Podcasts about cybercriminals

Cybercriminals target yet another Las Vegas resort operator, details on what they reportedly demanded. Plus, a replacement for a shuttered Las Vegas chef's restaurant has been revealed, what's taking its place. And, women's flag football is expanding in Las Vegas. Tune in to 7@7 weekdays on any of your favorite streaming platforms.

What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you. Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver. 

In this episode of Future Fuzz, Vince Quinn sits down with Mike Rotondo, Founder of RITC Cybersecurity, to unpack the growing cybersecurity risks facing modern marketing teams.From phishing scams and business email compromise to AI vulnerabilities and data leakage, Mike explains why marketers are prime targets for cybercriminals—and why being “in the cloud” doesn't automatically mean you're secure.The conversation dives into how cybercriminals operate like full-scale corporations, why user training is the single most important defense, and how simple mistakes—like shared logins or unsecured home routers—can expose entire organizations. Mike also explores emerging threats like “quishing” (QR code phishing), AI exploitation, and the hidden risks of feeding sensitive data into large AI tools.If you're managing customer data, email lists, or AI-powered marketing tools, this episode is a must-listen.Guest BioMike Rotondo is the Founder of RITC Cybersecurity, a consulting firm focused exclusively on cybersecurity strategy, compliance, and risk mitigation.RITC provides services including penetration testing, security framework analysis, SOC 2 audit preparation, HIPAA and PCI compliance consulting, and virtual CISO (vCISO) services. Rather than hands-on IT implementation, Mike and his team specialize in advisory, governance, and security architecture—helping organizations build secure systems from the inside out.With decades of experience in cybersecurity dating back to the 1990s, Mike works with organizations to prevent breaches, reduce liability, and strengthen internal defenses against evolving cyber threats.TakeawaysBeing in the cloud does not mean you're secure.Most breaches start with users—not firewalls.Cybercriminals operate like corporations, with R&D and strategy teams.Phishing and business email compromise (BEC) are still the top threats.Shared logins and admin access for everyday users create major vulnerabilities.Remote work requires secured routers, patched systems, and enforced device standards.“Quishing” (QR code phishing) is an emerging attack vector.AI tools can create data leakage risks if policies aren't in place.Personally identifiable information (PII) exposure can financially destroy small companies.Cybersecurity training is the most effective prevention strategy.Chapters00:00 Introduction to Mike Rotondo 00:28 What RITC Cybersecurity Does 01:31 Why Businesses Are More Vulnerable Than They Think 03:01 How Cybercriminals Actually Operate 04:10 Real-World Impact of Phishing Attacks 06:30 Building Strong Cyber Defenses 07:57 Remote Work Security Risks 09:42 QR Code Phishing (“Quishing”) 10:45 Why Cybersecurity Feels Overwhelming 11:05 The Importance of Employee Training 12:26 AI's Role in Cybersecurity Threats 14:53 AI Server Vulnerabilities 15:15 How Marketers Should Approach AI Security 17:08 Data Leakage and PII Risks 18:31 The Financial Fallout of a Breach 19:08 The Ciphered Reality PodcastLinkedInFollow Mike on LinkedIn Follow Vince on LinkedIn

On The BIG Show, we found out more about what the Interpol is doing to fight against cybercriminals. Read more here: https://www.straitstimes.com/singapore/interpol-backroom-warriors-fight-cyber-criminals-weaponising-ai Connect with us on Instagram: @kiss92fm @Glennn @angeliqueteo @officialtimoh Producers: @shalinisusan97 @snailgirl2000See omnystudio.com/listener for privacy information.

