Podcasts about cybersecurity

Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be

Jeff and Jim sit down with David Llorens, principal at RSM, to break down the RSM 2026 Attack Vectors Report. Drawing from real-world offensive security engagements, David explains why identity continues to be the primary attack surface, how AI chatbots are creating new vulnerabilities through prompt injection, and what separates organizations that get breached from those that don't. The conversation covers MFA gaps, the explosion of non-human identities, why PAM is the top investment priority for 2026, and how CISOs can align security spending with business objectives. Plus, the episode wraps up with soccer stories and some quality trash talk.Connect with David: https://www.linkedin.com/in/david-llorens-009a3310/Review RSM's 2026 Attack Vectors Report: https://rsmus.com/insights/services/risk-fraud-cybersecurity/rsm-attack-vector-report.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 - Intro and Jim's big personal news4:51 - Main topic intro: RSM 2026 Attack Vectors Report5:55 - David's origin story and how he got into cybersecurity9:53 - What a principal is at RSM and David's current role11:16 - What the Attack Vectors Report is and how it is created14:40 - Why identity security is a dominant theme in this year's report17:19 - What separates organizations that get breached from those that don't18:18 - MFA as the first line of defense18:45 - Privileged access management as a growing priority19:40 - Detecting lateral movement through identity anomalies21:00 - Credential rotation as an advanced defensive technique22:26 - Non-human identities and service account risks24:37 - Middle market challenges and budget constraints25:17 - Is it the size of the budget or how you spend it?28:29 - Using internal audit and cross-department collaboration for security wins30:15 - Cybersecurity as a business enabler, not a deterrent32:45 - Non-human identities and agentic AI creating new attack surfaces35:51 - Prompt injection attacks and AI chatbot vulnerabilities39:42 - Actionable recommendations for practitioners42:41 - MFA implementation gaps and session hijacking45:02 - The case for FIDO2 and layered conditional access46:35 - Is identity security a board-level issue?49:47 - Three things CISOs should focus on through 202650:52 - PAM as the top investment priority51:28 - Removing unnecessary privileges from users56:11 - Redefining what privilege means in your organization57:43 - Social media accounts as privileged access58:42 - Credentials stored in SharePoint and OneDrive59:38 - Wrap up and where to find the report59:58 - Lighter topic: David's soccer background and playing semi-pro1:05:06 - Best trash talk stories1:07:03 - Jim's trash talk philosophy: scoreboard1:08:00 - Jeff's basketball trash talk and calling his shots1:10:00 - Final thoughts and sign offKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, David Llorens, RSM, attack vectors report, offensive security, penetration testing, identity security, MFA, multifactor authentication, privileged access management, PAM, non-human identities, service accounts, agentic AI, AI security, prompt injection, lateral movement, credential rotation, FIDO2, conditional access, session hijacking, middle market, CISO, board-level security, certificate-based authentication, active directory, configuration management, shadow AI

The episode centers on the evolving responsibility and risk allocation within cybersecurity distribution, with particular focus on Exclusive Networks' approach. Jason Beal, as president of Exclusive Networks North America, outlines their emphasis on a technical workforce, maintaining a 1:3 ratio of engineers to sales representatives. This structure is positioned to address the increasing complexity of cybersecurity and the demands faced by service provider partners, aiming to support solution integration and customer needs while clarifying each party's liability. Supporting this structure, Jason Beal identifies the role of the distributor as both an extension and enabler for MSPs and IT services companies. Distributors are expected to supplement partners' capabilities—whether technical, financial, or operational—without assuming technology failure risk, which remains with the original technology vendors. Discussion of shared responsibility models also distinguishes between sales success (customer adoption, retention) and risk management. Recent developments in cyber insurance are cited as having reduced the direct risk burden on MSPs, shifting much of the liability away from service providers toward technology creators, albeit within contractually defined limits. Adjacent to cybersecurity, the conversation addresses skill and adoption gaps prompted by rapid technical innovation, specifically referencing artificial intelligence (AI). Jason Beal quantifies educational efforts by highlighting a collaboration with Cal Poly San Luis Obispo, which has seen 100 students engaged to help address workforce shortfalls in cybersecurity and AI. Additionally, academic experience informs the importance of modernizing IT operations curricula to better reflect current business challenges, such as cloud, AI, and global supply chain impacts. For MSPs and IT service providers, implications include the growing necessity to audit core competencies and allocate resources strategically, leveraging distributors not just for sourcing products but for specialized expertise, integration, and operational support. Risk mitigation remains tied to understanding contract language, vendor accountability, and developments in cyber insurance. The pace of AI and other technology adoption requires continuous education and careful evaluation of both operational risk and the practical limitations of solutions promoted by the channel and distribution partners.

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today's “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk. The research can be found here: Parked Domains Become Weapons with Direct Search Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Message 00:24 Weekend Edition Intro 00:32 Meet Carey Frey 02:07 Carey's Cyber Origin Story 03:47 Telus Security Two Hats 06:22 Identity's Broken Legacy 08:43 Why PKI Didn't Win 11:25 Passkeys Missed Moment 14:10 SSO Tokens Surprise 19:50 Session Theft Reality 23:18 Agentic AI Stakes 24:17 Building Identity Playbook 25:24 Identity Maturity Model 25:49 Fixing OAuth and SAML 27:00 Industry Call to Action 27:37 Where to Find the Handbook 28:06 Not a Vendor Pitch 30:13 Agentic AI Identity Gaps 31:30 Auto Browse Threat Scenario 33:12 Lethal Trifecta Explained 34:31 Ephemeral Agents and Forensics 37:08 Supply Chain Agent Malware 38:20 Crypto Roots of Trust 39:35 Proof Tokens and Reauth 40:17 Delegation Guardrails 42:34 Regulation or Market Forces 44:25 Practical Risk Decisions 46:20 Wrap Up and Next Resources 48:00 Sponsor and Closing Credits

