Podcasts about cybersecurity

A recent study of nearly 20,000 University of California, San Diego Health workers found cybersecurity training reduced the likelihood of successful phising attacks by just 2%. Marketplace's Nova Safo spoke with Ariana Mirian, senior researcher at the cybersecurity firm Censys and co-author of the study, who explained that many workers are just not taking those training programs seriously enough.

A recent study of nearly 20,000 University of California, San Diego Health workers found cybersecurity training reduced the likelihood of successful phising attacks by just 2%. Marketplace's Nova Safo spoke with Ariana Mirian, senior researcher at the cybersecurity firm Censys and co-author of the study, who explained that many workers are just not taking those training programs seriously enough.

In this episode, Sai Huda, founder and CEO of CyberCatch, discusses how artificial intelligence is reshaping the fight against cyber threats. He shares insights from his book Next Level Cybersecurity, outlines the five stages of a cyberattack, and explains how AI can help organizations detect, prevent, and respond to attacks more effectively.

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option. https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 Framelink Figma MCP Server CVE-2025-53967 Framelink Figma s MCP server suffers from a remote code execution vulnerability.

Will Daugherty, US Head of Norton Rose Fulbright's Cybersecurity practice, discussing the upcoming expiration of CISA 2015. Ben discusses Apple's decision to remove the ICEBlock app after pressure from the White House. Dave's got the story of the Secretary of Defense dialing back cyber training fro troops. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ⁠⁠⁠⁠Apple removes ICE tracking apps after Trump administration says they threaten officers US Department of War reduces cybersecurity training, tells soldiers to focus on their mission ⁠Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ covers ⁠⁠⁠⁠⁠⁠⁠China's covert influence campaign in the Philippines, where a Beijing-funded marketing firm used fake social media accounts to amplify pro-China narratives, attack U.S. alliances, and spread disinformation. The operation aimed to sway public opinion, undermine democratic discourse, and shape the country's political landscape ahead of future elections. Curious about the details? Head over to the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine's on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.But this keynote isn't just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren't just new tools—they're a fundamental shift in where and how we anchor trust.Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant's latest report. That revelation struck a chord with conference attendees, who appreciated Moore's willingness to speak plainly about systemic security debt.He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we'll need new frameworks—not just tweaks to old ones—to manage what comes next.This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.___________GUEST:HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comRESOURCES:Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

What would happen if your freight data got hacked before your trucks even hit the road? In this episode, NMFTA's Joe Ohr digs into how cybersecurity threats are evolving fast across freight and supply chains, from stolen tequila loads rerouted through digital trickery to insider risks hiding in forgotten system logins! We talk about why cyber protection isn't just an IT problem anymore, but also a business survival issue, how AI is changing the game for detecting and responding to cyberattacks, and the upcoming NMFTA Cybersecurity Conference in Austin, a must-attend event where industry leaders share practical defense strategies, run hands-on tabletop exercises, and build real plans companies can use immediately. Cyber threats are only getting smarter, and if you're not training, auditing access, and collaborating with others in the industry, you're already behind, so keep tuning in to our conversation!   About Joe Ohr Joe Ohr has more than two decades of experience in technical operations, customer success management, customer support, and product support. Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity. Prior to Ohr's role at NMFTA, he served as in numerous engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs. Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals. He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs.  

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

Send us a text

Aaron sits down with compliance expert Dr. Joe DeLoach, Cheif Compliance Officer of Practice Performance Partners and cybersecurity specialist Dave MacKinnon of Promethean One to unpack what every private practice owner needs to know about HIPAA, data protection, and evolving security laws. They discuss the biggest threats facing eye care practices today—from phishing scams to ransomware—and outline simple, practical steps to safeguard your systems, protect patient data, and stay ahead of upcoming HIPAA changes. A must-listen for any doctor or administrator who wants peace of mind in an increasingly digital world. For more info and to connect with Joe and David: Practice Performance Partners (https://www.practiceperformancepartners.com/) Promethean One (https://www.promethean.one/medical) ------------------------ Go to MacuHealth.com and use the coupon code PODCAST2024 at checkout for special discounts Let's Connect! Follow and join the conversation! Instagram: @aaron_werner_vision

Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you prepare? Merritt Maxim, VP & Research Director at Forrester, joins Business Security Weekly to discuss the Global Cybersecurity Market Forecast, 2024 To 2029 report. Merritt will discuss the findings, including: In 2029, 69% of cybersecurity spending will be on software across seven prime functional disciplines of cybersecurity (applications, cloud, data, endpoint, network, identity, and security operations); the remaining spending will be allocated to security services, excluding security outsourcing, implementation, and deployment services; and AI software spending will grow at a CAGR of 21.2%, from $74.3 billion in 2024 to $194.3 billion by 2029. See Merritt's blog of the results at https://www.forrester.com/blogs/global-cybersecurity-spending-to-exceed-300b-by-2029/. In the leadership and communications segment, The problem with cybersecurity is not just hackers – it's how we measure risk, What California's new AI law means for CIOs (and CISOs), The Language of Leadership: How to Set Firm Boundaries Without Sounding Like a Jerk, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-416