Notes:Dr Bekkers describes his academic pathway from psychology to criminology and explains why his research focus has consistently been on offenders and their behaviour rather than on offences or technologies.Cybercrime offenders are often portrayed as a homogeneous group of highly skilled hackers, but research shows they are a heterogeneous population with distinct motivations, skills, and pathways into crime.A key distinction can be made between financially motivated cybercrime, such as online fraud, and more technically complex cyber-dependent crimes such as hacking, DDoS attacks, and website defacement.Financially motivated cybercrime offenders often resemble traditional offline offenders and may commit both online and offline crimes, with similar risk factors, peer influences, and personality profiles.Technically skilled cyber offenders tend to show different characteristics, including higher levels of self-control and intrinsic motivations such as curiosity, challenge, and skill development.Research suggests that traditional criminological theories still help explain some forms of cybercrime, particularly financially motivated offences, while other forms require additional or adapted theoretical approaches.Gaming environments may act as pathways into certain forms of cybercrime by facilitating skill development, exposure to deviant peers, and access to illicit online forums, though gaming may also be protective in some contexts.Parental supervision and open communication may play a role in shaping online behaviour, similar to the role of guardianship and social control in offline offending.Law enforcement responses differ depending on the type of cybercrime, with financially motivated offences often handled by local police and more technical crimes investigated by specialized units.Dr Bekkers highlights the need for longitudinal research and greater engagement with offenders to better understand pathways into cybercrime and to inform prevention and intervention strategies.About our guest:Dr Luuk Bekkershttps://www.thuas.com/research/research-groups/team-cybercrime-cybersecurityhttps://www.linkedin.com/in/luuk-bekkers-79621b162/Papers or resources mentioned in this episode:Bekkers, L. M. J., Moneva, A., & Leukfeldt, E. R. (2025). Distinct group, distinct traits? A comparison of risk factors across cybercrime offenders, traditional offenders and non-offenders. Psychiatry, Psychology and Law, 1–25. https://doi.org/10.1080/13218719.2025.2546311Bekkers, L. M., Holt, T. J., & Leukfeldt, E. R. (2025). The psychological correlates of cybercrime offending: Exploring the self-control/social learning relationship in serious cyber-dependent crime. European Journal of Criminology, 0(0). https://doi.org/10.1177/14773708251378356Bekkers, L. M. J., Holt, T. J., & Leukfeldt, E. R. (2025). Exploring the factors that differentiate individual and group offenders in cyber-dependent crime. Journal of Criminal Justice, 101, 102522. https://doi.org/10.1016/j.jcrimjus.2025.102522

Cybersecurity in 2026 is more dangerous—and more invisible—than ever. Passwords are still the weakest link, with over 6 billion stolen in the past year alone, including common ones like 123456 and admin. Yet, despite decades of awareness, predictable passwords remain the primary entry point for hackers. Meanwhile, attacker tactics have evolved from noisy, overt breaches to stealthy, living-off-the-land operations—using legitimate tools like VPNs, DNS tunneling, and even marketing infrastructure like Kataro to hide in plain sight.Join me as I dive into the latest breach and compromise reports, revealing how adversaries made a strategic pivot to resilience and invisibility. You'll discover how threat actors have shifted focus from traditional malware to infrastructure abuse, leveraging open-source projects, cloud services, and commercial-grade tools to stay under the radar. Learn about the top attack techniques, from privilege escalation to command-and-control protocols, and get insights on how defenders can adapt in an era where the perimeter no longer exists.This episode unpacks the disturbing reality: when breaches happen inside your network, the damage is already done. You'll hear concrete analysis of data from Lumoo's threat intelligence—highlighting the rise of anonymization tools like Tor and NordVPN used by hackers, and how education, financial services, and government sectors are prime targets. Plus, get expert tips on effective defenses like behavioral detection, password management, and monitoring legitimate-looking traffic.Perfect for cybersecurity pros, IT leaders, and anyone serious about staying ahead of the evolving threats—this episode is your urgent wake-up call. We're entering an era where assumptions no longer hold, and understanding the latest tactics could be the difference between breach and defense. Don't get left behind—hit play and upgrade your security mindset now.

If you like what you hear, please subscribe, leave us a review and tell a friend!

How do you take down a cybercriminal? Last month, we explored that question through the lens of Operation Endgame. Today, we ask Shawn Henry, former Executive Assistant Director of the FBI and current Executive Advisor to the Founder and CEO of CrowdStrike. In some ways, it's similar to taking down criminals in the physical world. But the speed and scale of cybercrime operations exacerbate the challenge of stopping them. While infrastructure can be dismantled, the impact is now short-lived as adversaries pivot to other setups. While law enforcement considers how to replicate successful operations, cybercriminals are thinking about how they can adapt and stay ahead. For those pursuing adversaries, speed and scale are difficult to achieve. As Shawn explains, successful takedowns require collaboration among dozens of groups; among them law enforcement agencies, international partners, intelligence analysts, reverse engineers, prosecutors, and private sector organizations that have visibility into adversary infrastructure. “A takedown isn't a single door-kick moment. It's a monthslong choreography of legal process and infrastructure mapping and partner synchronization,” he says. Are there ways to accelerate the process? He has a few ideas. Tune in as Shawn joins Adam and Cristian to share a behind-the-scenes take on stopping cybercrime. Learn the key challenges law enforcement faces, how a takedown comes together, why arrests alone aren't enough to stop adversaries, and where there is still an opportunity to have real impact.

Instagram users are sounding the alarm over a wave of unrequested password reset emails that's hitting inboxes. Cybercriminals are exploiting password resets to break into accounts. KSL Investigative Reporter Matt Gephart joins to explain what to know about this scam.

