Podcasts about Cyber

In this week's FOLLOW UP, Bitcoin is down 15%, miners are unplugging rigs because paying eighty-seven grand to mine a sixty-grand coin finally failed the vibes check, and Grok is still digitally undressing men—suggesting Musk's “safeguards” remain mostly theoretical, which didn't help when X offices got raided in France. Spain wants to ban social media for kids under 16, Egypt is blocking Roblox outright, and governments everywhere are flailing at the algorithmic abyss.IN THE NEWS, Elon Musk is rolling xAI into SpaceX to birth a $1.25 trillion megacorp that wants to power AI from orbit with a million satellites, because space junk apparently wasn't annoying enough. Amazon admits a “high volume” of CSAM showed up in its AI training data and blames third parties, Waymo bags a massive $16 billion to insist robotaxis are working, Pinterest reportedly fires staff who built a layoff-tracking tool, and Sam Altman gets extremely cranky about Claude's Super Bowl ads hitting a little too close to home.For MEDIA CANDY, we've got Shrinking, the Grammys, Star Trek: Starfleet Academy's questionable holographic future, Neil Young gifting his catalog to Greenland while snubbing Amazon, plus Is It Cake? Valentines and The Rip.In APPS & DOODADS, we test Sennheiser earbuds, mess with Topaz Video, skip a deeply cursed Python script that checks LinkedIn for Epstein connections, and note that autonomous cars and drones will happily obey prompt injection via road signs—defeated by a Sharpie.IN THE LIBRARY, there's The Regicide Report, a brutal study finding early dementia signals in Terry Pratchett's novels, Neil Gaiman denying allegations while announcing a new book, and THE DARK SIDE WITH DAVE, vibing with The Muppet Show as Disney names a new CEO. We round it out with RentAHuman.ai dread relief via paper airplane databases, free Roller Coaster Tycoon, and Sir Ian McKellen on Colbert—still classy in the digital wasteland.Sponsors:DeleteMe - Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/GOG and use promo code GOG at checkout.SquareSpace - go to squarespace.com/GRUMPY for a free trial. And when you're ready to launch, use code GRUMPY to save 10% off your first purchase of a website or domain.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/732FOLLOW UPBitcoin drops 15%, briefly breaking below $61,000 as sell-off intensifies, doubts about crypto growBitcoin Is Crashing So Hard That Miners Are Unplugging Their EquipmentGrok, which maybe stopped undressing women without their consent, still undresses menX offices raided in France as UK opens fresh investigation into GrokSpain set to ban social media for children under 16Egypt to block Roblox for all usersIN THE NEWSElon Musk Is Rolling xAI Into SpaceX—Creating the World's Most Valuable Private CompanySpaceX wants to launch a constellation of a million satellites to power AI needsA potential Starlink competitor just got FCC clearance to launch 4,000 satellitesAmazon discovered a 'high volume' of CSAM in its AI training data but isn't saying where it came fromWaymo raises massive $16 billion round at $126 billion valuation, plans expansion to 20+ citiesPinterest Reportedly Fires Employees Who Built a Tool to Track LayoffsSam Altman got exceptionally testy over Claude Super Bowl adsMEDIA CANDYShrinkingStar Trek: Starfleet AcademyThe RipNeil Young gifts Greenland free access to his music and withdraws it from Amazon over TrumpIs it Cake? ValentinesAPPS & DOODADSSennheiser Consumer Audio IE 200 In-Ear Audiophile Headphones - TrueResponse Transducers for Neutral Sound, Impactful Bass, Detachable Braided Cable with Flexible Ear Hooks - BlackSennheiser Consumer Audio CX 80S In-ear Headphones with In-line One-Button Smart Remote – BlackTopaz VideoEpsteinAutonomous cars, drones cheerfully obey prompt injection by road signAT THE LIBRARYThe Regicide Report (Laundry Files Book 14) by Charles StrossScientists Found an Early Signal of Dementia Hidden in Terry Pratchett's NovelsNeil Gaiman Denies the Allegations Against Him (Again) While Announcing a New BookTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Muppet ShowDisney announces Josh D'Amaro will be its new CEO after Iger departsA Database of Paper Airplane Designs: Hours of Fun for Kids & Adults AlikeOnline (free!) version of Roller Coaster tycoon.Speaking of coasters, here's the current world champion.I am hoping this is satire...Sir Ian McKellen on Colbert.CLOSING SHOUT-OUTSCatherine O'Hara: The Grande Dame of Off-Center ComedyStanding with Sam 'Balloon Man' MartinezSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Join Jim and Greg for the Friday 3 Martini Lunch as they react to Virginia Democrats' aggressive gerrymandering of congressional districts, Russia's escalating mischief online and in space, and New Jersey Democrats once again showing how far the party continues to lurch to the left.First, they unload on Virginia Democrats for transforming a fairly competitive state into a convoluted congressional map that could give Democrats control of ten of the state's eleven House seats. Jim and Greg walk through the most absurd district lines and skewer the flimsy explanations Democrats are offering for this blatant power grab.Next, they chronicle the many ways Russia is attempting to meddle with its adversaries through cyber warfare, satellite interference, and other destabilizing tactics. New reports suggest Moscow is targeting Italy during the Olympics and is even floating threats involving a nuclear attack in space aimed at disrupting Elon Musk's Starlink network.Finally, they dissect the surprising results in a New Jersey special congressional primary where a far-left candidate is now poised to defeat a heavily favored, more moderate Democrat. Jim and Greg explain why the upset is another sign that much of the Democratic Party's energy is increasingly aligned with a more radical vision for the country.Please visit our great sponsors:Skip the hassle and book a top-rated doctor in seconds with Zocdoc. Visit https://www.Zocdoc.com/3ML today!Visit https://CoastPay.com/3ML to get free gas for a whole day. Terms apply.Unlock your healthiest skin by targeting visible aging signs at https://Oneskin.co/3ML with code 3ML for 15% off.New episodes every weekday. 

Broken Phishing URLs https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/ n8n command injection vulnerability https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 Android February Update https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en Watchguard Firebox LDAP Injection https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

Most orgs have a major blind spot: the browser.This week on Defender Fridays, we're joined by Cody Pierce, Co-Founder and CEO at Neon Cyber, to discuss why browser security remains a critical gap, from sophisticated phishing campaigns that bypass traditional controls to shadow AI tools operating outside your security perimeter.Cody began his career in the computer security industry twenty-five years ago. The first half of his journey was rooted in deep R&D for offensive security, and he had the privilege of leading great teams working on elite problems. Over the last decade, Cody have moved into product and leadership roles that allowed him to focus on developing and delivering innovative and differentiated capabilities through product incubation, development, and GTM activities. Cody says he gets the most joy from building and delivering products that bring order to the chaos of cyber security while giving defenders the upper hand.About This SessionThis office hours format brings together the LimaCharlie team to share practical experiences with AI-powered security operations. Rather than theoretical discussions, we demonstrate working tools and invite the community to share their own AI security experiments. The session highlights the rapid evolution of AI capabilities in cybersecurity and explores the changing relationship between security practitioners and automation.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Cyber weapons knock out Iranian air defenses during strikes on nuclear sites. ShinyHunters dump more than a million stolen records from Harvard and Penn. Betterment confirms a breach exposing data from roughly 1.4 million accounts. Researchers uncover a sprawling scam network impersonating law firms. Italy blocks cyberattacks aimed at Olympics infrastructure. Critical bugs put n8n and Google Looker servers at risk of full takeover. A state-backed Shadow Campaign hits governments worldwide. OpenClaw shows how AI-powered attacks are becoming faster, cheaper, and harder to stop. Our guest is Tony Scott, CEO of Intrusion and former federal CIO, sharing his perspective on evolving regulation and the realities behind critical policy shifts. Your smartphone may testify against you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today comes as a segment from our Caveat podcast. Tony Scott, CEO of Intrusion and former federal CIO, joins Dave Bittner to share his perspective on evolving regulation and the realities behind critical policy shifts. You can listen to Tony and Dave's full conversation on this week's episode of Caveat, and catch new episodes of Caveat every Thursday on your favorite podcast app. Selected Reading Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes (The Record) Personal data stolen during Harvard and UPenn data breaches leaked online - over a million details, including emails, home addresses and more, all published (TechRadar) Data breach at fintech firm Betterment exposes 1.4 million accounts (Bleeping Computer) Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign (SecurityWeek) Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says (SecurityWeek) n8n security woes roll on as new critical flaws bypass December fix (The Register) LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) (Tenable) Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries (SecurityWeek) The Rise of OpenClaw (SECURITY.COM) Smartphones Now Involved in Nearly Every Police Investigation (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious Script Delivering More Maliciousness https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682 Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633 https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04 Google Chrome Patches https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout

The White House preps a major overhaul of U.S. cybersecurity policy. A key Commerce security office loses staff as regulatory guardrails weaken. Lawmakers Press AT&T and Verizon after months of silence on Salt Typhoon. A vulnerability in the React Native Metro development server is under active exploitation. Amaranth Dragon leverages a WinRAR flaw. A coordinated reconnaissance campaign targets Citrix NetScaler infrastructure. CISA warns a SolarWinds Web Help Desk flaw is under active exploitation. Zach Edwards, Senior Threat Researcher at Silent Push, is discussing a hole in the kill chain leaving law enforcement empty-handed. Cops in Northern Ireland get an unwanted data breach encore.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Zach Edwards, Senior Threat Researcher at Silent Push, discussing a hole in the kill chain leaving law enforcement empty-handed. You can read more from Zach's team here. Selected Reading White House Cyber Director Charts New Course for Digital Defense Through Private Sector Partnership (Web Pro News) Another Misstep in U.S.-China Tech Security Policy (Lawfare) Cantwell claims telecoms blocked release of Salt Typhoon report (Cyberscoop) Hackers exploit critical React Native Metro bug to breach dev systems (Bleeping Computer) New Amaranth Dragon cyberespionage group exploits WinRAR flaw (Bleeping Computer) Wave of Citrix NetScaler scans use thousands of residential proxies (Bleeping Computer) Fresh SolarWinds Vulnerability Exploited in Attacks (SecurityWeek) ‘It defies belief': Names of PSNI officers published on court website in new breach (Belfast Telegraph) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Detecting and Monitoring OpenClaw (clawdbot, moltbot) https://isc.sans.edu/diary.html/Detecting+and+Monitoring+OpenClaw+%28clawdbot%2C+moltbot%29/32678/#comment Synology telnetd Patch https://www.synology.com/en-us/releaseNote/DSM GlassWorm Loader Hits Open VSX via Developer Account Compromise https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise

Cyber risk stops being abstract the moment a control panel becomes a bridge between the plant floor and the outside world. We pull back the door on modern industrial control panels and show how they've evolved into the central hub for switches, firewalls, remote access, and data pathways that keep production moving—or bring it to a halt. Using a smart home as a simple frame, we unpack why a physical lock isn't enough and how layered defenses protect uptime, quality, and safety.We walk through the real risks leaders face: unauthorized access by outsiders or insiders operating beyond their role, subtle shifts to setpoints and logic that quietly degrade OEE, and incidents where cyber failures trigger physical consequences. Then we get practical. Secure design starts inside the panel with segmentation between control networks and enterprise IT, industrial firewalls, managed switches, and well-defined remote access. Governance matters as much as gear, so we outline clear authority boundaries, human override rules, and audit trails that build trust and accountability on the floor.Security doesn't end at commissioning. We emphasize lifecycle patching, documentation, and future-proofing so updates aren't scary and “temporary” workarounds don't become permanent backdoors. Because people make or break any control, we share tactics to reduce friction: role-based access that's fast, labeled interfaces, simple credentials, and training that explains the why behind every safeguard. Finally, we invite you to pressure-test these ideas in our hands-on labs, where you can validate architectures with real PLCs and HMIs before deploying to live lines.Keep Asking Why...Read our latest article on Industrial Manufacturing herehttps://eecoonline.com/inspire/panels_202Online Account Registration:Video Explanation of Registering for an AccountRegister for an AccountOther Resources to help with your journey:Installed Asset Analysis SupportSystem Planning SupportSchedule your Visit to a Lab in North or South CarolinaSchedule your Visit to a Lab in VirginiaSubmit your questions and feedback to: podcast@eecoaskwhy.comFollow EECO on LinkedInHost: Chris Grainger

Manish Mehta sits down with Wayman Cummings, Chief Information Security Officer at Ochsner Health, to explore what cyber-physical security convergence really looks like in practice. Wayman shares how his unconventional path into cybersecurity shaped his leadership style and his perspective on risk in high-stakes environments like healthcare. The conversation dives into insider risk, the role of AI as augmented intelligence, and why most physical threats today begin with digital reconnaissance. Wayman also challenges the idea that convergence is a myth, offering real-world examples of how teams, technology, and trust must come together to make it work. You'll learn: Why convergence fails without people and process alignment Why AI should augment human judgment, not replace it, in security operations How leaders can build credibility, break down silos, and scale security impact in high-risk environments If you're enjoying this episode, please take a moment to rate and review the show.

PREVIEW FOR LATER TODAY Guest: David Shedd. Shedd criticizes allowing Nvidia chip sales to China, warning Beijing will reverse engineer this technology to enhance military and cyber capabilities against Western allies.FEBRUARY 1930

Scanning for exposed Anthropic Models https://isc.sans.edu/diary/Scanning%20for%20exposed%20Anthropic%20Models/32674 Notepad++ Hijacked by State-Sponsored Hackers https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ https://notepad-plus-plus.org/news/hijacked-incident-info-update/ Insecure Websockets in OpenClaw https://zeropath.com/blog/openclaw-clawdbot-credential-theft-vulnerability Malicious OpenClaw Skills https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting Exposed OpenClaw Instances https://censys.com/blog/openclaw-in-the-wild-mapping-the-public-exposure-of-a-viral-ai-assistant

Poland says weak security left parts of its power grid exposed. A Russian-linked hacker alliance threatens Denmark with a promised cyber offensive. Fancy Bear moves fast on a new Microsoft Office flaw, hitting Ukrainian and EU targets. Researchers find a sprawling supply chain attack buried in the ClawdBot AI ecosystem. A new report looks at how threats are shaping the work of journalists and security researchers. A stealthy Windows malware campaign blends Pulsar RAT with Stealerv37. A former Google engineer is convicted of stealing AI trade secrets for China. The latest cybersecurity funding and deal news. On our Afternoon Cyber Tea segment, Microsoft's Ann Johnson chats with Dr. Lorrie Cranor from Carnegie Mellon about security design. The AI dinosaur that knew too much.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Dr. Lorrie Cranor⁠, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this month's segment of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. You can listen to Ann and Lorrie's full conversation here, and catch new episodes Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading Russian hackers breached Polish power grid thanks to bad security, report says (TechCrunch) Newly Established Russian Hacker Alliance Threatens Denmark (Truesec) Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks (Infosecurity Magazine) Notepad++ Hijacked by State-Sponsored Hackers (Notepad++) ClawdBot Skills Just Ganked Your Crypto (OpenSource Malware Blog) Under Pressure: Exploring the effect of legal and criminal threats on security researchers and journalists (DataBreaches.Net) Windows Malware Uses Pulsar RAT for Live Chats While Stealing Data (Hackread) U.S. convicts ex-Google engineer for sending AI tech data to China (Bleeping Computer) Upwind secures $250 million in a Series B round. (N2K Pro Business Briefing)  Don't Buy Internet-Connected Toys For Your Kids (Blackout VPN) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

The renewable energy sector faces a fundamental disconnect. Cybersecurity teams generate endless alerts and vulnerability reports, while operational managers focus on asset performance and site availability. Neither group speaks the other's language, leaving executives struggling to make informed decisions about where to invest limited resources. Rafael Narezzi, Co-Founder and CEO of Centrii, has built his company specifically to bridge this gap, translating technical cyber risks into the financial business outcomes that drive executive decision-making.Centrii, emerging from its predecessor Cyber Energia, represents a new approach to OT security in the energy sector. The name itself carries meaning: the sentinel of industrial intelligence, signified by the double I at the end. Rather than simply identifying vulnerabilities and presenting red alerts, the platform contextualizes risks in terms that matter to the business. How does a potential compromise affect your power purchase agreements? What happens to your revenue when energy prices fluctuate and your site goes offline? These are the questions that Centrii answers.The company prices its services per megawatt hour, demonstrating its commitment to speaking the language of energy rather than traditional IT security. This approach reflects a deeper understanding that renewable energy assets present vastly different risk profiles. A biomass facility with 24/7 personnel on site faces different challenges than an unmanned offshore wind installation. Solar farms, hydrogen facilities, and battery storage systems each require tailored risk assessments that account for their unique operational characteristics and regulatory requirements.Recent attacks on distributed energy resources, including the compromise of Poland's renewable grid, underscore the urgency of this work. With regulations like NERC CIP 15 in the United States, NIS 2.0 in Europe, and the UK Cyber Security Bill now holding asset owners personally accountable for cybersecurity failures, organizations can no longer afford to treat OT security as an afterthought. Narezzi observes that compliance has become the driving force pushing companies to take responsibility for their critical infrastructure assets.What sets Centrii apart is its ability to help executives identify which risks actually matter. When every cybersecurity tool reports critical alerts, organizations face paralysis. Which red is the red that demands immediate attention? Centrii provides clarity by mapping technical findings to financial impact, reputational damage, and operational consequences specific to each asset type and technology.The company's presentation at DistribuTECH 2026 focuses on battery energy storage systems, an area of explosive growth driven by data center demand and the expanding role of AI. Narezzi draws a parallel to Ocean's 11, where coordinated manipulation of power systems creates cascading failures. As batteries become essential for grid balancing, the risks of compromised dispatch commands affecting multiple installations simultaneously represent a scenario that demands serious attention from asset owners and regulators alike.Operating across 16 countries with diverse energy technologies, Centrii provides a unified platform for organizations managing hundreds of sites across different regions and regulatory environments. The goal is straightforward: give every stakeholder, from technical teams to the C-suite, a common language for understanding and acting on cyber risk in the energy sector.This is a Brand Story. A Brand Story is a ~35-40 minute in-depth conversation designed to tell the complete story of the guest, their company, and their vision. Learn more: https://www.studioc60.com/creation#fullGUESTRafael Narezzi, Co-Founder and CEO, Centriihttps://www.linkedin.com/in/narezzi/RESOURCESCentriihttps://centrii.comCyber Energiahttps://cyberenergia.comAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSRafael Narezzi, Centrii, Sean Martin, brand story, brand marketing, marketing podcast, brand story, OT security, renewable energy cybersecurity, battery energy storage systems, BESS, critical infrastructure protection, energy sector cybersecurity, NERC CIP, NIS 2.0, power purchase agreements, distributed energy resources, industrial intelligence, cyber risk quantification Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We kick off FOLLOW UP by checking in on Elon Musk's personal dumpster fire, where the EU is investigating Grok for deepfake slop while Tesla's “unsupervised” robotaxis turned out to be supervised by literal chase cars — shocker. At least some of you are getting Siri settlement crumbs in your bank accounts, though you could probably double it betting against Musk's worthless promises on Polymarket.Transitioning to IN THE NEWS, Tesla is killing off the Model S and X to build robots while sales crater, proving that mixing hard-right politics with EV sales is a brilliant move for the balance sheet. Meanwhile, the corporate bloodbath continues with massive layoffs at Ubisoft, Vimeo (courtesy of the Bending Spoons buzzsaw), and Amazon, because “removing bureaucracy” is apparently HR-speak for 16,000 families losing their livelihoods. If that's not enough, Google is settling yet another privacy suit for $135 million, the EU is threatening to weaponize its tech sovereignty against the US, and the Trump administration wants Gemini to write federal regulations—because if there's one thing we want drafting airline safety rules, it's a hallucinating chatbot.Still IN THE NEWS, Waymo is under federal investigation for passing school buses and hitting children, while South Korea's new AI laws manage to please absolutely no one. Record labels are suing Anna's Archive for a cool $13 trillion—roughly three times the GDP of India—and the Winklevoss twins have finally admitted that NFTs are dead by shuttering Nifty Gateway.We pivot to MEDIA CANDY, where the Patriots and Seahawks are heading to Super Bowl 60, and the Winter Olympics are descending on Milan. We're doing the math on the Starfleet Academy timeline, celebrating the return of Ted Lasso and Shrinking, and trying to decide if Henry Cavill is the second coming of Timothy Dalton in the Highlander reboot. Plus, Jessica Jones is back in the Daredevil: Born Again trailer, and Colin Farrell's Sugar is returning to explain that wild noir twist we all totally saw coming.In APPS & DOODADS, the TikTok Armageddon is upon us as the new US owners break the app and drive everyone to UpScrolled, while Native Instruments enters insolvency, leaving our music-making dreams in restructuring limbo. Apple is dropping AirTag 2 with precision finding for your watch, which is great for finding the keys you lost while doom-scrolling.We wrap up with THE DARK SIDE WITH DAVE, featuring the new Muppets trailer and Steve Whitmire's deep thoughts on the state of the felt, plus a look at the artisans in Disneyland Handcrafted. Finally, Looney Tunes finds a new home on Turner Classic Movies, proving that the classics never die—they just move to a cable channel your parents actually watch. Dave finally learns about the Insta360 camera, a countertop dishwasher but no Animal Crackers, and a guide to gas masks and googles... for no particular reason.Sponsors:DeleteMe - Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/GOG and use promo code GOG at checkout.SquareSpace - go to squarespace.com/GRUMPY for a free trial. And when you're ready to launch, use code GRUMPY to save 10% off your first purchase of a website or domain.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/731Watch the episode at https://youtu.be/B54je_oJWjMFOLLOW UPThe EU is investigating Grok and X over potentially illegal deepfakesPeople on Polymarket Are Making a Fortune by Betting Against Elon Musk's Famously Worthless PromisesElon Musk Made Tesla Fans Think Unsupervised Robotaxis Had Arrived. They Can't Find ThemTesla Quietly Pauses Its “Unsupervised” Robotaxi Rides as Reality Sets InApple Siri settlement payments hitting bank accounts. What to know.IN THE NEWSTesla bet big on Elon Musk. His politics continue to haunt it.With Tesla Revenue and Profits Down, Elon Musk Plays Up SafetyTesla Kills Models S and XUbisoft proposes even more layoffs after last week's studio closures and game cancellationsVimeo lays off most of its staff just months after being bought by private equity firmAmazon Laying Off 16,000 as It Increases ‘Ownership' and Removes ‘Bureaucracy'Report Says the E.U. Is Gearing Up to Weaponize Europe's Tech Industry Against the U.S.Google will pay $135 million to settle illegal data collection lawsuitGDPR Enforcement TrackerNTSB will investigate why Waymo's robotaxis are illegally passing school busesWaymo robotaxi hits a child near an elementary school in Santa MonicaVideo shows Waymo vehicle slam into parked cars in Echo ParkTrump admin reportedly plans to use AI to write federal regulationsSouth Korea's ‘world-first' AI laws face pushback amid bid to become leading tech powerSpotify and Big 3 Record Labels Sue Anna's Archive for $13 Trillion (!) Alleging TheftAmazon converting some Fresh supermarkets, Go stores to Whole Foods locationsSEC agrees to dismiss case over crypto lending by Winklevoss' GeminiWinklevoss Twins Shut Down NFT Marketplace in Another Sign Crypto Art Is DeadMEDIA CANDYPlur1busShrinkingA Knight of the Seven KingdomsStealHow to watch the 2026 Super Bowl: Patriots vs. Seahawks channel, where to stream and moreWinter Olympics: How to watch, schedule of events, and everything else you need to know about the 2026 Milano Cortina gamesWait, So When Is 'Starfleet Academy' Set, Anyway?The First ‘Daredevil: Born Again' Season 2 Trailer Brings Back Jessica JonesMarvel Television's Daredevil: Born Again Season 2 | Teaser TrailerTed Lasso Gets Kicked Back to Apple TVThere Can Only Be One First Look at the ‘Highlander' RebootColin Farrell's Detective Show ‘Sugar' Will Finally Have to Address that Wild Twist This SummerAPPS & DOODADSTikTok Is Now Collecting Even More Data About Its Users. Here Are the 3 Biggest ChangesTikTok users freak out over app's 'immigration status' collection — here's what it meansTikTok's New US Owners Are Off to a Very Rocky StartTikTok Data Center Outage Triggers Trust Crisis for New US OwnersYes, TikTok is still broken for many peopleSocial network UpScrolled sees surge in downloads following TikTok's US takeoverNative Instruments enters into insolvency proceedings, leaving its future uncertainWispr FlowAirTag 2: Three tidbits you might have missedTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingThe Muppet Show | Official Trailer | Disney+Steve Whitmire, former Kermit the Frog performer, has written a long, thoughtful piece about the current stae of the Muppets.Disneyland Handcrafted‘Looney Tunes' Has Found a New Home: Turner Classic MoviesThe Dark Side of Scooby DooA Disturbing (Yet Convincing) Theory Reveals There Were Never Any "Monsters" In Scooby DooCartoon Conspiracy Theory | Scooby Doo and The Gang Are Draft Dodgers?!Producing A Multi-Person Interview With An Insta360 CameraA listener on Mastodon pointed out that The Verge had a story on countertop dishwashersA Demonstrator's Guide to Gas Masks and GogglesEmma RepairsSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network Google dismantled the IPIDEA network that used residential proxies to route malicious traffic. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network Fake Clawdbot VS Code Extension Installs ScreenConnect RAT The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions. https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware Threat Bulletin: Critical eScan Supply Chain Compromise Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems. https://www.morphisec.com/blog/critical-escan-threat-bulletin/

On this episode 191 of the Disruption Now podcast:What happens when an algorithm knows more about your health than your doctor ever will? When AI can process threats faster than any human operator? When China, Russia, Iran, and North Korea are probing our systems 24/7?Dr. Richard Harknett has spent 30+ years answering these questions at the highest levels. As the first Scholar-in-Residence at US Cyber Command and NSA, a key architect of the US Cybersecurity Strategy 2023, and Fulbright Professor in Cyber Studies at Oxford, he's one of the few people who's seen how cyber threats actually unfold—and what we're doing (or not doing) about them.In this conversation, Richard breaks down:

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

This week, hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠,⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe has two stories this week, starting with scammers cashing in on a Verizon outage by luring customers with fake credits, and ending with a rare cybercrime comeback as a woman who lost nearly $1 million gets her money back and then some. Dave's story looks at scammers cashing in on the Ozempic and GLP-1 craze, as Wisconsin consumers lose hundreds of dollars to fake weight loss drugs, deepfake ads, and shady online pharmacies exploiting high demand and high prices. Maria's story warns that scammers are impersonating electric, gas, and water companies this winter, using urgent threats, fake refunds, and unusual payment demands to steal money and personal information, while officials remind customers to hang up and verify any contacts through official channels. Our catch of the day comes from Reddit where the chief of police is reaching out via text. Resources and links to stories: ⁠Verizon credit scam targets customers after outage, Georgia sheriff says Cyber scam victim who lost nearly $1M gets her money back — and then some Surging Cyber Scams Leave Older Vermonters Destitute, Frustrated and Saddled With Tax Debt Wisconsin consumers are losing money on Ozempic, weight loss drug scams Winter Utilities warning Utility company warns customers about scam calls ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Technology is changing so fast that it is impossible to predict the next twelve days. Despite that, we have asked Travis Rosiek, Public Sector CTO at Rubrik, to gaze into his crystal ball and make some predictions for the next twelve months. The good news is that Rosiek sees a shift from intellectual property theft to disruptive attacks on critical infrastructure. The bad news is that Rosiek thinks attacks are increasing to the point that an event will light a fire under the current cybersecurity plans. During the interview, the concept of Zero Trust was unpacked. The idea is that federal systems have already been breached. As a result, the focus must be on microsegmentation, with permission as the limiting factor. Roseik's opinion is that malicious actors have planted code into systems that are acting as "sleepers." At one time in the indeterminate future, this code can be invoked, and severe damage can take place. If this nightmare situation occurs, the best defense is to have recovery built in. Today, leaders must have a system in place to restore data from backups. Unfortunately, malicious actors know this plan as well and have been known to insert code into backups that renders them useless. In a complex game of attack and counterattack, Roseik believes that a recovery strategy that includes immutable backups and an audit mechanism is the best approach in the 21st-century world of threats and countermeasures. He also stressed the necessity of reducing complexity to enhance cybersecurity and the need for initiative-taking measures, including regular stress testing and resilience training. = = Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  

Initial Stages of Romance Scams [Guest Diary] Romance scams often start with random text messages that appear to be misrouted . This guest diary by Faris Azhari is following some of the initial stages of such a scam. https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650 Denial of Service Vulnerabilities in React Server Components Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition. https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg OpenSSL Updates OpenSSL released its monthly updates, fixing a potential RCE. https://openssl-library.org/news/vulnerabilities/ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls. https://grahamhelton.com/blog/nodes-proxy-rce

Send us a textIn this powerhouse episode, Joey Pinz sits down with one of cybersecurity's most influential builders—a serial market maker who has helped shape some of the industry's most iconic companies. From Sourcefire and Fortinet to Cylance, Javelin, and now Sevco Security, Fitz brings unmatched perspective on what separates successful cyber companies from the rest—and what MSPs must do now to stay relevant.Fitz breaks down why visibility is the core of modern security, why most organizations still don't actually know what assets they have, and how exposure management has become the foundation of cyber resilience. He also explains where the real money is flowing in the MSP/MSSP space, the biggest mistakes founders still make, and what MSPs must do to move confidently into security services.On the personal side, Fitz shares insights from a life built around curiosity, communication, and impact—shaped by early roles at Coca-Cola during the Olympics, BMC, Compaq, and decades of startup leadership. His mission today? Protect the planet through better security, better intelligence, and smarter business decisions.

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-432

Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html

US cyber chief uploaded sensitive files into public ChatGPT Vibe-coded 'Sicarii' ransomware can't be decrypted WhatsApp account feature combats spyware Check out the show notes here: https://cisoseries.com/cybersecurity-news-us-cyber-chief-uploaded-sensitive-files-into-public-chatgpt-vibe-coded-sicarii-ransomware-cant-be-decrypted-whatsapp-account-feature-combats-spyware/  Huge thanks to our episode sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire?   Meet Conveyor's new Trust Center Agent.   The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way.   Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com.  

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Show Notes: https://securityweekly.com/bsw-432

If you like what you hear, please subscribe, leave us a review and tell a friend!

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-432

Andy Grotto, William J. Perry International Security Fellow and the founder and co-director of the Program on Geopolitics, Technology, and Governance at Stanford University's Center for International Security and Cooperation (CISAC), and Jim Dempsey, a senior policy adviser to that program and a Lecturer at the UC Berkeley Law School, join Lawfare's Justin Sherman to discuss their recent study on the U.S. military's domestic operational technology (OT) cybersecurity vulnerabilities, domestic installations' dependencies on critical infrastructure both “inside the fence” and “outside the fence,” and how U.S. adversaries could exploit the flaws. They also discuss the myth of the air gap; the Pentagon's Energy Resilience Program; the role that standards, regulations, and procurement could play in strengthening the cybersecurity of OT systems on which the military depends; and what the threat landscape will look like in the coming years.Resources:James X. Dempsey and Andrew J. Grotto, “Ensuring the Cyber Resilience of Critical Infrastructure Serving Domestic Military Installations: Questions for Senior Leadership,” The Cyber Defense Review 10, no. 2 (2025): 115-138Jim Dempsey and Andrew J. Grotto, “The Pentagon's Operational Technology Problem,” Lawfare, December 15, 2025To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Scanning Webserver with pwd as a Starting Path Attackers are adding the output of the pwd command to their web scans. https://isc.sans.edu/diary/x/32654 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509 Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 Exposed Clawdbot Instances Many users of the AI tool clawdbot expose instances without access control. https://x.com/theonejvo/status/2015485025266098536

The Pure Report welcomes two key members of Pure's Technical specialist team, Principal Technologist Joey Clark and Field Solution Architect Drew Kessel (who covers Cyber Resilience). Our conversation begins with a look at their backgrounds, including their surprising common start in healthcare IT, and the value of professional development, like Pure's EBC speaker training. We quickly pivot to the successes Pure is seeing in the areas of file, object, and unstructured data, driven by innovative products like FlashBlade and FlashArray. The core of our discussion centers on why Pure is successfully tackling the toughest challenges in unstructured data, noting the significant shift to object storage for backup, which provides benefits like immutability via object lock. Joey and Drew highlight how Pure's unique approach—focusing on simplicity and eliminating "tech debt"—is resonating with customers and leading to major business breakthroughs. This success is made stronger by strategic partnerships with data protection leaders like Rubrik, Commvault, and Veeam, creating a connected ecosystem that delivers layered resilience against modern threats. Finally, we explores the powerful narrative of the Enterprise Data Cloud (EDC), with Fusion acting as the intelligent control plane. We discuss how Fusion is the vehicle for EDC, helping customers mitigate risk and human error through automation. This includes using presets to enforce protection policies (like SafeMode snapshots and replication) and delivering audit and compliance alerts when security settings are changed. Drew shares a powerful, real-life customer success story of an 8-hour recovery from a cyber event using Pure snapshots, emphasizing that cyber resilience is a unified team sport that requires both infrastructure and security teams to collaborate. To learn more, visit https://www.purestorage.com/products/storage-as-code/pure-fusion.html Check out the new Pure Storage digital customer community to join the conversation with peers and Pure experts: https://purecommunity.purestorage.com/ 00:00 Intro and Welcome 09:02 File and Object Momentum 16:45 SLA-Backed Cyber Recovery 20:20 Fusion Presets and Cyber 27:33 Cyber and Enterprise Data Cloud 34:06 Bridging Cyber IT to Security Teams and CISOs 38:11 Pure Tech Summit Events 42:11 Hot Takes Segment

If you like what you hear, please subscribe, leave us a review and tell a friend!

Analysis of Single Sign-On Abuse on FortiOS Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Outlook OOB Update Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches. https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491 VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) A VMWare vCenter vulnerability patched last June is now actively exploited. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Jeff Steadman is joined by RSM colleagues Rich Servillas and Charles John to explore the critical intersection of identity access management, operational resilience, and disaster recovery. Rich, a director from the cyber response group, shares insights from the front lines of ransomware and cloud intrusions, while Chuck, director of operational resilience, discusses the importance of business continuity planning. The conversation covers the true impact of security incidents on brand reputation and operations, the necessity of out-of-band communication, and why identity is often the first thing challenged and the last thing trusted during a crisis. The guests also provide practical advice for IAM professionals on reducing blast radius through standing privilege reduction and robust logging.Connect with Rich: https://www.linkedin.com/in/richard-servillas-041a0551/Connect with Chuck: https://www.linkedin.com/in/chuckjohn/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps:00:00:00 - Introduction and 2026 conference outlook00:01:44 - Introducing guests Rich and Chuck from RSM00:03:56 - Defining operational resilience and business continuity00:06:22 - When and how to start the planning process00:09:55 - Chuck's background in public health and emergency management00:12:44 - The broad impact of incidents on brand and operations00:16:45 - Key elements every recovery plan must include00:19:14 - Defining incident severity and matrixes00:21:52 - Identity as the new perimeter and its operational dependencies00:24:57 - Why hackers log in rather than break in00:26:46 - The first hours of a cyber incident response00:29:35 - Current threat trends and the role of AI00:31:29 - Updating plans through post-action debriefs00:34:31 - Cyber insurance gaps and contractual SLAs00:40:24 - Advice for identity professionals on reducing blast radius00:46:10 - Personal milestones and looking forward to 2026Keywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Business Continuity, Disaster Recovery, Operational Resilience, RSM, Incident Response, Ransomware, Cyber Insurance, Identity Governance

If you like what you hear, please subscribe, leave us a review and tell a friend!

Welcome to the Squared Circle Podcast with your host Marie Shadows!Season 7 kicks off going backwards through Wrestle Kingdom 20, starting with the main event: Hiroshi Tanahashi's retirement match against Kazuchika Okada (January 4, 2026, Tokyo Dome). Why this felt like NJPW coming back (even a little), why Okada still delivers elite psychology when motivated, the weird commentary dynamic nobody's talking about (marching orders for Chris Charlton?), Tanahashi as the most powerful man in wrestling, why he could've called Nakamura but chose Okada, post-match brotherhood, the creepy ten-bell salute, and why wrist control & body-part work still matter more than flips.I go in on AEW's lazy Okada run, the failing NJPW-AEW partnership, bad yen excuses, immigration/culture takes, IWC negativity, and why Tanahashi retiring means he can finally president properly.Substack: https://marieshadows.substack.comPatreon: https://patreon.com/marieshadowsTimestamps!00:00 – Welcome to Season 7, Happy New Year, January 24 202600:46 – Where to find the podcast + what's coming in 202601:14 – IWC negativity, wrong labels, Marty Scurll correct story03:29 – Cyber bullying still alive, be open-minded04:35 – Wrestle Kingdom 20 make-or-break for NJPW, Tanahashi retirement05:52 – Economy/yen excuses vs real issues09:49 – Sold out because of Tanahashi, Okada wins12:01 – Why Okada over Nakamura, Tanahashi power13:37 – AEW partnership not benefiting NJPW (Twitter thread proof)14:47 – Dual contracts discussion coming soon16:39 – Tanahashi could've called WWE for Nakamura19:12 – Match breakdown: wrestling, wrist control, psychology27:54 – Why struggle > flips, working body parts30:50 – Finish, post-match mic, brotherhood parade32:04 – Commentary dynamic: Charlton marching orders, tension37:00 – Walker indie/woke insertions, respect Japanese style42:41 – Storytelling lost art in commentary51:02 – Final thoughts, brotherhood, ten-bell creepy53:05 – Plugs: like/share/comment/poll, Patreon, Tape Study, consultations

In this comprehensive discussion, Sam Lichtenstein from RANE (Risk Assistance Network & Exchange) joins Chris to dissect their annual geopolitical and security forecast. Sam provides insights into the geopolitical landscape for 2026, highlighting the challenges of predicting human behavior, the rise of violent conflicts, and the implications of AI and cybersecurity threats. They cover regional dynamics in Sub-Saharan Africa, the Middle East, Asia-Pacific, Europe, and the Americas, emphasizing the interconnectedness of these issues and the potential for political violence in the US. Sam also discusses the breakdown of the unipolar order and its impact on global security.Subscribe and share to stay ahead in the world of intelligence, global issues, and current affairs.Read RANE's 2026 Annual Forecast: https://worldview.stratfor.com/article/2026-annual-forecastSupport Secrets and SpiesBecome a “Friend of the Podcast” on Patreon for £3/$4: https://www.patreon.com/SecretsAndSpiesBuy merchandise from our shop: https://www.redbubble.com/shop/ap/60934996Buy us a coffee: https://buymeacoffee.com/secretsandspiesSubscribe to our YouTube page: https://www.youtube.com/channel/UCDVB23lrHr3KFeXq4VU36dgFor more information about the podcast, check out our website: https://secretsandspiespodcast.comConnect with us on social mediaBluesky: https://bsky.app/profile/secretsandspies.bsky.socialInstagram: https://instagram.com/secretsandspiesFacebook: https://facebook.com/secretsandspiesSpoutible: https://spoutible.com/SecretsAndSpiesFollow Chris and Matt on Bluesky:https://bsky.app/profile/chriscarrfilm.bsky.socialhttps://bsky.app/profile/mattfulton.netSecrets and Spies is produced by F & P LTD.Music by Andrew R. BirdPhoto by Harun Ozalp/GettySecrets and Spies sits at the intersection of intelligence, covert action, real-world espionage, and broader geopolitics in a way that is digestible but serious. Hosted by filmmaker Chris Carr and writer Matt Fulton, each episode examines the very topics that real intelligence officers and analysts consider on a daily basis through the lens of global events and geopolitics, featuring expert insights from former spies, authors, and journalists.

Ep 730: Ethical Broads PRIVATEWe kick off FOLLOW UP with California's AG sending a cease-and-desist to xAI over Grok generating creepy deepfakes of minors, while regulators finally notice Elon Musk's xAI datacenter illegally running methane turbines in Memphis. The FTC is also appealing its loss in the Meta monopoly case, because apparently breaking up Zuckerberg's data empire is still the hill they want to die on.IN THE NEWS, Washington joins the age-verification-for-porn parade, the UK considers an Australia-style social media ban for kids under 16, and governments everywhere continue demanding your ID before you're allowed to enjoy the internet. OpenAI rolls out age prediction for ChatGPT accounts ahead of a rumored adult mode—though hey, at least you can now group tabs in ChatGPT's Atlas browser. Anthropic rewrites Claude's “constitution” to make it more vibes-based, Nevada moves to block Polymarket because gambling is only legal when the house owns the house, and YouTube promises even more AI features in 2026. Elsewhere, a Swiss suicide pod gets an AI “mental fitness” upgrade, Microsoft's CEO begs AI developers to do something useful before the grid collapses, Musk hunts for a $134 billion payday from OpenAI and Microsoft, and makes yet more Davos predictions about robotaxis and aliens that are absolutely happening this year. On the bright side, A-list creatives push back on AI and Comic-Con bans AI art, buying humans a little more time.MEDIA CANDY finds us slogging through Wish, The Pitt, and the “Mel's Diner in Space” look of Star Trek: Starfleet Academy. We confirm 20-year-old CGI wargs still look terrible, get cautiously excited for 28 Years Later: The Bone Temple, and note that Fallout Season 2's weekly drops may not be working for a binge-rotted audience.In APPS & DOODADS, X launches Bluesky-style starter packs—presumably to help you find more Nazis—while ICE becomes one of the most-blocked accounts on Bluesky. Threads edges out X in daily mobile users, proving the “federated future” is just another Zuck app. And yes, we think we know what the Apple AI pin is—and definitely what it isn't.AT THE LIBRARY, we check out The Elements, Jet Tila's 101 Thai Dishes You Need to Cook Before You Die, Half Baked Harvest: Quick & Cozy, and Southern Living's A Southern Gentleman's Kitchen. Scott reports back from a Jim Butcher talk, where we learn Harry Dresden sounds suspiciously like Han Solo.We close with THE DARK SIDE WITH DAVE, who is juggling five podcasts while reading Going to the Top: The Story of Videopolis, plus teasers for Star Wars: Maul – Shadow Lord and a baffling Masters of the Universe trailer, a rant on what “remastered” even means anymore, a dishwasher follow-up, and the grim news that a lot of snow is coming.Sponsors:DeleteMe - Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/GOG and use promo code GOG at checkout.SquareSpace - go to squarespace.com/GRUMPY for a free trial. And when you're ready to launch, use code GRUMPY to save 10% off your first purchase of a website or domain.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/730Watch on YouTube at https://youtu.be/LiwVkLKr8CoFOLLOW UPCalifornia AG sends cease and desist to xAI over Grok's explicit deepfakesElon Musk's xAI datacenter generating extra electricity illegally, regulator rulesZuck stuck on Trump's bad side: FTC appeals loss in Meta monopoly caseIN THE NEWSWashington is the latest state pursuing an age verification law for porn sitesThe UK is mulling an Australia-like social media ban for users under 16OpenAI is launching age prediction for ChatGPT accountsYou can now group tabs on OpenAI's ChatGPT Atlas browserAnthropic Updates Claude's 'Constitution,' Just in Case Chatbot Has a ConsciousnessNevada files to block Polymarket from offering ‘unlicensed wagering' in the stateYouTube CEO promises more AI features in 2026Controversial Swiss Suicide Pod Gets an AI-Powered Mental Fitness UpgradeMicrosoft CEO urges AI developers 'to get to a point where we are using this to do something useful,' or 'lose even the social permission...to generate these tokens'Elon Musk is looking for a $134 billion payout from OpenAI and MicrosoftElon Musk Sure Made Lots of Predictions at DavosA-List creatives sign up to fight AI, say it enables 'theft at a grand scale'Comic-Con Bans AI Art After Artist PushbackMEDIA CANDYWishThe PittStar Trek: Starfleet Academy28 Years Later: The Bone Temple'Fallout' Season 2's Weekly Drops May Not Be WorkingAPPS & DOODADSX is also launching Bluesky-like starter packsICE becomes one of the most-blocked accounts on Bluesky after its verificationThreads edges out X in daily mobile users, new data showsI think I know what the Apple pin is, and definitely know what it isn'tApple Developing AirTag-Sized AI Pin With Dual CamerasNot to be outdone by OpenAI, Apple is reportedly developing an AI wearableSiri's iOS 27 upgrade sounds exactly right. Apple's AI pin sounds exactly wrongAT THE LIBRARYThe Elements by John Boyne101 Thai Dishes You Need to Cook Before You Die by Jet TilaHalf Baked Harvest Quick & Cozy: A Cookbook by Tieghan GerardPestleSouthern Living A Southern Gentleman's Kitchen: Adventures in Cooking, Eating, and Living in the New South by Matt MooreTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingGoing to the Top: The Story of Videopolis—Part OneStar Wars: Maul - Shadow Lord | Official Teaser Trailer | Streaming April 6 on Disney+Masters of The Universe – Official Teaser TrailerCLOSING SHOUT-OUTSClassic-Era Scorpions Bassist Francis Buchholz Dies at 71See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Is AI-Generated Code Secure? Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support. https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648 Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability. https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/ ISC BIND DoS vulnerability in Drone ID Records HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes. https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/ SmarterTools SmarterMail Password Reset Vulnerability SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords. https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/

Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Zoom Vulnerability A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access. https://www.zoom.com/en/trust/security-bulletin/zsb-26001/ Possible new SSO Exploit (CVE-2025-59718) on 7.4.9 https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ SANS SOC Survey The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches. https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter

Chris and Hector unpack new signs of internal strain inside China's cyber ecosystem. From leaked intelligence and exposed tools to China cutting off Western security technology, they explore what happens when a tightly controlled cyber machine starts showing cracks. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Add Punycode to your Threat Hunting Routine Punycode patterns in DNS queries make excellent hunting opportunities. https://isc.sans.edu/diary/Add%20Punycode%20to%20your%20Threat%20Hunting%20Routine/32640 GNU InetUtils Security Advisory: remote authentication by-pass intelnetd telnetd shipping with InetUtils suffers from a critical authentication by-pass vulnerability. https://www.openwall.com/lists/oss-security/2026/01/20/2 6-day and IP Address Certificates are Generally Available Let s Encrypt will now offer 6-day certificates as an option. These short-lived certificates can be used for IP addresses. https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability Oracle Quarterly Critical Patch Update Oracle released its first quarterly patches for 2026, fixing 337 vulnerabilities https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW

Send us a textIn this energizing and uplifting conversation, Joey Pinz sits down with cybersecurity rising star ChiChi Ubah, whose passion for learning, adventure, and personal growth lights up every moment of the dialogue. ChiChi shares her love for adrenaline-filled activities, her ambitions to learn to fly a small aircraft, and the mindset that fuels her ongoing pursuit of new experiences—including her PhD focused on AI-driven cybersecurity curriculum development.A dedicated advocate for women in cybersecurity, ChiChi discusses the life-changing support she's received from WiCyS, where mentorship, training, and certifications helped guide her path into cloud security. She reflects on the role of representation, allies, and community in creating opportunities for women in a male-dominated industry.The conversation also explores breaking old beliefs, embracing intentionality, and the everyday practice of consistency—whether pursuing certifications, maintaining health, or building a TikTok channel from 0 to 5,000 followers. ChiChi also opens up about motivation, legacy, and redefining success through freedom, impact, and personal evolution.This episode is packed with insight, heart, humor, and the fearless drive of someone committed to becoming better every day.

Send us a textIn this high-energy and entertaining episode, Joey Pinz sits down with cybersecurity founder and unabashed Italian-American storyteller Tony Pietrocola. From stomping grapes as a child to running an AI-driven security operations platform, Tony brings a rare blend of toughness, humor, and entrepreneurial clarity.They jump from wine, cooking, and massive NFL bodies to college football, concussions, and how elite athletes are built differently. Tony shares what makes college football the real American spectacle—and why private equity is about to reshape the sport.On the cybersecurity front, Tony breaks down the challenges MSPs face, why most still struggle with security, and how AgileBlue helps them build profitable, white-label practices without the overhead of running a SOC. He explains the three questions every MSP should ask a vendor, the rise of AI-assisted attacks, and why consolidation and greenfield opportunities are the biggest missed revenue streams.The conversation ends with health, habit, and personal transformation—discussing Joey's 130-lb weight loss, Tony's daily 5 a.m. workouts, and the childhood structure that forged their work ethic.

Send us a textIn this captivating and wide-ranging conversation, Joey Pinz welcomes cybersecurity executive, author, and Brazilian jiu-jitsu enthusiast Caroline Wong. What begins with jiu-jitsu quickly expands into a profound dialogue about humility, body awareness, emotional regulation, and the unexpected personal growth that comes from combat sports—especially as an adult beginner.Caroline opens up about her upcoming book on AI and cybersecurity, explaining how AI isn't just another shift—it's redefining the entire security landscape. She outlines how to evaluate real AI solutions, why transparency matters, and how LLMs make modern social engineering nearly indistinguishable from authentic communication.She also reflects on tech's wobbly job market, why global talent has reshaped the industry, and which cybersecurity markets AI will completely replace in the years ahead. The conversation deepens as Caroline shares her journey through sobriety, the discipline instilled by her Chinese immigrant parents, the challenges of raising resilient kids in a privileged world, and why joy, peace, and positive impact—not titles—define success.

"How many states are there in the United States?" Attackers are actively scanning for LLMs, fingerprinting them using the query How many states are there in the United States? . https://isc.sans.edu/diary/%22How%20many%20states%20are%20there%20in%20the%20United%20States%3F%22/32618 Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables Out-of-band update to address issues observed with the January 2026 Windows security update Microsoft has identified issues upon installing the January 2026 Windows security update. To address these issues, an out-of-band (OOB) update was released today, January 17, 2026 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center

We kick things off with the existential dread of FOLLOW UP and the absolute joy of jury duty. While xAI's Grok is busy getting banned in Malaysia and Indonesia for its CSAM-generating "features," the Senate is unanimously passing the DEFIANCE Act to give us some legal teeth against the deepfake machine. Meta is busy nuking 550,000 Australian accounts to appease regulators, while Roblox's age verification is so broken that a drawing of stubble or a photo of Kurt Cobain can get you into the adult lounge. Moving IN THE NEWS, Meta is trading its $70 billion Metaverse graveyard for a Reality Labs layoff and a pivot to AI hardware, fueled by an "AI infrastructure" buildout that's hiring former Trump advisors. Bandcamp is heroically banning AI "slop," Matthew McConaughey is trademarking his own face to fend off the bots, and ICE's AI hiring tool is such a disaster it's accidentally fast-tracking mall security as "officers." Between self-help gurus charging $99 for chatbot "advice," GM finally settling its driver-spying suit with the FTC, and NASA prepping for a February moon shot while China plans to launch 200,000 satellites into our already crowded orbit, the future looks exactly as messy as we expected.For MEDIA CANDY, we've got Lord of the Rings marathons, the diner-bridge of Starfleet Academy, and the usual joy of streaming price hikes hitting our "Premium" plans. We're tracking the 2025 "In Memoriam" and Gabriel Pagan's exhaustive movie list before sliding into APPS & DOODADS. Jony Ive and Sam Altman are reportedly building an hearing aide called "Sweetpea" to kill your AirPods, Siri is officially Google Gemini's new puppet, and Apple is finally bundling its creative apps into a "Creator Studio" subscription trap. Tesla is making Full Self-Driving a subscription-only Valentine's gift (good luck with that), Ring is rebranding surveillance as a "fire-watching" assistant, and a Chinese app called "Are You Dead?" is the new must-have for the lonely. To cap it off, the internet proved its maturity by using "Words.zip"—an infinite word-search grid—to draw a giant phallus, because of course they did.AT THE LIBRARY features the Anthony Bourdain Reader, the return of Bob in the new Laundry Files book, and Jimmy Carr's guide to happiness, which is apparently cheaper than therapy. Then we descend into THE DARK SIDE WITH DAVE, where the dishwasher-installing, ham-radio-lunching Dave Bittner reveals Disney World has job openings for those of us who spent high school in the AV club. Lucasfilm is finally entering a new era as Kathleen Kennedy steps down, just as Galaxy's Edge admits the original trilogy exists, and we wrap it all up with lock-picking kits and the terrifying realization that Seymour from H.R. Pufnstuf is the ultimate Gen-X fursona.Sponsors:DeleteMe - Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/GOG and use promo code GOG at checkout.Gusto - Try Gusto today at gusto.com/grumpy, and get three months free when you run your first payroll.Private Internet Access - Go to GOG.Show/vpn and sign up today. For a limited time only, you can get OUR favorite VPN for as little as $2.03 a month.SetApp - With a single monthly subscription you get 240+ apps for your Mac. Go to SetApp and get started today!!!1Password - Get a great deal on the only password manager recommended by Grumpy Old Geeks! gog.show/1passwordShow notes at https://gog.show/729Watch on YouTube! https://youtu.be/1Y1jnRDw7g0FOLLOW UPMalaysia and Indonesia are the first to block Grok following CSAM scandalSenate passes Defiance Act for a second time to address Grok deepfakesMeta closes 550,000 accounts to comply with Australia's kids social media banRoblox's age verification system is reportedly a trainwreckIN THE NEWSMeta refocuses on AI hardware as metaverse layoffs beginMeta's Layoffs Leave Supernatural Fitness Users in MourningMeta Creates High-Powered Team to Oversee AI Infrastructure BuildoutBandcamp prohibits music made ‘wholly or in substantial part' by AIMatthew McConaughey fights unauthorized AI likenesses by trademarking himselfICE's AI Tool Has Been a Complete DisasterSelf-Help Ghouls Are Charging People Absurd Prices to Talk to Impersonator ChatbotsThe FTC's data-sharing order against GM is finally settledNASA is ending Crew-11 astronauts' mission a month earlyNASA makes final preparations for its first crewed moon mission in over 50 yearsAs SpaceX Works Toward 50K Starlink Satellites, China Eyes Deploying 200KMEDIA CANDYBeast Games Season 2Star Trek: Starfleet AcademyGrumpy Old ListThe Ongoing History of New Music, episode 1069: 2025 in MemoriamDepeche Mode: MAPPS & DOODADSJony Ive and Sam Altman's First AI Gadget May Try to Kill AirPodsApple's Siri AI will be powered by GeminiApple's Mac and iPad creative apps get bundled into “Creator Studio” subscriptionTesla's Full Self-Driving is switching to a subscription-only serviceRing founder details the camera company's 'intelligent assistant' eraAre You Dead?: The viral Chinese app for young people living aloneGive the Internet an Infinite Word Search and the Internet Will Draw a Dick on ItAT THE LIBRARYThe Anthony Bourdain Reader: New, Classic, and Rediscovered Writing by Anthony BourdainObvious Adams: The Story of a Successful Businessman by Robert UpdegraffBefore & Laughter by Jimmy CarrThe Regicide Report (Laundry Files, 14) by Charles StrossTHE DARK SIDE WITH DAVEDave BittnerThe CyberWireHacking HumansCaveatControl LoopOnly Malware in the BuildingHow to Read a Book: A Novel by Monica WoodWalt Disney World Resort is looking for Entertainment Stage TechniciansGalaxy's Edge Will Soon Cover All Eras of ‘Star Wars'Kathleen Kennedy steps down as Lucasfilm president, marking a new era for the Star Wars franchiseSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.