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

Episode #175: What happens when your tech setup is more of a tangled mess than a streamlined system? That's where Scott Woods and Alec Modica come in, transforming chaos into organization with their expertise in Managed Service Providers (MSPs). I recount my own tech challenges and how Scott's family-run business came to the rescue, setting up my studio's infrastructure and teaching me the importance of having the right tech partner. We explore the vital role MSPs play for businesses that lack the resources for an in-house IT department, sharing personal stories and insights into the dynamic MSP industry. Navigating the complex world of IT doesn't have to feel overwhelming, especially when you have a trusted MSP by your side. We delve into the shift from relying on a single IT person to embracing a comprehensive support system that not only addresses immediate needs but anticipates future challenges. Scott and Alec discuss the benefits of reducing key man risk, integrating IT services under one umbrella, and providing a personalized, white-glove experience that keeps businesses running smoothly. We also touch on the critical aspect of trust between a business and its MSP, emphasizing how this relationship can be as pivotal as the one with a personal accountant. But it's not all about tech talk! We sprinkle in stories of business growth and personal milestones, highlighting the vibrant culture within MSP companies and the excitement of launching the Business Technology Podcast. From themed photo shoots to upcoming family additions, Scott, Alec, and I share how personal and professional worlds intersect, reinforcing the idea that business is as much about relationships as it is about services. Whether you're a business owner seeking seamless IT solutions or simply curious about the human side of tech support, this episode offers a unique perspective on building successful partnerships in today's digital landscape. Chapters:  (00:00) Business Tech Solutions With Kimberly Lovi (10:18) Choosing the Right Managed Service Provider (18:04) Trusting Managed IT Services for Businesses (24:43) Efficient MSP Support for Businesses (38:04) Business Technology and Family Growth Follow Kimberly on Instagram and TikTok @kimberlylovi or @iconicnationmedia  WATCH us on YouTube and view our brand new studio! 

On this episode of The Cybersecurity Defenders Podcast we speak with Sarah Powazek about the Roadmap to Community Cyber Defense. Diving into the report, Sarah emphasizes the need for low-resource organizations and cyber experts to come together in a co-responsibility model for cyber defense. Learn more about the UC Berkeley Center for Long-Term Cybersecurity (CLTC).Get help or join the Cyber Resilience Corps here.Read the roadmap.Sarah leads flagship research on defending low-resource organizations like nonprofits, municipalities, and schools from cyber attacks. She serves as Co-Chair of the Cyber Resilience Corps and is also Senior Advisor for the Consortium of Cybersecurity Clinics, advocating for the expansion of clinical cyber education around the world. Sarah hosts the Cyber Civil Defense Summit, an annual mission-based gathering of cyber defenders to protect the nation's most vulnerable public infrastructure. Sarah previously worked at CrowdStrike Strategic Advisory Services, and as the Program Manager of the Ransomware Task Force.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/

From a massive SIM farm takedown to dealing with supply chain attacks targeting npm, our news roundup provides context and commentary on a fresh crop of security news. We discuss exploits against Cisco firewalls and switches, a SonicWall firmware update to remove a rootkit targeting its SMA 100, and GitHub’s plans to harden npm packages.... Read more »

Japan's first female governing-party leader is an ultra-conservative star in a male-dominated groupSanae Takaichi.In a country that ranks poorly internationally for gender equality, the new president of Japan's long-governing Liberal Democrats, and likely next prime minister, is an ultra-conservative star of a male-dominated party that critics call an obstacle to women's advancement.In a country known for the concept of karoshi, or death from overwork, Japan's likely next prime minister said that people should work like a WHAT?A WORKHORSEBefore entering politics, Japan's likely next prime minister had WHAT artistic hobby?Drummer in a heavy metal bandIntroducing Fortune's first-ever Most Influential Women Asia rankingJust to give you some context:How many athletes? 4How many K-pop stars? 4How many actors? 2How many politicians? 2HOW MANY business leaders, civic leaders, scientists, educators, journalists, healthcare workers, spiritual leaders, or legal scholars?ZERODemocrats demand ‘action' as AI reportedly threatens to replace 100M US jobsA new Senate report warns that artificial intelligence could displace nearly 100 million U.S. jobs within the next decade, spurring Democrats to push for a levy for each human position replaced by machines, tech or algorithms. What is the current nickname for this bill: Terminator tithea "robot tax"Roomba reparationsbot tollRoboCop rebateSilicon sin taxAccording to Bloomberg, This is the leading pick to succeed Tim Cook as CEOCOO Sabih KhanFormer COO Jeff Williams, SVP Design, Watch, and HealthJohn Ternus, SVP of Hardware EngineeringCFO Kevan ParekhCHRO Deirdre O'BrienBoard member Susan Wagner, founding partner and director of BlackRockDeloitte will refund Australian government for WHAT?climate risk model using emissions data from New Zealand and not AustraliaA report that was filled with AI hallucinationsa partial refundConsulting firm quietly admitted to GPT-4o use after fake citations were found in AugustShortly after the report was published, though, Sydney University Deputy Director of Health Law Chris Rudge noticed citations to multiple papers and publications that did not exist. That included multiple references to nonexistent reports by Lisa Burton Crawford, a real professor at the University of Sydney law school.the updated report removed several fake citations and a fabricated quote attributed to an actual ruling from federal justice Jennifer Davies (spelled as "Davis" in the original report).cybersecurity review that relied on completely fabricated case studiesOver 80% of the report found to have copied sections from Wikipediapolicy review found to have been nearly a complete duplicated a previous PwC reportAppLovin stock tanks on report SEC is investigating company over data-collection practicesPOP QUIZ!Adam Foroughi is the CEO of AppLovin:Who is the Founder of AppLovin? Adam ForoughiWho is the Chair of AppLovin? Adam ForoughiWho is the longest-tenured director of AppLovin? Adam ForoughiWho is the largest shareholder at AppLovin? Adam ForoughiWhat percentage of outstanding AppLovin shares does Adam own? 9%What percentage of AppLovin voting power does Adam control? 61%How many votes per share do Adam's Cass B shares give him? 20Did Adam graduate from college? YES! Economics degree from BerkeleyBut what exactly does AppLovin do? The company helps developers market, monetize, analyze and publish their apps through its mobile advertising, marketing, and analytics platformsOn the company's “Director Nominees' Skills and Expertise” matrix in its 2025 proxy statement, which two categories are the least-represented?: Cyber Security (3 of 9) and Data Privacy (4 of 9)What was the value Adam realized on the vesting of stock awards last year? $578MDespite holding $19B in AppLovin stock, how much did Adam get in a work-from-home cash stipend last year? $1,800 Which BlackRock director that Matt spent a lot of time ridiculing in May for being the board's worst performer just lost his job? Hans Vestberg, VerizonWhich Verizon board member that is connected to 64% of the Verizon board–almost entirely through non profit and trade group connections–that Matt recommended a vote against at Verizon's last annual meeting is Verizon's new CEO? Lead Director and former PayPal CEO Dan ShulmanPOP QUIZ! What kind of shoes does Dan wear? Cowboy bootsAnd finally, nepobaby David Ellison's choice to take over CBS News, Bari Weiss, has made a career railing against what?CorruptionMisinformationCorporate malpracticeCensorshipWokenessPOP QUIZ! How many years of experience does Bari have in broadcast television? Zero

