleday is here. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss the latest AI news, some worrying trends in cyber crime, and this year's largest supply chain hack, impacting hundreds of companies worldwide. Hollingworth and Croft kick things off by looking at the NSW government embracing AI and the federal government's timely move to ban deepfake “nudify” apps that are being used to bully and harrass. The pair then catch up with the latest cyber crime news, from the wide-ranging Salesloft Drift hacks that have impacted companies like Zscaler and Palo Alto Networks, to a brazen local hack that's seen delicate health data published online by unscrupulous ransomware operators. Hollingworth and Croft wind things up with some mostly good news, with an AI stethoscope potentially a game changer for heart health, and an international operation to take down a fake ID marketplace. Enjoy the episode, The Cyber Uncut team

A Week of School, Cyber and Food in Singapore https://www.troyhunt.com/weekly-update-467/See omnystudio.com/listener for privacy information.

Предлагаю вашему вниманию переработанную версию ранее выпущенного микса, с дополнительными треками и частично переведенного! 01 00:00:00 Intro 02 00:00:35 ПЕВЧАЯ - Ты заря (Silver Nail Remix) 03 00:03:19 Moscow Village Band – Paranya 04 00:05:38 ABIEM Project – Порушка-параня 05 00:07:35 Татьяна Куртукова - Матушка (Index-1 Remix) 06 00:09:40 Ася Горбачёва, Silver Ace - Родина моя 07 00:11:58 Сюзанна Светличная - Ты живи моя страна (A-Traxx Remix) 08 00:13:39 Jakonda feat. DJ Nejtrino & ELIA - Летел голубь 09 00:15:33 ПЕВЧАЯ — Ранешенько (Silver Nail Remix) 10 00:17:39 Lebedeva, Ahigo, SLYOZY ALYASKI - Иван Купала 11 00:19:27 KILLTEQ x IZIFONK - Любушка 12 00:21:14 Nikita Rise — Полюбила пацана 13 00:22:46 Министерство Культуры СССР - Ой, дуся, oй, маруся 14 00:24:42 Надежда Кадышева и Г.Кадышев - Плывет веночек (Dmitry Air Remix) 15 00:26:45 Полынь Folk, ГАЛЕЯ, Тульская, Baltin - Солнце встало высоко 16 00:28:53 Chagunava - Золотой домик (Silver Ace Remix) 17 00:31:57 Bearwolf Валькирия (D. Anuchin Remix) 18 00:34:22 Sara Oks x Los Del Rio - Казак (Silver Nail MashUp) 19 00:36:17 Талица, Dj GROOV - Гори, гори ясно! 20 00:38:20 BVLVNS - Polyushko Pole 21 00:40:09 Галя, VEYA, Ася Зыкова, MATANYA - Туман 22 00:42:27 КоленкорЪ, Полынь Folk & DAN3A - Савич 23 00:44:22 Kvinn, Alexey Razumov - To ne vecher 24 00:46:11 Балаган Лимитед, Willi Nil - Тонкая рябина 25 00:48:43 Shadow Clouds - Russian Vibe 26 00:51:01 TRILTAPE, САМОВАРОЧКИ - KUPALA (Ragion remix) 27 00:53:38 Цветень - Матюшка 28 00:56:14 MOREBOY x NIKA DUBIK - Dom 29 00:58:23 Max Lansky - Ветерок 30 01:00:10 Белолуна - Девичья 31 01:02:44 Ruslan Babetskii ft. Yuki - Вереюшка 32 01:04:48 VELIKOPOLSKAYA - BANYA 33 01:07:08 Zventa Sventana - Месяц

In this episode of Resilient Cyber, I sit down with the SANS Institute's Chief of Research (COR) & Chief AI Officer (CAIO), Rob T. Lee to discuss AI's impact on cybersecurity and the workforce. We will discuss SANS Critical AI Security Guidelines, the opportunities and obstacles AI presents for cybersecurity, and how practitioners should navigate AI's impact on the workforce.

Tech Talk with Steve Thomson and Doug Swinhart! Topics include: Cyber warfare and protecting cyber infrastructure and the threat level. Awareness especially for seniors who are often targeted for online scams Is it necessary to upgrade to Windows 11? Recovering an accidentally deleted email inbox Should you be wary of QR codes? Texts and calls from listeners

