Podcasts about cybersecurity

The podcast episode explores three significant shifts impacting the managed service provider (MSP) and technology landscape. The first topic centers on the ongoing debate regarding artificial intelligence (AI) and its role in empowering non-skilled workers versus enhancing the capabilities of skilled professionals. The discussion highlights the current state of AI adoption in organizations, emphasizing that while skilled workers are leveraging AI to augment their expertise, many smaller MSPs are still in the experimental phase, using AI for basic tasks rather than integrating it into their core operations.The second major theme is the emergence of the security-first MSP model, where cybersecurity is not merely an add-on service but a fundamental aspect of the business. Research indicates that a significant portion of MSPs still view cybersecurity as a secondary function, with only a small percentage considering it a core part of their offerings. This raises concerns about the preparedness of MSPs to meet the growing cybersecurity demands of their clients, especially as regulations and compliance requirements become more stringent.The final discussion point addresses the readiness of small and medium-sized businesses (SMBs) for AI-powered cyber attacks. The experts note that many SMBs are ill-prepared for the evolving threat landscape, often relying on outdated strategies that may no longer be effective. The conversation underscores the necessity for MSPs to not only enhance their cybersecurity offerings but also to educate their clients about the importance of integrating cybersecurity into their overall business strategy.Throughout the episode, the hosts emphasize the need for MSPs to adopt a more proactive approach to cybersecurity and AI integration. They argue that as the technology landscape continues to evolve, MSPs must refine their business models and operational processes to remain competitive. The discussion concludes with a call for MSPs to embrace their role as trusted advisors, guiding their clients through the complexities of cybersecurity and AI, and ensuring that they are equipped to navigate the challenges of the modern digital environment.

Infostealer Targeting Android Devices This infostealer, written in Python, specifically targets Android phones. It takes advantage of Termux to gain access to data and exfiltrates it via Telegram. https://isc.sans.edu/diary/Infostealer%20Targeting%20Android%20Devices/32414 Attackers exploit recently patched Adobe Commerce Vulnerability CVE-2025-54236 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. E-Commerce security company SanSec has detected multiple exploit attempts. https://sansec.io/research/sessionreaper-exploitation Patch for BIND and unbound nameservers CVE-2025-40780 The Internet Systems Consortium (ISC.org), as well as the Unbound project, patched a flaw that may allow for DNS spoofing due to a weak random number generator. https://kb.isc.org/docs/cve-2025-40780 WSUS Exploit Released CVE-2025-59287 Hawktrace released a walk through showing how to exploit the recently patched WSUS vulnerability https://hawktrace.com/blog/CVE-2025-59287

In this episode of This Week in AML, Elliot Berman and John Byrne dive into a packed agenda of financial crime compliance developments across the U.S., Canada, and Europe. They discuss the newly introduced bipartisan Senate bill proposing changes to SAR and CTR reporting thresholds, the troubling budget cuts at CISA, and New York's latest cybersecurity guidance. The conversation also explores open banking debates, TRM Labs' crypto adoption report, and Fed Governor Michael Barr's remarks on stablecoins. Internationally, they cover Canada's record-setting penalty against Xeltox Enterprises and the UK's AML supervisory overhaul.

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant? Our honeypots detected attacks that appear to exploit CVE-2025-34033 or a similar vulnerability in the Blue Angle Software Suite. https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410 Oracle Critical Patch Update Oracle released its quarterly critical patch update. The update includes patches for 374 vulnerabilities across all of Oracle s products. There are nine more patches for Oracle s e-Business Suite. https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixEBS Rust TAR Library Vulnerability A vulnerability in the popular, but no longer maintained, async-tar vulnerability could lead to arbitrary code execution https://edera.dev/stories/tarmageddon

In this episode of What's at Stake, Penta Partner and Head of the D.C. office Bryan DeAngelis is joined by two of Penta's Senior Partners based on the West Coast—Dan La Russo and TJ Kelly—for a timely discussion on why cyber risk is now stakeholder risk. Drawing from Penta's latest white paper and research study, the trio unpack findings from an analysis of over 4.8 million global mentions across six industries to explore how cyber threats ripple through markets, boardrooms, and public trust. Their conversation covers: Why cybersecurity has evolved from an IT challenge to a reputation-defining issue. How different industries handle breaches—and what distinguishes the organizations that recover quickly from those that struggle to regain trust. The role of transparent leadership and cross-functional coordination in managing crises. The growing intersection between cybersecurity and geopolitics, and what it means for corporate affairs and policy teams. The strategic imperatives every leader should adopt to prepare for the next cyber event. You can access the white paper and request the full research study by visiting pentagroup.com/cyber25

U.S. federal cybersecurity policy has regressed by approximately 13%, according to a report from the Cyberspace Solarium Commission 2.0. This decline is attributed to budget cuts and workforce reductions at key agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department's Cyber Diplomacy Staff. The report indicates that nearly a quarter of previously implemented recommendations have lost their status, which raises concerns about the nation's ability to effectively address rising cyber threats. Mark Montgomery, a former Navy Rear Admiral, emphasized that these cuts hinder the agency's effectiveness, calling for the restoration of funding and personnel to strengthen national cyber defenses.In addition to the decline in federal cybersecurity readiness, AI-generated code is now responsible for one in five security breaches, as reported by Aikido. The study found that AI coding tools account for 24% of production code, with 43% of U.S. organizations reporting serious incidents linked to AI-related flaws. Interestingly, the report also noted that increasing the number of security tools does not necessarily enhance safety; organizations using six to nine tools experienced a 90% incident rate, compared to 64% for those with one or two tools. Despite these challenges, 96% of industry professionals remain optimistic that AI will eventually produce secure and reliable code.The episode also highlights the impact of generative AI on IT service management, revealing that organizations utilizing this technology have reduced incident resolution times by nearly 18%. A report from SolarWinds indicated that the average resolution time decreased from 27.42 hours to 22.55 hours after implementing generative AI. Furthermore, a survey by Accenture found that 19% of office workers admitted to entering sensitive business information into free, unsecured AI tools, underscoring significant gaps in cybersecurity awareness and training.For Managed Service Providers (MSPs) and IT service leaders, these developments signal a pressing need for improved governance and training regarding AI usage. The findings suggest that organizations should focus on reducing tool sprawl and enhancing employee education on cybersecurity responsibilities. As small business optimism declines amid rising inflation and supply chain issues, MSPs should position themselves as stability partners, helping clients navigate these challenges rather than pushing the latest technology trends. The evolving landscape of cybersecurity threats, particularly those involving AI and automation, necessitates a proactive approach to risk management and incident response. Three things to know today 00:00 U.S. Cyber Defenses Slide as AI Code Risks Rise and Governance Gaps Widen05:41 Inflation, Uncertainty, and Automation Push Small Firms Toward Caution and Cost Control09:23 From Prompt Injections to Hidden Malware, Cyber Attacks Are Shifting Toward Stealth and Precision This is the Business of Tech.     Supported by:  https://saasalerts.com/platform-overview-for-msps/?utm_source=mspradio 