Cybercriminals target healthcare more than any other industry. We break down the reasons attackers focus their efforts here and the specific vulnerabilities they look for.This episode explores what that reality means for the leaders and teams working to protect patient data.Learn more about Medcurity here: https://medcurity.com#Cybersecurity #HealthcareSecurity #HIPAA #Ransomware #HealthcareIT #DataPrivacy #Healthcare #Compliance #SecurityRiskAnalysis

As global supply chains navigate through cybersecurity threats and rapid technological integration, companies must rethink their strategies to stay competitive. Cybercriminals are increasingly targeting corporate systems through sophisticated tactics, such as email infiltration, to gain access to sensitive data, including bills of lading. This underscores the need for organizations to strengthen their cybersecurity and ensure their supply chains remain secure.In this episode of Supply Chain Now, Scott Luton and Karin Bursa sit down with Gustav Khambatta, SVP, Head of Freight Payment Sales at U.S. Bank, to explore key themes in supply chain management. They discuss the evolving role of cybersecurity, AI's impact on the industry, and the challenges posed by cargo theft and security breaches.They talk about the intersection of AI and cybersecurity, highlighting how technology is transforming business operations. AI is being integrated into supply chain processes, with use cases ranging from fraud prevention to streamlining document verification. However, as AI adoption accelerates, so does the potential for security vulnerabilities. The conversation underscores the importance of continuous adaptation in a rapidly changing supply chain landscape, where technology and security will play a central role in shaping the future.Jump into the conversation:(00:00) Intro(04:02) Sports talk: Patriots, Falcons, F1(06:19) Gustav's professional journey(08:01) US Bank Freight Payment Index insights(14:39) Cybersecurity in the corporate world(20:22) AI in supply chain and cybersecurity(23:28) AI and cybersecurity integration(24:08) Regulatory environment and leadership challenges(24:38) Supply chain evolution and technology(27:26) AI in supply chain management(29:35) Reflections on 2025(32:29) Energy demand and AI(37:02) Predictions for 2026Additional Links & Resources:Connect with Gustav Khambatta: https://www.linkedin.com/in/gustav-khambatta-384852/Learn more about U.S. Bank: https://www.usbank.com/index.htmlDownload the most recent edition of the U.S. Bank Freight Payment Index: bit.ly/scn-us-bankLearn more about Supply Chain Now: https://supplychainnow.comWatch and listen to more Supply Chain Now episodes here: https://supplychainnow.com/program/supply-chain-nowSubscribe to Supply Chain Now on your favorite platform: https://supplychainnow.com/join

In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it. 00:00 Introduction and Sponsor Message 00:52 Understanding the Dark Web 02:16 Interview with David Decary-Hetu 05:10 The Basics of the Dark Web 06:27 Technology Behind the Dark Web 14:49 Law Enforcement Challenges 21:50 Trust and Transactions on the Dark Web 23:45 Recruitment and Structure of Cybercriminals 26:42 Cultural Dynamics in Hacking Communities 27:32 Researching the Impact of Technology on Crime 29:01 Challenges in Policing the Dark Web 30:12 The Role of Social Engineering in Cybercrime 31:18 Law Enforcement Strategies and Conditional Deterrence 32:09 The Evolution of Cybercrime and Cryptocurrency 41:24 Legal and Ethical Considerations in Cybercrime 43:47 Advice for Policymakers and Corporations 48:44 Educational Resources and Conferences 50:57 Conclusion and Final Thoughts

In this episode, the host shares a pre-recorded favorite interview with David Decary-Hetu, a criminologist at the University of Montreal. They discuss the dark web, its technology, and its role in cybercrime. Decary-Hetu explains how the dark web operates, its users, and the dynamics between researchers and law enforcement in tackling cyber threats. Key topics include the economics of illicit markets, the cat-and-mouse game between law enforcement and criminals, the role of cryptocurrencies, and the evolution of cyber threats. The episode offers insights into the social aspects of cybercrime and the measures being taken to combat it. 00:00 Introduction and Sponsor Message 00:52 Understanding the Dark Web 02:16 Interview with David Decary-Hetu 05:10 The Basics of the Dark Web 06:27 Technology Behind the Dark Web 14:49 Law Enforcement Challenges 21:50 Trust and Transactions on the Dark Web 23:45 Recruitment and Structure of Cybercriminals 26:42 Cultural Dynamics in Hacking Communities 27:32 Researching the Impact of Technology on Crime 29:01 Challenges in Policing the Dark Web 30:12 The Role of Social Engineering in Cybercrime 31:18 Law Enforcement Strategies and Conditional Deterrence 32:09 The Evolution of Cybercrime and Cryptocurrency 41:24 Legal and Ethical Considerations in Cybercrime 43:47 Advice for Policymakers and Corporations 48:44 Educational Resources and Conferences 50:57 Conclusion and Final Thoughts

While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You've entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season's juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don't take a holiday. Learn more about your ad choices. Visit megaphone.fm/adchoices

Is there any worse trauma for a business than a cyber attack? What should you do if it happens? Plus how do M&S decide when to close a store and, if it does, is that the final nail in the coffin for that town centre? Steph and Robert talk with M&S chairman Archie Norman, about not just any cyber attack, but an M&S cyber attack. Plus what the barometer of British retail is planning to do next. Email: the⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠restismoney@goalhanger.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ X: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@TheRestIsMoney⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Instagram: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@TheRestIsMoney⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ TikTok: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@RestIsMoney⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://⁠⁠⁠goalhanger.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Question? Text our Studio direct.Today we're talking about AI-powered cybercrime—a phrase that sounds like a marketing stunt but is, unfortunately, very real. Cybercriminals basically got a software update, and now they're running their operations with more automation, more scale, and — let's just say it — better customer service than half the vendors in your tech stack.Season 8 is officially here — and it's the most unhinged, hilarious, and dangerously educational season we've ever done with full cyber chaos:

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

News and Updates: Dell reports Windows 11 adoption trails Windows 10 by 12%. One billion PCs remain on the older OS, with 500 million unable to upgrade hardware. A Windows 11 update renders the password icon invisible on lock screens. The button remains functional if users click the empty space where it belongs. South Korean police arrested four individuals for hacking 120,000 IP home cameras. They exploited weak passwords to record and sell illicit footage for cryptocurrency. Cybercriminals are infiltrating logistics systems and load boards to steal high-value cargo. Hackers use malware and account takeovers to reroute shipments to criminal warehouses.

The integration of advanced AI capabilities in tools like OpenAI Atlas and Microsoft Teams has raised significant security concerns, particularly regarding identity and trust vulnerabilities. Recent findings from LayerX indicate that the Atlas browser has critical vulnerabilities that could allow attackers to inject harmful instructions, while Microsoft Teams has a flaw that enables attackers to bypass Microsoft Defender protections through guest access. These issues highlight the fragility of AI integrations and the need for organizations to implement strict B2B collaboration configurations to mitigate risks associated with external collaborations.The FBI has reported over $262 million in losses due to account takeover fraud, with more than 5,100 complaints filed this year. Cybercriminals are increasingly using social engineering tactics to gain unauthorized access to online banking accounts, often changing passwords to lock victims out and quickly transferring funds to cryptocurrency wallets, complicating recovery efforts. The FBI advises individuals to monitor their financial accounts closely and adopt security measures such as complex passwords and multi-factor authentication to protect against these threats.Managed Service Providers (MSPs) are experiencing a growing demand for integrated security solutions, with a recent survey indicating that 92% of MSPs are seeing business growth driven by interest in AI. However, less than half feel prepared to guide clients in deploying AI tools, particularly autonomous agents. This gap in readiness reflects a significant drop from the previous year's 90% preparedness figure, emphasizing the need for MSPs to focus on data governance and security before implementing AI solutions.The episode underscores the importance of managing identity and data governance as the primary control mechanisms in modern security. MSPs that prioritize these areas will be better positioned to offer secure collaboration and effective automation. As the landscape evolves, providers must choose tools that enhance service delivery without adding unnecessary complexity, ensuring they can meet client demands for security and efficiency in an increasingly AI-driven environment.