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

This week we are joined by Dr. Renée Burton, Vice President of Infoblox Threat Intel, discussing "Parked Domains and Direct Search: An Underreported Security Risk." Parked domains are no longer harmless ad pages — new research finds that in today's “direct search” or zero-click parking ecosystem, more than 90% of visits to certain parked lookalike domains lead to scams, malware, or deceptive content, often hidden behind layers of traffic distribution systems and device fingerprinting. The report details three previously unpublished domain portfolio actors who weaponize typosquatting, DNS manipulation — including rare “double fast flux” techniques highlighted in a 2025 advisory from Cybersecurity and Infrastructure Security Agency — and even misconfigured name server records to evade detection and funnel real users toward malicious advertisers. Beyond malvertising, some parked lookalike domains collect misdirected email, fuel business email compromise, and exploit outdated links — including those surfaced by generative AI — underscoring how a simple typo can expose users and enterprises to significant risk. The research can be found here: Parked Domains Become Weapons with Direct Search Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren't Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/

Andrew and Ben break down a busy week on the Friday Deploy, starting with the market reaction to new COBOL tools and the permissions oversights that led to recent outages at AWS. They also explore the shifting landscape of developer productivity studies, the security risks of cloud-hosted agents, and the latest cybersecurity takeaways from the International AI Safety report. Finally, they close out the episode by checking in on a retired Claude model that was given a blog.Follow the show:Subscribe to our Substack Follow us on LinkedInSubscribe to our YouTube ChannelLeave us a ReviewFollow the hosts:Follow AndrewFollow BenFollow DanFollow today's stories:IBM Didn't Lose 13% Because COBOL DiedAWS suffered ‘at least two outages' caused by AI tools, and now I'm convinced we're living inside a ‘Silicon Valley' episodeWe are Changing our Developer Productivity Experiment DesignDeepfakes spreading and more AI companions': seven takeaways from the latest artificial intelligence safety reportGreetings from the Other Side (of the AI Frontier)OFFERS Start Free Trial: Get started with LinearB's AI productivity platform for free. Book a Demo: Learn how you can ship faster, improve DevEx, and lead with confidence in the AI era. LEARN ABOUT LINEARB AI Code Reviews: Automate reviews to catch bugs, security risks, and performance issues before they hit production. AI & Productivity Insights: Go beyond DORA with AI-powered recommendations and dashboards to measure and improve performance. AI-Powered Workflow Automations: Use AI-generated PR descriptions, smart routing, and other automations to reduce developer toil. MCP Server: Interact with your engineering data using natural language to build custom reports and get answers on the fly.

Breaking into Cybersecurity: Peter Swim's Journey from Libraries to Leading AI Conversationshttps://www.linkedin.com/in/peterswimm/In this episode of Breaking into Cybersecurity, we feature Peter Swim, the founder of the consultancy Toilville. Peter shares his unique journey into cybersecurity, starting from working at a library to becoming a product owner at Microsoft. He discusses the importance of security in tech and AI, the impact of working in startups, and how his experiences have shaped his career. Peter also provides valuable advice to juniors in the field, emphasizing the need to stay flexible, keep learning, and find the right organizational culture. This episode is a must-watch for anyone interested in tech, cybersecurity, and career development in the AI space.00:00 Introduction to Peter Swim's Cybersecurity Journey00:58 Early Career and Initial Interest in Tech02:41 Transition to Product Ownership05:03 Balancing Security and User Experience09:19 Career Advice for Aspiring Professionals16:00 The Evolution of Conversational AI21:23 Challenges and Insights in AI and Security26:42 Conclusion and Final ThoughtsSponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why they pivoted into cyber, what the process was they went through, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership, as well as tips/tricks/advice from cybersecurity leaders.Check out our books:The Cybersecurity Advantage - https://leanpub.com/the-cybersecurity-advantageDevelop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence, from Entry-level to Expert roleshttps://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Careerhttps://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and encouraging more people to enter the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping secure people and processes, drawing on a solid understanding of the technologies involved. He has over ten years of experience as an Information Security Manager and Cybersecurity Strategist. He is passionate about customer service, process improvement, and information security. He has significant expertise in optimizing technology use while balancing its implications for people, processes, and information security, through a consultative approach.https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching at https://www.cpf-coaching.comWebsite: https://www.cyberhubpodcast.com/breakingintocybersecurityPodcast: https://podcasters.spotify.com/pod/show/breaking-into-cybersecuriYouTube: https://www.youtube.com/c/BreakingIntoCybersecurityLinkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

No Password Required: Next Gen – Ep. 1 - Michelle McAveety Michelle McAveety- Cyber Competitions, Crowd Surfing & Main-Character Energy Welcome to our new spinoff series, No Password Required: Next Generation.  Where we go behind the scenes and interview up-and-coming young professionals in cybersecurity! Whether you're trying to figure out your career path, looking for a little inspiration, or just want to have a laugh while learning about the industry, this show is for you. Real stories. Real journeys. Next Gen Cyber. About this episode: Michelle McAveety is a Computer Engineering and Math student at USF and the Team Captain of the CyberHerd, the university's cybersecurity competition team. We get into the chaos and adrenaline of competition life, what it's like leading in a high-pressure cyber environment, and how she balances it all without losing herself. Spoiler: the answer includes crocheting, blasting heavy metal, going to concerts, and possibly crowd surfing if the vibe is right. Michelle also drops some real advice opening up about the pressure to compare yourself in competitive fields and why staying grounded and focused on your own path is the real win. Follow Michelles journey on linked in! https://www.linkedin.com/in/mcaveety/   Chapters: 00:39 - Who is Michelle?  00:54-  Being in Cyberherd  01:38- Hobbies that bring Michelle Joy!   02:51- Comparison and Growth   

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Stop ransomware without the hassle. Allow what you need and block the rest with ThreatLocker Zero Trust Platform — simple to deploy, simple to manage: https://www.threatlocker.com/dailycyber Check out Flare.io Academy at https://simplycyber.io/flare Secure Your Google Workspace Without the Guesswork: https://simplycyber.io/materialCheck out Pay-What-You-Can Antisyphon Training: https://simplycyber.io/antisyphon SC Academy - The Place for Cyber Careers: https://zpr.io/mYV5232V66Qn Join SC Discord: https://SimplyCyber.io/Discord News: https://cisoseries.com Follow SC: https://simplycyber.io/socials

