Podcasts about cybersecurity

Send us a text

AI didn't break assessments—it revealed just how flawed they already were. Richard Culatta, CEO of ISTE+ASCD, shares how schools can prepare AI-ready graduates, address bias, and rethink what learning really looks like. Show notes: https://www.coolcatteacher.com/e912 3 Takeaways: • Assessments weren't broken by AI—they were broken already. • An AI-ready graduate needs strong human skills like storytelling and problem-solving. • Addressing bias requires both human awareness and AI tools for cross-checking. Growth Reflection: How should schools redefine assessments in the age of AI?

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Steve Satterwhite On Cyber is a Cybercrime Magazine Podcast series brought to you by Entelligence. In this episode, Satterwhite, founder and CEO at Entelligence, joins host Charlie Osborne to discuss how AI is changing the cybersecurity landscape and impacting job roles across the globe. An industry leader in delivering affordable, high value professional services to security-conscious enterprise and government organizations worldwide, Entelligence addresses the cyber skills gap by working as a seamless extension of each customer's organization, providing a set of customized services that include security readiness assessments, quick-start solution deployments, and longer-term resident expert engagements. Learn more about our sponsor at https://entelligence.com

Cyber attacks on schools are growing. Auburn University's Jay James shows how student-led cybersecurity operations prepare learners and protect campuses. 3 Takeaways: • Student SOCs give real-world, hands-on cybersecurity training. • AI tools like Microsoft Security Co-Pilot mentor students in real time. • K-12 schools can start small with focused projects and grow from there. Growth Prompt: How do you prepare students—or staff—for real cybersecurity threats? Show notes link: https://www.coolcatteacher.com/e911 

August 18, 2025: George Pappas, CEO of Intraprise Health, by Health Catalyst, joins Drex for the news. They tackle the pressing question of how CISOs can evolve from security scorekeepers into business transformation leaders who drive real organizational impact. As the hosts examine a recent White House initiative promising patient-centric healthcare, they question whether lofty proclamations can overcome the business interests maintaining today's fragmented systems. Can artificial intelligence finally deliver true healthcare interoperability, or will technical complexities and competitive pressures derail another promising solution? With $4 trillion at stake in the current healthcare ecosystem, they explore whether the industry has the willpower to prioritize genuine patient-centered care over preserving the current system.  Key Points: 02:21 Discussion on Jigar Shaw's LinkedIn Article 08:20 Challenges Faced by Rural Hospitals in Cybersecurity 15:48 CMS News Release and Interoperability News Articles:  CISOs that execute, make an impact & transform! Why rural hospitals are losing the cybersecurity battle White House, Tech Leaders Commit to Create Patient-Centric Healthcare Ecosystem

This episode examines cybersecurity in the workplace through the lens of Mr. Robot's "Exploits" episode, where social engineering takes center stage. Curtis Preston and Prasanna break down how Elliot infiltrates Steel Mountain data center using badge cloning, psychological manipulation, and fake identities.The hosts analyze real-world implications of these attacks, from coffee shop badge theft to exploiting lonely employees. They discuss critical gaps in physical security protocols and explain why cybersecurity in the workplace fails when organizations rely on single points of security. Key topics include visitor badge systems, tailgating prevention, security camera monitoring, and building a culture where employees feel empowered to challenge unauthorized access. The episode reveals how most workplace breaches happen through human exploitation rather than technical hacking, making employee training and robust security protocols critical for protecting sensitive data and systems.