AI-integrated tools, such as OpenAI's Atlas and Microsoft Teams, are introducing new trust and identity risks, particularly through vulnerabilities like prompt injections and guest access features. The Atlas browser, launched on October 21, 2025, has been identified as having security flaws that could allow attackers to inject harmful instructions. Similarly, Microsoft Teams has a vulnerability that permits attackers to bypass security protections when users join external tenants as guests. These developments highlight the fragility of AI integrations and the need for robust security measures in collaborative environments.The FBI has reported over $262 million in losses due to account takeover fraud schemes, with more than 5,100 complaints filed this year. Cybercriminals are employing social engineering tactics to gain unauthorized access to online banking and payroll accounts, often locking victims out by changing passwords. The FBI recommends that individuals monitor their financial accounts closely, use complex passwords, and enable multi-factor authentication to mitigate these risks. This trend underscores the importance of managing trust and identity in security practices, as attackers increasingly exploit human vulnerabilities rather than technical flaws.In the managed service provider (MSP) sector, a recent survey by OpenText Cybersecurity revealed that while 92% of MSPs are experiencing growth driven by interest in AI, fewer than half feel prepared to implement AI tools effectively. This marks a significant decline from the previous year's 90% readiness. Additionally, 71% of MSPs reported that their small and medium-sized business clients prefer bundled security solutions, indicating a shift towards integrated offerings that simplify decision-making for clients. The findings suggest that MSPs need to focus on data governance and readiness before deploying AI solutions.For MSPs and IT service leaders, the key takeaway is that modern security is increasingly about managing identity and data governance rather than merely adding more tools. As AI vulnerabilities and account takeover fraud become more prevalent, providers must prioritize establishing secure trust boundaries and effective data management practices. By doing so, MSPs can differentiate themselves in a competitive market, ensuring they are equipped to deliver secure AI solutions and meaningful automation to their clients. Three things to know today00:00 New AI, Collaboration, and Fraud Threats Underscore That Identity—not Infrastructure—is the Real Security Battleground05:15 Survey Shows MSPs Expanding Services Amid AI Interest, Yet True Opportunity Lies in Readiness and Governance07:45 New MSP Integrations, Funding, and AI Platforms Underscore the Shift Toward Identity and Data Governance as the True Control Plane This is the Business of Tech.     Supported by:  https://try.auvik.com/dave-switchhttps://scalepad.com/dave/

Welcome in! You've entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season's juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don't take a holiday.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Welcome in! You've entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season's juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don't take a holiday.

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

AI isn't the silver bullet they promise. It's a national security & educational crisis in the making. Cybercriminals are targeting hospitals & schools, and the 'green' grid can't power the data centers. We must secure our power & demand accountability NOW! Thanks for joining me for this episode! I'm a Houston- based attorney, run an HR Consulting company called Claremont Management Group, and am a tenured professor at the University of St. Thomas. I've also written several non-fiction political commentary books: Bad Deal for America (2022) explores the Vegas-style corruption running rampant in Washington DC, while The Decline of America: 100 Years of Leadership Failures (2018) analyzes – and grades – the leadership qualities of the past 100 years of U.S. presidents. You can find my books on Amazon, and me on social media (Twitter @DSchein1, LinkedIn @DavidSchein, and Facebook, Instagram, & YouTube @AuthorDavidSchein). I'd love to hear from you! As always, the opinions expressed in this podcast are mine and my guests' and not the opinions of my university, my company, or the businesses with which I am connected. Photo credits: Natural Wonder; Raven production; Evgeniy Shkolenko; v_creative; Yavor Yanakiev

If you like what you hear, please subscribe, leave us a review and tell a friend!

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jacob Coombs, CISO, Tandem Diabetes Care, and Ross Young, Co-host, CISO Tradecraft Thanks to our show sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ….or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines All links and the video of this episode can be found on CISO Series.com  

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

China-Linked hackers target Cisco firewalls. MIT Sloan withdraws controversial “AI-Driven Ransomware” paper. A new study questions the value of cybersecurity training. Hackers exploit OpenAI's API as a malware command channel. Apple patches over 100 Security flaws across devices. A Florida-based operator of mental health and addiction treatment centers exposes sensitive patient information. OPM plans a “mass deferment” for Cybercorps scholars affected by the government shutdown. Lawmakers urge the FTC to investigate Flock Safety's cybersecurity gaps. Cybercriminals team with organized crime for high-tech cargo thefts. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE's controversial facial scanning initiative. A priceless theft meets a worthless password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies discussing ICE's controversial facial scanning initiative. You can read more about Ben's topic from 404 Media: You Can't Refuse To Be Scanned by ICE's Facial Recognition App, DHS Document Says. Selected Reading China-Linked Hackers Target Cisco Firewalls in Global Campaign (Hackread) MIT Sloan shelves paper about AI-driven ransomware (The Register) CyberSlop — meet the new threat actor, MIT and Safe Security (DoublePulsar) Study concludes cybersecurity training doesn't work (KPBS Public Media) Microsoft: OpenAI API moonlights as malware HQ (The Register) Apple Patches 19 WebKit Vulnerabilities (SecurityWeek) Data Theft Hits Behavioral Health Network in 3 States (Bank Infosecurity) OPM plans to give CyberCorps members more time to find jobs after shutdown ends (CyberScoop) Lawmakers ask FTC to probe Flock Safety's cybersecurity practices (The Record) Cybercriminals, OCGs team up on lucrative cargo thefts (The Register) Louvre Robbery: Security Flaws: The (Obviously) Password Was "Louvre" (L'Unione Sarda) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Amit Kumar is a constable of Haryana Police and chiefly deals with cyber crime.

In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security breaches affecting critical infrastructure and the broader impact of cybersecurity on financial sectors. Ethical concerns about AI's use in creating inappropriate content and the urgent need for better regulatory frameworks for tech and cloud providers are underscored. The episode concludes with a humorous moment as Jim dons a gifted white TOK, bringing a smile to the discussion. 00:00 Introduction and Sponsor Message 00:18 Panel Introduction and AI Discussion 01:02 Cloud Outages and Their Impact 02:52 DNS and Internet Fragility 07:07 Botnets and Cybersecurity Threats 14:09 Industrial Control Systems Vulnerabilities 26:29 AI in Cybersecurity 35:37 Voice Deepfakes and Authentication Risks 38:32 Creative Scams and Real-Time Voice Translators 39:22 The Importance of Safe Words and Persistent Surveillance Issues 40:17 Hybrid Scams and Financial Crimes in Canada 41:44 Corporate Reputation and Financial Crimes Agency 42:41 Challenges with Digital Banking and Security 44:49 The Role of AI and Security in Financial Transactions 45:55 The Impact of Open Banking and Real-Time Payments 50:57 Email Filters and Cybersecurity Awareness 58:03 Microsoft's Security Challenges and Vulnerabilities 01:03:39 Legal Consequences for Cybercriminals 01:12:17 Final Thoughts and Acknowledgements

In this episode of Cybersecurity Today, host Jim Love explores the potential shift in Russia's stance on cyber criminals, including arrests of major network operators. Discover the latest phishing scams where hackers fabricate death notices to steal passwords, a critical vulnerability exposing thousands of AI servers, and a massive malware campaign on YouTube. Plus, discuss the dual nature of AI in cybersecurity—both as a transformative technology and a new threat. Join the conversation on the future of cybersecurity! 00:00 Introduction: Cybersecurity Headlines 00:26 Russia's Crackdown on Cybercriminals 02:47 Phishing Scam Targets LastPass Users 04:59 AI Server Vulnerability Exposes API Keys 07:28 YouTube Ghost Network Spreads Malware 09:17 The Dual Role of AI in Cybersecurity 12:18 Conclusion and Future Plans

EP 264 ​ In this week's update:​Microsoft Teams will soon reveal employees' exact building location to managers the moment they join company Wi-Fi, blurring the lines of hybrid work privacy.Cybercriminals are exploiting Microsoft's own Copilot Studio platform to deploy convincing phishing agents that silently harvest full Office 365 access tokens.A sprawling malware network hid Lumma and Rhadamanthys stealers inside fake Adobe, FL Studio, and Roblox cheat downloads promoted across hijacked YouTube channels.Starting November 3, 2025, every Firefox add-on must explicitly declare in its code whether it collects user data-or confirm it gathers none.Non-citizens will soon face mandatory biometric capture at every U.S. departure point under a new rule targeting visa overstays and fraud.A proposed bill would compel researchers and firms to report every vulnerability to Russia's security service, mirroring China's state-controlled model.A new MaaS platform equips attackers with an all-in-one RAT that scans for unpatched software and escalates privileges before stealing credentials and crypto.An engineer's iLife robot was remotely disabled by the manufacturer when he firewalled its data uploads exposing hidden kill switches in everyday IoT devices.​Let's go discover!Find the full transcript here.

People who live the longest aren't always the ones with the “perfect” body weight. In fact, research suggests that being slightly overweight can actually increase your life expectancy. It sounds counterintuitive, but the science may surprise you. Listen as I explain what's really going on. https://healthland.time.com/2013/01/02/being-overweight-is-linked-to-lower-risk-of-mortality/ Ever since the dawn of the Internet, we've been told to guard against hackers — but today's biggest threat isn't hacking, it's scamming. Cybercriminals are more cunning than ever, tricking millions into giving up money and information every day. If you think you are too clever to be taken by cyber-scammers, think again. Eric O'Neill — former FBI undercover operative, national security attorney, and cybersecurity strategist — reveals how modern scams work and how to stop them before they get to you. He's the author of Spies, Lies, and Cybercrime: Cybersecurity Tactics to Outsmart Hackers and Disarm Scammers (https://amzn.to/4nRvvv1). Imagine medicine without X-rays, CT scans, or MRIs. It's impossible — these imaging breakthroughs revolutionized how doctors diagnose and treat disease. Yet not long ago, the idea of seeing inside the body without a single incision was pure fantasy. Dr. Daniel K. Sodickson, chief of innovation in radiology at NYU Grossman School of Medicine and author of The Future of Seeing: How Imaging Is Changing Our World (https://amzn.to/3KNz3zS), shares the fascinating story of how imaging transformed modern medicine — and what's coming next. Sarcasm might seem like just a clever way to joke around but it's actually good exercise for your brain. Using and understanding sarcasm requires multiple parts of your mind to work together. Listen as I explain why being sarcastic might make you sharper. https://www.hbs.edu/faculty/Pages/item.aspx?num=49283&utm Learn more about your ad choices. Visit megaphone.fm/adchoices