Our analysts Brian Nowak, Keith Weiss and Matt Bombassei break down the most important tech insights from Morgan Stanley's Spark Private Company Conference and industry shifts that will likely shape 2026 and beyond. Read more insights from Morgan Stanley.----- Transcript ----- Brian Nowak: Welcome to Thoughts on the Market. I'm Brian Nowak, Morgan Stanley's Head of U.S. Internet Research. I'm joined today by Keith Weiss, Head of U.S. Software Research and Matt Bombassei from my team.Today we're going to talk about private companies and technology – and how they're showing us the direction of travel for disruptive technologies and emerging investment opportunities.It's Wednesday, October 22nd at 10am in New York.Keith and Matt, we just returned from Morgan Stanley's Spark Private Company Conference last week in Los Angeles. It had over 85 private tech companies, 150 plus investor firms. There were a lot of themes that were discussed across the entire tech space impacting a lot of different sectors, including energy, healthcare, financial services, and cybersecurity.Keith, what were some of the biggest takeaways you took away from Spark this year?Keith Weiss: I'd say just to start off with, the Spark Conference is one of my favorite conferences of the year. It's a more intimate conference where you really get to spend time with both the private company executives and founders, as well as investors from the VC community and public company investors. And the conversations are more broad ranging; they're more about the thematics in the industry. They're more long term in nature.So, it's not just a conversation about what's next quarter going to look like, or what data points are you drumming up. You're having these thoughtful conversations about what's going on in the industry and how that's going to impact business models, how it's going to impact innovation cycles, how it's going to impact pricing models, within these companies. So, it tends to be a very interesting conference for me to attend.So, for me, some of the key takeaways. Typically, when we're in these innovation cycles, it feels like everybody's rowing in the same direction. We all understand where the technology's heading, we're all understanding how it's going to be delivered, and it's a race to get there. And you're having a conversation about who's doing best in that race, who's best positioned, who's got a better motor in their race car, if you will.So, to me, one of the big takeaways was we don't have that agreement today, right? There's different players that are looking at this market evolution differently. On one side of the equation, the application vendors – and a lot of this debate is in SaaS based applications. They see SaaS based applications having a very big role in taking these models that are inherently in-determinative and making them to be more determinative and useful within an enterprise context.Bringing them the data that they need to get the job done and the right data; bringing them the context of the business process being solved; bringing the governance that's necessary to use in an enterprise environment. But most importantly, to make it effective and efficient for the large enterprise.On the other side of the equation, you have venture capital investors and more early-stage investors who are looking at this as a huge phase shift, right? This is going to fundamentally change how we build software, how we utilize software, and they worry about a deprecation of that SaaS application layer. They think the model itself is going to start to encompass, it's going to start to subsume a lot more of that application functionality, a lot more of that analytics. And they see a lot more disruption going forward.So that debate within the marketplace, that's something that's interesting to me. It's something that we don't typically see in these innovation cycles. So that's takeaway number one.Takeaway number two, we're still really early days, and that's a little bit implied in in the first statement; I definitely hear a lot of it when I talk to the end customer. When I talk to CIOs. This wasn't necessarily at Spark, but earlier in the week, I was at a CIO conference, there was 150 CIOs in the room. One of the gentlemen on stage asked a question. ‘Who in the room has a good understanding of what we're talking about when we mean Agentic AI, when we mean agentic computing within our enterprise.' Of the 150 CIOs, four raised their hands. Still very early days in understanding how this is going to evolve, how we're going to actually deliver these capabilities into the enterprise.And the last takeaway I would say is more excitement about the federal government becoming a better customer for software companies overall. People are more interested in new avenues into that federal government. There's been some very successful companies that have opened the door to getting into these federal government contracts without going through the primes, without doing the typical federal government procurement cycles.And that's very interesting to the startup community, which tends to move faster, which tends to drive on innovation versus relationship building; versus being in an existing kind of incumbent prime. So, I thought that opening was – it was pretty interesting as well.Brian Nowak: it sounds like it's still very early, there are a lot of different points of view and no real consensus as to where technologies could go next. However, one theme with an enterprise software – [it] does seem like cybersecurity has a little more of a unified view.So maybe walk us through what you learned from a cybersecurity perspective and what should we be focused on there?Keith Weiss: Yeah, absolutely. If there is a consensus, the consensus is that generative AI and these innovations and the fast pace of innovation is going to be a positive for cybersecurity spending, right? The reason being, there's three main factors that are driving that overall spending.One is expansion of surface area, right? Cybersecurity in one dimension, you can think of how much is there to be protected, right? And if we think about the major themes that we're talking about, we're going to be developing a lot more software, right? The code generation tools are improving software developer productivity. You have an expanding capability of what you can actually automate.We'll be building a lot more software. That software needs to be protected, right? We have new entities that are going to be operating inside of enterprises, and that's the agents. So, CIOs are thinking about this future state where you have tens, thousands, maybe hundreds of thousands of agents operating in the environment, doing work on behalf of end users, but having permissions and having ability to execute business processes. How do we secure that side of the equation? We're talking about outside of just the four walls of the large enterprise, going into more operational technologies, being able to automate more of that work. That needs to be secured as well.So, an expanding surface area is definitely good for the cybersecurity budget. You can almost think of cybersecurity as a tax on that surface area. We generally think about it; somewhere between 4 and 6 percent of IT spend is going to be spent on overall security. So, that's one big driver.The second big driver is the elevated threat environment. So, while we're excited to get our hands on these extended capabilities of generative AI, the bad guys are already there, right? They're taking advantage of this. The sophistication, the volume and the velocity of these attacks is all increasing. That makes a harder job for the existing infrastructure to keep up, and it's going to likely necessitate more spending on cybersecurity to tackle these newer challenges; the newer dynamism within the cybersecurity threat appropriately. So, you're going to have to use generative AI to counter the generative AI.And then the last component of it; the last driver would be the regulatory environment. Regulatory tends to have some cybersecurity angles. If we think about it here, we're seeing it in terms of data governance is probably the big one. Where does this data go when it goes into the model? Are we putting the right controls around it? Do we have the right governance on it? So that's a big area of concern.A lot of complaining going on at the conference about the lack of consistency in that regulatory environment. All these different initiatives coming up from the state – really creates a challenging environment to navigate. But that's all good-ness for cybersecurity vendors that can help you get into compliance with these new regulations that are coming up. So overall, a lot of positivity around cybersecurity spending and startups definitely look to take advantage of that.Brian Nowak: Matt, so Keith says there's lack of consensus and boats being rode in every direction on what should be adopted first. And only 3 percent of CIOs know what agentic AI means. What did you learn about early signal on adoption? And some of the barriers to adoption? And hurdles that companies are talking about that they need to overcome to really adopt some of these new tools?Matt Bombassei: Yeah. Well, to Keith's point, it is really early, right? And that was a consistent theme that we heard from our companies at the conference. They are seeing early signs of cost efficiency, making employees more productive as opposed to maybe broad scale layoffs. But it's the deployment of these model technologies into specific sub-verticals – so accounting, legal engineering – where that adoption is driving greater efficiency within the organization.These companies are also adopting models that are smaller and a bit more fine tuned to their specific work product. And so that comes at a lower cost. We heard companies talking about costs at 1/50 of the cost of the broader foundational models when they're deploying it within the organization. And so, cost efficiency is something that we're seeing.At the same time, to speak to how early it is, one of the biggest hurdles here is change management and actually adoption. Getting people to use these products, getting them to learn the new technologies, that is a big hurdle. You know, you can lead a horse to water, you can't make it drink, right? And so, getting people to actually deploy these technologies is something that organizations are thinking through. How do we approach [it]?Brian Nowak: And you make an autonomous car drive? I know you've been doing a lot of work on autonomous driving more broadly. There were some autonomous driving and autonomous driving technology companies at Spark. What were your takeaways on autonomous driving from last week?Matt Bombassei: Yeah, well, not only can you make an autonomous car drive, you can make a truck drive and a bunch of other physical equipment. I think that was one of the takeaways here was that these neural nets that are powering autonomous vehicles are actually becoming much more generalizable. The integration of the transformer architecture into these neural nets is allowing them to take the context from one sub-vertical and deploy it in another vertical.So, we heard that 80 to 90 percent of the software, the underlying neural net, is applicable across these verticals. So, think applicable from autonomous ride sharing to autonomous trucking, right? What that means from our point of view is that it's important to get the scale of total miles driven – to establish that kind of safety hurdle if you're these companies.But also, don't necessarily think of these companies as defined by the vertical that they're operating in. If these models truly are generalizable, a company that's successful and scaled and autonomous ride hailing can switch or navigate verticals to also become successful potentially in trucking and other industries as well. So, the generalization of these models is particularly interesting for scale, and long-term market position for these companies.Brian Nowak: It's fascinating. Well, from consumer and enterprise adoption, the future of agentic computing and autonomous driving, there will be a lot more themes we all have to stay on top of. Keith, Matt, thanks so much for taking the time today.Keith Weiss: Great speaking with you Brian.Matt Bombassei: Thanks for having us.Brian Nowak: And thanks for listening. If you enjoy Thoughts on the Market, please leave us a review wherever you listen and share the podcast with a friend or colleague today.