In the face of growing cybersecurity threats, Alex Hamerstone says companies are looking for places with a "solid" reputation. He previews Palo Alto Networks (PANW) earnings. Alex adds that it's tougher to bring in cybersecurity solutions in-house, which could benefit companies like PANW.======== Schwab Network ========Empowering every investor and trader, every market day.Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – / schwabnetwork Follow us on Facebook – / schwabnetwork Follow us on LinkedIn - / schwab-network About Schwab Network - https://schwabnetwork.com/about

Cybersecurity is "not a nice to have, it's a have to have," says Nathaniel Bradley. Ahead of Palo Alto Networks' (PANW) earnings after the close on Monday, he called the company the "tip of the spear" in the industry. Nathaniel adds that the acquisition of CyberArk gives Palo Alto more "scale" to bolster future operations. Tom White offers a pair of example options trades for Palo Alto.======== Schwab Network ========Empowering every investor and trader, every market day.Options involve risks and are not suitable for all investors. Before trading, read the Options Disclosure Document. http://bit.ly/2v9tH6DSubscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – https://twitter.com/schwabnetworkFollow us on Facebook – https://www.facebook.com/schwabnetworkFollow us on LinkedIn - https://www.linkedin.com/company/schwab-network/About Schwab Network - https://schwabnetwork.com/about

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services at https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://threatlocker.com/dailycyberTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

Ann Westerheim, founder and president of Ekaru, discusses the concept of "last mile services" in technology, emphasizing the importance of making advanced IT and cybersecurity accessible to small businesses. Drawing from her background in the semiconductor industry, she highlights the gap between cutting-edge technology and its practical application for Main Street USA businesses. Her approach focuses on empowering clients to improve their cybersecurity posture through simple, actionable steps, such as implementing strong passwords and multi-factor authentication.Westerheim introduces her CyberFit 21-day program, designed to demystify cybersecurity for non-technical users. She aims to replace the overwhelming jargon of the tech industry with relatable concepts that resonate with small business owners. By simplifying complex topics, she helps clients understand the risks they face and the straightforward measures they can take to mitigate them. This approach not only educates but also empowers clients to take control of their cybersecurity.The conversation shifts to the impact of artificial intelligence (AI) on cybersecurity, particularly in phishing attacks. Westerheim notes that AI is being used to create highly sophisticated phishing emails that are indistinguishable from legitimate communications. She emphasizes the need for businesses to establish acceptable use policies regarding AI and to educate employees about the potential security risks associated with its use. This proactive approach is crucial as many employees may be using AI tools without understanding the implications.As the discussion wraps up, Westerheim reflects on the current mood among small business clients, who are feeling overwhelmed by rapid technological changes and external economic pressures. She stresses the importance of taking small, manageable steps to adapt to these changes rather than succumbing to paralysis by analysis. By fostering open dialogues about technology and security, she aims to guide her clients through this period of uncertainty, helping them to embrace the opportunities that come with technological advancements. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

The Apex Program is a specialized training initiative designed to equip blind and low vision individuals with the skills to pursue careers as cybersecurity analysts. Cybersecurity analysts enjoy above-average earning potential, strong job security, and abundant opportunities nationwide—many of which offer the flexibility of remote work.www.theapexprogram.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

We pull no punches on the escalating #cyberwarfare threat from state-sponsored actors, with China leading the charge. From alarming penetration test results to underfunded state laws like Ohio's latest effort, this episode dissects why America's response is dangerously inadequate. This isn't just another #cybersecurity scare—it's a call for a complete strategic overhaul to safeguard national #security before it's too late.TakeawaysChina is currently leading in cyber warfare against the U.S.The threat landscape is rapidly evolving, with increasing vulnerabilities.Broken access control remains the most common vulnerability in systems.Cybersecurity spending is slowing down, which is concerning for national security.Ohio's new cybersecurity law lacks funding and practical enforcement measures.Leadership in cybersecurity is crucial for effective defense strategies.Many organizations are still using outdated technology and practices.The need for comprehensive training and resources in cybersecurity is critical.Legislative measures must be backed by funding to be effective.The conversation highlights the urgency for a new approach to cybersecurity.

AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xerox Freeflow Core Vulnerability Horizon3.ai discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances. https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ SANS.edu Research: Darren Carstensen Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing Not all Zero Trust Network Access (ZTNA) solutions are created equal, and despite bold marketing claims, many fall short of delivering proper Zero Trust security. https://www.sans.edu/cyber-research/evaluating-zero-trust-network-access-framework-comparative-security-testing/

America's edge in artificial intelligence may rest on one decision now facing Washington: whether to keep our most advanced chips out of Beijing's hands. President Trump has moved to lift the export ban on Nvidia's H20 processors—a move some warn could supercharge China's AI ambitions and military power—arming the Chinese Communist Party for dominance in the AI age. Cliff May and Matt Pottinger pull back the curtain on the high-stakes race, the players vying for advantage, and what's really at risk if America loses its lead.

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today's hybrid, AI-driven environments. Stein's background in technology infrastructure and DevOps, paired with his co-founder's deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Christopher Luft, Co-Founder and CCO of LimaCharlie, and Dr. Mike Saylor, CEO of Blackswan Cybersecurity, sat down with the Defender Fridays community for Black Hat week wrap up and a deep dive building secure environments for IR.Dr. Mike Saylor is an accomplished, outcome-driven and solution-focused business professional and entrepreneur with 30+ years of Consulting, IT Audit & Risk, Cyber Security & Incident Response experience. Uniquely qualified as a leader with a solid knowledge of operations, strategy and management, Dr. Mike has enjoyed repeated success guiding highly skilled, cross functional teams in areas of intelligence, security, technology, and audit & compliance. Dr. Mike is an experienced public speaker, writer, and researcher on topics of technology, security, and cybercrime. He stays current with changes in the industry through professional affiliations and continuing professional development. Learn more about Blackswan Cybersecurity at blackswan-cybersecurity.comOn Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at limacharlie.io/defender-fridays

Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercrime has been frozen through coordinated efforts by the private sector and law enforcement in the US and Canada. Cyber criminals are selling active FBI and other law enforcement email accounts for as low as $40, posing significant risks of impersonation and fraud. Microsoft's latest Patch Tuesday addresses over 100 vulnerabilities, including critical flaws in various services and applications. Nova Scotia Power faces criticism for seeking to hide details about a major cybersecurity breach that affected 280,000 customers, with regulators emphasizing the need for public accountability. Jim signs off by encouraging listeners to support and provide feedback for the show. 00:00 Cybercrime Crypto Crackdown 02:34 FBI Email Accounts for Sale 04:05 Microsoft Patch Tuesday Updates 06:16 Nova Scotia Power Cybersecurity Breach 07:43 Show Wrap-Up and Listener Engagement

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

America's edge in artificial intelligence may rest on one decision now facing Washington: whether to keep our most advanced chips out of Beijing's hands. President Trump has moved to lift the export ban on Nvidia's H20 processors—a move some warn could supercharge China's AI ambitions and military power—arming the Chinese Communist Party for dominance in the AI age. Cliff May and Matt Pottinger pull back the curtain on the high-stakes race, the players vying for advantage, and what's really at risk if America loses its lead.

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services at https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://threatlocker.com/dailycyberTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Ayotunde Aladejana, a venture & partnerships leader driving capital, markets & impact with comprehensive experience across banking, global health, and venture capital. We unpacked his journey from economics and business analysis to venture building, his playbook for corporate–startup partnerships, practical lessons on leading with empathy, governance, data protection, scaling responsibly, and lots more.Support the show

Scammers can often target those in the Church, and Father Dave welcomes Theresa Payton to help others protect themselves from fraud. Theresa is the former White House Chief Information Office for President George W. Bush, as well as the CEO of the cybersecurity firm Fortaliss Solutions. Her a new initiative, "Protecting the Faithful," helps Christians spot scams before they are victims. 