If you like what you hear, please subscribe, leave us a review and tell a friend!

We kicked off the program with four news stories and different guests on the stories we think you need to know about!Pawtriots Pet Adoption “TailGate” that was hosted last Sunday by the Krafts at Patriots Place. It was a success with 30 dogs finding forever homes! Guest: Dr. Dana Blumberg Kraft – Ophthalmologist and philanthropist Boston Arts Academy Foundation's 2025 Honors Celebrates Visionary Leaders in Visual Arts, Design, Film, Fashion, Music and Civic Responsibility. Guest: Denella Clark – Boston Arts Academy Foundation President & CEO Jack Thomas Book & Upcoming Luncheon on Friday the 24th.Guest: Geri Denterlein – wife of the late Jack Thomas On Monday, Amazon Web Services (AWS) went down in the US causing a ripple effect, from governments to small businesses. Cybercriminals & hackers can easily take advantage of outages to deploy array of social engineering attacks. We'll discuss “cyber-hygiene” & how to stay protected against cyber-attacks.Guest: Stefanie Schappert, MSCY, CC, Senior Journalist at Cybernews, is an accomplished writer with an M.S. in cybersecurity

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

If you like what you hear, please subscribe, leave us a review and tell a friend!Cybercriminals are exploiting popular platforms and software, from WordPress and Oracle-linked systems to Android apps, and even targeting law firms and Salesforce through phishing, zero-day, and extortion attacks. Meanwhile, security firms and tech companies including OpenAI and Microsoft are actively disrupting these operations, though missteps like false end-of-life flags in Defender highlight ongoing cybersecurity challenges.

In this episode, Mike Baker, Vice President and Global CISO at DXC Technology, says the cyber industry has been focusing on the wrong side of AI. He believes too many companies use it only to block threats instead of studying how criminals use it to scale phishing, bypass defenses, and deploy adaptive malware. Attackers are learning faster than ever, and security teams must catch up. Mike argues that defenders need to think differently and use AI as both protection and opportunity. He shares how DXC is already doing this. The company has brought autonomous AI agents into its security operations through a partnership with 7AI. These agents process alerts that used to require hours of human effort. The result is faster detection, less burnout, and more time for analysts to investigate real threats. By cutting manual work by more than eighty percent, DXC has shown how AI can make cybersecurity teams stronger, not smaller. Zero Trust remains a core part of DXC's strategy. Mike calls it a journey that never ends. It needs cultural change, constant learning, and leadership that keeps security invisible to end users. AI now plays a role here too, improving identity checks and spotting access issues in real time. Yet, he reminds us, AI still needs people in the loop for oversight and judgment. We also talk about supply chain risks. Too many companies still treat risk assessments as one-time tasks. Mike pushes for continuous monitoring and close collaboration with suppliers. He closes the conversation on a hopeful note. AI will not replace people in cybersecurity, he says. It will make their work more meaningful and more effective if used with care and common sense.

CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this Threat Vector segment, host David Moulton⁠ is joined by⁠ Kyle Wilhoit⁠ of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation⁠ here⁠, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers) Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer) South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian) JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines) Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread) Landlords Demand Tenants' Workplace Logins to Scrape Their Paystubs (404 Media) Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog) Why burnout is a growing problem in cybersecurity (BBC) Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security. 00:00 Introduction and Overview 00:55 Microsoft's Extinction Level Vulnerability 05:19 European Airports Cyber Attack 08:20 SpamGPT: AI for Cyber Criminals 09:53 Shadow Leak: Zero Click AI Vulnerability 12:09 Trade Ogre Takedown 14:50 Conclusion and Upcoming Events