What time is it? Accuracy of pool.ntp.org. How accurate and reliable is pool.ntp.org? Turns out it is very good! https://isc.sans.edu/diary/What%20time%20is%20it%3F%20Accuracy%20of%20pool.ntp.org./32390 Xubuntu Compromise The Xubuntu website was compromised last weekend and served malware https://floss.social/@bluesabre/115401767635718361 Squid Proxy Vulnerability The Squid team fixed an information disclosure vulnerabilty that may leak authentication credentials. https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr Lanscope Endpoint Manager Vulnerablity https://jvn.jp/en/jp/JVN86318557/index.html

Send us a textFrancisco Criado, Global Channel Chief at TD Synnex, joins Joey to share a conversation that ranges from the art of perfectly smoked beer can chicken to the evolving challenges of the tech channel. He reflects on his return to distribution after leading global channel initiatives in cybersecurity, offering insights into how MSPs can thrive through security, talent retention, and growth strategies. Francisco also discusses the rise of AI in distribution, TD Synnex's AI Pioneers program, and the consultative role partners can play in turning AI concepts into real solutions. On a personal note, he opens up about losing 120 pounds, rebuilding his health, and the role discipline and positivity play in his daily life.

Send us a textJessica McDowell, Senior Vice President of North America Marketing & Digital Customer Success at TD Synnex, joins Joey Pinz to explore the future of channel partnerships. She shares her goals for the TD Synnex Inspire conference, including creating impact, fostering collaboration, and driving innovation. Jessica explains how TD Synnex is addressing partner challenges like cybersecurity, talent retention, and business growth—while also unveiling initiatives like AI Pioneers and Partner Link. Alongside professional insights, Jessica opens up about the role of discipline and routine in her personal life, showing how consistency and resilience power both her leadership and wellness journey.✨ Highlights:Tackling cybersecurity, human capital, and growth challenges for MSPs and partnersHow AI Pioneers is bridging the talent gap with real-world use casesThe importance of discipline, routine, and lifelong learning in leadership  

Send us a textGary Palenbaum, EVP of Revenue & Partner Success at TD SYNNEX, joins Joey Pinz to explore the evolving world of distribution, partner growth, and the discipline it takes to lead in today's market. From reflections on wine and his Brooklyn roots to retooling sales teams for high-growth sectors, Gary shares lessons on leadership, balance, and transformation.Highlights:

Monzy Merza (@monzymerza, CEO/Founder @Crogl) talks about build a next-generation Enterprise SOC by leveraging AI to stay ahead of Cybersecurity threats.SHOW: 969SHOW TRANSCRIPT: The Cloudcast #969 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:Crogl websiteTechCrunch articleForbes ArticleIntellyx ArticleLast WatchDog ArticleTopic 1 - Welcome to the show, Monzy. Give everyone a brief introduction and tell us about your unique journey from government research to Splunk to Databricks to founding Crogl.Topic 2 - Let's start with the current state of cybersecurity and AI. We're seeing headlines about AI being the top cybersecurity concern for 2025, even overtaking ransomware. From your perspective, what's driving this shift and why should organizations be paying attention to the intersection of cybersecurity and AI?Topic 3 - You've described Crogl as an "Iron Man suit" for security analysts. That's a compelling metaphor. Can you break down what you mean by that and how your approach differs from the traditional "reduce alerts" mentality that most vendors have been pushing?Topic 4 - Let's talk about your "knowledge engine" and what you call an “AI for the Enterprise SOC”. You're using compound AI systems with LLMs, smaller models, and knowledge graphs. This sounds quite different from vendors who are just "bolting on" LLMs to existing tools. Walk us through this architectural decision and why it matters.Topic 5 - The cybersecurity industry is experiencing massive alert fatigue - 4,500 alerts per day, with analysts only able to investigate 8-25 of them. Your philosophy is "every alert should be analyzed" rather than filtering them out. That seems counterintuitive to what the market has been doing. How does your autonomous investigation approach actually work in practice?Topic 6 - Where do you see this evolution heading, and what are the implications for SOC teams and security practitioners? Are we heading toward fully autonomous SOCs?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodI

The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Founder and Academic Director of the Hannah Arendt Center for Politics and Humanities and Professor of Politics, Philosophy, and Human Rights at Bard College Roger Berkowitz, Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, Semi-retired, Editor at large/columnist/editorial writer, Times Union Jay Jochnowitz, and Former Vice President for Editorial Development at the New York Press Association Judy Patrick.

Send us a textBill Bartholomew welcomes Navigant Credit Union's Damian CostantinoVice President, Cybersecurity, for a discussion on digital hygiene best practices and how Navigant is a leader in the cybersecurity space.  Support the show

How secure is your trucking operation against cyberattacks? Are you confident your team could spot a phishing email or fake shipper domain before it costs you thousands? Today, listen to cybersecurity expert Melanie Padron speaking about the growing threat landscape in transportation! We discuss why small and mid-sized carriers are prime targets, often hit hardest because they lack dedicated security resources, how AI-powered tools are helping companies stay ahead of evolving cyber risks, and practical solutions: employee training, incident response plans, vendor vetting, and partnering with cybersecurity professionals who understand trucking operations. The key message? “Trust but verify.” As National Cybersecurity Awareness Month reminds us, education and consistency are your best defense. Whether you run one truck or a 500-unit fleet, acquire strategies from this episode to secure your business and protect the future of the industry.   About Melanie Padron Melanie Padron is a risk management expert and cybersecurity speaker who has made it her mission to protect trucking companies from cyber threats. She's been right there in the trenches when ransomware attacks hit, helping pick up the pieces after systems are encrypted and ransom demands arrive. After spending over 20 years in the insurance industry helping businesses recover from disasters, Melanie has shifted her focus to something she's even more passionate about: stopping those disasters from happening in the first place through proactive cybersecurity. Her connection to trucking is personal. Growing up working in her family's convenience stores, she watched the steady stream of trucks that kept their gas tanks filled and shelves stocked. Her uncle and aunt were owner-operators who crossed the country delivering freight, giving her firsthand insight into the dedication and sacrifice required to build a trucking business. Working with veteran-owned IT Architeks, Melanie helps trucking leaders secure their fleets and leverage AI to become more efficient and profitable. Her approach is simple: when trucking companies truly understand their risk, real protection begins. One company at a time, she's working to build cyber resilience in the trucking industry.   Connect with Melanie Website: https://www.itarchiteks.com/  LinkedIn: https://www.linkedin.com/in/melanie-padron/  

This week's VentureFuel Visionary is Ben Colman, founder of Reality Defender. It is the leading deepfake detection platform helping enterprises flag fraudulent users and content. Additionally, its enterprise-grade API and web app detect dangerous AI-generated and manipulated content across audio, video, images, and text. In this episode, we dive deep into the world of AI, cybersecurity, and the innovative solutions being developed to protect our reality in an increasingly digital age. This is crucial in today's landscape where cyber threats are evolving rapidly, posing risks to individuals, businesses, and society as a whole!

How do you become a cybersecurity expert? While at Cybersecurity Intersection in Orlando, Richard chatted with Paula Januszkiewicz about her career in cybersecurity. Paula talks about insatiable curiosity to understand how things work the way they do - why an exploit happens and following the twists and turns that lead to root cause and permanent solutions. The conversation delves into the balance between education and experience, the types of work available in cybersecurity, and pursuing your passion!LinksCybersecurity Architect ExpertMicrosoft EntraMicrosoft SentinelMicrosoft Defender for CloudKusto Query LanguageRecorded October 5, 2025

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Christopher Gray. CEO and co-founder of Path. Gray discusses how his AI-powered platform is transforming test preparation for professional certifications, IT, cybersecurity, healthcare, and college admission exams.

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Christopher Gray. CEO and co-founder of Path. Gray discusses how his AI-powered platform is transforming test preparation for professional certifications, IT, cybersecurity, healthcare, and college admission exams.

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understand how... Read more »

Two-time Emmy and Three-time NAACP Image Award-winning, television Executive Producer Rushion McDonald interviewed Christopher Gray. CEO and co-founder of Path. Gray discusses how his AI-powered platform is transforming test preparation for professional certifications, IT, cybersecurity, healthcare, and college admission exams.

In this episode of Positive Philter, I'm joined by Chris Barrows, host of the Why I Social podcast and co-creator of Traveling Boards. This organization uses board games as tools for leadership development, team building, and education. We dive into Chris's passion for gaming and explore how board games can go far beyond being just a hobby—they can strengthen communication, foster collaboration, and inspire personal and professional growth. This conversation is a reminder that play isn't just for fun—it's a powerful way to learn, lead, and connect with others. Shout Outs and Plugs Traveling Boards Website: https://travelingboards.com/?fbclid=PAZXh0bgNhZW0CMTEAAaeBLiwOw-jU06Tz5tvrW_GBD-X1r6Cf-CPar8BKnjmtDMqPRWPvyeTGq9pN9Q_aem_MSOkJg5I_iOEzgS_QTMHHQ Traveling Boards Instagram Page: https://www.instagram.com/travelingboards/ Traveling Boards LinkedIn Page: https://www.linkedin.com/company/traveling-boards/ Chris Barrows LinkedIn Profile: https://www.linkedin.com/in/cbarrows/ My guest feature on "Why I Social" Podcast: https://open.spotify.com/episode/0S1LGUPOoeKVPl8Tgns3am?si=cLmqUmLBT0yBf6splBaMLQ If you have a question for the podcast call 571-336-6560 or leave a question via this Google Form. Five Minute Journal by Intelligent Change Affiliate Code: https://www.intelligentchange.com/?rfsn=4621464.017186 Tappy Card “Electronic Business Card” Affiliate Code:  https://tappycard.com?ref:philip-wilkerson Please leave a rating/review of the Podcast https://lovethepodcast.com/positivephilter Intro music provided by DJ BIGyoks. Check out his Instagram and Soundcloud channel can be found here:  https://www.instagram.com/beats.byyoks/ https://soundcloud.com/dj-bigyoks Outro music provided by Ryan Rosemond. Check out his Soundcloud channel here: https://soundcloud.com/brothersrosemond/albums  Purchase "Forty Years of Advice" by Philip Wilkerson: https://a.co/d/2qYMlqu Leave Your Feedback by filling out this audience survey: https://forms.gle/ncoNvWxMq2A6Zw2q8 Sign up for Positive Philter Weekly Newsletter: http://eepurl.com/g-LOqL Please follow Positive Philter: Positive Philter Facebook Page Positive Philter Twitter Positive Philter Instagram  If you would like to support the podcast, please consider donating to the Positive Philter Patreon page: https://www.patreon.com/positivephilter Positive Philter was selected by FeedSpot as Top 20 Positive Thinking Podcasts on the web. https://blog.feedspot.com/positive_thinking_podcasts/ Jeff's Anti-Hunger Fund The Positive Philter Podcast is dedicated to Jeff Kirsch. A long-time supporter of the show and a major influence on this show's growth. Please support the careers of future advocates by donating to the Jeff Kirsch Fund for Anti-Hunger Advocacy. This fund was named after Jeff Kirsch for his decades of service in fighting hunger and inequality. Link to fund: https://frac.org/kirschfund Pats for Patriots  If you are a member of the #MasonNation, please consider sending a Pats for Patriots. Pats for Patriots are a free and easy way to thank, recognize, show appreciation for a Mason colleague or student who has taken the time to do something kind, generous or thoughtful towards others. For more information, visit: https://forms.office.com/r/HRZGvhdJEA We have received more than 2,000 nominations from the Mason community so far. Keep those nominations coming in! Steam Pilots Program Steam Pilots, Inc. is a Virginia-based 501(c)(3) tax-exempt organization. Their goal is to improve the state of STEAM education in America. STEAM stands for Science, Technology, Engineering, Art, and Math. They achieve this through pro bono programs delivered to K-12 students and institutions in the Washington, D.C. metropolitan area. Steam Pilots is hoping to raise funds for STEAM kits, supplies, and modest stipends for the interns who work with me. Currently, they have an urgent need for 3D Printers, Robotics Kits, and Cybersecurity teaching tools. Link to GoFundMe:  https://gofund.me/38eeaed2  

When lies ignite chaos, truth becomes the only defense. Tara exposes how the “Trump the dictator” narrative collapsed live on MSNBC after the liberal Ninth Circuit Court confirmed his National Guard deployment was fully legal. From Illinois Governor J.B. Pritzker's incendiary claims to celebrity rants comparing Trump officials to Nazis, Tara breaks down how false talking points are radicalizing the left and leading to open calls for violence — including shocking remarks from the president of Colombia suggesting Trump should be “taken out.” The episode also dives into cartel infiltration, a massive AWS outage that revealed America's digital vulnerability, and election updates in South Carolina.

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understand how... Read more »

Small and medium-sized businesses (SMBs) are significantly increasing their spending on cybersecurity solutions, with managed detection and response (MDR) and network detection and response (NDR) expected to grow by 107% and 118%, respectively. However, despite this financial commitment, a recent study reveals that 83% of SMBs do not conduct formal security awareness training, and nearly half lack established incident response protocols. This operational gap is concerning, as the average financial loss from a security incident for these businesses is estimated at $1.6 million. The study emphasizes that technology alone cannot address the underlying issues of process and expertise that leave many businesses vulnerable.Microsoft's sixth annual digital defense report highlights a troubling trend where over half of cyberattacks are now financially motivated, with ransomware and extortion being primary drivers. Critical public services, such as hospitals and local governments, are particularly at risk due to limited cybersecurity budgets and inadequate incident response capabilities. Nation-state actors are also evolving their tactics, with countries like China and North Korea increasing their cyber espionage efforts. Microsoft stresses the importance of organizations staying informed about threats and collaborating with industry peers to enhance their defenses.For managed service providers (MSPs), this situation presents a unique opportunity. Clients are investing in cybersecurity tools but require assistance in operationalizing these tools into effective security measures. MSPs can help by building processes, training personnel, and conducting tabletop exercises to ensure that businesses are not just purchasing products but are genuinely prepared for potential threats. The podcast emphasizes that cybersecurity is not merely about acquiring tools; it is fundamentally about preparedness and having a well-executed plan tailored to the business's needs.Additionally, the episode discusses recent product updates from various vendors, including Nerdio, SureWeb, and Veeam, which are introducing new AI tools and partner updates to enhance MSP operations. The importance of human capital in maintaining complex systems is also highlighted, particularly in light of Amazon's recent AWS outage, which was exacerbated by significant layoffs leading to a loss of institutional knowledge. The podcast concludes with a call for MSPs to audit their technology stacks and focus on the impact of workflows rather than just features, ensuring that they are prepared for any chaos that may arise. Four things to know today00:00 The Cybersecurity Paradox: SMBs Spend More Than Ever, But Stay Just as Vulnerable04:21 ConnectWise's Critical Automate Flaws Highlight the Growing Risk of On-Prem RMMs06:11 From Layoffs to Latency: Amazon's DNS Outage Reveals the True Cost of Lost Expertise09:06 AI, Compliance, and Cloud PCs: Vendors Race to Redefine MSP Efficiency Ahead of Microsoft's 2025 Shift This is the Business of Tech.    Supported by:  https://try.auvik.com/dave-switchhttps://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

Water systems—once considered too small or obscure to be hacked—are now squarely in the crosshairs of cyber actors. In recent months, Bluefield Research has tracked a surge of cyber activity targeting water and wastewater utilities around the world, from the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) release of 32 new control system advisories to Poland's launch of a national cybersecurity framework for water utilities. In this episode of The Future of Water, Bluefield's Barcelona-based Maria Cardenal and Boston-based Leigh Ramsey join host Reese Tisdale to unpack one of the most pressing—and overlooked—threats facing the water sector: cybersecurity. Our water experts explore where these threats are emerging, how utilities are responding, and what the next phase of digital resilience looks like. Key discussion points include: What's really at stake when critical infrastructure is under attack The biggest vulnerabilities in today's water systems—from legacy hardware to weak IT–OT segmentation Real-world examples from the U.S., Norway, and Poland that show how cyberattacks on operational assets are evolving How governments are responding—including Poland's US$1.1 billion cybersecurity initiative for water and wastewater systems How smaller utilities are managing cybersecurity with limited resources The role of new regulations—from the EU's NIS2 Directive to state-level initiatives in the U.S. Why cybersecurity must become part of asset management and workforce training, not an afterthought If you enjoy listening to The Future of Water Podcast, please tell a friend or colleague, and if you haven't already, please click to follow this podcast wherever you listen. If you'd like to be informed of water market news, trends, perspectives and analysis from Bluefield Research, subscribe to Waterline, our weekly newsletter published each Wednesday. Related Research & Analysis: Poland Strengthens Cybersecurity in the Water Sector Cybersecurity Alerts Highlight Water HMI Vulnerabilities

Shocking new research reveals how anyone with $750 can intercept unencrypted satellite data, exposing everything from government secrets to in-flight Wi-Fi traffic. Find out why decades-old vulnerabilities are still open and who actually wants it that way. Study: The World's Satellite Data Is Massively Vulnerable To Snooping You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials DHS says Chinese criminal gangs made $1B from US text scams cr.yp.to: 2025.10.04: NSA and IETF Why Signal's post-quantum makeover is an amazing engineering achievement Court reduces damages Meta will get from spyware maker NSO Group but bans it from WhatsApp How I Almost Got Hacked By A 'Job Interview' New California law requires AI to tell you it's AI The European Union issued its first fines under the AI Act, penalizing a French facial recognition startup €12 million for deploying unverified algorithms in public security contracts Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors Texas hit with a pair of lawsuits for its app store age verification requirements Australia shares tips to wean teens off social media ahead of ban. Will it work? California enacts age-gate law for app stores Meta is asking Facebook users to give its AI access to their entire camera roll Meta poached Andrew Tulloch, co-founder of Thinking Machines Lab, with a compensation package rumored to reach $1.5 billion over six years Even top generals are looking to AI chatbots for answers Roku's AI-upgraded voice assistant can answer questions about what you're watching Tesla debuts a steering wheel-less taxi for two Waymo and DoorDash Are Teaming Up to Deliver Your Food via Robotaxi Host: Leo Laporte Guests: Jacob Ward, Harper Reed, and Abrar Al-Heeti Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit ZipRecruiter.com/twit deel.com/twit zscaler.com/security zapier.com/twit

Using Syscall() for Obfuscation/Fileless Activity Fileless malware written in Python can uses syscall() to create file descriptors in memory, evading signatures. https://isc.sans.edu/diary/Using%20Syscall%28%29%20for%20Obfuscation%20Fileless%20Activity/32384 AWS Outages AWS has had issues most of the day on Monday, affecting numerous services. https://health.aws.amazon.com/health/status Time Server Hack China reports a compromise of its time standard servers. https://thehackernews.com/2025/10/mss-claims-nsa-used-42-cyber-tools-in.html

Shocking new research reveals how anyone with $750 can intercept unencrypted satellite data, exposing everything from government secrets to in-flight Wi-Fi traffic. Find out why decades-old vulnerabilities are still open and who actually wants it that way. Study: The World's Satellite Data Is Massively Vulnerable To Snooping You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials DHS says Chinese criminal gangs made $1B from US text scams cr.yp.to: 2025.10.04: NSA and IETF Why Signal's post-quantum makeover is an amazing engineering achievement Court reduces damages Meta will get from spyware maker NSO Group but bans it from WhatsApp How I Almost Got Hacked By A 'Job Interview' New California law requires AI to tell you it's AI The European Union issued its first fines under the AI Act, penalizing a French facial recognition startup €12 million for deploying unverified algorithms in public security contracts Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors Texas hit with a pair of lawsuits for its app store age verification requirements Australia shares tips to wean teens off social media ahead of ban. Will it work? California enacts age-gate law for app stores Meta is asking Facebook users to give its AI access to their entire camera roll Meta poached Andrew Tulloch, co-founder of Thinking Machines Lab, with a compensation package rumored to reach $1.5 billion over six years Even top generals are looking to AI chatbots for answers Roku's AI-upgraded voice assistant can answer questions about what you're watching Tesla debuts a steering wheel-less taxi for two Waymo and DoorDash Are Teaming Up to Deliver Your Food via Robotaxi Host: Leo Laporte Guests: Jacob Ward, Harper Reed, and Abrar Al-Heeti Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit ZipRecruiter.com/twit deel.com/twit zscaler.com/security zapier.com/twit

Shocking new research reveals how anyone with $750 can intercept unencrypted satellite data, exposing everything from government secrets to in-flight Wi-Fi traffic. Find out why decades-old vulnerabilities are still open and who actually wants it that way. Study: The World's Satellite Data Is Massively Vulnerable To Snooping You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials DHS says Chinese criminal gangs made $1B from US text scams cr.yp.to: 2025.10.04: NSA and IETF Why Signal's post-quantum makeover is an amazing engineering achievement Court reduces damages Meta will get from spyware maker NSO Group but bans it from WhatsApp How I Almost Got Hacked By A 'Job Interview' New California law requires AI to tell you it's AI The European Union issued its first fines under the AI Act, penalizing a French facial recognition startup €12 million for deploying unverified algorithms in public security contracts Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors Texas hit with a pair of lawsuits for its app store age verification requirements Australia shares tips to wean teens off social media ahead of ban. Will it work? California enacts age-gate law for app stores Meta is asking Facebook users to give its AI access to their entire camera roll Meta poached Andrew Tulloch, co-founder of Thinking Machines Lab, with a compensation package rumored to reach $1.5 billion over six years Even top generals are looking to AI chatbots for answers Roku's AI-upgraded voice assistant can answer questions about what you're watching Tesla debuts a steering wheel-less taxi for two Waymo and DoorDash Are Teaming Up to Deliver Your Food via Robotaxi Host: Leo Laporte Guests: Jacob Ward, Harper Reed, and Abrar Al-Heeti Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit ZipRecruiter.com/twit deel.com/twit zscaler.com/security zapier.com/twit

Shocking new research reveals how anyone with $750 can intercept unencrypted satellite data, exposing everything from government secrets to in-flight Wi-Fi traffic. Find out why decades-old vulnerabilities are still open and who actually wants it that way. Study: The World's Satellite Data Is Massively Vulnerable To Snooping You Only Need $750 of Equipment to Pilfer Data From Satellites, Researchers Say Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials DHS says Chinese criminal gangs made $1B from US text scams cr.yp.to: 2025.10.04: NSA and IETF Why Signal's post-quantum makeover is an amazing engineering achievement Court reduces damages Meta will get from spyware maker NSO Group but bans it from WhatsApp How I Almost Got Hacked By A 'Job Interview' New California law requires AI to tell you it's AI The European Union issued its first fines under the AI Act, penalizing a French facial recognition startup €12 million for deploying unverified algorithms in public security contracts Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors Texas hit with a pair of lawsuits for its app store age verification requirements Australia shares tips to wean teens off social media ahead of ban. Will it work? California enacts age-gate law for app stores Meta is asking Facebook users to give its AI access to their entire camera roll Meta poached Andrew Tulloch, co-founder of Thinking Machines Lab, with a compensation package rumored to reach $1.5 billion over six years Even top generals are looking to AI chatbots for answers Roku's AI-upgraded voice assistant can answer questions about what you're watching Tesla debuts a steering wheel-less taxi for two Waymo and DoorDash Are Teaming Up to Deliver Your Food via Robotaxi Host: Leo Laporte Guests: Jacob Ward, Harper Reed, and Abrar Al-Heeti Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: Melissa.com/twit ZipRecruiter.com/twit deel.com/twit zscaler.com/security zapier.com/twit

In this episode, Jim Jacobs, President and CEO of MediQuant, joins the podcast to discuss how hospitals can streamline their IT environments through application rationalization. He explains how this approach reduces cyber risk, cuts costs, and supports smarter decision-making, while sharing insights on managing cultural change and adopting a responsible approach to AI.This episode is sponsored by MediQuant.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Carter Zupancich. Chris and Carter explore the evolving landscape of social engineering threats, focusing on the rise of vishing attacks and the role of AI in enhancing these tactics. Their discussion underscores the importance of empowering employees as a human firewall and the need for continuous education and testing to strengthen organizational security. [Oct 20, 2025]   00:00 - Intro 00:31 - Carter Zupancich Intro -          Website: https://carterzupancich.com/ 01:30 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                03:35 - Tools, Tactics and Procedures 05:19 - Tech Advances 08:16 - The Classics 10:01 - The Need for Testing 12:16 - Callback Phishing 17:26 - Setting Expectations 21:56 - Approved Language 23:56 - Verify! 25:16 - Empowerment 26:17 - And Now a Horrible Story 28:47 - Investing In Employees 31:19 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

In this episode of One Vision, Theo chats with Louis Columbus, a prominent columnist for VentureBeat, about his work at the intersection of AI and cybersecurity. They discuss the rapid pace of AI development, the concept of shadow AI, and the importance of learning and intellectual growth. Additionally, they delve into the role of AI in writing and its impact on research. Louis also shares his thoughts on how to prepare the next generation for a tech-driven future, emphasizing the importance of parental support and using AI as a tool to enhance skills and competitiveness. Tune in for an enriching conversation that spans from technical writing and professional insights to parenting.