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks Next up is the security news: Controlling 7,000 robot vacuums Curl finds not all AI is bad Palo Alto says "These are not the ties to China you were looking for" Bloomberg writes an article that sheds light on Ivanti Looking for BLE is a trend Don't use AI to generate you passwords New research on hacking Samsung TVs Its not all about gadgets Ring's new bug bounty Paul will be voted in as Prime Minister of Denmark? Hacking AI, AI does some hacking, and hackers are talking about AI Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-915

There is a question that sounds almost embarrassingly simple. After a vulnerability is discovered in a piece of widely used software — something like Log4Shell, which shook the security world and left hundreds of thousands of organizations exposed overnight — the question organizations scrambled to answer was this: where is this code, and what does it touch? Most couldn't answer it. Not the Fortune 500 companies. Not the government agencies. Not the critical infrastructure operators. Not the hospitals or the banks or the utilities. They had built and bought mountains of software over years and decades, and when the moment came to understand what was actually inside it, they were effectively blind. That gap is exactly what Daniel Bardenstein set out to close when he co-founded Manifest Cyber in 2023. And in a conversation on ITSPmagazine's Brand Highlight series, he made a case for technology transparency that is hard to argue with — not because it's technically complex, but because the analogy he draws is so strikingly obvious once you hear it. "If you want to buy a house, you get to go inside the house, do the home inspection," he said. "You want to buy food from the grocery store — you can look at the ingredients. Even our clothes tell you what they're made of, how to care for them, and where they're from." But software? The technology running hospital MRI machines, weapon systems, financial infrastructure, water delivery? No transparency required. No ingredient label. No inspection rights. Just trust. That trust, as Log4Shell demonstrated, is a vulnerability in itself. Bardenstein came to this problem with credentials that few founders in the space can claim. Before starting Manifest, he spent four and a half years in the US government leading large-scale cyber programs and serving as technology strategy lead at CISA — the Cybersecurity and Infrastructure Security Agency. He saw firsthand how defenders are perpetually at a disadvantage, operating without the basic visibility they need to do their jobs. His mission became building the tools to change that. The problem, he's quick to point out, has not improved in the years since Log4Shell. Software supply chain attacks have multiplied — XZ Utils, NPM Polyfill, and others following the same pattern: trusted software becomes the attack vector, and it spreads fast. Meanwhile, most security teams are still operating with SCA tools that generate noisy, overwhelming alerts and vendor risk programs built on Excel spreadsheets and questionnaires rather than actual empirical data about the security of what they're buying. "Security teams have a false sense of security," Bardenstein said. The gap between what organizations think they know and what they actually know about their software supply chains remains dangerously wide. Manifest Cyber addresses this across the full lifecycle. For organizations that build software, the platform maps every open source dependency, assesses it for risk, and ensures developers can write more secure code without losing velocity. For organizations that buy software — which is everyone — it finds risks before procurement, then continuously monitors every third party component so that when something breaks, they know the blast radius in seconds, not weeks. The timing matters. Regulation is catching up to the problem. The EU AI Act, the Cyber Resilience Act, and a growing body of global policy are beginning to demand exactly the kind of software supply chain transparency that Manifest is built to provide. Organizations that wait to build this capability will find themselves scrambling to comply — those that build it in now will have it as a competitive advantage. The ingredient label for software has always been missing. Manifest Cyber is writing it. ________________________________________________________________ Marco Ciappelli interviews Daniel Bardenstein, CEO & Co-Founder of Manifest Cyber, for ITSPmagazine's Brand Highlight series. HOST Marco Ciappelli — Co-Founder & CMO, ITSPmagazine | Journalist, Writer & Branding Advisor

AI isn't coming. It's already embedded in your organization.In Episode 1 of The Executive AI Series, we start with a leadership wake-up call. We explore how AI is reshaping productivity, accountability, and even how we think at work, often faster than organizations are ready for.Executives across industries are waking up to a simple but uncomfortable reality: AI is already influencing productivity, decision-making, meeting documentation, memory, and daily workflows. Teams are recording meetings. Leaders are outsourcing thinking. Dependency is forming faster than policies.Artificial intelligence didn't enter the workplace with a launch date. It quietly embedded itself into the tools we already use and the decisions we already make.I

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you Cybercrime Magazine, Page ONE for Cybersecurity. Listen to the podcast weekly and read it daily at https://ransomwareminute.com. For more on cybersecurity, visit us at https://cybercrimemagazine.com.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks Next up is the security news: Controlling 7,000 robot vacuums Curl finds not all AI is bad Palo Alto says "These are not the ties to China you were looking for" Bloomberg writes an article that sheds light on Ivanti Looking for BLE is a trend Don't use AI to generate you passwords New research on hacking Samsung TVs Its not all about gadgets Ring's new bug bounty Paul will be voted in as Prime Minister of Denmark? Hacking AI, AI does some hacking, and hackers are talking about AI Show Notes: https://securityweekly.com/psw-915

Realities Remixed, formerly know as Cloud Realities, launches a new season exploring the intersection of people, culture, industry, and tech. Energy transportation is a deeply local business, safely delivering gas and electricity, more and more from renewable sources, directly to the communities it serves. Technology and AI help make that possible by strengthening safety, bringing companies closer to customers, and enabling teams to build the future together. This week, Dave, Esmee, and Rob are joined by John Koerwer, CIO of UGI Corporation, to explore explore why “the business” and tech still struggle to speak the same language, nd what helps close the gap.TLDR00:35 – Introduction01:17 – Hang out: new toys and coffee07:55 – Dig in: the business - tech divide21:07 – Conversation with John Koerwer59:40 – The amazing AI technology in The Sphere's version of The Wizard of OzGuestJohn Koerwer: https://www.linkedin.com/in/john-koerwer-46102127/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Realities Remixed' is an original podcast from Capgemini

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Stop ransomware without the hassle. Allow what you need and block the rest with ThreatLocker Zero Trust Platform — simple to deploy, simple to manage: https://www.threatlocker.com/dailycyber Check out Flare.io Academy at https://simplycyber.io/flare Secure Your Google Workspace Without the Guesswork: https://simplycyber.io/materialCheck out Pay-What-You-Can Antisyphon Training: https://simplycyber.io/antisyphon SC Academy - The Place for Cyber Careers: https://zpr.io/mYV5232V66Qn Join SC Discord: https://SimplyCyber.io/Discord News: https://cisoseries.com Follow SC: https://simplycyber.io/socials

In this episode of the CISO Tradecraft podcast, PKWARE Field CTO EJ Pappas joined host G Mark Hardy and Ross Young. The group talked about many challenges and solutions for modern data security. One critical component is the shift from platform-centric to data-centric security. The experts also discussed the barriers to data visibility that CISOs face and how discovery solutions bring clarity. No conversation could be complete without AI and its role as both a defensive framework and the threats it carries. Tune into this engaging conversation with takeaways that are practical and useful.