Emily Forlini of PCMag joins Mikah Sargent on Tech News Weekly this week! OpenAI is being sued following a teen's suicide, which was blamed on ChatGPT. Detecting and countering the misuse of AI. A review of the Pixel 10 Pro. And Meta has poured $10 billion into rural Louisiana to build an ambitious data center. (Content Warning) Emily talks about a lawsuit that was brought to OpenAI following a teen's suicide after using ChatGPT. Mikah discusses Anthropic's recent threat intelligence report, which examines how bad actors are finding ways to misuse the company's AI models. Allison Johnson of The Verge chats with Mikah about her review of the Pixel 10 Pro phone and how the new feature, Magic Cue, impressed Allison at times. And finally, MIkah shares how Meta has invested $10 billion into a rural part of Louisiana to build a large data center to fuel the company's AI ambitions. (If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country.) Hosts: Mikah Sargent and Emily Forlini Guest: Allison Johnson Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io smarty.com/twit threatlocker.com/twit

Emily Forlini of PCMag joins Mikah Sargent on Tech News Weekly this week! OpenAI is being sued following a teen's suicide, which was blamed on ChatGPT. Detecting and countering the misuse of AI. A review of the Pixel 10 Pro. And Meta has poured $10 billion into rural Louisiana to build an ambitious data center. (Content Warning) Emily talks about a lawsuit that was brought to OpenAI following a teen's suicide after using ChatGPT. Mikah discusses Anthropic's recent threat intelligence report, which examines how bad actors are finding ways to misuse the company's AI models. Allison Johnson of The Verge chats with Mikah about her review of the Pixel 10 Pro phone and how the new feature, Magic Cue, impressed Allison at times. And finally, MIkah shares how Meta has invested $10 billion into a rural part of Louisiana to build a large data center to fuel the company's AI ambitions. (If you or someone you know is having thoughts of suicide or self-harm, please contact the 988 Suicide & Crisis Lifeline - call or text 988 or chat online at chat.988lifeline.org. If you are located outside the United States, please visit findahelpline.com to find a helpline in your country.) Hosts: Mikah Sargent and Emily Forlini Guest: Allison Johnson Download or subscribe to Tech News Weekly at https://twit.tv/shows/tech-news-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io smarty.com/twit threatlocker.com/twit

Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercriminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UK's decision to drop digital backdoor requirements. WIRED gets duped by an AI author. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies joins to discuss the U.K. dropping ‘back door' demand for Apple user data. Read the article Ben discusses. If you enjoyed this conversation and want to hear more from Ben, check out our Caveat podcast here. Selected Reading Farmers Insurance Data Breach Impacts Over 1 Million People (SecurityWeek) "Scamlexity": When Agentic AI Browsers Get Scammed (Guardio) Bill would give hackers letters of marque against US enemies (The Register) Fake macOS help sites push Shamos infostealer via ClickFix technique (Help Net Security) New Android malware poses as antivirus from Russian intelligence agency (Bleeping Computer) CISA Requests Public Feedback on Updated SBOM Guidance (SecurityWeek) Electronics manufacturer Data I/O reports ransomware attack to SEC (The Record) Salesforce patches multiple flaws in Tableau Server, at least one critical (Beyond Machines) 370,000 Grok AI chats leaked after being indexed on Google (Cyber Daily) How WIRED Got Rolled by an AI Freelancer (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA's leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft's SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won't Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Senate confirms a new national cyber director. A new commission explores the establishment of a separate Cyber Force. Cybercriminals exploit link wrapping to launch sophisticated phishing attacks. AI agents are hijacked, cameras cracked, and devs phished. Gene sequencers and period trackers settle allegations of oversharing personal data and inadequate security. Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack. OpenAI scrambles after a chat leak fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. You can read Tim's article on the topic here. CyberWire Guest Today we are joined by Tim Starks from CyberScoop discussing how China accuses the US of exploiting Microsoft zero-day in a cyberattack. Selected Reading Sean Cairncross confirmed as national cyber director (The Record) Panel to create roadmap for establishing US Cyber Force (The Record) Microsoft 365: Attackers Weaponize Proofpoint and Intermedia Link Wrapping to Steal Logins (WinBuzzer) When Public Prompts Turn Into Local Shells: ‘CurXecute' – RCE in Cursor via MCP Auto‑Start (Aim Security) LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (Hackread) Bitdefender Warns Users to Update Dahua Cameras Over Critical Flaws (Hackread) Mozilla warns of phishing attacks targeting add-on developers (Bleeping Computer) Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities (SecurityWeek) Flo settles class action lawsuit alleging improper data sharing (The Record) ChatGPT users shocked to learn their chats were in Google search results (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China's cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire GuestOur guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider. Selected Reading Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines) CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber) CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News) Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal) Cybercrooks use Raspberry Pi to steal ATM cash (The Register) Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek) Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record) Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN) Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine) Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices