Podcasts about cybersecurity

Dr. Steve Mancini: https://www.linkedin.com/in/dr-steve-m-b59a525/Marco Ciappelli: https://www.marcociappelli.com/Nothing Has Changed in Cybersecurity Since War Games — And That's Why We're in Trouble"Nothing has changed."That's not what you expect to hear from someone with four decades in cybersecurity. The industry thrives on selling the next revolution, the newest threat, the latest solution. But Dr. Steve Mancini—cybersecurity professor, Homeland Security veteran, and Italy's Honorary Consul in Pittsburgh—wasn't buying any of it. And honestly? Neither was I.He took me back to his Commodore 64 days, writing basic war dialers after watching War Games. The method? Dial numbers, find an open line, try passwords until one works. Translate that to today: run an Nmap scan, find an open port, brute force your way in. The principle is identical. Only the speed has changed.This resonated deeply with how I think about our Hybrid Analog Digital Society. We're so consumed with the digital evolution—the folding screens, the AI assistants, the cloud computing—that we forget the human vulnerabilities underneath remain stubbornly analog. Social engineering worked in the 1930s, it worked when I was a kid in Florence, and it works today in your inbox.Steve shared a story about a family member who received a scam call. The caller asked if their social security number "had a six in it." A one-in-nine guess. Yet that simple psychological trick led to remote software being installed on their computer. Technology gets smarter; human psychology stays the same.What struck me most was his observation about his students—a generation so immersed in technology that they've become numb to breaches. "So what?" has become the default response. The data sells, the breaches happen, you get two years of free credit monitoring, and life goes on. Groundhog Day.But the deeper concern isn't the breaches. It's what this technological immersion is doing to our capacity for critical thinking, for human instinct. Steve pointed out something that should unsettle us: the algorithms feeding content to young minds are designed for addiction, manipulating brain chemistry with endorphin kicks from endless scrolling. We won't know the full effects of a generation raised on smartphones until they're forty, having scrolled through social media for thirty years.I asked what we can do. His answer was simple but profound: humans need to decide how much they want technology in their lives. Parents putting smartphones in six-year-olds' hands might want to reconsider. Schools clinging to the idea that they're "teaching technology" miss the point—students already know the apps better than their professors. What they don't know is how to think without them.He's gone back to paper and pencil tests. Old school. Because when the power goes out—literally or metaphorically—you need a brain that works independently.Ancient cultures, Steve reminded me, built civilizations with nothing but their minds, parchment, and each other. They were, in many ways, a thousand times smarter than us because they had no crutches. Now we call our smartphones "smart" while they make us incrementally dumber.This isn't anti-technology doom-saying. Neither Steve nor I oppose technological progress. The conversation acknowledged AI's genuine benefits in medicine, in solving specific problems. But this relentless push for the "easy button"—the promise that you don't have to think, just click—that's where we lose something essential.The ultimate breach, we concluded, isn't someone stealing your data. It's breaching the mind itself. When we can no longer think, reason, or function without the device in our pocket, the hackers have already won—and they didn't need to write a single line of code.Subscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.My Newsletter? Yes, of course, it is here: https://www.linkedin.com/newsletters/7079849705156870144/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The integration of advanced AI capabilities in tools like OpenAI Atlas and Microsoft Teams has raised significant security concerns, particularly regarding identity and trust vulnerabilities. Recent findings from LayerX indicate that the Atlas browser has critical vulnerabilities that could allow attackers to inject harmful instructions, while Microsoft Teams has a flaw that enables attackers to bypass Microsoft Defender protections through guest access. These issues highlight the fragility of AI integrations and the need for organizations to implement strict B2B collaboration configurations to mitigate risks associated with external collaborations.The FBI has reported over $262 million in losses due to account takeover fraud, with more than 5,100 complaints filed this year. Cybercriminals are increasingly using social engineering tactics to gain unauthorized access to online banking accounts, often changing passwords to lock victims out and quickly transferring funds to cryptocurrency wallets, complicating recovery efforts. The FBI advises individuals to monitor their financial accounts closely and adopt security measures such as complex passwords and multi-factor authentication to protect against these threats.Managed Service Providers (MSPs) are experiencing a growing demand for integrated security solutions, with a recent survey indicating that 92% of MSPs are seeing business growth driven by interest in AI. However, less than half feel prepared to guide clients in deploying AI tools, particularly autonomous agents. This gap in readiness reflects a significant drop from the previous year's 90% preparedness figure, emphasizing the need for MSPs to focus on data governance and security before implementing AI solutions.The episode underscores the importance of managing identity and data governance as the primary control mechanisms in modern security. MSPs that prioritize these areas will be better positioned to offer secure collaboration and effective automation. As the landscape evolves, providers must choose tools that enhance service delivery without adding unnecessary complexity, ensuring they can meet client demands for security and efficiency in an increasingly AI-driven environment.

Caleb Withers, a researcher at the Center for a New American Security, joins Kevin Frazier, the AI Innovation and Law Fellow at the University of Texas School of Law and a Senior Editor at Lawfare, to discuss how frontier models shift the balance in favor of attackers in cyberspace. The two discuss how labs and governments can take steps to address these asymmetries favoring attackers, and the future of cyber warfare driven by AI agents. Jack Mitchell, a student fellow in the AI Innovation and Law Program at the University of Texas School of Law, provided excellent research assistance on this episode.Check out Caleb's recent research here. Find Scaling Laws on the Lawfare website, and subscribe to never miss an episode.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

In this power-packed conversation, Eric sits down with Sean Kingsbury, VP of Cybersecurity and Account Executive for the Department of Treasury at SAIC, to reveal exactly how small businesses can partner with one of the biggest integrators in the game. Sean breaks down when to approach primes, how SAIC vets potential partners, the role of their small business POC, and what capabilities are in highest demand—especially around cyber, AI agents, automation, and risk reduction. If you've ever wondered how to get noticed, when to reach out, or what SAIC actually looks for in a teaming partner… this episode gives you the blueprint. Key Takeaways Approach SAIC early and after RFP release—both windows matter. They actively evaluate small businesses through a dedicated intake and vetting process. Come prepared. Do your research, know SAIC's missions, and clearly articulate capabilities, past performance, and where you fit in their ecosystem. Cyber + AI are high-priority needs. SAIC is looking for innovative small businesses with solutions that reduce risk, workload, and cost through measurable outcomes. Learn more: https://federalhelpcenter.com/ https://govcongiants.org/  Watch the full Youtube Episode here: https://youtu.be/3VdqtfH0ivw 

Today's guest is Cody Barrow, CEO at EclecticIQ. EclecticIQ is a global cybersecurity leader specializing in threat intelligence technology. Cody joins Emerj Editorial Director Matthew DeMello to discuss how AI-driven analytics and automation are revolutionizing threat detection and response in enterprise cybersecurity. Barrow also highlights practical improvements in workflow automation, early threat identification, and measurable ROI through reduced breach risks and operational efficiency. This episode is sponsored by EclecticIQ. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1. Want to share your AI adoption story with executive peers? Click emerj.com/expert2 for more information and to be a potential future guest on the 'AI in Business' podcast!

In this episode of 'Cybersecurity Today,' host Jim Love discusses several significant cybersecurity issues. Highlights include a maximum severity vulnerability in React Server Components dubbed React2Shell (CVE-2025-55182), a recently patched Windows shortcut flaw by Microsoft, and new attacks using the Evilginx phishing platform in schools. Additionally, the show explores a long-running campaign by 'Shady Panda,' which used browser extensions to harvest data, and an unexpected failure by Google's AI tool that led to the deletion of a developer's hard drive. The episode also thanks Meter for their continued support. 00:00 Introduction and Sponsor Message 00:48 React Vulnerability: React2Shell 03:13 Microsoft's Long-Standing Shortcut Flaw 04:50 Evilginx: Bypassing MFA in Education 06:59 Shady Panda's Malicious Extensions 09:13 Google's AI Mishap: Developer's Hard Drive Wiped 11:01 Conclusion and Final Thoughts

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

Bloomberg Daybreak Weekend with Host Nathan Hager take a look at some of the stories we'll be tracking in the coming week. In the US – a look ahead to next week’s Fed decision and earnings from Oracle and Adobe. In the UK – a look ahead to the Blackhat cybersecurity conference. In Asia – a look ahead to China consumer and producer price data. See omnystudio.com/listener for privacy information.

Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Unveiling 3 PickleScan Vulnerabilities The PyTorch AI model security tool, PickleScan, has patched three critical vulnerabilities. https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Jake Ward, co-founder of the Developers Alliance, to unpack how tech policy battles quietly shape the lives and livelihoods of developers around the world. They explore why AI regulation will determine which startups survive, how fragmented privacy laws can unintentionally crush small innovators, and why lawmakers who think they're targeting Big Tech often end up hurting the little guys instead. Jake also shares practical ways independent developers can "get a seat at the table" in policy conversations.Support the show

Security used to be a headache. Now it is a growth engine.In this episode of IT Visionaries, host Chris Brandt sits down with Taylor Hersom, Founder and CEO of Eden Data and former CISO, to break down how fast growing companies can turn cybersecurity and compliance into a true competitive advantage. Taylor explains why frameworks like SOC 2, ISO 27001, and emerging AI standards such as ISO 42001 are becoming essential for winning enterprise business. He also shares how to future proof controls, connect compliance work to real business goals, and avoid the costly pitfalls that stall companies during scale.Taylor also highlights the biggest blind spots in AI security, including model training risks, improper data handling, and the challenges created by relying on free AI tools. If you are building a SaaS product or selling into large companies, this conversation shows how trust, transparency, and strong security practices directly drive revenue. Key Moments:  00:00 — The Hidden Risks of Scattered Company Data04:11 — Why Early-Stage Teams Lose Control of Security08:22 — Compliance Becomes a Competitive Advantage12:33 — SOC 2 vs ISO 27001: What Founders Need to Know16:44 — Framework Overload and How to Navigate It20:55 — Mapping Security Controls to Business Objectives25:06 — The Gap Between Compliance Audits and Real Threats29:17 — Startup Security Blind Spots That Lead to Breaches33:28 — Rising AI Risks Leaders Aren't Preparing For37:39 — Building Customer Trust Through Transparency41:50 — Protecting AI Models and Sensitive Customer Data46:01 — Why Free AI Tools Create Hidden Data Exposure50:12 — Automating Security Controls for Scale54:23 — Continuous Compliance Beats Annual Audits58:34 — Final Takeaways on Security, Trust, and Growth -- This episode of IT Visionaries is brought to you by Meter - the company building better networks. Businesses today are frustrated with outdated providers, rigid pricing, and fragmented tools. Meter changes that with a single integrated solution that covers everything wired, wireless, and even cellular networking. They design the hardware, write the firmware, build the software, and manage it all so your team doesn't have to.That means you get fast, secure, and scalable connectivity without the complexity of juggling multiple providers. Thanks to meter for sponsoring. Go to meter.com/itv to book a demo.---IT Visionaries is made by the team at Mission.org. Learn more about our media studio and network of podcasts at mission.org. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Not all cybercrimes are resolved. Some threat groups disappear completely, and some malware is never seen again. But sometimes, a long-dormant case is cracked open and elusive answers are found. Tillmann Werner, VP of Intelligence Production at CrowdStrike, has been a member of the CrowdStrike Intelligence team since 2012 and has analyzed many of these cold cases. In this episode, he joins Adam to chat about unresolved cyberattacks, the adversaries behind them, and cases that remained inactive for years before new technology or data allowed experts to close them. While it's frustrating to close a file without success, Tillmann says, the evolution of technology and proliferation of data often help solve old cases that have collected dust. Tune in to hear Adam and Tillmann look back at decades-old eCrime and nation-state campaigns, some of which now have answers — and others that remain a mystery. 

Amazon Web Services (AWS) has made significant advancements in artificial intelligence (AI) at its reInvent event, introducing a new AI training chip, Trainium 3, which reportedly enhances performance for AI training and inference by up to four times while reducing energy consumption by 40%. Additionally, AWS launched new features in its Agent Core platform, allowing developers to set boundaries for AI agents and log user interactions. The introduction of customizable AI models through the new service, NovaForge, aims to make AI model development more accessible for businesses, addressing the high costs associated with creating models from scratch.Microsoft is facing challenges in selling its AI tools, with reports indicating a slowdown in customer adoption. Despite Microsoft's assertion that it has not lowered sales quotas for AI products, the situation highlights a broader issue: customers are struggling to see the value in AI investments due to messy data, inconsistent processes, and unclear governance. This resistance suggests that while demand for AI exists, readiness among customers remains low, presenting an opportunity for IT service providers to facilitate the transition by offering readiness assessments and governance frameworks.Managed Service Providers (MSPs) are increasingly utilizing AI, with a survey indicating that 80% have adopted AI-powered chatbots, which have improved customer support. However, one-third of MSPs report challenges in implementing AI, including high costs and a lack of internal expertise. As client expectations regarding data security rise, MSPs are deploying AI-driven threat detection solutions. The survey results indicate a commitment to leveraging AI for business transformation, but the complexity of integrating AI into existing workflows remains a significant hurdle.The surge in demand for RAM, driven by the AI industry, has led to a 500% increase in memory prices, creating a shortage of consumer-grade memory. This situation mirrors previous GPU shortages and indicates that high-performance computing components are now subject to the purchasing power of major AI companies. MSPs must prepare for ongoing volatility in hardware costs and communicate these changes to clients, adjusting budgets and refresh cycles accordingly. The evolving landscape emphasizes the need for MSPs to adopt a structured approach to AI, ensuring they are not merely adding tools but effectively transforming their service offerings. Four things to know today00:00 AWS Expands Full-Stack AI Strategy From Chips to Private Regions, Raising Governance and Lock-In Stakes for MSPs07:38 Reports of AI Sales Friction at Microsoft Highlight Market Hesitation and Open the Door for MSP Readiness Services09:28 Survey Shows AI Adoption Surging Among MSPs, Yet Cost, Expertise, and Security Pressures Undercut True Transformation11:51 AI-Driven RAM Shortage Forces MSPs to Reforecast Budgets as Prices Spike 500%This is the Business of Tech.    Supported by:  https://mailprotector.com/mspradio/

In "Penske's State of Logistics: Leasing, Tech, and Loss Prevention with Andy Moses", Joe Lynch and Andy Moses, Senior Vice President of Solutions and Sales Strategy for Penske Logistics, discuss the critical findings from the State of Logistics Report, the strategic advantage of integrating leasing and logistics services, and the operational necessity of combating escalating threats like cargo theft and cyber fraud. About Andy Moses Andy Moses is the senior vice president of solutions and sales strategy for Penske Logistics. He leads the organization's engineering solutions team and heads corporate sales strategy, advising Penske's product line leaders on sales and development. He was most recently senior vice president of sales and solutions, and previously held the role of senior vice president of global products. He has a distinguished career in the transportation industry in product and sales leadership roles, including prior experience as vice president of sales at Penske Truck Leasing. A member of the Council of Supply Chain Management Professionals (CSCMP) and a supply chain author, Moses has spoken at industry conferences and guest lectured at top universities. A Master Black Belt in Six Sigma, Moses holds a bachelor's degree in accounting from Brooklyn College and a master's degree from Pennsylvania State University in leadership development. About Penske Logistics Penske Logistics  is a Penske Transportation Solutions company headquartered in Reading, Pennsylvania. The company is a leading provider of innovative supply chain and logistics solutions. Penske offers solutions including dedicated transportation, distribution center management, 4PL and lead logistics, transportation management, freight brokerage, and a comprehensive array of technologies to keep the world moving forward. Visit PenskeLogistics.com to learn more. Key Takeaways: Penske's State of Logistics In "Penske's State of Logistics: Leasing, Tech, and Loss Prevention with Andy Moses", Joe Lynch and Andy Moses, Senior Vice President of Solutions and Sales Strategy for Penske Logistics, discuss how integrated services and proactive technology are building a more secure and agile supply chain. Cyber Security, Cargo Theft, & Freight Fraud: Digital and physical security threats are escalating, making loss prevention a strategic imperative. Logistics providers must invest in robust cyber defenses for operational technology (OT) systems and implement advanced tracking, authentication, and security protocols to mitigate both physical cargo theft and sophisticated freight fraud schemes. The State of the Market (CSCMP/Penske Report): The industry is defined by persistent uncertainty and disruption, requiring a shift from short-term cost-cutting to long-term strategic resilience. The CSCMP/Kearney/Penske State of Logistics Report highlights that while capacity is balancing, geopolitical and economic headwinds, including shifts in trade and the $2.6 trillion U.S. business logistics costs, continue to drive complexity and require agility. Penske's Cross-Over Advantage (Leasing & Logistics): Penske's unique position—providing both truck leasing and logistics services—offers customers a unified and adaptable solution. This cross-over provides superior scale, equipment access, maintenance support, and integrated market intelligence on transportation capacity and emerging market needs. Technology as a Solution Driver: Penske's ClearChain® Technology Suite leverages data, analytics, and AI to provide end-to-end visibility, orchestration, and control. This technology allows companies to move beyond reacting to problems and engage in predictive modeling to proactively address issues before they impact the network. Problems Penske Solves: Penske leverages its engineering and sales strategy to solve critical business problems, including optimizing network design, providing compliant dedicated transportation, offering rapid scalability, and delivering the data-driven transparency required for consumer trust and regulatory adherence. Learn More About Penske's State of Logistics Andy's LinkedIn Penske Logistics CSCMP/Penske State of Logistics Report Penske ClearChain® Technology Suite The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube  

India has taken a major step in reshaping its digital future. After years of drafts and debate, the country has finalized the Digital Personal Data Protection Act (DPDPA) and issued detailed rules that bring the law fully to life. With implementation now scheduled over the next 18 months, organizations have clear timelines and a more definitive view of the significant compliance work ahead.  In this episode, host Scott Loughlin is joined by Stephen Mathias, partner and head of the Bangalore office at Kochhar & Company, and Hogan Lovells partner Charmian Aw, who leads the Hogan Lovells APAC Data, Privacy and Cybersecurity practice. Together, they discuss the core features of India's new law, including its consent-based framework, extraterritorial reach, and parallels with the EU GDPR.  The conversation covers the key steps companies should be taking now, from redesigning data architecture and consent flows to assessing breach response readiness. The episode also explores global business implications, enforcement expectations, and how the DPDPA fits into the broader regional privacy landscape.  Whether you're operating in India or serving customers there, this discussion offers practical insights on what's changing, why it matters, and how to prepare.

#SecurityConfidential #DarkRhiinoSecurityHusam Shbib is a cybersecurity consultant specializing in penetration testing, digital forensics, malware analysis, programming, and OSINT. He's the founder of Memory Forensic and the author of Captain Cyber and the Safe Surfing Adventure. Husam is also a global speaker featured at events like BlackHat MEA, ASFSFM, and 3D Forensics, known for his hands-on expertise in uncovering digital evidence and analyzing complex cyber incidents.00:00 Intro02:20 What's new in Cybersecurity?04:05 Companies in the news04:56 How does your data get leaked?17:10 Do you have to list all your processes?22:37 Technology is changing29:00 The Life span of a CISO31:50 The CISO, the CEO, and the CIO34:40 Penetration testing36:40 The Digital Forensics procedure44:00 More about Husam----------------------------------------------------------------------To learn more about Husam visit https://husamshbib.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​----------------------------------------------------------------------

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into endpoint security—a crucial topic for anyone preparing for IT certification exams, especially CompTIA. Traditional firewalls no longer fully protect your network; attackers now exploit endpoints like laptops, phones, printers, and smart devices to breach security. We explore how threats bypass perimeter defenses by targeting users and devices directly, and explain essential controls such as hardening, segmentation, encryption, patching, behavior analytics, and access management. Whether you're studying for your CompTIA exam or seeking practical IT skills development, this episode offers critical insights and IT certification tips to strengthen your understanding of cybersecurity fundamentals. Tune in to enhance your tech exam prep and advance your technology education journey.We start with foundations that actually move risk: baseline configurations, aggressive patch management, and closing unnecessary ports and services. From there we layer modern defenses—EDR and XDR for continuous telemetry and automated containment, UEBA to surface the 3 a.m. login or odd data pulls, and the underrated duo of least privilege and application allow listing to deny unknown code a chance to run. You'll hear why full disk encryption is non‑negotiable and how policy, not heroics, sustains security over time.Mobile endpoints take center stage with clear tactics for safer travel and remote work: stronger screen locks and biometrics, MDM policies that enforce remote wipe and jailbreak detection, and connection hygiene that favors VPN and cellular over public Wi‑Fi. We break down evil twin traps, side loading risks, and permission sprawl, then pivot to IoT realities—default passwords, stale firmware, exposed admin panels—and how VLAN isolation and firmware schedules defang them. A real case of a chatty lobby printer becoming an attack pivot drives home the need for logging and outbound controls through SIEM.The takeaway is simple and urgent: if it connects, it can be attacked, and if it's hardened, segmented, encrypted, and monitored, it can be defended. Subscribe for more practical security deep dives, share this with a teammate who owns devices or networks, and leave a review to tell us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this powerful episode, we sit down with Pawan Regmi, one of Nepal's most respected ethical hackers, cybersecurity educators, and researchers, to uncover the truth about how vulnerable we really are in the digital world. From social media hacking and influencer account breaches to email protection, password security, and browser extension risks, Pawan breaks down real cyber threats that affect everyday people. He explains how hackers target popular accounts, how one wrong click can expose your data, and why most people still don't change their passwords. We also dive deeply into the future of E-voting in Nepal, the risks behind digital elections, and whether the country is prepared for such a shift. Pawan shares insights into website security measures, device hacking techniques, and the dangers of how apps secretly collect your data. The conversation also covers USB 2FA security tools, creating the perfect password, and the importance of online awareness—especially when it comes to sharing kids' pictures online. From EV car hacking possibilities to daily cyber habits that keep you safe, this episode is packed with practical advice. Whether you're curious about cybersecurity in Nepal, worried about your digital privacy, or simply want to understand how hackers think, this conversation with Pawan Regmi is a must-watch. GET CONNECTED WITH Pawan Regmi: Instagram - https://www.instagram.com/pawan_official7/  

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber https://barricadecyber.com for #incidentresponse #ransomware and #BEC recovery. Register for BCS webinars!Check out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://threatlocker.com/dailycyberTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners Over the course of two years, a malicious NPM package was updated to evade detection and has now been identified, in part, due to its attempt to bypass AI scanners through prompt injection. https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners Stored XSS Vulnerability via SVG Animation, SVG URL, and MathML Attributes Angular fixed a store XSS vulnerability. https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49

Send us a textAt IT Nation Connect 2025, Mike DePalma—VP of SMB Cybersecurity at OpenText—sits down with Joey Pinz to talk about rebuilding community in the MSP world, evolving vendor programs, and the tidal wave of AI reshaping security and operations.Mike shares how OpenText's new EDR rollout is simplifying life for ConnectWise partners, the surprising results of their latest MSP Report, and why most AI projects fail—hint: it's not the tech. He opens up about the Datto → Kaseya acquisition, lessons in leadership, and why discipline, presence, and family still define success more than revenue or market share.

Send us a textBlake Myers lives life on the edge—literally. A semi-pro bull rider, former powerlifter, and cybersecurity specialist at Blumira, Blake shares how discipline connects every aspect of his adrenaline-fueled journey. From surviving eight-second rides to helping MSPs defend clients from cyber threats, he reveals the mindset it takes to stay focused under pressure. Recorded live at #ITNationConnect 2025, this conversation dives into risk, resilience, and why true strength comes from control—not chaos. ⭐ Top 3 Highlights

Send us a textFrom lasers to leadership, this IT Nation Connect 2025 conversation with Lawrence Cruciana, founder of Corporate Information Technologies, reveals how discipline, curiosity, and science fuel cybersecurity innovation.A former Disney audio engineer and laser physicist, Lawrence shares how attention to detail and standardization shaped his approach to business, how a case of industrial espionage inspired his cybersecurity mission, and why CMMC and frameworks like the CIS Controls are essential to protecting American ingenuity.You'll hear lessons from his time presenting at NASA, insights into the evolution of AI-fueled cyber threats, and how MSPs can raise the bar for security maturity while staying human in a world of automation.This episode blends STEM roots, cybersecurity expertise, and personal discipline into one inspiring conversation about what it means to build, protect, and lead with purpose. 

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit https://securityweekly.com/k365 to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company's Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-424

AI-integrated tools, such as OpenAI's Atlas and Microsoft Teams, are introducing new trust and identity risks, particularly through vulnerabilities like prompt injections and guest access features. The Atlas browser, launched on October 21, 2025, has been identified as having security flaws that could allow attackers to inject harmful instructions. Similarly, Microsoft Teams has a vulnerability that permits attackers to bypass security protections when users join external tenants as guests. These developments highlight the fragility of AI integrations and the need for robust security measures in collaborative environments.The FBI has reported over $262 million in losses due to account takeover fraud schemes, with more than 5,100 complaints filed this year. Cybercriminals are employing social engineering tactics to gain unauthorized access to online banking and payroll accounts, often locking victims out by changing passwords. The FBI recommends that individuals monitor their financial accounts closely, use complex passwords, and enable multi-factor authentication to mitigate these risks. This trend underscores the importance of managing trust and identity in security practices, as attackers increasingly exploit human vulnerabilities rather than technical flaws.In the managed service provider (MSP) sector, a recent survey by OpenText Cybersecurity revealed that while 92% of MSPs are experiencing growth driven by interest in AI, fewer than half feel prepared to implement AI tools effectively. This marks a significant decline from the previous year's 90% readiness. Additionally, 71% of MSPs reported that their small and medium-sized business clients prefer bundled security solutions, indicating a shift towards integrated offerings that simplify decision-making for clients. The findings suggest that MSPs need to focus on data governance and readiness before deploying AI solutions.For MSPs and IT service leaders, the key takeaway is that modern security is increasingly about managing identity and data governance rather than merely adding more tools. As AI vulnerabilities and account takeover fraud become more prevalent, providers must prioritize establishing secure trust boundaries and effective data management practices. By doing so, MSPs can differentiate themselves in a competitive market, ensuring they are equipped to deliver secure AI solutions and meaningful automation to their clients. Three things to know today00:00 New AI, Collaboration, and Fraud Threats Underscore That Identity—not Infrastructure—is the Real Security Battleground05:15 Survey Shows MSPs Expanding Services Amid AI Interest, Yet True Opportunity Lies in Readiness and Governance07:45 New MSP Integrations, Funding, and AI Platforms Underscore the Shift Toward Identity and Data Governance as the True Control Plane This is the Business of Tech.     Supported by:  https://try.auvik.com/dave-switchhttps://scalepad.com/dave/

The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Professor of Political Studies, Vice President for Academic Affairs, and Director of the Center for Civic Engagement at Bard College Jonathan Becker, Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, Senior Fellow for Health Policy at The Empire Center for Public Policy Bill Hammond, and CEO of The Business Council of New York State Heather Mulligan.

What Security Congress Reveals About the State of CybersecurityThis discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioners, certification holders, chapter leaders, and future professionals to exchange ideas on the issues shaping the field today.  Themes That Stand OutAI remains a central point of attention. France notes that organizations are grappling not only with adoption but with the shift in speed it introduces. Sessions highlight how analysts are beginning to work alongside automated systems that sift through massive data sets and surface early indicators of compromise. Rather than replacing entry-level roles, AI changes how they operate and accelerates the decision-making path. Quantum computing receives a growing share of focus as well. Attendees hear about timelines, standards emerging from NIST, and what preparedness looks like as cryptographic models shift.  Identity-based attacks and authorization failures also surface throughout the program. With machine-driven compromises becoming easier to scale, the community explores new defenses, stronger controls, and the practical realities of machine-to-machine trust. Operational technology, zero trust, and machine-speed threats create additional urgency around modernizing security operations centers and rethinking human-to-machine workflows.  A Place for Every Stage of the CareerFrance describes Security Congress as a cross-section of the profession: entry-level newcomers, certification candidates, hands-on practitioners, and CISOs who attend for leadership development. Workshops explore communication, business alignment, and critical thinking skills that help professionals grow beyond technical execution and into more strategic responsibilities.  Looking Ahead to the Next CongressThe next ISC2 Security Congress will be held in October in the Denver/Aurora area. France expects AI and quantum to remain key themes, along with contributions shaped by the call-for-papers process. What keeps the event relevant each year is the mix of education, networking, community stories, and real-world problem-solving that attendees bring with them.The ISC2 Security Congress 2025 is a hybrid event taking place from October 28 to 30, 2025 Coverage provided by ITSPmagazineGUEST:Jon France, Chief Information Security Officer at ISC2 | On LinkedIn: https://www.linkedin.com/in/jonfrance/HOST:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comFollow our ISC2 Security Congress coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/isc2-security-congress-2025Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageISC2 Security Congress: https://www.isc2.orgNIST Post-Quantum Cryptography Standards: https://csrc.nist.gov/projects/post-quantum-cryptographyISC2 Chapters: https://www.isc2.org/chaptersWant to share an Event Briefing as part of our event coverage? Learn More

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

CrowdStrike (CRWD) posted a stronger-than-expected earnings report that Ian Tien calls a "bellwether" for the cybersecurity industry. He explains how the company's platformization efforts give it a wider moat against competitors. Dave Chronsiter turns to the wider cybersecurity industry to explain why CrowdStrike shows the need for digital protection isn't going away. ======== Schwab Network ========Empowering every investor and trader, every market day.Options involve risks and are not suitable for all investors. Before trading, read the Options Disclosure Document. http://bit.ly/2v9tH6DSubscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – https://twitter.com/schwabnetworkFollow us on Facebook – https://www.facebook.com/schwabnetworkFollow us on LinkedIn - https://www.linkedin.com/company/schwab-network/About Schwab Network - https://schwabnetwork.com/about

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Operation Endgame didn't just disrupt a single ransomware group — it shook the entire cybercrime economy. In this episode, we break down how the world's largest coordinated cyber takedown dismantled the loaders, botnets, and access brokers that ransomware groups relied on… and what criminals are building in their place.Cybersecurity expert Tyler Moffitt  unpacks:How Endgame crippled the cyber underground's supply chainWhy ransomware groups are collapsing, splintering, or turning sloppyThe rise of micro-crews, info-stealers, and cloud-session takeoversHow AI is accelerating criminal tacticsWhat defenders must prioritize heading into 2026The threat landscape has changed dramatically — here's what you need to know to stay ahead.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit https://securityweekly.com/k365 to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company's Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more!   Show Notes: https://securityweekly.com/bsw-424

In this episode of the Ardan Labs Podcast, Bill Kennedy talks with Caleb Mattingly, Founder and CEO of Secure Cloud Innovations, about his journey through cybersecurity, compliance, and entrepreneurship. Caleb shares insights into navigating complex compliance frameworks, the importance of vulnerability management, and building trust in the cybersecurity space. Beyond tech, he discusses his passion for linguistics, communication, and music—and how personal interests shape professional growth. The conversation also explores Caleb's entrepreneurial story, from a chance encounter at a swing dance club to building a thriving business during COVID-19, highlighting lessons in resilience, niche marketing, and the value of relationships in business.00:00 Introduction01:50 Cybersecurity and Compliance05:56 Vulnerability Management19:39 Education and Career Exploration26:35 Linguistics and Language Learning36:42 College Life and Personal Growth40:15 Music, Hobbies, and Self-Expression55:51 Balancing Work and Love01:12:08 Entering Cybersecurity01:23:05 Career Changes and New Beginnings01:26:49 Founding Secure Cloud Innovations01:39:56 Building Trust and Customer RelationshipsConnect with Caleb: LinkedIn: https://www.linkedin.com/in/caleb-h-mattingly/Mentioned in this Episode:Secure Cloud Innovations: https://trysci.co/Want more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

In this candid podcast, Bureau Veritas Marine and Offshore's cyber security technical leader Panagiotis Anastasiou outlines his concerns about what he views as shipping's limited approach to cyber security and a need for increased awareness of its importance. His career-long knowledge and experience of cyber security arrangements in the aerospace sector — particularly with satellite technology — gives him an authoritative overview of cyber security and, for an industry that has autonomous vessels in development, he had expected to find shipping to be very advanced in its cyber security implementation and attitudes. Instead, he found that was not the case. His remarks include an example of a recent incident in which a service provider's systems were compromised, affecting at least 120 ships. The breach was subsequently repaired but the full story prompts Anastasiou to observe that “we fall in the same hole again and again”. He says this is because of limited efforts to prepare for cyber security difficulties. In contrast to shipping's approach, cyber security is the starting point when satellite systems are designed, he says. Controls, procedures and governance are built on that foundation, with ground infrastructure and component design following on. This approach should be common to all industries, including marine, he says. He acknowledges that maritime regulations now apply to cyber security which make it mandatory to take precautions, but he believes that shipowners and their system suppliers should go further. Attitudes must change So, he explains in the podcast that attitudes must change and he outlines some ideas about how cyber security awareness could be strengthened by better – and repeated – education and cyber drills that are backed up by companies' tested policies on how to respond to cyber security incidents. He goes on to describe how a cyber attack on a vessel might be triggered by an attack on shoreside systems, given the growing connectivity between ship and shore and vice versa. Not only that, but the implications of a maritime cyber attack can extend far beyond the company itself, since any resulting operational delay could have an impact on an entire supply chain. Class societies have addressed cyber security concerns by developing two Unified Requirements — UR 26 and UR 27 — and Anastasiou was a member of the International Association of Classification Societies (IACS) Cyber Systems Panel that developed them. But he suggests in the podcast that these should be viewed as starting points for class societies to evolve requirements to match the pace of change in technology. As a response to his remarks, he encourages listeners to conduct internal assessments of their own cyber security and to reach out to their class societies for guidance to improve their resilience.

If you like what you hear, please subscribe, leave us a review and tell a friend!

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber https://barricadecyber.com for #incidentresponse #ransomware and #BEC recovery. Register for BCS webinars!Check out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://threatlocker.com/dailycyberTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, Mike will explore how bad actors are focusing their attacks on SaaS applications, hijacking tokens and how misconfigured integrations are used to bypass traditional defenses. Mike will also discuss how IT leaders can rethink protecting their essential SaaS business applications with tools that go beyond endpoint and MFA strategies to secure the modern user. This segment is sponsored by Kaseya 365 User. Visit https://securityweekly.com/k365 to learn more about them! In the leadership and communications segment, The rise of the chief trust officer: Where does the CISO fit?, When Another Company's Crisis Hurts Your Reputation, Effective Workplace Communication Tips, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-424

ShadyPanda plays the long game. India mandates tracking software on mobile devices. Korea weighs punitive damages after a massive breach. Qualcomm patches a critical boot flaw impacting millions. OpenAI patches a Codex CLI vulnerability. Google patches Android zero-days. Cybersecurity issues prompt an FDA permanent recall for an at-home ventilator system. Switzerland questions the security of hyperscale clouds and SaaS services. One of the world's largest cyber insurers pulls back from the market. On our Threat Vector segment, ⁠David Moulton⁠ sits down with ⁠Stav Setty to unpack the Jingle Thief campaign.  In Russia, Porsches take a holiday.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector segment In today's Threat Vector segment, host ⁠David Moulton⁠, Senior Director of Thought Leadership for Unit 42, sits down with ⁠Stav Setty⁠, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco-based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. To listen to the full conversation on Threat Vector, listen here. You can catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Browser extensions pushed malware to 4.3M Chrome, Edge users (The Register) India plans to verify and record every smartphone in circulation (TechCrunch) Apple to Resist India's Order to Preload Government App on iPhones (MacRumors) President orders probe into Coupang breach (The Korea Herald) Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process (GB Hackers) Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers (SecurityWeek) Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild (Infosecurity Magazine) 'Cyber Issue' Leads to FDA Recall of Baxter Respiratory Gear (GovInfoSecurity) Swiss government bans SaaS and cloud for sensitive info (The Register) Publication: Resolution on outsourcing data processing to the cloud (Privatim) Insurer Beazley Steps Back From Cyber Market as Attacks Surge (PYMNTS.com) Hundreds of Porsche Owners in Russia Unable to Start Cars After System Failure (The Moscow Times) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign

There may be misconfigurations and other problems lurking in your wireless network. From a lack of peer isolation to poor segmentation to RADIUS problems and vendor fails, these issues can make your WLAN less secure. Jennifer “JJ” Minella goes from Packet Protector co-host to guest as she discusses these issues with Drew Conry-Murray. This episode... Read more »

There may be misconfigurations and other problems lurking in your wireless network. From a lack of peer isolation to poor segmentation to RADIUS problems and vendor fails, these issues can make your WLAN less secure. Jennifer “JJ” Minella goes from Packet Protector co-host to guest as she discusses these issues with Drew Conry-Murray. This episode... Read more »

Welcome back to Forcepoint's "To the Point Cybersecurity Podcast," where hosts Rachael Lyon, Jonathan Knepher, and Damien Fortune explore the fast-moving world of cybersecurity and its impact on our businesses, governments, and everyday lives. In this episode, we dive into legacy vulnerabilities, quantum-powered threats, and the ongoing tug-of-war between convenience and security in the digital age. Joining the conversation is Damien Fortune, founder and CEO of SENTRIQS, whose unique background in Wall Street finance, law, private equity, and cybersecurity gives him a panoramic view of today's toughest digital challenges—from outdated infrastructure and technical debt to the quantum computing revolution that's reshaping how we think about data protection. You'll hear insights on operational and financial barriers to upgrading security, the ongoing shift between cloud and on-premises data management, and the critical role of proactive risk reduction. The trio also discusses the urgent need for quantum-safe encryption, supply chain accountability, and new approaches to training and protecting users—especially as cyber attackers leverage AI and ever-evolving tools. Whether you're interested in real-world strategies, personal stories of breaking into the industry, or actionable advice for protecting sensitive data, this episode is packed with the forward-thinking perspectives and practical wisdom you need to stay secure in an uncertain digital future. So pour your favorite cup of coffee and get ready to go "to the point" on what's next in cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e361

Unifying Cybersecurity: Combating the $10.5 Trillion Threat with Simplified Platform Solutions by Channel Futures

In previewing CrowdStrike (CRWD) and Okta Inc. (OKTA) ahead of their earnings after Tuesday's close, Ahmed Khan shows concerns from 2025's price action compared to 2024 but believes it makes the names more attractive in affordability. He adds that cybersecurity's fragmented market will experience continued consolidation. Ron Westfall notes "mixed" expectations heading into the reports but adds A.I. will serve as a long-term catalyst. He projects CrowdStrike and Okta to benefit from what he projects to be a $95 billion market. ======== Schwab Network ========Empowering every investor and trader, every market day.Options involve risks and are not suitable for all investors. Before trading, read the Options Disclosure Document. http://bit.ly/2v9tH6DSubscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – https://twitter.com/schwabnetworkFollow us on Facebook – https://www.facebook.com/schwabnetworkFollow us on LinkedIn - https://www.linkedin.com/company/schwab-network/About Schwab Network - https://schwabnetwork.com/about

Rear Admiral (Ret.) Mark Montgomery is the Senior Director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. He spent 32 years in the Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. After leaving the Navy, Admiral Montgomery worked as policy director for the Senate Armed Services Committee during Senator John McCain's chairmanship, and as Executive Director of the Cyberspace Solarium Commission, a congressionally created commission directed to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.” In this episode, Lawfare Book Review Editor Jonathan Cedarbaum sits down with Admiral Montgomery to discuss the fifth annual implementation report prepared by the Cyberspace Solarium Commission 2.0, which assesses how the federal government has done over the last year in implementing the Solarium Commission's recommendations for strengthening the United States' cybersecurity posture. The report, whose lead author was Admiral Montgomery, concludes that "[o]ur nation's ability to protect itself and its allies from cyber threats is stalling and, in several areas, slipping." They discuss the scope and impacts of the Trump administration funding and staffing cuts in leading agencies responsible for cybersecurity; the weakening of public-private collaboration, including the closing of the Critical Infrastructure Partnership Advisory Council; and the weakening of recruitment efforts to build the cyber workforce the country needs.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death. https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/ B2B Guest Access Creates an Unprotected Attack Vector Users may be tricked into joining an external Teams workspace as a guest, bypassing protections typically enabled for Teams workspaces. https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/ Geoserver XXE Vulnerability CVE-2025-58360 Geoserver patched an external XML entity (XXE) vulnerability. https://helixguard.ai/blog/CVE-2025-58360