Artificial intelligence is not merely influencing cybersecurity — it is redefining it. What was once a battle of firewalls and antivirus software has become an intelligence war between automated defenders and increasingly automated attackers. As discussed in the Snowpal podcast conversation with Alex Lanstein, CTO of StrikeReady , the landscape has evolved from spam botnets and early cybercrime to highly targeted, state-sponsored, and supply-chain-level attacks. Today, AI accelerates both sides of the battlefield.

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks Next up is the security news: Controlling 7,000 robot vacuums Curl finds not all AI is bad Palo Alto says "These are not the ties to China you were looking for" Bloomberg writes an article that sheds light on Ivanti Looking for BLE is a trend Don't use AI to generate you passwords New research on hacking Samsung TVs Its not all about gadgets Ring's new bug bounty Paul will be voted in as Prime Minister of Denmark? Hacking AI, AI does some hacking, and hackers are talking about AI Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-915

Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199

DOD – Disrupter Disrupters China markets reopening after Lunar New Year Mexico Cartel Wars Refunds requested for the illegal tariffs PLUS we are now on Spotify and Amazon Music/Podcasts! Click HERE for Show Notes and Links DHUnplugged is now streaming live - with listener chat. Click on link on the right sidebar. Love the Show? Then how about a Donation? Follow John C. Dvorak on Twitter Follow Andrew Horowitz on Twitter Warm-Up - The CTP for Caterpillar announced - DOD - Disrupter Disrupters - China markets reopening after Lunar New Year - Mexico Cartel Wars (Jalisco) Markets - Mortgage Rates - looking good! - Tariffs found illegal - that is not stopping anything - Refunds requested for the illegal tariffs - Monday's big drop and AI taking a bite out of stock prices Tariffs - First, who actually knows what is going on. 100% chaos - Supreme court ruled illegal (6-3) - 10% flat across all countries immediately added - Wait a day and make that 15% - FedEx seeks refund for illegal IEEPA tariffs imposed by Trump after the Supreme Court ruled Trump's tariffs exceeded authority - Numerous lawsuits expected for IEEPA tariff refunds - Apple has spent more than $3 billion on tariffs since President Donald Trump enacted his trade policies. What about that? (HOW TO FIGURE OUT WHO GETS THE REFUND) --- Estimate that $175B tariffs have been collected alreay - A group of 22 U.S. Senate Democrats on Monday introduced legislation that would require President Donald Trump's administration to fully refund within 180 days all of the revenue, with interest, collected from tariffs struck down by the U.S. Supreme Court. - The legislation would require the Customs and Border Protection agency, which collects tariffs at U.S. ports of entry, to prioritize small businesses. - The U.S. Customs and Border Protection agency said it will halt collections of tariffs imposed under the International Emergency Economic Powers Act at 12:01 a.m. EST (0501 GMT) on Tuesday Stop The Presses - After years of JCD's rants....... - Apple will soon introduce MacBooks with touch screens - Apple Inc.'s initial touch Macs will have the Dynamic Island at the center top of the display and OLED screen technology. The new MacBook Pro models will have a refreshed, dynamic user interface that can shift between being optimized for touch or point-and-click input. Europe Reacts - "The current situation is not conducive to delivering 'fair, balanced, and mutually beneficial' transatlantic trade and investment, as agreed to by both sides" in the joint statement setting out the terms of last year's trade agreement, the Commission said. "A deal is a deal." - All active discussions are halted on any USA/Europe trade deal The Potential Winners - Brazil and China may be the winners here - Chinese President Xi Jinping has a boost in bargaining power after the US Supreme Court invalidated Donald Trump's broad emergency tariffs, a key point of leverage over China. - The removal of tariff threats will make it harder for Trump to press Xi for larger purchases of certain products and leaves him without a key weapon to strike back if Chinese negotiators make fresh demands. - Xi's team will likely push harder for access to advanced semiconductors, the removal of trade restrictions on Chinese companies, and reduced US support for self-ruled Taiwan, according to Wu Xinbo, director at Fudan University's Center for American Studies. NVDA Earnings - NVIDIA drops its fiscal Q4 2026 (ended Jan 2025) results tomorrow—another make-or-break moment for the AI trade. - The bar is sky-high after years of blowout beats, but whispers of "peak AI" and slowing growth momentum have investors on edge. --- Consensus Expectations : ----Revenue: ~$65.6–$66.1 billion (up ~67–68% YoY from last year's ~$39B; guided $65B ±2% in prior report) ------EPS (adjusted/non-GAAP): ~$1.50–$1.53 (up ~70–72% YoY from $0.89). --------Gross margins: Targeting ~75% non-GAAP (holding strong despite supply chain noise). -----------Key driver: Data Center segment expected to crush ~$58–$60B, fueled by Blackwell ramp and hyperscaler spend. Home Depot Earnings - The home-improvement retailer gained 2.7% after posting fourth-quarter adjusted earnings of $2.72 per share on revenues of $38.20 billion. - That exceeded the per-share earnings of $2.54 on revenues of $38.12 billion expected by analysts polled by LSEG. AMD News - The semiconductor maker rose about 11% after it inked a multiyear deal with Meta to lend up to 6 gigawatts of its graphics processing units to artificial intelligence data centers. - The cost of the deal is unclear, but the companies' agreement includes a a performance-based warrant that could amount to up to 160 million of AMD shares, according to a statement dated Tuesday. - Meta has committed to deploying up to 6 gigawatts (GW) of AMD's Instinct GPUs (high-end graphics processing units optimized for AI workloads) to power its massive AI data centers. - Analysts estimate the GPU portion alone could be worth $60–$100+ billion over 5+ years Mortgage Rates - The average rate on the popular 30-year fixed mortgage fell to 5.99% on Monday, according to Mortgage News Daily, matching its lowest levels since 2022. - Last year at this time the rate was 6.89%. - A buyer putting 20% down on the median priced home, about $400,000 according to the National Association of Realtors, would have a monthly payment of $1,916 for the principal and interest. One year ago, that payment would have been $2,105, a difference of $189. Life Insurance Record - Manulife Financial Corp. sold a $300 million life insurance policy in Singapore, topping what Guinness World Records certified as the most valuable policy ever issued. - The policy surpasses the previous record of $250 million, set by HSBC Life in Hong Kong in 2024. Manulife said in a statement Tuesday that the deal reflects growing demand from ultra-wealthy clients to preserve their assets. - In Singapore over the past 12 months, Manulife has issued 25 individual policies each worth more than $50 million. Bitcoin Rout - Gemini said it was axing as much as a quarter of its staff and exiting the UK, European Union and Australia entirely. - This week, it parted with its chief operating officer, chief financial officer and chief legal officer, all in a single day. - Its stock has fallen more than 80% from a post-listing high last year, collapsing its market value from a peak of almost $4 billion to under $700 million. Over the Greenland - USA sending a "hospital ship" over - Trump's post on the ship came hours after Denmark's Joint Arctic Command said it had evacuated a crew member who required urgent medical treatment from a U.S. submarine in Greenlandic waters, seven nautical miles outside of Greenland's capital, Nuuk. - Greenland said thanks but no thanks So Long! - U.S. investors are pulling money out of their own stock market at the fastest pace in at least 16 years as Big Tech returns fade and better-performing overseas markets look more attractive. - In the last six months, U.S.-domiciled investors have pulled some $75 billion from U.S. equity products, with $52 billion flowing out since the start of 2026 alone, the most in the first eight weeks of the year since at least 2010 AI Disruption - DOD (Disruption of Disrupters) - CrowdStrike -9.8% and other cybersecurity names under heavy pressure again as AI disruption fears build following Anthropic's Claude Code release - - Cybersecurity stocks are under broad pressure today, extending recent weakness following Friday's launch of Claude Code Security by Anthropic. Claude Code Security scans codebases for vulnerabilities and suggests software patches for human review, fueling a narrative that AI platforms may be moving more quickly into parts of the security workflow than investors had previously expected. For cybersecurity, that raises concern around the forward demand outlook and competitive positioning, particularly in areas tied to application security, cloud security, identity workflows, and security operations automation, where AI-native tools could start to narrow perceived differentiation. - The move suggests investors are still sorting through the implications for product overlap, pricing power, and competitive positioning as AI capabilities evolve quickly. - IBM shares dropping toward lows of the session; attributed to news that Claude can automate cobol modernization COBOL (Common Business-Oriented Language) is a high-level, English-like programming language created in 1959 for business, finance, and administrative data processing. It is renowned for its verbosity, readability, and reliability, processing massive amounts of transactions on mainframe systems,, notes NetCom Learning and IBM. Despite being decades old, it remains critical in banking, insurance, and government sectors. - It is estimated that 70-80% of the world's business transactions are processed by COBOL Grok's Prediction about Future of OpenAi/ChatGPT Scenario Likelihood (My Estimate) Key Factors Outcome for OpenAI/ChatGPT Thriving Leader Medium (40%) Sustained breakthroughs, partnerships (e.g., Microsoft), regulatory wins OpenAI as AI giant; ChatGPT as ecosystem hub for agents/robots Evolved Survivor High (50%) Adaptation to agents/hardware; mergers Exists but rebranded; ChatGPT integrated into daily life tools Decline/Acquisition Low (10%) Overcompetition, funding collapse Absorbed or legacy; ChatGPT commoditized or obsolete Quick check on Europe Shares - European company earnings growth is picking up this reporting season against a tentatively improving economic backdrop, but wary investors are demanding more than solid results to justify sky-high valuations. - Companies representing 57% of Europe's market capitalization have reported so far, achieving average earnings growth of 3.9% in the fourth quarter, ahead of estimates for a final result of a contraction of 1.1% --- That is a big differential.... +3.9 vs -1.1 Iran Talks - News over the weekend that Iran will look to discuss a variety of items and potentially get a deal.... energy, mining and aircraft - Best guess: Iran will string us along like Russia is doing and we will say we have some kind of bogus deal. --- There is some talk of US "going in" as we are building military presence. Supposedly there are some saying it could be a multi-week incursion. - What is the plan - Regime change? What is this? - A divided Supreme Court on Tuesday ruled that Americans can't sue the U.S. Postal Service, even when employees deliberately refuse to deliver mail. - By a 5-4 vote, the justices ruled against a Texas landlord, Lebene Konan, who alleges her mail was intentionally withheld for two years. Konan, who is Black, claims racial prejudice played a role in postal employees' actions. - Justice Clarence Thomas, writing for a majority of five conservative justices, said the federal law that generally shields the Postal Service from lawsuits over missing, lost and undelivered mail includes “the intentional nondelivery of mail.” - So can ballots just be thrown in garbage for mail-ins for one party that will throw out another party's?     Love the Show? Then how about a Donation? HE CLOSEST TO THE PIN for CATERPILLAR Winners will be getting great stuff like the new "OFFICIAL" DHUnplugged Shirt!     FED AND CRYPTO LIMERICKS   See this week's stock picks HERE Follow John C. Dvorak on Twitter Follow Andrew Horowitz on Twitter

The Roundtable Panel: a daily open discussion of issues in the news and beyond. Today's panelists are Executive Vice President for Academic Affairs at Bard College, Director for the Center for Civic Engagement and Professor of Political Studies Jonathan Becker; public policy and communications expert Theresa Bourgeois; Dean of the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany Robert Griffin, and Professor of Theatre at Siena University Mahmood Karimi Hakak.

In this episode, Ryan Quirk from Sparrow Risk Group discusses the various risks and threats businesses face today, particularly in the realm of cybersecurity. He shares insights from his extensive background in risk management and law enforcement, emphasizing the importance of understanding both threats and vulnerabilities. Ryan highlights the growing issue of business email compromise and social engineering attacks, providing practical advice for business owners to protect themselves. He also discusses the innovative programs Sparrow Risk Group is developing to enhance security for clients.takeawaysRyan Quirk has a diverse background in risk management and law enforcement.Sparrow Risk Group focuses on holistic risk mitigation rather than just security.Emotional reactions can cloud judgment in crisis situations.Predictions for 2023 included geopolitical conflicts and shifts in technology.Business email compromise is a significant threat to businesses.Social engineering exploits trust and urgency to manipulate individuals.Cybersecurity measures can be affordable and effective for businesses.Understanding vulnerabilities is key to mitigating risks.The importance of taking a moment to assess threats before reacting.Sparrow Risk Group is developing new programs to enhance client security.keywords: risk management, cybersecurity, business threats, social engineering, email compromise, security solutions, risk mitigation, Ryan Quirk, Sparrow Risk Group, business protection

Transformation continues to be the word at the top of leaders' minds. Whether it's due to changes in technology with AI, market shifts, the regulatory landscape, or unexpected global events, leaders are looking to transform their organization's operations and culture to be more agile, innovative, and resilient. In today's Redefiners, Marla Oates and Tomas Chamorro-Premuzic talk with former Telstra CEO and managing Director, Andy Penn, about how he led the transformation of Australia's largest telecommunications company. Andy shares what it was like stepping into the CEO role at Telstra at a turbulent time for the company, its customers, and the board. He talks about the key lessons he learned leading a multi-year company-wide transformation effort, and how he put the right team and culture together to get it done. He also talks about his current roles in cybersecurity, providing critical insights on how to prepare for and deter cyber-attacks. We'll also hear from Tuck Rickards, a leadership advisor at Russell Reynolds Associates, who will discuss what he believes is the leadership formula for effective AI transformation. Four things you'll learn from this episode: The key steps and KPIs when implementing a transformation project Tips on putting together the right leadership team and organizational culture to help make reinvention happen How to prepare for cyber-security risks while balance the productivity benefits of AI projects How to successfully transition from CEO to board and advisory roles If you enjoyed this episode, you might also like these Redefiners episodes: Talking Transformational Leadership with RRA's CEO Constantine Alexandrakis Leadership Lounge: How to Build a Top-Performing C-suite: The Leadership Blueprint for Sustained High Performance Trust Your Gut: AXA's Thomas Buberl Talks Transformation and Reinvention Leadership Lounge: From Firefighting to Future-Building: How Leaders Can Master Perpetual Transformation Driving Transformation with Volvo Cars President and CEO Jim Rowan Leadership Lounge: Unleashing AI's potential: Are you ready to lead the charge? Learn more with the latest research from Russell Reynolds Associates: Adapt or Die in the Age of Perpetual Transformation Why Most AI Transformations Fail Before They Start

In episode 176 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Brock Boggs, Director of Technology at Cityscape Schools and Multi-State Information Sharing and Analysis Center® (MS-ISAC®) member, and Maureen Kunac, Senior Product Manager at the Center for Internet Security® (CIS®). Together, they discuss Brock's story of using incremental wins to advance his organization on its cybersecurity journey.Here are some highlights from our episode:02:10. Getting started making the largest measurable impact with CIS-CAT® Pro Assessor03:52. Implementation Group 1: A filter for prioritizing secure configuration management efforts09:16. The use of essential cyber hygiene to build an on-ramp to a security controls program11:18. Navigating breakage, dependency, and other principles of change management13:37. Lessons learned from beta testing and enterprise rollout of security changes22:24. Advice: How to start on a journey of system hardening with measurable impactResourcesEpisode 163: K-12 Cybersecurity Made PracticalFormalizing K-12 Cybersecurity Policies in Less TimeCIS-CAT® Pro AssessorCIS-CAT Pro Results Focus on CIS Controls IG1CIS Critical Security Controls®Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1What SLTTs Should Know About the FREE CIS SecureSuite MembershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

This episode is sponsored by Airia. Get started today at ⁠⁠⁠⁠⁠⁠⁠⁠⁠airia.com⁠⁠⁠⁠⁠⁠⁠⁠⁠. On this week's AI Inside with Jason Howell and Jeff Jarvis, I unpack the viral “2028 Global Intelligence Crisis” memo, Anthropic's claims of Claude distillation attacks, an OpenClaw inbox meltdown, Meta's massive AMD chip bet, Samsung's “Hey Plex” phones, Pomelli's AI product shots, and Claude's new Wall Street push. Note: Time codes subject to change depending on dynamic ad insertion by the distributor. Chapters: 0:00 - Start 0:02:55 - THE 2028 GLOBAL INTELLIGENCE CRISIS 0:04:45 -  Viral Doomsday Report Lays Bare Wall Street's Deep Anxiety About AI Future 0:08:24 -  IBM is the latest AI casualty. Shares tank 13% on Anthropic programming language threat 0:09:22 -  Cybersecurity stocks drop for a second day as new Anthropic tool fuels AI disruption fears 0:20:00 - Anthropic: Detecting and preventing distillation attacks 0:24:19 -  American AI Industry Trembles as Deepseek Prepares to Release New Model 0:33:41 -  Meta Exec Learns the Hard Way That AI [Openclaw] Can Just Delete Your Stuff 0:37:39 -  Google clamps down on Antigravity 'malicious usage', cutting off OpenClaw users in sweeping ToS enforcement move 0:41:52 -  Jia Zhangke Creates AI Video With Seedance 2.0 0:42:29 - The video (translation CC available) 0:52:21 -  Facebook owner Meta to buy AI chips from AMD in deal worth up to $100 billion 0:53:08 -  Nvidia's Deal With Meta Signals a New Era in Computing Power 0:54:13 -  Samsung is adding Perplexity to Galaxy AI 0:55:22 - Google: Create studio-quality marketing assets with Photoshoot in Pomelli 0:56:55 - Anthropic Links AI Agent With Tools for Investment Banking, HR Learn more about your ad choices. Visit megaphone.fm/adchoices

Sorg and Podnar cover big and bizarre tech headlines: an alleged DJI robot vacuum security mess, AI-assisted “vibe coding,” and why camera-equipped home gadgets deserve extra caution. They also dig into the SAE Civic Progress Challenge (accessible mobility innovation), geek out over a playable Tetris magazine cover, and hit viral Winter Olympics moments—plus a Dunkin iced coffee mitten that's as ridiculous as it sounds. Includes Chachi's Video Game Minute and a Black History Month spotlight on Frederick McKinley Jones.

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Stop ransomware without the hassle. Allow what you need and block the rest with ThreatLocker Zero Trust Platform — simple to deploy, simple to manage: https://www.threatlocker.com/dailycyber Check out Flare.io Academy at https://simplycyber.io/flare Secure Your Google Workspace Without the Guesswork: https://simplycyber.io/materialCheck out Pay-What-You-Can Antisyphon Training: https://simplycyber.io/antisyphon SC Academy - The Place for Cyber Careers: https://zpr.io/mYV5232V66Qn Join SC Discord: https://SimplyCyber.io/Discord News: https://cisoseries.com Follow SC: https://simplycyber.io/socials

Leadership in the public sector has always demanded resilience. This is best exemplified by three elements: 1) the ability to hold long-term vision steady while reacting to short-term pressures, 2) to build consensus across institutions that do not naturally cooperate, and 3) to keep an organisation moving when the ground shifts beneath it. Digital transformation has sharpened all of these demands. The leaders steering this process need more than technical knowledge. They need self-awareness, the capacity to build the team and trust it, and the judgment to know when a crisis is also an opportunity.In this episode of the Digital Government Podcast, hosted by Merle Maigre, Head of Cybersecurity at e-Governance Academy, we hear from Taimar Peterkop – former State Secretary of Estonia, former Director General of the Information System Authority, and now Senior Expert at the e-Governance Academy. Drawing on over two decades at some of Estonia's most consequential institutions, Peterkop shares practical wisdom on what it takes to lead through change and crisis – with honesty and without pretending to have all the answers.Tune in!

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

On today's show, we pop the lid off of a firewall (figuratively speaking) to understand what’s inside. We talk about how a packet moves through various packet-processing elements inside a firewall, how header analysis and de-encapsulation work, which hardware component has the biggest impact on performance, why stateful inspection still matters in an age of... Read more »

On today's show, we pop the lid off of a firewall (figuratively speaking) to understand what’s inside. We talk about how a packet moves through various packet-processing elements inside a firewall, how header analysis and de-encapsulation work, which hardware component has the biggest impact on performance, why stateful inspection still matters in an age of... Read more »

What happens when cybersecurity is no longer the No. 1 priority for state CIOs? On this episode of Gov Tech Today, hosts Russell Lowery and Jennifer Saha break down the National Association of State CIOs (NASCIO) annual Top 10 list for 2026—and the major shakeup that put AI, including generative and agentic AI and machine learning, at the top for the first time in more than a decade. 00:00 Welcome to Gov Tech Today + What's Coming Up00:23 What the NASCIO Top 10 List Is (and Why It Matters)01:24 Major Shakeup: AI Takes the #1 Spot03:00 #2 Cybersecurity: Still Critical, Now Shaped by AI04:58 #3 Budget & Cost Pressures Move Up the Rankings06:15 #4 Modernization: Tackling Legacy Systems (and Funding It)07:28 #5 Digital Government Services Debut in the Top 1008:23 #6 Accessibility: New Federal Rules Drive State Action09:20 #7–#8 IAM + Data/Analytics: The “Foundation” Priorities13:20 #9 Consolidation & Optimization: Fewer Systems, More Shared Platforms16:25 #10 Cloud Services: From Trendy to Ubiquitous (Cloud Smart)17:56 Wrap-Up: Thanks to NASCIO and State CIOs

Cybersecurity has been getting bigger recognition as an integrated enabler in key U.S. military operations in Iran and Venezuela. That comes on the heels of the Pentagon last year introducing a new cyber mission force generation model as part of the larger Cybercom 2.0 effort. So, who better to discuss the growing prominence of cyber in the defense space than the principal cyber advisors of the various branches overseeing cyber-kinentic integration. At CyberTalks, Daily Scoop host Billy Mitchell hosted a panel with those leaders and a representative from industry to hear the latest on this emerging space. Joining him on the panel were the PCAs from each service — Ann Marie Schumann of the Department of the Navy, Wanda Jones Heath of the Department of the Air Force and Brandon Pugh of the Army — as well as Dave Galoppo, senior director for full spectrum cyber at GDIT. The Department of Energy is rapidly building out multidisciplinary teams to support the Genesis Mission as it prepares to unveil a minimum viable product later this year, according to a senior agency official. The format for the demonstration is to be determined, but progress is palpable. “We're going to show quite a lot of results this year,” Darío Gil, DOE's under secretary for science and director of the Genesis Mission, said in an interview with FedScoop. “We're going to show results on our progress of building AI supercomputers … the software and the agentic framework.” The agency also plans to showcase the efforts behind the data curation used to train “next generation” AI and the results tied to the application of AI in science and engineering, he added. The Genesis Mission launched in November 2025 by way of an executive order that tasked the Energy Department with leading a national, coordinated effort to accelerate innovation and discovery with the latest advancements in AI, quantum and high-performance computing. As part of the initiative, the agency is working to build an integrated platform that draws on federal scientific datasets and expertise from public and private sectors. A demonstration of the Genesis platform's initial capabilities is required by mid-year, according to the deadlines outlined in the presidential directive. A pullback of educational requirements for federal contracting jobs, including in technology work, moved one step closer to reality Monday. The Skills-Based Federal Contracting Act (H.R. 5235) sailed through the House and now awaits Senate consideration. The bill from Reps. Nancy Mace, R-S.C., and Raja Krishnamoorthi, D-Ill., would ban minimum education requirements for personnel in some contracts. Introducing the bill on the House floor ahead of Monday's vote, Rep. William Timmons, R-S.C., said the legislation ensures federal contractors can “hire who they want to hire without additional red tape.” Mace, who chairs the House Oversight and Government Reform Subcommittee on Cybersecurity, Information Technology, and Government Innovation, recounted January 2024 testimony from an IBM executive who said “federal contractors are rarely able to place an individual without a four-year degree on a technology services contract, regardless of their qualifications.” Mace said the issue goes “beyond technology and service contracts,” affecting work across the federal government. Eliminating four-year degree requirements would do away with “a paper ceiling” that blocks “talented Americans” from pursuing opportunities in the billion-dollar industry that “shapes the entire labor market,” she said. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

 Cyber threats don't just target large corporations, small and mid-sized businesses are often the most vulnerable. In this episode, Julina and cybersecurity expert Sam Disraelly, CEO of Your Tech Department, explore the financial, legal, and reputational risks business owners face and the proactive steps that can significantly reduce exposure. If you own a business, serve clients, or manage a team, this conversation is essential listening. Timestamps:04:00 – One click can cost hundreds of thousands08:30 – The “blast radius”: how one employee mistake spreads11:30 – Why small & mid-sized businesses are prime targets (10–100 employees)17:30 – What ransomware actually looks like in real life18:20 – The 170-day problem: hackers lurk before they strike21:00 – The true cost of a breach (downtime, legal, PR, reputation)24:00 – FTC reporting requirements & legal exposure31:00 – The NIST framework: Identify, Protect, Detect, Respond, Recover32:30 – The non-negotiables: your cybersecurity “stack”36:20 – The cloud myth: Microsoft's shared responsibility model37:45 – Cyber insurance: what most business owners misunderstand41:30 – How to vet your IT provider44:30 – Cybersecurity as fiduciary responsibility48:20 – What to do in the first 24 seconds of a breach53:20 – Emerging risks: AI, shadow IT & data ownershipThe information provided is for educational and informational purposes only and does not constitute investment advice and it should not be relied on as such. The statements and opinions expressed in this podcast are those of the author. PWP cannot guarantee the accuracy or completeness of any statements or data. For current PWP information, please visit the Investment Adviser Public Disclosure website at www.adviserinfo.sec.gov by searching with PWP's CRD #290180

The "SaaS-pocalypse" has arguments for and against it, says Ali Mogharabi. On the case justifying the sell-off, he notes new AI offerings causing growth outlook concerns that generate enough of a structural shift to rattle software's outlook. Ali makes another case for the sell-off being overdone in cybersecurity stocks like CrowdStrike (CRWD) and defense-centric companies. Ali also weighs on the risks posed to market giants Amazon (AMZN) and Microsoft (MSFT). ======== Schwab Network ========Empowering every investor and trader, every market day.Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – / schwabnetwork Follow us on Facebook – / schwabnetwork Follow us on LinkedIn - / schwab-network About Schwab Network - https://schwabnetwork.com/about

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Nik Seetharaman is a special operations–trained cyber leader turned founder, known for bringing an operator's mindset to some of the most sensitive security programs in American industry. A former JSOC advance‑force operator attached to an East Coast Naval Special Warfare squadron, he ran advanced cyber warfare and close‑range reconnaissance missions before crossing over into the world of high‑stakes defense technology and enterprise security. In industry, Nik helped build and lead security at three of the most influential defense‑tech companies of the last decade. He served as head of cybersecurity operations at SpaceX and later led international cyber defense programs at Palantir, giving him a front‑row seat to how software, data, and security shape modern national power. He then became CIO and CISO at Anduril Industries, where he built the company's cybersecurity and weapons‑system security programs from the ground up while Anduril was racing to field autonomous systems for the Pentagon. Today, Nik is the founder and CEO of Wraithwatch, a cyber defense company born from his frustration that defenders are almost always forced to react second. At Wraithwatch, he is focused on “weaponizing” AI for defense at scale—using advanced models to help blue teams pre‑empt and out-iterate attackers instead of learning only from breaches and red‑team reports. Across each chapter of his career, he has carried forward the same core idea: apply special operations discipline, speed, and clarity of mission to how software, security teams, and AI‑driven defenses are built and run. Join the Waitlist - https://theglacierapp.com/waitlist Shawn Ryan Show Sponsors: Get started with Claude today at https://Claude.ai/srs Visit https://mauinuivenison.com/srs for a special deal for listeners of this show only. Go to https://helixsleep.com/SRS for 27% Off Sitewide. Go to https://shopbeam.com/SRS and use code SRS to get up to 50% off Beam Dream Nighttime Cocoa—grab it for just $32.50 and improve your sleep today. Try Rho Nutrition today and experience the difference of Liposomal Technology. Use code SRS for 20% OFF everything at https://www.rhonutrition.com/discount/SRS Nik Seetharaman Links: LI - https://www.linkedin.com/in/nikseetharaman Wraithwatch - https://www.wraithwatch.com X - https://x.com/nikseeth Learn more about your ad choices. Visit podcastchoices.com/adchoices

A senior FBI cyber official warns Salt Typhoon remains an ongoing threat. Data protection authorities issue a joint statement raising serious concerns about AI image creation. A Japanese semiconductor equipment maker confirms a ransomware attack. New number formats seek to reduce AI overhead. A low-skilled Russian-speaking threat actor compromised more than 600 Fortinet FortiGate firewalls. Spanish authorities have arrested four alleged members of Anonymous. CISA tags a pair of Roundcube Webmail flaws. Cybersecurity stocks fell sharply on news of a new security feature in Claude AI. Monday business breakdown. Brandon Karpf, friend of the show discussing sovereignty in space and cyber. Digital disruption drains drumsticks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Brandon Karpf, friend of the show, and Maria Varmazis, host of T-Minus, as they are discussing sovereignty in space and cyber. Selected Reading FBI: Threats from Salt Typhoon are ‘still very much ongoing' (CyberScoop) Joint Statement on AI-Generated Imagery and the Protection of Privacy (International Enforcement Cooperation Working Group (IEWG)) Japanese chip-testing toolmaker Advantest suffers ransomware attack (Help Net Security) AI's Math Tricks Don't Work for Scientific Computing (IEEE) Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls (Infosecurity Magazine) Suspected Anonymous members cuffed in Spain over DDoS attack (The Register) CISA: Recently patched RoundCube flaws now exploited in attacks (Bleeping Computer) Anthropic Unveils 'Claude Code Security,' Sending Cyber Stocks Lower (Bloomberg) RSAC Innovation Sandbox finalists secure $5 million each. (N2K Pro Business Briefing) Cyber attack takes major chicken processor Hazeldenes offline leaving businesses without meat (ABC News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

In this episode, Joseph Izzo, MD, Chief Medical Information Officer at San Joaquin General Hospital, joins the podcast to discuss leading informatics and AI strategy in a public teaching hospital while balancing innovation, governance, and cybersecurity. He shares insights on emerging digital health tools, data driven care, and advice for clinicians navigating rapid technological change.