From a massive SIM farm takedown to dealing with supply chain attacks targeting npm, our news roundup provides context and commentary on a fresh crop of security news. We discuss exploits against Cisco firewalls and switches, a SonicWall firmware update to remove a rootkit targeting its SMA 100, and GitHub’s plans to harden npm packages.... Read more »

Purchase the ClickUp Business Hub Template: an all-in-one digital workspace built specifically for travel advisors to organize and streamline the backend of their business. Watch the product preview HERE! Have you ever come home from a trade show with a stack of business cards and no idea what to do with them? Kristen Heitman, luxury travel advisor and one of Tique's OG clients, joins this episode to discuss all things ClickUp, including her thoughts on The ClickUp Business Hub Template. Kristen walks through how she built a central hub for her supplier relationships (complete with commission details, meeting notes, and rep connections) so she can easily find the right contact when she needs them. She also shares how this system goes beyond contacts to track leads, forecast revenue, and even automate testimonial-driven marketing. If you've ever wasted time digging through emails or spreadsheets trying to remember who reps that perfect hotel, this episode will show you how to build a streamlined system that saves clicks, keeps you organized, and helps you grow your business with confidence! About Kristen Heitman: Kristen is a Luxury Travel Advisor with Steuber Travel Group and is based in Atlanta, Georgia. After spending over a decade as an epidemiologist at the CDC, where her work focused on building surveillance systems for infectious diseases and data analysis, Kristen made the bold decision to leave her government career in August 2023 to pursue luxury travel planning full-time. Her natural curiosity and love of discovery, once applied to solving public health mysteries, now guides her in uncovering the world's most enchanting destinations and exclusive experiences. Kristen specializes in approachable luxury experiences for successful, detail-oriented professionals, crafting bespoke itineraries that feel effortlessly elegant yet thoughtfully curated. Her background has given her an exceptional eye for finding those special, hidden moments that transform a beautiful trip into an unforgettable journey. When she's not designing extraordinary escapes, Kristen enjoys spending time with her husband, two sons, and two Whippets in Atlanta. Today we will cover: (02:30) Kristen's journey from epidemiologist to travel advisor (06:10) Why advisors need ClickUp; going beyond CRM and itinerary software (10:15) Tracking leads, referrals, and repeat clients with ClickUp dashboards (16:45) Using AI and automation to streamline business operations (22:45) CRM vs. ClickUp; understanding the role of each tool (28:20) Cybersecurity for advisors; protecting client data, avoiding public Wi-Fi risks, and using safe passwords (34:50) How to customize ClickUp for travel agencies without getting overwhelmed (41:20) Building a ClickUp Business Hub; why investing time boosts efficiency, client experience, and profitability Connect with Sarah at HeySwillsy for Custom ClickUp Setup Listen to Episode 150: What Every Advisor Needs To Know About Protecting Client Data with Kacie Darden JOIN THE NICHE COMMUNITY VISIT THE TEMPLATE SHOP EXPLORE THE PROGRAMS FOLLOW ALONG ON INSTAGRAM @TiqueHQ Thanks to Our Tique Talks Sponsors: Moxie & Fourth - Grab The DIY Demo Bundle HERE Cozy Earth - Use code COZYTIQUE for 20% off

This week on Security Conversations, Ryan sits down with Chris Eng, former Chief Research Officer at Veracode, to talk about life after nearly two decades at one company and the lessons learned along the way. They dig into a career start at the NSA, the early days of @Stake and the Symantec acquisition, and the birth and ambitions of Veracode. Plus, thoughts on how helping startups shape product strategy, what it takes to translate technical expertise into business impact, and how security culture has evolved since the early “hacker-to-enterprise” days. The conversation touches on defining your career beyond titles, how the perception of “cybersecurity” has changed over the years, and why the industry still has plenty of room for curiosity, reinvention, and good storytelling.

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems. https://strikeready.com/blog/0day-ics-attack-in-the-wild/ Unity Editor Vulnerability CVE-2025-59489 The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions https://unity.com/security/sept-2025-01

AI Browsers Turn Rogue, Discord Data Breach, and Surge in Palo Alto Scans In this episode of Cybersecurity Today, host David Shipley discusses several significant cybersecurity concerns. Firstly, researchers at Layer X have uncovered a flaw in the Perplexity Comet AI browser that allows malicious prompts to turn the browser into a data thief with just a single click. Additionally, Discord has disclosed a data breach affecting users' personal information due to a third-party customer service provider compromise. Cybersecurity researchers have also reported a massive surge in scans targeting Palo Alto Network's login portals, suggesting potential reconnaissance for future attacks. Finally, the US Department of Defense has opted to reduce its mandatory cybersecurity training to allow military personnel to focus on their core missions, a move that has raised concerns given the intertwined nature of cyber and kinetic warfare. 00:00 Introduction and Headlines 00:32 AI Browser Security Flaw: Comet Jacking 03:11 Discord Data Breach: What Happened? 05:59 Surge in Scans Targeting Palo Alto Devices 08:07 US Department of Defense Cuts Cybersecurity Training 10:23 Conclusion and Viewer Engagement

Send us a textWe trade last‑minute schedules and kid chaos for a deep dive into how modern phones leak data, why “Ask App Not to Track” isn't enforcement, and what a third platform built for privacy and free speech looks like. Joe shares his Apple-to-Unplugged journey, the Raxxis findings, and practical features that make privacy usable.• zero‑to‑one background from Nomi acquisition to Apple services• motivation for a third platform beyond Apple and Google• Raxxis test revealing 3,400 sessions and 210,000 packets in one hour• third‑party data brokers, pattern‑of‑life risks, Fourth Amendment gaps• layered threat model from passive tracking to seizure and signals• emergency reset, false PIN wipe, and hardware battery cut‑off• first‑party vs third‑party privacy and ecosystem incentives• “Ask App Not to Track” as preference vs permission• Time Away to reduce engagement and regain attention• firewall, USB data blocking, 2G limits, Bluetooth controls• camouflaged VPN and operational noise in repressive networks• app compatibility layer and broader app sourcing without Google• clear business model: hardware and subscriptions, no data salePodMatchPodMatch Automatically Matches Ideal Podcast Guests and Hosts For InterviewsSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

In this episode of 'Cybersecurity Today: Our Month in Review,' host Jim welcomes a panel including Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley, CEO of Beauceron Securities. The discussion kicks off with an overview of their plans for Cybersecurity Month, including reviving the MapleSEC show and the CIO of the Year awards. David shares his experiences at SECTOR, Canada's largest cybersecurity conference, discussing the importance of security awareness training and the risks of irresponsible tech journalism on public perception. The panel also delves into the resurgence of the Clop ransomware group, their shift to data extortion, and their exploitation of vulnerabilities in Oracle EBS applications. Laura highlights a concerning case of insider threats at RBC, emphasizing the importance of process-driven controls. The episode also touches on the human side of cybersecurity, particularly the impact of romance scams and the growing violence in cybercrime. The panelists underscore the need for improved security awareness and the role of AI in identifying scams. Tammy, Laura, and David conclude by discussing the role of insider threats and the ethical boundaries in cybercrime, sharing insights from recent real-world cases. 00:00 Introduction and Panelist Introductions 00:43 Cybersecurity Month Initiatives 02:46 Security Awareness and Phishing Training 04:03 Impact of Irresponsible Tech Journalism 08:27 AI and Cybersecurity: Hype vs. Reality 10:43 Conference Experiences and Networking 18:33 Clop Ransomware and Data Extortion 23:45 Tammy's Insights on Clop's Tactics 24:58 Scattered Lasus and Cyber Warfare 26:32 Media Savvy Cybercriminals 31:36 Human Impact of Cyber Scams 37:17 Insider Threats and Security Awareness 43:21 Physical Security and Cyber Threats 48:33 Cybercrime Targeting Children 50:58 Conclusion and Upcoming Topics

At WHX Tech, cybersecurity expert Dr Leila Taghizade, Group Head of Cyber Risk Management / CISO IberoLatAm at Allianz, breaks down what every individual—and every hospital—should know about protecting themselves in 2025. From the basics of stronger passwords and two-factor authentication to the risks of free apps and third-party tools, she explains in clear terms why “there's no such thing as free lunch” in cybersecurity. Leila also highlights the dangers of phishing, the vulnerability of medical devices, and how AI both helps defenders and lowers the cost of attacks. Show Notes 00:00 – Introduction: why cybersecurity basics matter in 2025 00:30 – Strong passwords, two-factor authentication, limiting app permissions 02:00 – Giving apps only the access they really need 03:00 – Cybersecurity in healthcare: medical devices as weak links 04:30 – Default passwords and firmware updates as major risks 05:30 – Phishing: why reporting is critical for protection 07:00 – Everyday cyber hygiene: logging out, password managers 08:30 – AI's impact on cybersecurity: lowering cost of attacks, improving defense 10:00 – The risks of free apps and third-party tools 11:00 – Data leaks and how AI tools may unintentionally share information 12:30 – AI as a double-edged sword: prevention vs. risk 14:00 – Final advice: caution doesn't mean fear, but informed use www.facesofdigitalhealth.com Newsletter: https://fodh.substack.com/

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages TOTOLINK X6000R Vulnerabilities Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers. https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ DrayOS Vulnerability Patched Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