In the GovClose Certification Program, our students learn the government contracting skills to:Start their own consulting business that can earn up to $400k as a “solopreneur” advising businesses that sell to the government.Land high-paying sales executive jobs with companies selling to the government.From Special Ops to the Pentagon: Forrest Underwood on AI, Startups, and the Future of Defense ContractingForrest Underwood's career spans flying MC-130Js for Special Operations, standing up new squadrons overseas, embedding with SOCOM on urgent missions, working with Silicon Valley venture capital firms, and now serving as Chief of Joint Investment Strategies at the Office of the Secretary of Defense and the CEO of Evergreen IndustriesIn this conversation, Forrest explains:How AI, cyber, and space tech companies can break into defense contracting.Why “product–mission fit” is the key to winning contracts without wasting resources.The cultural speed gap between Special Operations and traditional acquisition.How the Forged Act, Speed Act, OTAs, and acquisition reform will change the landscape.Why the best product doesn't always win — and how to fix it.If you're a founder, tech leader, or government contracting professional, this episode is packed with actionable insights to help you navigate — and win in — the defense market.Connect with Forrest on LinkedIn: https://www.linkedin.com/in/forrestunderwood/Timestamps / Chapters00:00 – The calm before the storm in defense acquisitions00:40 – AI writing proposals for AI: The growing noise problem01:15 – Special Ops speed: Delivering tech in under 24 hours02:00 – Forrest Underwood: From pilot to defense tech strategist03:00 – The grocery store encounter that launched an Air Force career04:00 – Air Force Academy prep school: Building future officers05:00 – Pilot training pipeline and aircraft assignments07:00 – C-130J missions in Europe and Africa09:00 – Standing up an MC-130J squadron in Okinawa11:00 – Transitioning to joint staff roles in Stuttgart14:00 – SOCOM immersion in Silicon Valley venture capital15:00 – Working with VC firms on AI, cyber, and space tech17:00 – The cultural speed gap in acquisitions19:00 – Overnight integration of mission-critical tech22:00 – Moving into acquisitions leadership at OSD23:00 – Managing $200B in annual defense investments24:00 – Founding Evergreen Industries and product–mission fit28:00 – Navigating the valley of death in defense innovation29:00 – OTAs, SBIRs, DIU, and accelerating acquisition30:00 – Forged Act, Speed Act, and acquisition reform32:00 – Why quality beats volume in proposals34:00 – Non-traditionals vs. primes in the new acquisition era36:00 – Cybersecurity compliance and small business challenges39:00 – Why the best product doesn't always win40:00 – Mapping capabilities to joint warfighting needs42:00 – Accelerating serious companies into DOD contracts45:00 – Sell it first, build it second in defense tech46:00 – Validating demand before developing solutions47:00 – Discovery-driven selling in the DOD49:00 – Understanding frustrations on both sides of the process50:00 – How acquisitions officers evaluate new tech53:00 – Where defense tech funding is headedJOIN the GovClose CommunityFollow me on LinkedIn for our free GovClose Newsletter and real-world GovCon insights

Tariffs imposed during the Trump administration are now impacting businesses, leading to layoffs and price increases as companies adapt to rising costs. Outdoor brand KAVU has implemented cost-saving measures, including freezing marketing spending and limiting employee travel, while preparing to raise prices due to escalating tariffs on imports from countries like India and Vietnam. Public companies such as QVC Group and Allbirds are also planning price increases to mitigate the effects of tariffs, which could contribute to higher inflation and reduced consumer spending. As the stability of tariff rates becomes clearer, businesses may become more decisive about hiring and layoffs.The adoption of artificial intelligence (AI) is surging, with nearly 80% of companies reportedly using generative AI. However, many firms are experiencing little to no significant impact on their bottom line, reminiscent of the productivity paradox seen during the personal computer boom. A survey indicates that CFOs are increasingly prioritizing AI for productivity and long-term revenue growth, with a notable shift in budget allocation towards agentic AI. Despite the optimism surrounding AI investments, the anticipated benefits have yet to materialize, raising concerns about skill degradation among professionals who rely heavily on AI tools.Recent executive orders signed by President Trump may have significant implications for cybersecurity, potentially reversing progress made under previous administrations. While some directives aim to enhance preparedness for cyberattacks at the state and local level, others remove critical software security requirements for government vendors. This shift could undermine existing protections and create vulnerabilities, benefiting hackers and fraudsters. Additionally, Disney's decision to cancel plans for a deepfake version of Dwayne Johnson highlights the growing concerns over copyright and AI-generated content, as studios grapple with the implications of intellectual property rights in the age of AI.As AI adoption accelerates, companies are rethinking their pricing strategies, moving from flat fees to consumption-based models to maintain profitability amid rising operational costs. This shift raises questions about forecasting costs and protecting margins, as unexpected spikes in per-task billing could impact clients. Furthermore, the limitations of AI systems in self-assessing their capabilities pose challenges for trust and validation in AI outputs. With significant vulnerabilities identified in AI systems during stress tests, service providers must ensure their AI offerings are built on robust, verified systems to deliver reliable value to clients. Four things to know today 00:00 With Tariffs Solidifying, Businesses Tighten Spending and Raise Prices, Forcing IT Providers to Prove Value03:56 Generative AI Adoption Hits 80%, Yet ROI Elusive as Healthcare Skill Loss and Data Risks Emerge07:56 Mixed Cybersecurity Signals from White House; AI Copyright Uncertainty Halts Disney's Moana Project10:50 AI Managed Services Evolve as Consumption Pricing Rises, Chatbots Mislead, and Red Teams Find 139 Flaws  Supported by:  https://www.moovila.com/https://scalepad.com/dave/  Tell us about a newsletter!https://bit.ly/biztechnewsletter All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In an industry where technology often takes the spotlight, Deidre Diamond, Founder and CEO of CyberSN, and Carraig Stanwyck, CEO and former Fortune 200 CISO, are making the case for a shift in focus—one where people, not just tools, drive operational success.Deidre's journey began in cyber talent matching, where she saw firsthand the persistent workforce challenges organizations face—burnout, retention struggles, and a lack of career planning. These challenges inspired the creation of a workforce risk management practice designed to quantify and address the human side of cybersecurity. The approach goes beyond staffing—it maps skills, capabilities, and job alignment in real time, enabling leaders to strategically plan their workforce instead of reacting to turnover.Carraig's perspective as a leader building teams across government, startup, and enterprise environments reinforces the message: “If you get the people right, everything else comes together.” Even leaders already committed to employee engagement often lack the visibility to fully understand capability gaps, skill utilization, and role misalignment. Carraig describes how moving from static spreadsheets to a dynamic platform revealed hidden opportunities—such as repositioning talent into roles that better matched their strengths—while also giving executives a clear capability-to-staffing view.This real-time insight changes everything. Leaders can create accurate job descriptions based on actual needs, build stronger business cases for budgets, and proactively plan for growth. The results aren't just operational—employees feel invested in, leading to greater fulfillment, better retention, and improved professional efficacy.Both Deidre and Carraig emphasize that this approach isn't just about solving today's staffing needs. It's about preparing for a future where emotional intelligence, creative collaboration, and adaptability will be more critical than ever. As AI takes on repeatable tasks, the human ability to think strategically, work cohesively, and innovate will define success.The takeaway is clear: cybersecurity's greatest asset isn't a piece of technology—it's a workforce that's understood, empowered, and aligned with the mission.Learn more about CyberSN: https://itspm.ag/cybersn-476941Note: This story contains promotional content. Learn more.Guests:Deidre Diamond, Founder and CEO of CyberSN | On LinkedIn: https://www.linkedin.com/in/deidrediamond/Carraig Stanwyck, CEO at 3 Tree Tech and former Fortune 200 CISO | On LinkedIn: https://www.linkedin.com/in/carraig-stanwyck/ResourcesLearn more and catch more stories from CyberSN: https://www.itspmagazine.com/directory/cybersnLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: marco ciappelli, deidre diamond, carraig stanwyck, cybersecurity, workforce management, talent retention, job descriptions, skills gap, leadership, employee engagement, career development, black hat, black hat usa, black hat 2025, workforce risk management

Mike Wayne, responsible for global sales at BlinkOps, joins ITSPmagazine host Sean Martin to discuss how organizations can harness agentic AI to transform security operations—and much more.The conversation begins with a clear reality: business processes are complex, and when security is added into the mix, orchestrating workflows efficiently becomes even more challenging. BlinkOps addresses this by providing a platform that not only automates security tasks but also extends across HR, finance, sales, and marketing. By enabling automation in areas like employee onboarding/offboarding or access management, the platform helps organizations improve efficiency, reduce risk, and free human talent for higher-value work.Mike explains that while traditional SOAR tools require heavy scripting and ongoing maintenance, BlinkOps takes a different approach. Its security co-pilot allows users to describe automations in plain language, which are then generated—90% complete—by the system. Whether the user is a SOC analyst or an HR manager, the platform supports low-code and no-code capabilities, making automation accessible to “citizen developers” across the organization.The concept of micro agents is central. Instead of relying on large, complex AI models that can hallucinate or act unpredictably, BlinkOps uses focused, purpose-built agents with smaller context windows. These agents handle specific tasks—such as enriching security alerts—within larger workflows, ensuring accuracy and control.The benefits are tangible. One customer's triage agent processed 400 alerts in just eight days without direct human intervention, while another saved $1.8 million in manual endpoint deployment costs over a single month. Outcomes like reduced mean time to respond (MTTR) and faster time to automation are key drivers for adoption, especially when facing zero-day vulnerabilities where speed is critical.BlinkOps runs as SaaS, hybrid, or in secure environments like GovCloud, making it adaptable for organizations of all sizes and compliance requirements.The takeaway is clear: AI-driven automation doesn't just improve security operations—it creates new efficiencies across the enterprise. As Mike puts it, when a process can be automated, “just blink it.”Learn more about BlinkOps: https://itspm.ag/blinkops-942780Note: This story contains promotional content. Learn more.Guest: Mike Wayne, Vice President, Global Sales at BlinkOps | On Linkedin: https://www.linkedin.com/in/mikejwayne/ResourcesLearn more and catch more stories from BlinkOps: https://www.itspmagazine.com/directory/blinkopsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, mike wayne, blink ops, ai automation, agentic ai, micro agents, security automation, soc automation, workflow automation, zero day response, alert triage, enrichment agent, low code automation, cyber security ai, enterprise automation, black hat usa, black hat 2025

In this episode of The Buzz, host Yohanna Baez speaks with Sydney Heimbrock, the Chief Industry Advisor for Public Sector at Qualtrics and co-chair of the ACT-IAC's COI (community of interest) on talent. She shares her extensive career journey, including her transformative experience in the former Soviet Union and her efforts to integrate human-centered design principles into governmental processes. She discusses the importance of collaboration between industry and government, explains human-centered design, and explores the potential impact of AI on federal talent pipelines. Heimbrock emphasizes the value of public service and encourages the next generation of innovators to consider careers in government. Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate. Intro/Outro Music: See a Brighter Day/Gloria TellsCourtesy of Epidemic Sound(Episodes 1-159: Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound)

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Artificial Intelligence is shaping the future of Cybersecurity.Risk = Threat x Vulnerability x Consequence

When the stakes are high, and the systems are down, who do governments and enterprises in the Netherlands call? Bart Lageweg, founder of Bizway, has built one of Europe's most trusted MSPs by running toward the toughest IT challenges—cyberattacks, ransomware recovery, and compliance-critical crises.In this episode of Now That's IT: Stories of MSP Success, host Chris Massey sits down with Bart to explore how Bizway thrives in the “firefighter” role of managed services. They discuss:How Bart turned a solo IT operation into a leading cybersecurity-focused MSPThe strategy behind small, frequent acquisitions and high-value client selectionWhy compliance (including NIS2) is both a sales tool and a security necessityHow to lead and scale without losing the agility to handle emergenciesThe role of coaching, boards, and constant evolution in MSP leadershipWhether you're building an MSP, leading an internal IT team, or navigating the shift toward compliance-driven services, this conversation offers a rare inside look at thriving in high-stakes IT environments.Let us help you unlock your business's full potential.N-able Business Transformation is Expert led and Peer informed.These valuable executive programs are tailored to provide effective guidance and a faster path to a scalable and successful business.Book a Call with Chris Massey now to learn what Business Transformation can do for you! 'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today. Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc Adobe Patches Adobe released patches for 13 different products. https://helpx.adobe.com/security/Home.html

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

With cryptocurrency in political headlines from Congress to the White House, we figured it was time to get some experts on to help us understand it all. Two well-versed and well-spoken experts from Duke University join host Tim Boyum to share their experiences. Jimmie Lenz is the Director of the Master of Engineering in Financial Technology and Master of Engineering in Cybersecurity at Duke University. Lee Reiners is a lecturing fellow at Duke University and Duke Law. They have both testified before Congress on the issues and have their own podcast called Coffee and Crypto with Lee and Jimmie.

The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant criticism from state and local officials who feel abandoned due to diminishing federal support for critical cybersecurity programs. Many officials are concerned about their increasing reliance on self-driven initiatives, especially after cuts to the Multi-State Information Sharing and Analysis Center, which has been a crucial source of cybersecurity intelligence for over two decades. A recent survey revealed that a substantial portion of state and local governments lack adequate funding for cybersecurity, with 22% allocating no funds and 42% operating with annual budgets of less than $100,000. This situation raises alarms about the potential for increased vulnerability to cyberattacks, particularly from nation-state actors.In response to the evolving landscape of artificial intelligence, the National Institute of Standards and Technology (NIST) is developing new security guidance aimed at addressing the associated risks. This initiative will clarify how AI interacts with cybersecurity, focusing on securing AI systems, the adversarial use of AI, and leveraging AI to enhance cybersecurity measures. Additionally, a bipartisan bill known as the Validation and Evaluation for Trustworthy Artificial Intelligence Act has been reintroduced in the Senate, aiming to establish guidelines for the responsible development and testing of AI systems. House appropriators are also proposing a significant funding increase for NIST, reflecting a commitment to bolster cybersecurity and innovation.The Federal Risk Management and Authorization Program (FedRAMP) has made strides in streamlining the approval process for government cloud services, achieving a significant reduction in wait times from over a year to approximately five weeks. This shift is part of a broader trend toward more efficient cloud authorization processes, with FedRAMP already approving more than twice as many services in fiscal year 2025 compared to the previous year. This development presents an opportunity for businesses to leverage FedRAMP-authorized stacks for government-related buyers and to build migration strategies accordingly.OpenAI has recently updated its ChatGPT platform, introducing new models and third-party tool connectors while facing scrutiny over the performance and security of its latest model, GPT-5. Despite the introduction of various user-focused options, security assessments have revealed significant vulnerabilities in GPT-5, prompting concerns about its safety and reliability. As companies like ConnectWise implement new credit card surcharges and adjust their workforce in response to market demands, the overarching theme emphasizes the need for operational discipline and strategic planning in navigating the evolving technology landscape. Four things to know today 00:00 Shrinking Cyber Budgets, Emerging AI Rules, and Streamlined FedRAMP Signal Shifts for IT Providers06:43 From Security to SaaS Management, Vendors Roll Out Agentic Features for IT Service Providers10:25 OpenAI Expands GPT-5 Options, Adds Connectors, but Faces Early Security Backlash13:41 ConnectWise Adds Credit Card Surcharges, Trims Staff in Strategic Realignment  Supported by:  https://syncromsp.com/   Tell us about a newsletter!https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit

Black Hat 2025: Crogl's CEO Monzy Merza Explains How AI Can Help Eliminate Alert Fatigue in CybersecurityCrogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale. Watch the full interview: https://youtu.be/0GqPtPXD2ik Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/ResourcesLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Erlang OTP SSH Exploits A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ WinRAR Exploited WinRAR vulnerabilities are actively being exploited by a number of threat actors. The vulnerability allows for the creation of arbitrary files as the archive is extracted. https://thehackernews.com/2025/08/winrar-zero-day-under-active.html Citrix Netscaler Exploit Updates The Dutch Center for Cyber Security is updating its guidance on recent Citrix Netscaler attacks. Note that the attacks started before a patch became available, and attackers are actively hiding their tracks to make it more difficult to detect a compromise. https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/ OpenSSH Post Quantum Encryption Starting in version 10.1, OpenSSH will warn users if they are using quantum-unsafe algorithms https://www.openssh.com/pq.html