Main, Andreas www.deutschlandfunkkultur.de, Fazit

A cyberattack disrupts Bridgestone's manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter enforcement of healthcare information access rules. Texas sues an education software provider over a December 2024 data breach. A federal jury orders Google to pay $425 million over improperly collected user data. Nations unite for global guidance on SBOMs. On our Industry Voices segment, we are joined by Aron Anderson, Enterprise Security Manager of Adobe, on embracing the journey to zero trust. Chess.com gets caught in a tricky gambit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment we are joined by  Aron Anderson, Enterprise Security Manager of Adobe, as he is talking about embracing the journey to zero trust. If you want to hear the full conversation from Aron, you can check it out here. Selected Reading Tire giant Bridgestone confirms cyberattack impacts manufacturing (Bleeping Computer) CISA issues ICS advisories on hardware flaws in Honeywell, Mitsubishi Electric, Delta Electronics, rail communication protocols (Industrial Cyber) More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach (SecurityWeek) Unknown miscreants snooping around Sitecore via sample keys (The Register) HHS Says It's 'Cracking Down' on Health Information Blocking (BankInfo Security) Texas sues PowerSchool over breach exposing 62M students, 880k Texans (Bleeping Computer) Google hit with $425 million verdict in privacy class action suit (The Record) US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine) Chess.com says 4,500 people had data stolen during June breach  (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AI growth with no rules? That's not bold. It's reckless.Everyone's racing to scale AI. More data, faster tools, flashier launches.But here's what no one's saying out loud:Growth without governance doesn't make you innovative. It makes you vulnerable.Ignore ethics, and you're building an empire on quicksand.In this episode, we're breaking down how to scale AI the right way—without wrecking trust, compliance, or your future.Newsletter: Sign up for our free daily newsletterMore on this Episode: Episode PageJoin the discussion: Questions for Rajeev or Jordan? Go ask.Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineupWebsite: YourEverydayAI.comEmail The Show: info@youreverydayai.comConnect with Jordan on LinkedInTopics Covered in This Episode:Balancing AI Innovation with Ethical GovernanceIntroduction of Rajeev Kapur and Eleven o Five MediaRajeev Kapur's Background in AICompanies Balancing AI Innovation and EthicsFormation of AI Ethics BoardData Management as Competitive AdvantagePrivacy and Ethics as Product FeaturesGovernance and Ethical Standards in AI UseImpact of Regulatory Changes on AI UseDeepfakes and Their ImplicationsEncouragement for Companies to Lead Ethically in AITimestamps:00:00 Navigating AI: Innovation vs. Risks04:00 "AI Startup's Spatial Audio Journey"06:49 AI Ethics Oversight & Governance10:04 Strategic AI Advisory Team Formation15:34 AI Strategy and Governance Essentials16:55 Global Standardization Needed for AI Policies22:47 AI Ethics: Innovation vs. Deepfakes25:48 "Regulate Deepfakes Like Nukes"27:17 Leadership Vision for Future SuccessKeywords:AI innovation, Ethical governance, Large language models, Data privacy, AI ethics board, AI governance, TDWI, Microsoft stack, Generative AI, AI algorithms, Spatial audio, Deep fakes, Data differentiation, Machine learning, Cyber security, Enterprise technology, Rajeev Kapur, 11:05 Media, AI safety, OpenAI, Data utilization, Ethical AI alignment, Regulatory aspect, AI models, Innovation vs. ethics, AI data privacy, Explainability, Data scientists, Third-party audits, Transparent AI usage, AI-driven growth, Monitoring feedback loops, Worst case testing, Smart regulations, Digital twins, Disinformation, AI bias mitigation, Data as new oil, Refining dataSend Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Ready for ROI on GenAI? Go to youreverydayai.com/partner

Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner. https://unit42.paloaltonetworks.com/model-namespace-reuse/ macOS vulnerability allowed Keychain and iOS app decryption without a password Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple s keychain. https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/

We're joined by Izzy Kestrel (Gexfeld, A Good Videogame), Shawn Alexander Allen (Treachery in Beatdown City), and the one and only Rand Hall (UFO 50 Voicemailer Extraordinaire) to discuss Cyber Owls, the 50th and final* game in the UFO 50 collection. “A superweapon threatens to destroy the world, and it's up to the Cyber Owls to save the day!” Next week: [REDACTED] Audio edited by Dylan Shumway   Discussed in this episode: Eggplant Merch! https://cottonbureau.com/people/eggplant-the-secret-lives-of-games-podcast  Cherry Rush YouTube Highlights https://www.youtube.com/@Cherry-Rush  Derek Yu's Wikiquote https://en.wikiquote.org/wiki/Derek_Yu  Roguelike Celebration 2025 (Including Fireside Chat with Jon Perry!) https://www.roguelike.club/event2025.html  Izzy's itch.io https://iznaut.itch.io/  Izzy's bluesky https://bsky.app/profile/iznaut.com Izzy's Website https://iznaut.com/ Snap & Grab https://nogoblin.com/snapandgrab Shawn's Instagram https://www.instagram.com/shawndoublea/?hl=en Beatdown City Survivors https://store.steampowered.com/app/3383040/Beatdown_City_Survivors/  Tyriq's Bluesky https://bsky.app/profile/fourbitfriday.bsky.social Scrubbin' Trubble https://scrubbintrubble.com/ The Grasshopper (and "Words on Play")  https://broadviewpress.com/product/the-grasshopper-third-edition/#tab-description C.A. Brown https://www.youtube.com/@CABROWN https://www.youtube.com/eggplantshow http://discord.gg/eggplant https://www.patreon.com/eggplantshow

Worst Bot Ever is getting a sequel, we get caught up on all the episodes of Cyberworld, and in Japan you can now smell like your favorite Transformer. All this and much, much more on this episode of TransMissions Alt Mode! Order our exclusive Skybound Transformers #1 comic with cover art by E.J. Su! Want some TransMissions swag? Check out our online shop, powered by Dashery! Show Notes: If you enjoy TransMissions, please rate us and subscribe on Apple Podcasts and Spotify! These ratings greatly help podcasts become more discoverable to other people using those services and is an easy way to help out our show. Contact us: Continue reading The post Alt Mode 458 – It’s A Cyber, Cyber World appeared first on TransMissions Podcast Network.

Today, Jess, Martha, Morgan, and Algene break down Salt Typhoon — a years-long Chinese cyber campaign that impacted 80 countries, targeted U.S. telecommunications firms, and compromised millions of people, including political leaders and even National Guard systems. A new multinational report links the operation to three Chinese firms tied to Beijing's military services, underscoring the scale of China's push to dominate the global cyber domain even as the U.S. cuts cyber budgets.How much damage did Salt Typhoon really do, and why should Americans care? Will Congress step up to strengthen U.S. cyber defenses? And why is Washington pulling back at the very moment that Beijing is doubling down on cyber operations?Check out these sources that helped shape our experts' opinions: https://www.politico.com/news/2025/09/02/congress-pulls-the-rug-on-u-s-plan-to-beat-huawei-00527620https://www.nytimes.com/2025/09/04/world/asia/china-hack-salt-typhoon.html?smid=nytcore-ios-share&referringSource=articleSharehttps://www.washingtonpost.com/national-security/2025/05/23/cisa-cyberattacks-china-doge-cuts/ @marthamillerdc@morganlroach@NotTVJessJones@AlgeneSajeryLike what we're doing here? Be sure to rate, review, and subscribe. And don't forget to follow @faultlines_pod and @masonnatsec on Twitter!We are also on YouTube, and watch today's episode here: https://youtu.be/73tIjXQtUA0 Hosted on Acast. See acast.com/privacy for more information.

In response to Executive Order (EO) 14028, Improving the Nation's Cybersecurity, the National Institute of Standards and Technology (NIST) recommended 11 practices for software verification. Threat modeling is at the top of the list. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Natasha Shevchenko and Alex Vesey, both engineers with the SEI's CERT Division, sit down with Timothy Chick, technical manager of CERT's Applied Systems Group, to discuss how threat modeling can be used to protect software-intensive systems from attack. Specifically, they explore how threat models can guide system requirements, system design, and operational choices to identify and mitigate threats.  

If you like what you hear, please subscribe, leave us a review and tell a friend!Sap S4hana flaw exploited in the wild, Virustotal detects undetected svg phishing files, Russian Apt28 uses Outlook backdoor, Bridgestone cyberattack disrupts manufacturing, North Korean hackers run fake job interviews, Salesforce Salesloft breach impacts firms, Us and allies push Sboms, Ten million dollar reward for Russian Fsb hackers, Us sues robot toy maker exposing childrens data to Chinese developers.

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

Buckle up for episode 206 of the 280+ Podcast as we dive into "The Wild Hershey Park Monorail Incident

If you like what you hear, please subscribe, leave us a review and tell a friend!Hackers and cybercriminals continue exploiting software and platforms, targeting schools, routers, Android devices, and AI systems. Major companies like Google, YouTube, Cloudflare, and Jaguar Land Rover face fines, disruptions, or security breaches. Law enforcement and regulators are taking action against violations, while threats like ransomware, malware, and zero-day exploits persist.

Standup Comedian Nate Craig rejoins the charts for a scorcher! Topics include: Humanizing The Beat. Parents Proud. Knives Out: Burning Man. 1892 Quiz.Join the Chart Mart on whochartedpod.com to get new episodes of TWO CHARTED every week, as well as the full archives of Whooch, Twooch, Preem Stream and more!See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

A Quick Look at Sextortion at Scale Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns. https://isc.sans.edu/diary/A%20quick%20look%20at%20sextortion%20at%20scale%3A%201%2C900%20messages%20and%20205%20Bitcoin%20addresses%20spanning%20four%20years/32252 Azure AD Client Secret Leak Attackers are stealing Azure AD client secrets from websites that are leaving them exposed. https://www.resecurity.com/blog/article/azure-ad-client-secret-leak-the-keys-to-cloud Covert Channel via ICMP and DNS A new bot combines ICMP and DNS in new ways for covert communication. The DNS requests use domains with a fixed prefix followed by a base64 encoded command, and the ICMP echo request packets include commands as a payload. https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/ Official Release of Critical FreePBX Patch Sangoma has announced that the experimental patch released for the exploited FreePBX vulnerability is now considered stable, and users should update to apply it. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

pdf-parser: All Streams Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams. https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248 Salesloft Drift Putting OAuth Tokens at Risk OAuth tokens used by Salesloft Drift users to provide access to integrations with Salesforce, Google Workspace, and others have been compromised and heavily abused for additional compromise and large-scale data exfiltration from exposed services. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift Velociraptor incident response tool abused for remote access Attackers are using the open source incident response tool Velociraptor to access remote systems in breached networks. Tools like Velocitraptor are ideal for attackers to perform lateral movement. https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/ Default Password in NeuVector (Rancher Desktop) SuSE fixed a default password vulnerability in NeuVector, a security tool included in Rancher Desktop. https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-346