In Episode 385 of Positive Philter, I'm joined by Jeff Raderstrong, a professional ghostwriter who has helped CEOs, political leaders, and community activists bring their stories to life. Jeff shares his journey into ghostwriting, what it means to be part of the creative process while remaining behind the scenes, and valuable advice for aspiring ghostwriters. This episode pulls back the curtain on a unique career path that blends storytelling, collaboration, and purpose. Shout Outs and Plugs Jeff's Website: https://www.raderstrong.com/ Jeff's LinkedIn Profile: https://www.linkedin.com/in/jeff-raderstrong-a2814417/ If you have a question for the podcast call 571-336-6560 or leave a question via this Google Form. Five Minute Journal by Intelligent Change Affiliate Code: https://www.intelligentchange.com/?rfsn=4621464.017186 Tappy Card “Electronic Business Card” Affiliate Code:  https://tappycard.com?ref:philip-wilkerson Please leave a rating/review of the Podcast https://lovethepodcast.com/positivephilter Intro music provided by DJ BIGyoks. Check out his Instagram and Soundcloud channel can be found here:  https://www.instagram.com/beats.byyoks/ https://soundcloud.com/dj-bigyoks Outro music provided by Ryan Rosemond. Check out his Soundcloud channel here: https://soundcloud.com/brothersrosemond/albums   Purchase "Forty Years of Advice" by Philip Wilkerson: https://a.co/d/2qYMlqu Leave Your Feedback by filling out this audience survey: https://forms.gle/ncoNvWxMq2A6Zw2q8 Sign up for Positive Philter Weekly Newsletter: http://eepurl.com/g-LOqL Please follow Positive Philter: Positive Philter Facebook Page Positive Philter Twitter Positive Philter Instagram  If you would like to support the podcast, please consider donating to the Positive Philter Patreon page: https://www.patreon.com/positivephilter Positive Philter was selected by FeedSpot as Top 20 Positive Thinking Podcasts on the web. https://blog.feedspot.com/positive_thinking_podcasts/ Jeff's Anti-Hunger Fund The Positive Philter Podcast is dedicated to Jeff Kirsch. A long-time supporter of the show and a major influence on this show's growth. Please support the careers of future advocates by donating to the Jeff Kirsch Fund for Anti-Hunger Advocacy. This fund was named after Jeff Kirsch for his decades of service in fighting hunger and inequality. Link to fund: https://frac.org/kirschfund Pats for Patriots  If you are a member of the #MasonNation, please consider sending a Pats for Patriots. Pats for Patriots are a free and easy way to thank, recognize, show appreciation for a Mason colleague or student who has taken the time to do something kind, generous or thoughtful towards others. For more information, visit: https://forms.office.com/r/HRZGvhdJEA We have received more than 2,000 nominations from the Mason community so far. Keep those nominations coming in! Steam Pilots Scholarship  Steam Pilots, Inc. is a Virginia-based 501(c)(3) tax-exempt organization. Their goal is to improve the state of STEAM education in America. STEAM stands for Science, Technology, Engineering, Art, and Math. They achieve this through pro bono programs delivered to K-12 students and institutions in the Washington, D.C. metropolitan area. Steam Pilots is hoping to raise funds for STEAM kits, supplies, and modest stipends for the interns who work with me. Currently, they have an urgent need for 3D Printers, Robotics Kits, and Cybersecurity teaching tools. Link to GoFundMe:  https://gofund.me/38eeaed2

Perplexity has made a significant move by dropping the price of its AI browser, Comet, from $200 a month to free, igniting what could be an AI browser war. This decision aims to help users navigate the overwhelming amount of low-quality online content by providing tools to summarize web pages and extract key information. A $5 monthly subscription will offer access to content from reputable media outlets, as Perplexity seeks to establish fair revenue-sharing practices with publishers. This shift comes amid ongoing legal challenges regarding content use, but the company emphasizes its commitment to high-quality sources.The recent U.S. government shutdown has led to the expiration of the Cybersecurity and Information Sharing Act of 2015, raising concerns about the future of cybersecurity collaboration. This law provided essential protections for organizations sharing cyber threat intelligence, and its absence is expected to hinder effective incident response. Experts warn that organizations may become more cautious about sharing vital information without the legal protections previously afforded, potentially increasing the risk of cyber attacks as adversaries exploit the disruption.In the tech industry, rumors are circulating about a potential investment deal between Apple and Intel, which raises questions about the future of the chip manufacturer. Apple, having previously transitioned away from Intel chips for its MacBooks, is now considering a collaboration that could see Intel manufacturing chips for Apple's data centers or producing Apple-designed chips. Meanwhile, Apple appears to be stepping back from its Vision Pro headset, which has not gained significant traction in the market, and is instead focusing on developing more affordable smart glasses.Managed service providers (MSPs) are at a critical junction as AI transitions from a luxury to a necessity. A significant portion of organizations lack policies to manage AI adoption effectively, creating both risks and opportunities for service providers. As clients demand faster resolutions and strategic insights, MSPs must modernize their services and establish governance to ensure AI delivers measurable value. The podcast emphasizes the importance of embedding AI capabilities into services rather than selling it as a standalone product, urging providers to focus on delivering outcomes that clients cannot achieve elsewhere.Four things to know today00:00 Perplexity Makes AI Browser Comet Free, Challenging Chrome, Safari, and Edge03:41 U.S. Shutdown Weakens Cyber Defense as Info-Sharing Law Expires, While NIST Races to Build Cyber AI Framework07:09 Apple Rumored to Invest in Intel Amid U.S. Chip Push, While Retreating From Vision Pro in Favor of Smart Glasses10:12 AI Is Becoming the Airline Business: Why MSPs Must Embed Capability, Not Sell Commodity This is the Business of Tech.    Supported by:  https://mailprotector.com/https://timezest.com/mspradio/ Webinar:  https://bit.ly/msprmail  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

From Compliance to Confidence: How to Evolve Cybersecurity Beyond the Checklist Healthcare cybersecurity stands at an inflection point. Traditional compliance frameworks are proving inadequate in the face of sophisticated threats targeting patient data, clinical operations, and connected medical devices. Robert Eikel, CISO at P-n-T Data Corp., brings unique expertise from government service, financial services, and pediatric healthcare to discuss how leading organizations are evolving beyond checklist security. We'll explore the new frontlines of healthcare cyber defense—identity, integrity, and interoperability—while examining how emerging technologies like AI and quantum computing are reshaping the threat landscape. • Moving from periodic compliance to continuous confidence through identity-centric, integrity-focused defense strategies • Protecting clinical workflows and patient safety while maintaining secure interoperability across healthcare ecosystems • Preparing cybersecurity programs for AI-powered threats, quantum risks, and next-generation healthcare technologies • Transforming cybersecurity governance from IT overhead to strategic business enabler Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen/

Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat's consulting GitLab server, highlighting concerns over exposed network maps and tokens. The CLOP extortion gang targets Oracle E-Business Suite clients, demanding ransom for sensitive data. Surveys show Canadian businesses are overconfident in their cyber defenses despite frequent attacks. Finally, CISA has ended a crucial cybersecurity support agreement, impacting state and local governments amidst a federal shutdown. Tune in for detailed analysis and urgent action items. 00:00 Red Hat GitLab Server Breach 02:21 CLOP Gang Targets Oracle E-Business Suite 04:29 Canadian Firms' Overconfidence in Cybersecurity 06:31 CISA Ends Critical Support Amid Shutdown 08:38 Conclusion and Upcoming Month in Review

In this episode of Endo Voices, host Dr. Marcus Johnson sits down with Gary Salman, CEO and Co-Founder of Black Talon Security, to unpack the critical and often overlooked role of cybersecurity in dentistry.From real-world case studies to practical tips, the discussion covers:Current threats including phishing attacks, firewall vulnerabilities, email account takeovers, social engineering, and more.The importance of cyber liability insurance to your overall cyber resilience, in addition to offensive and defensive cyber prevention measures. The need for separation between IT and cybersecurity vendors for unbiased, independent risk assessment.Gary emphasizes that while threats are increasing, nearly all cyber incidents are preventable with the right layers of protection and training. Whether you're running a solo practice or managing multiple locations, this episode offers actionable strategies to secure patient data, safeguard your reputation, and strengthen your practice's future.Episodes of Endo Voices may include opinion, speculation and other statements not verifiable in the scientific method and do not necessarily reflect the views of AAE or the sponsor(s). Listeners should use their best judgment in evaluating the merits of any content.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber https://barricadecyber.com for #incidentresponse #ransomware and #BEC recovery. Register for BCS webinars!Check out John Strand's Pay What You Can Antisyphon Training:https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://threatlocker.com/dailycyberTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% offRegister for Flare's next training on Aug. 13th on Web App Testing at https://simplycyber.io/flareSimply Cyber Academy - The Place for Cyber Careers: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.comFollow SC: https://simplycyber.io/socials

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL

Between the future of search, the biggest threats in cybersecurity, and the jobs and platforms of tomorrow, Nikesh Arora sees one common thread connecting and transforming them all—AI. Sarah Guo and Elad Gil sit down with Nikesh Arora, CEO of cybersecurity giant Palo Alto Networks, to talk about a wide array of topics from agentic AI to leadership. Nikesh dives into the future of search, the disruptive potential of AI agents for existing business models, and how AI has both compressed the timeline for cyberattacks as well as fundamentally shifted defense strategies in cybersecurity. Plus, Nikesh shares his leadership philosophy, and why he's so optimistic about AI.  Sign up for new podcasts every week. Email feedback to show@no-priors.com Follow us on Twitter: @NoPriorsPod | @Saranormous | @EladGil | @nikesharora | @PaloAltoNtwks  Chapters: 00:00 – Nikesh Arora Introduction 00:39 – Nikesh on the Future of Search 04:46 – Shifting to an Agentic Model of Search 08:12 – AI-as-a-Service 16:55 – State of Enterprise Adoption 20:15 – Gen AI and Cybersecurity 27:35 – New Problems in Cybersecurity in the AI Age 29:53 – Deepfakes, Spearfishing, and Other Attacks 32:56 – Expanding Products at Palo Alto 35:49 – AI Agents and Human Replaceability  44:28 – Nikesh's Thoughts on Growth at Scale 46:52 – Nikesh's Leadership Tips 51:14 – Nikesh on Ambition 54:18 – Nikesh's Thoughts on AI 58:21 – Conclusion

Small to medium-sized businesses (SMBs) are significantly increasing their technology budgets, focusing on strategic investments that support long-term growth. According to a study by Forrester Consulting, 88% of SMBs plan to enhance their cloud strategies and cybersecurity through increased spending on third-party services. The study also highlights a growing emphasis on improving customer experience and reducing enterprise risk, with cloud-based disaster recovery solutions and hybrid cloud strategies becoming essential. However, the integration of AI services into the economy is expected to take years, as businesses need time to learn about new AI products and train their employees.The UK government has issued a second Technical Capability Notice requiring Apple to provide access to encrypted data and messages of British users stored on its iCloud service. This directive follows a previous request that raised diplomatic tensions with the US and has led Apple to withdraw its Advanced Data Protection Service in the UK, weakening user privacy. The implications of this move are significant for SMBs that rely on iCloud, as it introduces potential security risks and highlights the need for additional encryption measures.Microsoft is facing pushback as it prepares to end free security updates for Windows 10, which is set to occur on October 14, 2025. A coalition of organizations, including repair shops and advocacy groups, is urging Microsoft to extend these updates, citing concerns that many PCs will be left insecure or unusable. With a significant portion of Windows 10 machines unable to upgrade to Windows 11, businesses are left with difficult choices regarding their operating systems, potentially leading to increased e-waste.In the realm of AI, major companies like Microsoft, Salesforce, and Stripe are launching new tools that integrate AI capabilities into their existing platforms. Microsoft has introduced Microsoft 365 Premium, which combines Office applications with AI features, while Salesforce has launched AgentForce Fibes, a tool that streamlines coding through natural language. Stripe's new instant checkout feature within ChatGPT allows users to purchase products directly from chat interfaces. These developments indicate that AI is becoming an integral part of business infrastructure, and MSPs must focus on helping clients leverage these tools effectively to drive business outcomes.Four things to know today00:00 SMBs Are Increasing Tech Budgets for Cloud, Cybersecurity, and AI, But Forrester Warns True AI Value Will Take Years to Realize04:07 UK Pressures Apple on iCloud Again, Forcing Encryption Rollback That Puts Privacy, Business Security, and Global Precedent at Risk05:39 Windows 10 Sunset Becomes a Flashpoint: Market Share, Hardware Incompatibility, and Sustainability Collide in Microsoft's 2025 Deadline08:23 From Office to Checkout: Microsoft, Salesforce, Stripe, OpenAI, and Google Push AI Into Everyday Work and Consumer Life This is the Business of Tech.    Supported by:  https://scalepad.com/dave/https://mailprotector.com/ Webinar:  https://bit.ly/msprmail All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Kareem Fidel of CGI Federal introduces Zach Whitman, Chief Data Scientist and inaugural Chief AI Officer at GSA, who discusses GSA's AI strategies and initiatives. Whitman elaborates on the practical experimentation and deployment of AI systems, the importance of data hygiene, benchmarks for AI performance, and the challenges and opportunities in AI adoption and acquisition for federal agencies. Key topics include AI in acquisitions, talent readiness for AI, and the fine balance between technological advancement and maintaining accuracy and precision in AI governance. Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.Learn more about membership at https://www.actiac.org/join.Donate to ACT-IAC at https://actiac.org/donate. Intro/Outro Music: See a Brighter Day/Gloria TellsCourtesy of Epidemic Sound(Episodes 1-159: Intro/Outro Music: Focal Point/Young CommunityCourtesy of Epidemic Sound)

The IPO market may be slowing down, but the discipline of operating like a public company has never been more important. In this episode, CJ is joined by Chad Gold, CFO of FullStory and veteran operator with previous stints at G2, SalesLoft, and Rubicon, to discuss how capital markets and financing strategies are shifting in real time. Chad explains why more companies are staying private longer, how the rise of private credit is changing the CFO toolkit, and why building IPO-ready discipline matters even if you never go public. The conversation also dives into one of his specialties—pricing models and sales incentives—covering how seat-based, usage, and blended structures influence rep behavior, comp plans, and long-term revenue quality, as well as how the wrong incentives can quietly derail a business. Finally, Chad reflects on lessons from his early career at Home Depot and how fundamentals from retail operations still inform his instincts in SaaS today.—LINKS: Chad Gold on LinkedIn: https://www.linkedin.com/in/chadgold/Fullstory: https://www.fullstory.com/CJ on X (@cjgustafson222): https://x.com/cjgustafson222 Mostly metrics: https://www.mostlymetrics.comRELATED EPISODES:G2 CFO Chad Gold on Building A Durable Career as a Venture Backed Exec:Big Systems Thinking for Building a Finance Org: Advice From a Zoom Hypergrowth Survivor:—TIMESTAMPS:(02:14) Sponsors – Mercury | RightRev | Tipalti(06:10) What's New at FullStory(09:22) Hypotheses, Data, and Unlocking Use Cases(10:13) Early CFO Career and the Evolution of Data(11:09) From Deterministic Models to Analytics-Driven Forecasting(12:17) Cohorts, Segmentation, and Revenue Quality(13:17) Why Companies Stay Private Longer(15:28) Sponsors – Aleph | Rillet | Fidelity P.S.(19:01) Capital Flows Into Hot Sectors Like AI and Cybersecurity(20:20) More Companies Going Private Than Public(21:41) Costs and Tradeoffs of Being Public(22:46) Secondary Markets and Access to Top Companies(24:14) Staying Private Longer and CFO Planning(25:29) Keeping the Org Exit-Ready(26:10) The Rise of Private Credit(27:37) Banks vs. Venture Debt After SVB(30:47) Pricing Models Across Chad's CFO Roles(35:47) How to Incentivize Sales Reps Across Pricing Models(43:26) Lessons From Home Depot + Lightning Round—SPONSORS:Mercury is business banking built for builders, giving founders and finance pros a financial stack that actually works together. From sending wires to tracking balances and approving payments, Mercury makes it simple to scale without friction. Join the 200,000+ entrepreneurs who trust Mercury and apply online in minutes at https://www.mercury.comRightRev automates the revenue recognition process from end to end, gives you real-time insights, and ensures ASC 606 / IFRS 15 compliance—all while closing books faster. For RevRec that auditors actually trust, visit https://www.rightrev.com and schedule a demo.Tipalti automates the entire payables process—from onboarding suppliers to executing global payouts—helping finance teams save time, eliminate costly errors, and scale confidently across 200+ countries and 120 currencies. More than 5,000 businesses already trust Tipalti to manage payments with built-in security and tax compliance. Visit https://www.tipalti.com/runthenumbers to learn more.Aleph automates 90% of manual, error-prone busywork, so you can focus on the strategic work you were hired to do. Minimize busywork and maximize impact with the power of a web app, the flexibility of spreadsheets, and the magic of AI. Get a personalised demo at https://www.getaleph.com/runRillet is the AI-native ERP modern finance teams are switching to because it's faster, simpler, and 100% built for how teams operate today. See how fast your team can move. Book a demo at https://www.rillet.com/metricsFidelity Private Shares is the all-in-one equity management platform that keeps your cap table clean, your data room organized, and your equity story clear—so you never risk losing a fundraising round over messy records. Schedule a demo at https://www.fidelityprivateshares.com and mention Mostly Metrics to get 20% off.#CFOInsights #SaaSFinance #CapitalMarkets #IPOReady #RevenueStrategy #GrowthStageCFO This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cjgustafson.substack.com

John Skinner of Vectra AI shares how cyber attackers are democratizing sophisticated attacks using dark web tools, and why AI-powered hybrid defense is now essential for enterprise security.Topics Include:Vectra AI: 13-year-old cybersecurity company founded as "AI native" from day oneBuilt on machine learning assumption while competitors treated AI as afterthoughtGenerative AI represents the latest evolution in their comprehensive AI journeyStarted pairing threat researchers with ML developers to codify attack behaviorsAdded agentic AI in 2018 for correlation across space and timeUses AWS Security Lake, GuardDuty, and recently became AWS Bedrock customerSuccess measured by reducing "dwell time" from initial attack to detectionAchieved 60% faster alerts, 51% faster monitoring, 50% faster investigation timesCustomers should evaluate vendor's data science quality and algorithm training yearsEvolved hybrid defense approach as attacks start anywhere, go everywhereAI handles high-volume correlation while humans focus on analytical decisionsFuture challenge: democratized cyber attacks using readily available dark web toolsParticipants:John Skinner – Vice President Corporate/Business Development, Vectra AIFurther Links:Vectra AI: Website – LinkedIn – AWS Marketplace - YouTubeSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of Unspoken Security, host A.J. Nash sits down with Marley Salveter, Director of Marketing at Unspoken Security. They explore how digital privacy and security awareness look different for younger generations who have grown up in a world where sharing personal data is routine, not a choice. Marley shares her perspective on adapting to life online, where building a personal brand and protecting personal information often overlap for today's professionals.Marley explains how her generation views data privacy as an accepted tradeoff, not a conscious decision, and why traditional corporate security training rarely feels relevant. She discusses the real risks of living in public—how threats feel less urgent until they get personal and why the rapid response of tech platforms can mask the lasting impact of breaches. She and A.J. dig into the challenge of communicating security risks to a connected generation that rarely sees tangible consequences.Together, they reflect on how open conversations bridge generational gaps and why storytelling and relatable dialogue help people internalize security lessons. Marley argues that making security personal is key to lasting change—especially for those building their careers and brands in the public eye.Send us a textSupport the show

professorjrod@gmail.comDive deep into the essential building blocks of secure enterprise networks with Professor J. Rod in this comprehensive exploration of network architecture, security appliances, and remote access solutions.What makes a truly secure organizational network? It's more than just firewalls and fancy equipment—it's thoughtful design, strategic implementation, and layered defenses. We break down how enterprise networks function as digital blueprints, explaining everything from switching topologies to routing infrastructure in accessible terms. You'll understand why proper segmentation matters and how VLANs create logical separation between departments sharing physical resources.Security isn't about building one impenetrable wall anymore. Modern protection requires defense-in-depth with multiple control types across various network zones. We examine critical security appliances including next-generation firewalls, intrusion detection systems, web application firewalls, and load balancers—explaining not just what they do but where they belong in your architecture. You'll learn the difference between Layer 4 and Layer 7 inspection, why proper device placement matters, and how to choose between fail-open and fail-close configurations based on your organizational needs.With remote work now standard, we tackle virtual private networks and secure access solutions that keep distributed teams connected safely. From TLS tunneling to IPsec implementation, SSH management to jump servers, you'll gain practical insights into protecting your extended network perimeter. The episode concludes with CompTIA-style practice questions to test your understanding of key concepts. Whether you're studying for certification or managing enterprise infrastructure, this episode provides the knowledge foundation to build truly resilient network architectures. Subscribe for more in-depth technology explorations that bridge theory and practical application.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

Send us a textIn this episode of Joey Pinz Discipline Conversations, Joey sits down with Jeff Hill of Stellar Cyber to explore how MSPs can strengthen their security posture, grow their businesses, and simplify operations. Recorded live at the MSP Summit in Orlando, Jeff shares candid insights on what keeps MSPs awake at night—from cybersecurity breaches to staffing challenges and competitive growth pressures.Jeff explains how Stellar Cyber's multi-tenancy, unified platform, and AI-driven automation help MSPs deliver enterprise-grade security without added complexity. He emphasizes the importance of choosing the right MSSP partners, understanding compliance and cyber insurance requirements, and leveraging open platforms that integrate seamlessly with existing tools.The conversation also highlights how MSPs can turn security into a revenue generator, not just a cost center, while positioning themselves for long-term success or acquisition. Jeff's core message is clear: simplify, stay open, and create value that differentiates your business.Tune in to learn how Stellar Cyber is helping MSPs find their “diamonds in the rough” and why now is an exciting time in the cybersecurity landscape. 

In this episode of the Global Fresh Series, we sit down with Dave McCary of ZAG Technical Services to explore how cybersecurity and ransomware are reshaping the fresh produce industry. From recent high-profile attacks on produce companies to the hidden vulnerabilities in supply chains, Dave shares why protecting data and operations is just as critical as protecting the crops themselves. We discuss the real costs of downtime, how hackers exploit weaknesses, and the steps growers, shippers, and distributors can take today to safeguard their businesses — and the global food supply — from digital threats.First Class Sponsor: Peak of the Market: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://peakofthemarket.com/⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Premium Sponsor: Zag Technological Services, Inc.: https://www.zagtech.com/ Premium Sponsor: Avocados from Colombia: https://avocadoscolombia.com/ Premium Sponsor: The Fruit & Vegetable Dispute Resolution Corporation: https://fvdrc.com/ Global Women Fresh: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://globalwomenfresh.com/⁠⁠⁠⁠⁠⁠⁠

More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the ManpowerGroup (NYSE: MAN) family of brands, modern technology leaders are walking a tightrope between protecting their organizations and driving innovation in an era of relentless cyber threats and rapid digital transformation. Amanda Jack, CTO at Manpower Group, joins Business Security Weekly to share the finding, including: 77% of organizations plan to increase cybersecurity budgets in 2025, followed by cloud infrastructure (68%) and AI (67%) 76% of IT employers worldwide report difficulty finding skilled tech talent 52% of tech leaders are embedding AI skills into existing roles rather than creating new positions Relationship with the Chief Operating Officer (COO) is identified as the most important C-suite partnership outside IT 56% of IT leaders say senior leadership lacks sufficient knowledge about the CIO role and its responsibilities Segment Resources: https://www.experis.com/en/cio-outlook In the leadership and communications segment, Is Your Board Too Collegial?, Cybersecurity, AI, and Economic Uncertainty: How Internal Audit Teams Are Managing 2025's Top Risks, Burnout in the corporate middle: when leadership becomes an issue, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-415

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability. https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328 Nimbus Manticore / Charming Kitten Malware update Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates. https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/

Show Featured Sponsor: Precision Holsters:These guys have a lifetime, no questioned asked 100% guarantee. They are makers of high-quality holsters, belts, and magazine pouches. Visit them at: Precision Holsters and use code “seekAWS” for a discount.​​ In this episode of the American Warrior Show, Rich Brown is joined by Andrew Frisbie (Practical Cyber Defense) to dig into the threats America faces in cyberspace—and how we must respond.