October is Cyber Security Awareness Month, so we have an early Halloween treat for you! Expert Tim joins us to give practical tips on how you can keep yourself safe. This will be one you'll want to take notes on! When he's not keeping people safe online, Expert Tim hosts Frenemy Trivia. Check him out there!https://open.spotify.com/show/1MF4jtqMEtI5SeC8HCE0ge www.twentyfourhourexpert.com twentyfourhourexpert@gmail.com @twentyfourhourexpert

TikTok Videos Promoting Malware InstallationTikTok Videos Promoting Malware Installation Tiktok videos advertising ways to obtain software like Photoshop for free will instead trick users into downloading https://isc.sans.edu/diary/TikTok%20Videos%20Promoting%20Malware%20Installation/32380 Google Ads Advertise Malware Targeting MacOS Developers Hunt.io discovered Google ads that pretend to advertise tools like Homebrew and password managers to spread malware https://hunt.io/blog/macos-odyssey-amos-malware-campaign Satellite Transmissions are often unencrypted A large amount of satellite traffic is unencrypted and easily accessible to eavesdropping https://satcom.sysnet.ucsd.edu

Is there anything real left on the internet? Neil deGrasse Tyson and co-hosts Chuck Nice and Gary O'Reilly explore deepfakes, scams, and cybercrime with the Director of Threat Research at Bitdefender, Bogdan Botezatu. ​​Scams are a trillion-dollar industry; keep your loved ones safe with Bitdefender: https://bitdefend.me/90-StarTalkNOTE: StarTalk+ Patrons can listen to this entire episode commercial-free here: https://startalkmedia.com/show/deepfakes-and-the-war-on-truth-with-bogdan-botezatu/Thanks to our Patrons Bubbalotski, Oskar Yazan Mellemsether, Craig A, Andrew, Liagadd, William ROberts, Pratiksha, Corey Williams, Keith, anirao, matthew, Cody T, Janna Ladd, Jen Richardson, Elizaveta Nikitenko, James Quagliariello, LA Stritt, Rocco Ciccolini, Kyle Jones, Jeremy Jones, Micheal Fiebelkorn, Erik the Nerd, Debbie Gloom, Adam Tobias Lofton, Chad Stewart, Christy Bradford, David Jirel, e4e5Nf3, John Rost, cluckaizo, Diane Féve, Conny Vigström, Julian Farr, karl Lebeau, AnnElizabeth, p johnson, Jarvis, Charles Bouril, Kevin Salam, Alex Rzem, Joseph Strolin, Madelaine Bertelsen, noel jimenez, Arham Jain, Tim Manzer, Alex, Ray Weikal, Kevin O'Reilly, Mila Love, Mert Durak, Scrubbing Bubblez, Lili Rose, Ram Zaidenvorm, Sammy Aleksov, Carter Lampe, Tom Andrusyna, Raghvendra Singh Bais, ramenbrownie, cap kay, B Rhodes, Chrissi Vergoglini, Micheal Reilly, Mone, Brendan D., Mung, J Ram, Katie Holliday, Nico R, Riven, lanagoeh, Shashank, Bradley Andrews, Jeff Raimer, Angel velez, Sara, Timothy Criss, Katy Boyer, Jesse Hausner, Blue Cardinal, Benjamin Kedwards, Dave, Wen Wei LOKE, Micheal Sacher, Lucas, Ken Kuipers, Alex Marks, Amanda Morrison, Gary Ritter Jr, Bushmaster, thomas hennigan, Erin Flynn, Chad F, fro drick, Ben Speire, Sanjiv VIJ, Sam B, BriarPatch, and Mario Boutet for supporting us this week. Subscribe to SiriusXM Podcasts+ to listen to new episodes of StarTalk Radio ad-free and a whole week early.Start a free trial now on Apple Podcasts or by visiting siriusxm.com/podcastsplus. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

New DShield Support Slack Workspace Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support. https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376 Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352) Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Framework BIOS Backdoor The mm command impleneted in Framework BIOS shells can be used to compromise a device pre-boot. https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/ SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/

***Please subscribe to Matt's ⁠Substack⁠ at https://worthknowing.substack.com/***This isn't just another breathless AI conversation. Cybersecurity expert Bruce Schneier joins host Matt Robison to discuss the truly transformative things that are not just on the horizon, but actually starting to happen today, as artificial intelligence bleeds into politics and government. They look at the hidden upsides for fixing many of our deepest problems, but also some of the staggering problems we could increasingly encounter. They explore some of surprising ways AI is already being used in opinion polls, political campaigns, and voter engagement. Schneier's new book is Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship02:21 AI in Opinion Polls04:50 AI Voting Assistance13:32 AI as a Consensus Builder17:00 The Dark Side of AI in Democracy23:33 Concerns About AI and Dystopia29:48 AI Avatars in Politics33:28 AI in Fundraising and Campaign Efficiency38:19 Challenges and Ethical Considerations of AI44:03 Public AI vs. Corporate AI46:48 Conclusion: The Future of AI in Democracy

In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard's Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why it's aggressively investing in the space. After listening to this interview you'll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future! This episode is also available on Youtube. Show notes

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for federal agencies to update their F5 products following a significant breach where hackers accessed source code and undisclosed vulnerabilities. This incident, discovered in August, poses a serious risk to federal networks, as the threat actor could exploit these vulnerabilities to gain unauthorized access and exfiltrate sensitive data. Agencies are required to apply the latest updates by October 22nd and report their F5 deployments by October 29th, highlighting the urgency of addressing these security concerns.In a related development, the National Institute of Standards and Technology (NIST) is encouraging federal agencies to take calculated risks with artificial intelligence (AI) under new federal guidance. Martin Stanley, an AI and cybersecurity researcher, emphasized the importance of risk management in AI deployment, particularly in comparison to more established sectors like financial services. As agencies adapt to this guidance, they must identify high-impact AI applications that require thorough risk management to ensure both innovation and safety.A report from Cork Protection underscores the need for small and medium-sized businesses (SMBs) to adopt a security-first approach in light of evolving cyber threats. Many SMBs remain complacent, mistakenly believing they are not targets for cybercriminals. The report warns that this mindset, combined with the rising financial risks associated with breaches, necessitates a shift towards a security-centric operational model. The cybersecurity services market is projected to grow significantly, presenting opportunities for IT service providers that prioritize security.Apple has announced a substantial increase in its bug bounty program, now offering up to $5 million for critical vulnerabilities. This move reflects the growing importance of addressing security challenges within its ecosystem, which includes over 2.35 billion active devices. The company has previously awarded millions to security researchers, emphasizing its commitment to user privacy and security. As the landscape of cybersecurity evolves, managed service providers (MSPs) are urged to tighten vendor monitoring, incorporate AI risk assessments, and focus on continuous assurance to meet the increasing demands for security. Three things to know today00:00 Cybersecurity Crossroads: F5 Breach, AI Risk, and Apple's $5M Bug Bounty Signal Security Accountability06:44 Nearly a Third of MSPs Admit to Preventable Microsoft 365 Data Loss, Syncro Survey Finds09:22 AI Reality Check: Workers' Overconfidence, Cheaper Models, and Microsoft's Scientific Breakthrough Signal Maturity in the Market This is the Business of Tech.     Supported by:  https://mailprotector.com/mspradio/ 

Show NotesIn this episode, we unpack the core ideas behind the Sonic Frontiers article “From Sampling to Scraping: AI Music, Rights, and the Return of Creative Control.” As AI-generated music floods streaming platforms, rights holders are deploying new tools like neural fingerprinting to detect derivative works — even when no direct sampling occurs. But what does it mean to “detect influence,” and can algorithms truly distinguish theft from inspiration?We explore the implications for artists who want to experiment with AI without being replaced by it, and the shifting desires of listeners who may soon prefer human-made music the way some still seek out vinyl, film cameras, or wooden roller coasters — not for efficiency, but for the feel.The article also touches on the burden of rights enforcement in this new age. While major labels can embed detection systems, who protects the independent artist? And if AI enables anyone to create, does it also require everyone to monitor?This episode invites you to reflect on what we value in music: speed and volume, or craft and control?

⬥GUEST⬥Walter Haydock, Founder, StackAware | On Linkedin: https://www.linkedin.com/in/walter-haydock/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥No-Code Meets AI: Who's Really in Control?As AI gets embedded deeper into business workflows, a new player has entered the security conversation: no-code automation tools. In this episode of Redefining CyberSecurity, host Sean Martin speaks with Walter Haydock, founder of StackAware, about the emerging risks when AI, automation, and business users collide—often without traditional IT or security oversight.Haydock shares how organizations are increasingly using tools like Zapier and Microsoft Copilot Studio to connect systems, automate tasks, and boost productivity—all without writing a single line of code. While this democratization of development can accelerate innovation, it also introduces serious risks when systems are built and deployed without governance, testing, or visibility.The conversation surfaces critical blind spots. Business users may be automating sensitive workflows involving customer data, proprietary systems, or third-party APIs—without realizing the implications. AI prompts gone wrong can trigger mass emails, delete databases, or unintentionally expose confidential records. Recursion loops, poor authentication, and ambiguous access rights are all too easy to introduce when development moves this fast and loose.Haydock emphasizes that this isn't just a technology issue—it's an organizational one. Companies need to decide: who owns risk when anyone can build and deploy a business process? He encourages a layered approach, including lightweight approval processes, human-in-the-loop checkpoints for sensitive actions, and upfront evaluations of tools for legal compliance and data residency.Security teams, he notes, must resist the urge to block no-code outright. Instead, they should enable safer adoption through clear guidelines, tool allowlists, training, and risk scoring systems. Meanwhile, business leaders must engage early with compliance and risk stakeholders to ensure their productivity gains don't come at the expense of long-term exposure.For organizations embracing AI-powered automation, this episode offers a clear takeaway: treat no-code like production code—because that's exactly what it is.⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

What does it really take to be a CISO the business can rely on? In this episode, Sean Martin shares insights from a recent conversation with Tim Brown, CISO at SolarWinds, following his keynote at AISA CyberCon and his role in leading a CISO Bootcamp for current and future security leaders. The article at the heart of this episode focuses not on technical skills or frameworks, but on the leadership qualities that matter most: context, perspective, communication, and trust.Tim's candid reflections — including the personal toll of leading through a crisis — remind us that clarity doesn't come from control. It comes from connection. CISOs must communicate risk in ways that resonate across teams and business leaders. They need to build trusted relationships before they're tested and create space for themselves and their teams to process pressure in healthy, sustainable ways.Whether you're already in the seat or working toward it, this conversation invites you to rethink what preparation really looks like. It also leaves you with two key questions: Where do you get your clarity, and who are you learning from? Tune in, reflect, and join the conversation.

This episode is a part of a special series of interviews conducted at the INCH360 Cybersecurity Conference in Spokane, Washington. Visit their website to learn more about INCH360 and their mission. In this episode, host Jethro D. Jones sits down with Brant Borchert, regional IT leader for MultiCare. They discuss the critical role of IT in healthcare, the ongoing challenges of cybersecurity and ransomware, and the importance of maintaining operational continuity for patient care. Brant shares insights on data stewardship, the complexities of healthcare information sharing, and the value of local collaboration in building resilient systems. The conversation also explores the frustrations and future possibilities of unified health records, making this episode a must-listen for anyone interested in healthcare technology and security. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.com/manage/s/article/K000157005 https://my.f5.com/manage/s/article/K000156572 https://my.f5.com/manage/s/article/K000154696 Adobe Updates Adobe updated 12 different products yesterday. https://helpx.adobe.com/security.html SAP Patchday Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html https://onapsis.com/blog/sap-security-patch-day-october-2025/

Send us a textWhat connects aviation, law, and cybersecurity? In this powerful episode, Joey Pinz uncovers the journey of building resilience and innovation through unlikely intersections.David Setzer shares his early passion for flying, reflecting on family ties to aviation and the lessons of safety and precision. He then takes us through his fascination with law and philosophy, connecting ancient principles of due process to modern justice.But the heart of the conversation lies in the creation of Mailprotector—a company born from humble beginnings that became a leader in email security. David reveals the early days of battling spam and viruses, the rise of ransomware, and why email remains the number one entry point for cyberattacks. He explains how AI and behavioral analysis are reshaping defenses, and why small businesses and MSPs must rethink security as foundational, not optional.

Microsoft Patch Tuesday Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368 Ivanti Advisory Ivanti released an advisory with some mitigation steps users can take until the recently made public vulnerablities are patched. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US Fortinet Patches https://fortiguard.fortinet.com/psirt/FG-IR-25-010 https://fortiguard.fortinet.com/psirt/FG-IR-24-361

While the N2K team is observing Indigenous Peoples' Day, we thought you'd enjoy this episode of the Threat Vector podcast from our N2K Cyberwire network partner, Palo Alto Networks. New episodes of Threat Vector release each Thursday. We hope you will explore their catalog and subscribe to the show. Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit,Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. From picking up 2600: The Hacker Quarterly magazines at Barnes & Noble and building beige boxes to leading threat research at Palo Alto Networks, Kyle shares his personal journey into the security community. This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation. Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility.  Kyle Wilhoit is a seasoned cybersecurity researcher, with more than 15 years of experience studying cybercrime and nation-state threats. He's a frequent speaker at global conferences like Black Hat, FIRST, and SecTor, and has authored two industry-respected books: Hacking Exposed Industrial Control Systems and Operationalizing Threat Intelligence. As a long-standing member of the Black Hat US Review Board and an adjunct instructor, Kyle is deeply involved in shaping both cutting-edge research and the next generation of cybersecurity professionals. Connect with Kyle on LinkedIn Previous appearances on Threat Vector:  Inside DeepSeek's Security Flaws (Mar 31, 2025) https://www.paloaltonetworks.com/resources/podcasts/threat-vector-inside-deepseeks-security-flaws War Room Best Practices (Nov 07, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-war-room-best-practices  Cybersecurity in the AI Era: Insights from Unit 42's Kyle Wilhoit, Director of Threat Research (Jan 11, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-cybersecurity-in-the-ai-era-insights-from-unit-42s-kyle-wilhoit-director-of-threat-research  Learn more about Unit 42's threat research at https://unit42.paloaltonetworks.com/.  Related episodes: For more conversations about AI's impact on cybersecurity, career development in security, and insights from Unit 42 researchers, explore past episodes at https://www.paloaltonetworks.com/podcasts/threat-vector. Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/ YouTube: ⁠⁠⁠⁠@paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices