Podcasts about ddos

If you like what you hear, please subscribe, leave us a review and tell a friend!

Politische Motive statt Geld: Wir sprechen mit einem Ukrainischen Hacker, der DDoS-Attacken auf Regierungsseiten startet und warum er sich selbst nicht als kriminell sieht.

In this episode of Tank Talks, we're joined by Michelle Zatlyn, Co-founder, Co-chair, and President of Cloudflare, a company protecting and powering a major part of global internet traffic. Cloudflare helps businesses stay online, load faster, and block threats before they reach the door.Michelle explains how growing up in Saskatchewan shaped her views on leadership and teamwork, and how that experience still guides her as Cloudflare scales. She shares how a hallway conversation at Harvard became the starting point for the business, how they raised their first round of funding without a product, and why they moved to Silicon Valley during a downturn with no connections.She talks through the pressure of going public, the spike in traffic when COVID hit, and how the team responded when customers suddenly needed help keeping their services running. She also walks through Cloudflare's new AI crawler model, how it gives content owners more control, and why a new business model for the web is overdue.From managing billions of attacks a day to helping publishers keep their content protected, Cloudflare shows what it means to stay reliable when the stakes are high, and Michelle makes it clear that good infrastructure only works if people trust it.We explore:* How do you raise money with no product, no revenue, and no connections?* What happens when a hallway idea becomes core infrastructure for the internet?* What changes when your company goes public six months before a global crisis?* Can creators control how AI models use their content?* What can founders do to make their teams more inclusive without making it performative?* Why $100M-to-$1B is more fun than $0-to-$100MThe Canadian Roots and Early Values of a Tech Founder (00:02:36)* Growing up in Prince Albert, Saskatchewan* How cold winters and community spirit shaped her leadership* From science nerd to Silicon Valley co-founderWhy She Left Medicine for Business (00:06:49)* How a summer research job made her rethink med school* Falling into tech through work in Toronto* Applying to Harvard without knowing how to pay for it* The support from Canadian alumni that made it possibleThe Hallway Conversation That Sparked Cloudflare (00:10:50)* A casual remark turns into a business idea* How she and Matthew Prince turned Project Honeypot into a startup* Using their .edu emails to get early help and access* Getting credit for the project instead of taking another classRaising Money With No Traction (00:20:34)* Moving to Silicon Valley in a U-Haul with no connections* Pitching investors with nothing built* Getting $2M on a $4M pre-money valuation* Why the Valley still bets on early-stage founders with clear ideasHiring, Scaling, and Keeping a Startup Culture (00:24:52)* Going from 20 people to over 4,500* Why they still focus on shipping and momentum* How ownership and trust make the difference* Running fast without losing focusGoing Public, Then COVID Hit (00:28:00)* Why they went public when they did* Customers who once said no came running back* What changed when traffic spiked overnight* How customer demand and product pressure collided* Working through the crisis while remote* What Cloudflare learned under fireCloudflare's AI Crawler Controls (00:40:04)* What's happening with AI scraping content* Why Cloudflare built a way to block or license crawlers* The impact on small content creators* How this fits into wider changes to how the web worksDDoS Attacks and Online Threats (00:48:06)* Stopping 190 billion attacks per day* The evolution of DDoS threats in 2025* Why using modern security tools is non-negotiableMichelle's Vision for the Next 15 Years (00:51:18)* Cloudflare as generational infrastructure* Building the most trusted connectivity cloud* Why Internet infrastructure is as vital as plumbingChampioning Women & Diversity in Tech (00:53:27)* Leading by example* Small asks, big impact: improving referral pipelines* Creating space for underrepresented founders and talentCloudflare has grown into critical internet infrastructure, but Michelle talks about it like a work in progress. The problems are large, but they stay focused on solving them one at a time. Her view is practical: strong teams, clear goals, and ongoing effort.About Michelle ZatlynCo-founder, Co-chair & President of CloudflareOne of the most influential leaders in Internet infrastructure, Michelle is a Canadian-born tech executive known for building and scaling Cloudflare into a global powerhouse. A champion for cybersecurity, innovation, and women in tech, she brings passion and grit to every conversation.Connect with Michelle Zatlyn on LinkedIn: https://www.linkedin.com/in/michellezatlyn/Visit Cloudflare Website: https://www.cloudflare.com/Connect with Matt Cohen on LinkedIn: https://ca.linkedin.com/in/matt-cohen1Visit the Ripple Ventures website: https://www.rippleventures.com/ This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit tanktalks.substack.com

A proactive framework that includes these four steps can help keep your organization safe.Quick Tech TalkWith Steve YossCPE TodayWhether your organization operates out of a small-town office or a global headquarters, cybersecurity threats are a daily reality. Distributed denial-of-service (DDoS) attacks, malware, ransomware, and even simple human error can have devastating consequences. One misdirected email or compromised executive account can trigger financial penalties, regulatory action, and long-term reputational harm. MORE Steve Yoss here | MORE TECH In this episode of Quick Tech Talks, Steve Yoss warns that these risks are not reserved for large corporations. “We all face a wide variety of concerns,” he explains, “and they're avoidable if we actively take a stronger interest in security procedures.”Yoss draws a powerful connection between cybersecurity protocols and traditional internal control frameworks. In his view, “they are two sides of the same coin.” Strong cybersecurity controls not only protect sensitive data but also reinforce the operational integrity of the entire organization.

The Monday Microsegment for the week of August 4th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.A cyberattack shuts down the city of St. Paul — and draws in the National Guard.Spiders and dragons and rats — oh my! U.S. authorities issue new cybersecurity warning.And AI-powered bots are making DDoS attacks almost as easy as cheating on your homework.And John Kindervag joins us for a "Kindervag's Compass" segment. Head to The Zero Trust Hub: hub.illumio.comRegister to attend The Illumio World Tour: https://www.illumio.com/illumio-world-tour

　カゴヤ・ジャパン株式会社は7月30日、同社Webメール「Active!mail」へのDDoS攻撃について発表した。

Хактывісцкая суполка “Кіберпартызаны” здзейсніла чарговую паспяховую публічную аперацыю — беларускія хакеры ў супрацы з украінскімі калегамі паламалі расійскі “Аэрафлот”. І пакуль адны называюць хактывістаў абаронцамі свабоды і справядлівасці, іншыя лічаць хактывізм супярэчлівым феноменам. Гэта звязана з незаконнымі метадамі, якімі карыстаюцца гэтыя групы. Каб дасягнуць сваіх палітычна-сацыяльных мэтаў, хактывісты выкарыстоўваюць DDoS-атакі, крадзеж персанальнай інфармацыі, перанакіраванне трафіка і ўзлом акаўнтаў з дапамогай вірусаў. З добрымі і светлымі мэтамі, але… Як хактывісты становяцца часткай палітычнага супраціву і чым могуць быць карысныя грамадству ў аўтакратыях? Ці ёсць ў адміністрацыі Трампа зацікаўленасць у супрацы з дэмсіламі і вызваленні з лукашэнкаўскіх турмаў як мага большай колькасці вязняў? Ці гатовы Еўрасаюз следам за ЗША пайсці перамоўным трэкам у адносінах з Мінскам і што для гэтага могуць зрабіць дэмсілы? На гэтыя ды іншыя пытанні ў жывым эфіры Еўрарадыё адказвае кіраўніца Цэнтра новых ідэй, дактарантка Універсітэта Карлстада, паліталагіня Леся Руднік

This week's new albums are from Panic Shack | Benjamin Booker | His Lordship.Also: who he play for, VPLs, neurodiverse ranting, it's over for Beeso, overpromising and underdelivering, Brett Suede, dead climbers and deranged bikers, salt and vinegar chips, two wrongs make a wronger wrong, distrusting Substack, revenge of the colonised, Brooklyn Vegan recs, American country slush, Triple J's engagement bait hundred, DDOS'd by normies, go listen to early Sabbath, deleting unnecessary sequels from your head canon, Trey Parker: welcome to the resistance, the Simpsons renaissance noone saw, Tour jerseys, that's in Queensland, Athletic v Defector, going full Merckx, ice cream for dinner, good writing gets you into sports, three weeks of pointlessness and Dame Home Time.Next week we are joined by: NODEGA | Kokoroko | Public Enemy Spotify playlists: 2025 review albums | Playlist archive | Doc and Beeso's 2025 mixtapesThe database: All our review albums and year-end top 5 listsFind us on: Spotify Podcasts | Apple Podcasts | RSS feed for other appsSocials: Beeso on Bluesky | Doc on BlueSky | Pod Facebook | Pod email

On The Digital Executive podcast, Pratik Balar, co-founder and tech lead at NodeOps, shares his vision for how decentralized compute systems are reshaping the future of AI and cloud services. He explains how DPN 2.0—short for Decentralized Physical Infrastructure Networks—offers scalable, cost-effective, and privacy-focused alternatives to traditional cloud computing by leveraging blockchain and global participation. Balar emphasizes that enabling anyone to contribute compute power—such as GPUs or storage—through token incentives can dramatically reduce costs while enhancing performance and resilience. His mission centers on building open, trustless infrastructure that empowers developers without sacrificing reliability, even during challenges like DDoS attacks or cloud outages.Balar also unpacks the technical and philosophical hurdles of building at scale, from maintaining node-to-node connectivity to ensuring data integrity in decentralized environments. He outlines NodeOps' developer-first features, including YAML-based template deployments, an in-browser AI sandbox, and dynamic geographic resource replication—tools that lower the barrier to entry for those new to Web3. With advanced capabilities like port tunneling, RPC APIs, and integrated package managers, NodeOps is focused on simplifying deployment while maintaining high security and performance. Balar believes that decentralization isn't just a technical choice, but a movement toward greater openness, privacy, and global accessibility in cloud infrastructure.Subscribe to the Digital Executive Newsletter for curated strategies, expert perspectives, and industry trends.  Sign up now here.

　国家サイバー統括室（NCO）は7月10日、「被害報告一元化に関するDDoS事案及びランサムウェア事案報告様式」（案）に関する意見の募集について発表した。

Confusion persists over the Microsoft Sharepoint zero-days. CrushFTP confirms a zero-day under active exploitation. The UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australia's financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag Manager. Arizona election officials question CISA following a state portal cyberattack.  Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment guest host ⁠Michael Sikorski⁠ ⁠and Michael Daniel⁠ of the Cyber Threat Alliance (CTA) explore cybersecurity collaboration. A Spyware kingpin wants back in. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, host David Moulton turns the mic over to guest host ⁠Michael Sikorski⁠ and his guest ⁠Michael Daniel⁠ of the Cyber Threat Alliance (CTA) for a deep dive into cybersecurity collaboration. You can hear Michael and Michael's full discussion on Threat Vector ⁠⁠⁠here⁠⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading ToolShell Zero-Day Attacks on SharePoint: First Wave Linked to China, Hit High-Value Targets (SecurityWeek) Microsoft: Windows Server KB5062557 causes cluster, VM issues (Bleeping Computer)  File transfer company CrushFTP warns of zero-day exploit seen in the wild (The Record) UK to lead crackdown on cyber criminals with ransomware measures (GOV.UK) Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims (Infosecurity Magazine) Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks (Infosecurity Magazine) WordPress spam campaign abuses Google Tag Manager scripts (SC Media) After website hack, Arizona election officials unload on Trump's CISA (CyberScoop) Hungarian police arrest suspect in cyberattacks on independent media (The Record) Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Uma série de ataques cibernéticos nos últimos meses acendeu o alerta para a vulnerabilidade da infraestrutura digital do Brasil. Entre os responsáveis, um nome tem ganhado atenção de especialistas e órgãos de segurança: Azael, suposto integrante de um grupo cibercriminoso com atuação no Oriente Médio. No novo episódio do Podcast Canaltech, conversamos com Raphael Tedesco, diretor de negócios da NSFOCUS para a América Latina, para entender o que se sabe até agora sobre os ataques, como funciona o modelo de DDoS-as-a-Service, em que qualquer pessoa pode contratar um ataque por valores baixos, e quais os riscos reais para o país. Este podcast foi roteirizado e apresentado por Fernanda Santos. A trilha sonora é de Guilherme Zomer, a edição de Jully Cruz e a arte da capa é de Erick Teixeira.See omnystudio.com/listener for privacy information.

Sie sollen Kliniken und Ministerien in Sachsen-Anhalt angegriffen haben, auch den Flughafen Dresden. Die Hackergruppe "Noname057(16)" hatte mit DDos-Angriffen versucht, die angegriffenen Systeme zu überlasten.

Got a question or comment? Message us here!Hackers just unleashed the largest DDoS attack in history, peaking at 7.3 Tbps and 4.8 billion packets per second. In just 45 seconds, it pummeled its target with the data equivalent of over 9,000 HD movies, a powerful reminder of how far attack capabilities have evolved.

Referências do EpisódioStable Channel Update for DesktopUnmasking AsyncRAT: Navigating the labyrinth of forksKonfety Returns: Classic Mobile Threat with New Evasion TechniquesHyper-volumetric DDoS attacks skyrocket: Cloudflare's 2025 Q2 DDoS threat reportA summer of security: empowering cyber defenders with AIOracle July 2025 Critical Patch Update Addresses 165 CVEsGLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their AffiliatesRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

In this episode of the Defending The Edge Podcast with DefendEdge, Iran-linked hackers ramp up attacks on U.S. critical infrastructure, with pro-Iranian groups launching DDoS campaigns and targeting industrial systems. Meanwhile, China's Salt Typhoon resurfaces, breaching satellite giant Viasat in a high-stakes espionage campaign. We also break down the leak of 16 billion records, one of the largest breaches ever reported. Join us as we discuss all of these topics and more. 

Epic Games、今度は『フォートナイト』のチート利用・販売者およびDDoS攻撃者に対し永久BANと謝罪動画公開の刑を与える。

　株式会社サイバーウェイブジャパンは7月3日、同社クラウドサービスでの障害について発表した。

Send us a textYou're not Amazon. You don't sell crypto. So why would hackers come for your tiny business website? That's exactly what they're hoping you'll think. In this episode, Mike and Blaine dig into the sneaky (and shockingly common) cyber threats that target small business sites—from stolen card testing to DDoS attacks to rogue plugins from 2012. You'll hear why even “boring” sites get hit, what it costs to clean up, and how to protect your business without hiring a full-time IT department. It's less about paranoia—and more about not getting punked by a bot in Belarus.Don't miss the latest insights and entertaining discussions on entrepreneurship, small business, and random BS. Subscribe, follow, and like Mike and Blaine's "Business, Beer, and BS" and catch every episode! Featured Beer: @altstadtbrewery @blindmanbrewingMike: Altstadt Brewery RadlerBlaine: Blindman Brewing “May Long” DIPAWatch on YouTube: https://youtu.be/C2EN43VBbFwThanks to our Beer Sponsors: • Rachel Barnett from Gentle Frog: youtube.com/@GentleFrog • Karen Hairston from 3S Smart Consulting: 3ssmartconsulting.com• Larry Weinstein, the Cash Flow Cowboy in Houston Texas!• Neighbor Pat• DevinListen to all our episodes at mikeandblaine.comcashflowmike.comdryrun.com#mikeandblaine #smallbusines #cashflow #finance #beer #entrepreneur #craftbeerSupport the showCatch more episodes, see our sponsors and get in touch at https://mikeandblaine.com/

If you like what you hear, please subscribe, leave us a review and tell a friend!

This week we talk about crawling, scraping, and DDoS attacks.We also discuss Cloudflare, the AI gold rush, and automated robots.Recommended Book: Annie Bot by Sierra GreerTranscriptAlongside the many, and at times quite significant political happenings, the many, and at times quite significant military conflicts, and the many, at times quite significant technological breakthroughs—medical and otherwise—flooding the news these days, there's also a whole lot happening in the world of AI, in part because this facet of the tech sector is booming, and in part because while still unproven in many spaces, and still outright flubbing in others, this category of technology is already having a massive impact on pretty much everything, in some cases for the better, in some for the worse, and in some for better and worse, depending on your perspective.Dis- and misinformation, for instance, is a bajillion times easier to create, distribute, and amplify, and the fake images and videos and audio being shared, alongside all the text that seems to be from legit people, but which may in fact be the product of AI run by malicious actors somewhere, is increasingly convincing and difficult to distinguish from real-deal versions of the same.There's also a lot more of it, and the ability to very rapidly create pretty convincing stuff, and to very rapidly flood all available communication channels with that stuff, is fundamental to AI's impact in many spaces, not just the world of propaganda and misinformation. At times quantity has a quality all of its own, and that very much seems to be the case for AI-generated content as a whole.Other AI- and AI-adjacent tools are being used by corporations to improve efficiency, in some cases helping automated systems like warehouse robots assist humans in sorting and packaging and otherwise getting stuff ready to be shipped, as is the case with Amazon, which is almost to the point that they'll have more robots in their various facilities than human beings. Amazon robots are currently assisting with about 75% of all the company's global deliveries, and a lot of the menial, repetitive tasks human workers would have previously done are now being accomplished by robotics systems they've introduced to their shipping chain.Of course, not everyone is thrilled about this turn of events: while it's arguably wonderful that robots are being subbed-in for human workers who would previously have had to engage in the sorts of repetitive, physical tasks that can lead to chronic physical issues, in many cases this seems to be a positive side-benefit of a larger effort to phase-out workers whenever possible, saving the company money over time by employing fewer people.If you can employ 100 people using robots instead of 1000 people sans-robots, depending on the cost of operation for those robots, that might save you money because each person, augmented by the efforts of the robots, will be able to do a lot more work and thus provide more value for the company. Sometimes this means those remaining employees will be paid more, because they'll be doing more highly skilled labor, working with those bots, but not always.This is a component of this shift that for a long while CEOs were dancing around, not wanting to spook their existing workforce or lose their employees before their new robot foundation was in place, but it's increasingly something they're saying out loud, on investor calls and in the press, because making these sorts of moves are considered to be good for a company's outlook: they're being brave and looking toward a future where fewer human employees will be necessary, which implies their stock might be currently undervalued, because the potential savings are substantial, at least in theory.And it is a lot of theory at this point: there's good reason to believe that theory is true, at least to some degree, but we're at the very beginning phases of this seeming transition, and many companies that jumped too quickly and fired too many people found themselves having to hire them back, in some cases at great expense, because their production faltered under the weight of inferior automated, often AI-driven alternatives.Many of these tools simply aren't as reliable as human employees yet. And while they will almost certainly continue to become more powerful and capable—a recent estimate suggested that the current wave of large-language-model-based AI systems, for instance, are doubling in power every 7 months or so, which is wild—speculations about what that will mean, and whether that trend can continue, vary substantially, depending on who you talk to.Something we can say with relative certainty right now, though, is that most of these models, the LLM ones, at least, not the robot-driving ones, were built using content that was gathered and used in a manner that currently exists in a legal gray area: it was scraped and amalgamated by these systems so that they could be trained on a corpus of just a silly volume of human output, much of that output copyrighted or otherwise theoretically not-useable for this purpose.What I'd like to talk about today is a new approach to dealing with the potentially illegal scraping of copyrighted information by and for these systems, and a proposed new pricing scheme that could allow the creators of the content being scraped in this way to make some money from it.—Web scraping refers to the large-scale crawling of websites and collection of data from those websites.There are a number of methods for achieving this, including just manually visiting a bunch of websites and copying and pasting all the content from those sites into a file on your computer. But the large-scale version of that is something many companies, including entities like Google, do, and for various purposes: Google crawls the web to map it, basically, and then applies all sorts of algorithms and filters in order to build their search results. Other entities crawl the web to gather data, to figure out connections between different sorts of sites, and/or to price ads they sell on their own network of sites or the products they sell, and which they'd like to sell for a slightly lower price than their competition.Web scraping can be done neutrally, then, your website scraped by Google so it can add your site to its search results, the data it collects telling its algorithms where you should be in those results based on keywords and who links to your site and other such things, but it can also be done maliciously: maybe someone wants to duplicate your website and use it to get unsuspecting victims to install malware on their devices. Or maybe someone wants to steal your output: your writings, your flight pricing data, and so on.If you don't want these automated web-scrapers to use your data, or to access some portion or all of your site, you can put a file called robots.txt in your site's directory, and the honorable scrapers will respect that request: the googles of the world, for instance, have built their scrapers so that they look for a robots.txt file and read its contents before mapping out your website structure and soaking up your content to decide where to put you in their search results.Not all scrapers respect this request: the robots.txt standard relies on voluntary compliance. There's nothing forcing any scraper, or the folks running these scrapers, to look for or honor these files and what they contain.That said, we've reached a moment at which many scrapers are not just looking for keywords and linkbacks, but also looking to grab basically everything on a website so that the folks running the scrapers can ingest those images and that writing and anything else that's legible to their software into the AI systems they're training.As a result, many of these systems were trained on content that is copyrighted, that's owned by the folks who wrote or designed or photographed it, and that's created a legal quagmire that court systems around the world are still muddling through.There have been calls to update the robots.txt standard to make it clear what sorts of content can be scraped for AI-training purposes and what cannot, but the non-compulsory, not-legally-backed nature of such requests seem to make robots.txt an insufficient vehicle for this sort of endeavor: the land-grab, gold-rush nature of the AI industry right now suggests that most companies would not honor these requests, because it's generally understood that they're all trying to produce the most powerful AI possible as fast as possible, hoping to be at or near the top before the inevitable shakeout moment at which point most of these companies will go bankrupt or otherwise cease to exist.That's important context for understanding a recent announcement by internet infrastructure company Cloudflare, that said they would be introducing something along the lines of an enforceable robots.txt file for their customers called pay per crawl.Cloudflare is US-based company that provides all sorts of services, from domain registration to firewalls, but they're probably best known for their web security services, including their ability to block DDoS, or distributed denial of service attacks, where a hacker or other malicious actor will lash a bunch of devices they've compromised, through malware or otherwise, together, into what's called a botnet, and use those devices to send a bunch of traffic to a website or other web-based entity all at once.This can result in so much traffic, think millions or billions of visits per second—a recent attack that Cloudflare successfully ameliorated sent 7.3 terabytes per second against one of their customers, for instance—it can result in so much traffic that the targeted website becomes inaccessible, sometimes for long periods of time.So Cloudflare provides a service where they're basically like a firewall between a website and the web, and when something like a DDoS attack happens, Cloudflare's services go into action and the targeted website stays up, rather than being taken down.As a result of this and similarly useful offerings, Cloudflare security services are used by more than 19% of all websites on the internet, which is an absolutely stunning figure considering how big the web is these days—there are an estimated 1.12 billion websites, around 200 million of which are estimated to be active as of Q1 2025.All that said, Cloudflare recently announced a new service, called pay per crawl, that would use that same general principle of putting themselves between the customer and the web to actively block AI web scrapers that want to scrape the customer's content, unless the customer gives permission for them to do so.Customers can turn this service on or off, but they can also set a price for scraping their content—a paywall for automated web-scrapers and the AI companies running them, basically.The nature of these payments is currently up in the air, and it could be that content creators and owners, from an individual blogger to the New York Times, only earn something like a penny per crawl, which could add up to a lot of money for the Times but only be a small pile of pennies for the blogger.It could also be that AI companies don't play ball with Cloudflare and instead they do what many tech analysts expect them to do: they come up with ways to get around Cloudflare's wall, and then Cloudflare makes the wall taller, the tech companies build taller ladders, and that process just spirals ad infinitum.This isn't a new idea, and the monetization aspect of it is predicated on some early web conceptions of how micropayments might work.It's also not entirely clear whether the business model would make sense for anyone: the AI companies have long complained they would go out of business if they had to pay anything at all for the content they're using to train their AI models, big companies like the New York Times face possible extinction if everything they pay a lot of money to produce is just grabbed by AI as soon as it goes live, those AI companies making money from that content they paid nothing to make, and individual makers-of-things face similar issues as the Times, but without the leverage to make deals with individual AI companies, like the Times has.It also seems that AI chatbots are beginning to replace traditional search engines, so it's possible that anyone who uses this sort of wall will be excluded from the search of the future. Those whose content is gobbled up and used without payment will be increasingly visible, their ideas and products and so on more likely to pop up in AI-based search results, while those who put up a wall may be less visible; so there's a big potential trade-off there for anyone who decides to use this kind of paywall, especially if all the big AI companies don't buy into it.Like everything related to AI right now, then, this is a wild west space, and it's not at all clear which concepts will win out and become the new default, and which will disappear almost as soon as they're proposed.It's also not clear if and when the larger economic forces underpinning the AI gold rush will collapse, leaving just a few big players standing and the rest imploding, Dotcom Bubble style, which could, in turn, completely undo any defaults that are established in the lead-up to that moment, and could make some monetization approaches no longer feasible, while others, including possibly paywalls and micropayments, suddenly more thinkable and even desirable.Show Noteshttps://www.wired.com/story/pro-russia-disinformation-campaign-free-ai-tools/https://www.wsj.com/tech/amazon-warehouse-robots-automation-942b814fhttps://www.wsj.com/tech/ai/ai-white-collar-job-loss-b9856259https://w3techs.com/technologies/details/cn-cloudflarehttps://www.demandsage.com/website-statistics/https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/https://en.wikipedia.org/wiki/Web_scrapinghttps://en.wikipedia.org/wiki/Robots.txthttps://developers.cloudflare.com/ai-audit/features/pay-per-crawl/use-pay-per-crawl-as-site-owner/set-a-pay-per-crawl-price/https://techcrunch.com/2025/07/01/cloudflare-launches-a-marketplace-that-lets-websites-charge-ai-bots-for-scraping/https://www.nytimes.com/2025/07/01/technology/cloudflare-ai-data.htmlhttps://creativecommons.org/2025/06/25/introducing-cc-signals-a-new-social-contract-for-the-age-of-ai/https://arstechnica.com/tech-policy/2025/07/pay-up-or-stop-scraping-cloudflare-program-charges-bots-for-each-crawl/https://www.cloudflare.com/paypercrawl-signup/https://www.cloudflare.com/press-releases/2025/cloudflare-just-changed-how-ai-crawlers-scrape-the-internet-at-large/https://digitalwonderlab.com/blog/the-ai-paywall-era-a-turning-point-for-publishers-or-just-another-cat-and-mouse-game This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

In this rollercoaster episode of Beyond the Code, Yitzy Hammer sits down with Samuel Cardillo to uncover the jaw-dropping journey of a self-taught prodigy who went from selling computer viruses at age 9 to co-founding RTFKT, the NFT sneaker company acquired by Nike.What starts with microphone troubles quickly spirals into a high-speed chronicle of early cybercrime, international arrests, military service in the IDF, intelligence ventures, and creating some of the most iconic digital fashion drops in Web3 history.Samuel pulls no punches as he walks us through:His childhood hacking days and getting arrested at 14 after a televised DDoS stunt;The rise and grind of RTFKT, building CloneX with Takashi Murakami, and managing NFT chaos;What it really took to land the Nike acquisition—and the stress that came with it;His work in satellite intelligence and geospatial analytics via ShadowBreak;The surprising backstory of being married to a UAE princess and his unlikely reserve role in the L.A. Sheriff's Department;Brutally honest political takes on Israel, Gaza, and Middle East diplomacy;Why storytelling, utility, and community—not just speculation—must define the next era of NFTs.A fast-paced, unfiltered episode packed with wild stories, ethical questions, and deep tech reflections.

Big thanks to Radware for sponsoring this video and sharing technical insights with us! David Bombal talks with Michael Geller (Radware) and Tim Sherman (Cisco) about how smart devices like fridges, cars, and cameras are being hijacked for DDoS attacks. They explain Web DDoS, encrypted Layer 7 threats, and how attackers bypass traditional firewalls. The discussion covers IoT botnets, API abuse, 5G core vulnerabilities, and how Cisco and Radware are defending cloud and edge infrastructure. // Radware's SOCIALS // X: https://x.com/radware LinkedIn: / posts Website: https://www.radware.com/ // Web page REFERENCE // http://livethreatmap.radware.com https://www.radware.com/security/ddos... https://www.radware.com/solutions/web... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: https://open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: https://podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Your Firewall Won't Save You From This Stop Is Your Car Launching Cyberattacks Your Home Appliances Weaponized by Cybercriminals DDoS Just Got Smarter Layer 7 Is Nightmare How Default Bots Cripple Hospitals and Systems Electric Cars Under Siege from Smart Devices Cybersecurity Blind Spot Your Car Is Compromised The Hidden Threat Everyday Devices Hacked Now Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

An historic data breach that wasn't. Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha Manakin combines clever social engineering with custom-built malware. The Godfather Android trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian information warfare is targeted in a sophisticated spear phishing campaign. A federal judge dismisses a lawsuit against CrowdStrike filed by airline passengers. Banana Squad disguises malicious code as legitimate open-source software. The U.S. Justice Department wants to seize over $225 million in cryptocurrency linked to romance and investment scams.  Ben Yelin explains the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged DOGE misconduct. This one weird audio trick leaves AI scam calls speechless. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined Ben Yelin, co host of Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, discussing the recent Oversight Committee request for Microsoft to hand over GitHub logs related to alleged misconduct by Elon Musk's "Department of Government Efficiency" (DOGE). You can learn more here. Selected Reading No, the 16 billion credentials leak is not a new data breach (Bleeping Computer) Aflac says it stopped ransomware attack launched by ‘sophisticated cybercrime group' (The Record) Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider (SecurityWeek) New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack (Hackread) Godfather Android Trojan Creates Sandbox on Infected Devices (SecurityWeek) Russia Expert Falls Prey to Elite Hackers Disguised as US Officials (Infosecurity Magazine) Judge Axes Flight Disruption Suit Tied to CrowdStrike Outage (GovInfo Security) Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories (Hackread) DOJ moves to seize $225 million in crypto stolen by scammers (The Record) Boffins devise voice-altering tech to jam 'vishing' ploys (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com How do you defend your website against an attack that can reach one hundred million requests a second? The federal government is in an unusual position: in addition to the "garden variety" attacks, such as phishing and ransomware, it is also subject to political attacks with a specific agenda. Ostensibly, they do not have financial motivation; their motivation is a political statement. Welcome to hacktivism. The tool they use is a tried-and-true, good, old-fashioned Distributed Denial of Service (DDoS) attack. If you consult your history books and shake off the dust, you will find that the first DDoS attack was recognized in 1996. Advances in cloud computing and AI have been a force multiplier for malicious actors to shut down websites. In the past, the attacker would remain anonymous; not today. Today's hacktivist often claims responsibility for the attack and publicize their demands. It has gotten to the point where DDoS attacks are available to consumers as DDoS-as-a-service. Pascal Geenes has authored an article about a particularly nasty DDoS attack, appropriately called "DieNet."  It attempts to instill doubt and chaos in a federal site. What is the defense? Pascal Geenes has identified vulnerabilities in APIs as a key attack vector. Many federal agencies are not aware of their API inventory. It is possible to scan a federal site, identify a flaw in an unused API, and leverage that knowledge to launch a DDoS attack. Radware's solutions, including AI-driven security, help mitigate these attacks quickly, reducing the mean time to resolution (MTTR). Heenan emphasizes the importance of being initiative-taking in cybersecurity. = = =

If you like what you hear, please subscribe, leave us a review and tell a friend!

Ever wonder what a developer really does at a tech startup? In this episode, we break down a full week—from scattered meetings and deep work to deployments, sprint planning, and handling the chaos of outages and DDoS attacks. Get a behind-the-scenes look at balancing coding, team support, and product planning in a fast-moving environment. Show Notes: https://www.htmlallthethings.com/podcasts/week-in-the-life-of-a-developer-at-a-tech-startup Use our affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

Eind april was NRC doelwit van een intense DDoS-aanval. De website was urenlang nauwelijks te bereiken. Redacteur Rik Wassens bestudeerde het logbestand met 83 miljoen regels. Zaten de Russen erachter? Of tóch China?Gast: Rik WassensPresentatie: Bram EndedijkRedactie: Iddo HavingaMontage & sounddesign: Jeroen JaspersEindredactie: Tessa Colen & Anna KorterinkCoördinatie: Elze van DrielProductie: Andrea HuntjensHeb je vragen, suggesties of ideeën over onze journalistiek? Mail dan naar onze redactie via podcast@nrc.nl.Zie het privacybeleid op https://art19.com/privacy en de privacyverklaring van Californië op https://art19.com/privacy#do-not-sell-my-info.

SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is  Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt's conversation here. Selected Reading Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity) DDoS incident disrupts internet for thousands in Moscow (The Record) Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com) Australian ransomware victims now must tell the government if they pay up (The Record) New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News) Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity) UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News) CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News) Trump Taps Palantir to Compile Data on Americans (The New York Times) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Real-time DDoS protection is more crucial than ever, and Corero Network Security (LSE: CNS) (OTCQX: DDOSF) is leading the charge! Michael Honeycutt, Product Marketing Manager, and Michael Powell, Sales Engineer, joined us live on JSA TV from Metro Connect USA to discuss how Corero is protecting critical services from attacks and using AI to stay ahead of evolving threats.

摘要 一， 5月20日，川普親身前往國會山莊，跟共和黨議員舉行閉門會議，催促共和黨人團結合力通過他所推動、稱為《大美法案》的預算開支法案，但在會後，共和黨內部仍然意見分歧。 不過，第二天，美國眾議院議長Mike Johnson表示，共和黨已就提高州與地方稅 (SALT) 扣除額上限達成協議，預計將目前的 1 萬美元上限提高至 4 萬美元，為川普第二任期稅改方案掃除一項主要障礙。 消息曝光，道瓊工業指數開盤下挫360點或0.84%，標準普爾500指數下跌0.5%，那斯達克綜合指數下跌0.34%。30年期公債殖利率交易價格約為5.09%，觸及2023年10月以來的最高水準，指標10年期公債殖利率交易價格為4.59%。事實上，這項法案文本堂堂1,000多頁，核心內容是延長川普第一任在2017年通過的減稅案，另外添加新的減稅措施，亦即他2024年競選總統的政見。 但眾議院規則委員會民主黨領袖Jim McGovern公開批評共和黨人選擇在凌晨1點召開小組會議，就是偷雞摸狗見不得人。 二， 最近幾年，在台灣投資詐騙日益猖獗，越來越多名人成為了詐騙廣告的最大受害者，全球最大的社群媒體平台臉書（Facebook）更是充斥著各種似是而非的虛假貼文，讓人防不勝防。 今年年初，趨勢科技發佈一個《節慶期間網路詐騙調查》指出，台灣有近八成受訪者看過節慶相關的網路詐騙，有62%曾上網搜尋以確認是否為詐騙，但整體受訪者卻仍有四分之一曾落入節慶相關的網路詐騙陷阱，比率遠高於美國、澳洲、新加坡地區，全民的戒備防守仍須再強化。 過去一年全球跨國執法行動有不少斬獲，像是歐洲刑警組織（Europol）與全球15國執法單位通力合作，一口氣關閉27個DDoS租用平台，或是國際刑警組織（Interpol）與40個國家及地區的執法單位聯手，逮捕超過5,500名從事金融犯罪的嫌犯並沒收不法所得。而對於專門提供作案工具買賣的網站，最近也有進展。 我們應該怎麼看待這個禁也禁不了的現象，最近西方世界的法律動作也越來越大，怎麼解讀？ Powered by Firstory Hosting

In this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web. The company decided not to pay the ransom, adhering to law enforcement guidance and sanctions laws. A shocking case in New York follows, involving a crypto investor charged with kidnapping and torturing a man to obtain his Bitcoin wallet password. The next segment highlights a record-setting DDoS botnet, Aisuru, which performed a test attack that peaked at 6.3 terabits per second, posing a disproportionate threat to online retailers. The final story covers Microsoft's controversial AI feature, Recall, which takes screenshots every three seconds and raises significant privacy concerns. The episode underscores the growing need for robust cybersecurity measures and effective legislation. 00:00 Introduction and Headlines 00:30 Nova Scotia Power Ransomware Attack 02:57 Ransomware Trends and Statistics 03:51 Operation End Game: A Global Win Against Ransomware 04:25 Crypto Investor's Shocking Crime 05:57 Record-Breaking DDoS Botnet 07:36 Microsoft's Controversial AI Feature Recall 09:10 Conclusion and Sign-Off

Step inside AWS's cutting-edge approach to network protection with AWS VP and Distinguished Engineer Tom Scholl. In this eye-opening conversation, discover how threat detection tools like MadPot are helping AWS identify and disrupt DDoS-as-a-service providers who sell attack capabilities on the dark web. Scholl reveals how AWS's massive network scale provides unique insights into emerging threats, enabling proactive security measures and even the take down of criminal organizations like Anonymous Sudan. He also discusses AWS's approach to seamless security integration and the importance of implementing strong "front door" security measures to reinforce potential entry points in your network. This conversation is a must-watch for CISOs and security leaders looking to enhance their cloud security posture in 2025 and beyond.

Cybersecurity Evolution:Cybersecurity has evolved from early academic and hobbyist roots—like 1970s viruses and 1980s ransomware—to defending against today's state-sponsored attacks, data breaches, and AI-driven threats. Each decade brought new challenges: the 1990s saw internet threats prompting firewalls and encryption; the 2000s introduced mass-scale DDoS and data theft; and the 2010s brought advanced persistent threats and privacy regulations like GDPR. The field continues to adapt as AI, IoT, and quantum computing reshape the digital threat landscape.Undocumented Tech in Solar Inverters:Chinese-made solar inverters installed in U.S. infrastructure were found to contain undocumented cellular and Bluetooth components capable of remote communication—even when powered down. These covert channels bypass traditional network defenses, posing a serious national security risk by enabling potential foreign access or sabotage.Microsoft Teams and Student Biometric Data:In NSW schools, Microsoft Teams collected student voice and facial biometrics without consent, triggering privacy concerns. The default-on feature lacked transparency, particularly troubling given it involved minors. Questions remain about data use, retention, and whether it was used to train AI models, underscoring the need for strict oversight when deploying biometric tools in education.AI Model Self-Replication Risks:Chinese researchers demonstrated that large language models could autonomously replicate themselves—without human input—crossing a key AI safety boundary. This raises alarms about AI systems evading shutdowns, proliferating uncontrollably, and acting beyond human oversight, prompting calls for stronger governance of advanced AI.MIT AI Paper Retraction:MIT requested the withdrawal of a high-profile AI research paper after discovering issues with the study's data integrity. Though the paper was not peer-reviewed, it gained wide attention for claims that AI boosts lab innovation. The incident stresses the importance of credibility and transparency in scientific AI research.Chrome Blocks Admin-Level Launches:Google Chrome now blocks launches with administrator privileges on Windows, automatically restarting with standard user rights. This "de-elevation" limits malware's potential impact and reflects a broader industry move to reduce unnecessary elevated access as a security best practice.Montana's New Privacy Law:Montana passed a first-of-its-kind law banning law enforcement from buying personal data from brokers when a warrant would otherwise be required. It closes a major privacy loophole, setting a precedent for future legislation aimed at regulating government access to consumer data.Fraud Targeting Death Row Inmates:Identity thieves are exploiting death row inmates in Texas to commit "bust-out fraud," using their identities to build credit, open businesses, and steal up to $100K before detection. The scheme exposes major flaws in identity verification systems—even for individuals under heavy confinement.

A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing campaign rerouted employee paychecks. Atlassian patches multiple high-severity vulnerabilities. A Wisconsin telecom provider confirms a cyberattack caused a week-long outage.  VMware issues a Security Advisory addressing multiple high-risk vulnerabilities.  Prosecutors say a 19-year-old student from Massachusetts will plead guilty to hacking PowerSchool. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, discussing deliberate simplicity of fundamental controls around zero trust. Oversharing your call location data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, today we are joined by Rob Allen, Chief Product Officer at ThreatLocker from RSAC 2025. Rob is discussing the deliberate simplicity of fundamental controls around zero trust. Token theft and phishing attacks bypass traditional MFA protections, letting attackers impersonate users and access critical SaaS platforms — without needing passwords. Listen to Rob's interview here. Learn more from the ThreatLocker team here. Selected Reading Russian GRU Targeting Western Logistics Entities and Technology Companies ( CISA) Ransomware attack disrupts Kettering Health Network in Ohio (Beyond Machines) America's CFPB bins proposed data broker crackdown (The Register) Krebs on Security hit by 'test run' DDoS attack that peaked at 6.3 terabits of data per second (Metacurity) SEO poisoning campaign swipes direct deposits from employees (SC Media) Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server (Cybersecurity News) Cellcom Service Disruption Caused by Cyberattack (SecurityWeek) VMware releases patches for security flaws in multiple virtualization products (Beyond Machines) Massachusetts man will plead guilty in PowerSchool hack case (CyberScoop) O2 VoLTE: locating any customer with a phone call  (Mast Database) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the podcast, the hosts discuss the emergence of a new botnet that is launching targeted DDoS attacks on the gaming industry. They explore the implications of these attacks, particularly focusing on the financial impact on both large and small gaming companies. The conversation highlights the sophistication of the botnet and the challenges smaller companies face in maintaining security. The hosts also emphasize the importance of understanding the broader implications of cybersecurity threats in the gaming sector. Article: New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html?m=1&fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExd2s2TnlNUWRkR24yNWFjdwEeo0zY934IpcUzdKz3zxJeQKcubB42gZUNAyR75WHTYHPpR3T3ulCyZBo6cGw_aem_NZKTa-tbuk1AHhuSAo73jg Please LISTEN

Idag gästas vi av den svenska tech-doldisen Artur Bergman som är grundare av Fastly - ett av världens mest inflytelserika CDN-bolag.

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube. Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET's birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer's computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti

Episode SummaryJeremy Snyder is the co-founder and CEO of FireTail, a company that enables organizations to adopt AI safely without sacrificing speed or innovation. In this conversation, Jeremy shares his deep expertise in API and AI security, highlighting the second wave of cloud adoption and his pivotal experiences at AWS during key moments in its growth from startup onwards.Show NotesIn this episode of The Secure Developer, host Danny Allan sits down with Jeremy Snyder, the Co-founder and CEO of FireTail, to unravel the complexities of API security and explore its critical intersection with the burgeoning field of Artificial Intelligence. Jeremy brings a wealth of experience, tracing his journey from early days in computational linguistics and IT infrastructure, through a pivotal period at AWS during its startup phase, to eventually co-founding FireTail to address the escalating challenges in API security driven by modern, decoupled software architectures.The conversation dives deep into the common pitfalls and crucial best practices for securing APIs. Jeremy clearly distinguishes between authentication (verifying identity) and authorization (defining permissions), emphasizing that failures in authorization are a leading cause of API-related data breaches. He sheds light on vulnerabilities like Broken Object-Level Authorization (BOLA), explaining how seemingly innocuous practices like using sequential integer IDs can expose entire datasets if server-side checks are missed. The discussion also touches on the discoverability of backend APIs and the persistent challenges surrounding multi-factor authentication, including the human element in security weaknesses like SIM swapping.Looking at current trends, Jeremy shares insights from FireTail's ongoing research, including their annual "State of API Security" report, which has uncovered novel attack vectors such as attempts to deploy malware via API calls. A significant portion of the discussion focuses on the new frontier of AI security, where APIs serve as the primary conduit for interaction—and potential exploitation. Jeremy details how AI systems and LLM integrations introduce new risks, citing a real-world example of how a vulnerability in an AI's web crawler API could be leveraged for DDoS attacks. He speculates on the future evolution of APIs, suggesting that technologies like GraphQL might become more prevalent to accommodate the non-deterministic and data-hungry nature of AI agents. Despite the evolving threats, Jeremy concludes with an optimistic view, noting that the gap between business adoption of new technologies and security teams' responses is encouragingly shrinking, leading to more proactive and integrated security practices.LinksFireTailRapid7Snyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Europol shuts down six DDoS-for-hire services used in global attacks CrowdStrike says it will lay off 500 workers Passkeys set to protect GOV.UK accounts against cyber-attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

This is the Catch Up on 3 Things by The Indian Express and I am Ichha Sharma.Today is the 7th of May and here are the headlines.In a decisive military action, India launched "Operation Sindoor" in the early hours today, executing precision strikes on nine terrorist camps located in Pakistan and Pakistan-occupied Kashmir (PoK). This operation was a direct response to the April 22 Pahalgam terror attack, which resulted in the deaths of 26 Indian tourists. During a press briefing in New Delhi, Foreign Secretary Vikram Misri, Colonel Sofiya Qureshi, and Wing Commander Vyomika Singh detailed the operation's objectives and outcomes. They confirmed the destruction of camps associated with notorious terrorists Ajmal Kasab and David Headley. The strikes were meticulously planned to avoid civilian casualties, utilizing advanced weaponry and precision-guided munitions. Targets were carefully selected to dismantle terrorist infrastructure while sparing Pakistani military installations, underscoring India's intent to avoid escalation.Colonel Qureshi emphasised that the operation aimed to deliver justice to the victims of the Pahalgam attack and their families. Wing Commander Singh highlighted the use of "niche technology weapons" to ensure that only intended targets were neutralized, minimizing collateral damage. In the wake of the operation, Pakistan has condemned the strikes as an "act of war," claiming civilian casualties and asserting that Indian military aircraft were downed—a claim not corroborated by India. The situation has led to heightened tensions along the Line of Control, with reports of cross-border shelling and civilian casualties on both sides. The cross-border shelling by Pakistani forces has claimed at least nine civilians lives and 38 injured in Jammu and Kashmir today. The international community, including the United Nations, has expressed concern and urged both nations to exercise restraint to prevent further escalation.The ministries of IT and Information and Broadcasting are “constantly monitoring” content being uploaded to social media platforms for misleading content related to the aftermath of ‘Operation Sindoor' to issue takedown orders, and have sensitised social media platforms to block any content that is unlawful, a senior government official told The Indian Express. Agencies and organisations which are in charge of India's critical infrastructure, such as the Power Ministry, financial institutions including banks, and telecom operators are also on “high alert” after having faced a number of cyber attacks following the Pahalgam terror attack last month. “There have been some DDoS attacks on some infrastructure, but we have contained them. Now we are on high alert because such attempts will certainly be made,” the official said. A DDoS (Distributed Denial of Service) attack is a cyberattack where an attacker overwhelms a website, server, or network with malicious traffic from multiple sources, making it slow or inaccessible to legitimate users.India conducted a nationwide civil defence exercise, codenamed 'Operation Abhyas,' across 244 districts. This large-scale mock drill, organized by the Ministry of Home Affairs and coordinated by the National Disaster Management Authority, aimed to bolster emergency preparedness amid escalating tensions with Pakistan following the Pahalgam terror attack. The drills simulated various hostile scenarios, including air raids with siren activations, blackout procedures, urban fire emergencies, search and rescue operations, casualty evacuations, and the establishment of temporary hospitals. Major cities such as Delhi, Mumbai, Chennai, Kolkata, Hyderabad, and Pune participated, with specific activities like a 10-minute blackout observed in Haryana and siren activations in Delhi's 11 districts.Cardinals from around the world will begin casting their votes for a new pope under Michelangelo's The Last Judgment as 133 cardinals would begin their secretive and centuries old ritual to elect the successor of Pope Francis, who passed away on April 21. The conclave to select the new pope will begin behind the closed doors of the Sistine Chapel today afternoon as cardinals from 70 countries will be secluded, their cellphones surrendered and airwaves around the Vatican jammed in order to find the next leader of the 1.4-billion-member Catholic Church. Ahead of the Papal Conclave, a few names have propped up who are being seen as favourites to succeed Pope Francis, namely Italian Cardinal Pietro Parolin, Filipino Cardinal Luis Antonio Tagle, Hungarian Cardinal Peter Erdo among others. The uncertainty over the level of support for any one cardinal amongst the 133 cardinal electors suggests that it is one of the most wide-open conclaves in history.

At RSAC Conference 2025, Rupesh Chokshi, Senior Vice President and General Manager of the Application Security Group at Akamai, joined ITSPmagazine to share critical insights into the dual role AI is playing in cybersecurity today—and what Akamai is doing about it.Chokshi lays out the landscape with clarity: while AI is unlocking powerful new capabilities for defenders, it's also accelerating innovation for attackers. From bot mitigation and behavioral DDoS to adaptive security engines, Akamai has used machine learning for over a decade to enhance protection, but the scale and complexity of threats have entered a new era.The API and Web Application Threat SurgeReferencing Akamai's latest State of the Internet report, Chokshi cites a 33% year-over-year rise in web application and API attacks—topping 311 billion threats. More than 150 billion of these were API-related. The reason is simple: APIs are the backbone of modern applications, yet many organizations lack visibility into how many they have or where they're exposed. Shadow and zombie APIs are quietly expanding attack surfaces without sufficient monitoring or defense.Chokshi shares that in early customer discovery sessions, organizations often uncover tens of thousands of APIs they weren't actively tracking—making them easy targets for business logic abuse, credential theft, and data exfiltration.Introducing Akamai's Firewall for AIAkamai is addressing another critical gap with the launch of its new Firewall for AI. Designed for both internal and customer-facing generative AI applications, this solution focuses on securing runtime environments. It detects and blocks issues like prompt injection, PII leakage, and toxic language using scalable, automated analysis at the edge—reducing friction for deployment while enhancing visibility and governance.In early testing, Akamai found that 6% of traffic to a single LLM-based customer chatbot involved suspicious activity. That volume—within just 100,000 requests—highlights the urgency of runtime protections for AI workloads.Enabling Security LeadershipChokshi emphasizes that modern security teams must engage collaboratively with business and data teams. As AI adoption outpaces security budgets, CISOs are looking for trusted, easy-to-deploy solutions that enable—not hinder—innovation. Akamai's goal: deliver scalable protections with minimal disruption, while helping security leaders shoulder the growing burden of AI risk.Learn more about Akamai: https://itspm.ag/akamailbwcNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, rupesh chokshi, akamai, rsac, ai, security, cisos, api, firewall, llm, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Threat Hunting Workshop: Hunting for Execution - Level 2 May 14, 2025 | 12:00 - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-workshop-15-hunting-for-execution-level-2 ---------- Top Headlines: Netcraft | Darcula-Suite Adds AI: Phishing Kits Now More Accessible CYFIRMA | Technical Malware Analysis Report: Python-based RAT Malware Google Cloud Blog | Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog The Cloudflare Blog | Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare's 2025 Q1 DDoS Threat Report ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In episode 133 of Cybersecurity Where You Are, Sean Atkinson is joined by Lauren McFayden, Threat Intelligence Analyst at the Center for Internet Security® (CIS®). Together, they discuss the Distributed Denial of Service (DDoS) hacktivism of DieNet and how the group continues to evolve its Tactics, Techniques, and Procedures (TTPs). Here are some highlights from our episode:01:22. An overview of DieNet and its emergence on Telegram01:55. DDoS attacks and the potential for service disruptions02:55. DieNet's pro-Palestinian ideology and opposition to the 47th U.S. Presidential Administration05:00. U.S. and foreign targets claimed by the group06:30. DieNet's history of claiming attacks against U.S. critical national infrastructure (CNI)10:33. Two pieces of evidence used to partially assess the credibility of a claimed attack15:16. How DieNet v2 suggests an escalation of attack strategies20:43. How the DDoS hacktivist group may continue to evolve its TTPs in subsequent versions23:48. The use of the CIS Critical Security Controls (CIS Controls) to reduce an attack surface25:56. How ThreatWA stands out in keeping you informed about emerging threatsResourcesHacktivist Group DieNet Claims DDoS Attacks against U.S. CNIMS-ISAC Guide to DDoS AttacksThreatWACIS Critical Security Control 1: Inventory and Control of Enterprise AssetsCIS Critical Security Control 2: Inventory and Control of Software AssetsCIS Critical Security Control 3: Data ProtectionEpisode 44: A Zero Trust Framework Knows No EndIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

Canon printer driver vulnerabilities enable Windows kernel exploitation. Astonishing cyber-security awareness from a household appliance manufacturer. France tries to hook 2.5 million school children with a Phishing test. Wordpress added an abuse prone feature in 2022. Guess what happened? Oracle? Is there something you'd like to tell us? Utah's governor just signed the App Store Accountability Act. Now what? AI bots hungry for new data are DDoSing FOSS projects. No Microsoft Account? No Microsoft Windows 11. Gmail claims it now offers E2EE. It kinda sorta does. Somewhat. A dreaded CVSS 10.0 was discovered in Apache Parquet. A bunch of terrific listener feedback. What's Multi-Perspective Issuance Corroboration and why must all certificate authorities now do it? Show Notes - https://www.grc.com/sn/SN-1020-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security threatlocker.com for Security Now canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT bitwarden.com/twit

X was hit with a major DDOS attack yesterday, and a pro-Palestinian group took credit for taking the website down. However, Elon Musk claims the IP addresses appeared to originate from Ukraine. Glenn discusses the attack and wonders if Russia is actually the country behind the attack. Glenn and Pat also discuss a green card holder facing deportation after advocating for hate and division. Glenn lays out why our government has every right to deport this individual. Glenn explains why our government is at fault for the rising inflation for not working within the capitalistic framework and spending money the government doesn't actually have. If you're blowing up Teslas because you want to discourage people from buying Teslas, you're a terrorist. Glenn discusses Secretary of State Marco Rubio's latest move to cut 83% of USAID contracts and explains why he would have cut 100%. Author of "The Unarmed Truth" John Dodson joins to discuss the lawsuit Mexico filed against U.S. gunmakers, blaming them for the drug cartel violence plaguing Mexico. Why are your taxes paying for union members at TSA instead of protecting the airports? Glenn argues that airport security needs to be privatized. Glenn calls out a Salt Lake Tribune reporter for doxxing DataRepublican's husband.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Kicking off the new week with a little news, and some open topics for calls. Twitter and Rumble under DDoS attack. The craziness that is incubated on Reddit is nothing new, but some have begun to wonder if this is being allowed/promoted to prompt heavy-handed censorship measures on the internet—@LibsOfReddit (Instagram) and @reddit_lies (Twitter/x), whose accounts regularly document the illness displayed on Reddit, join us for comment. Open lines in the second half for whatever is on the audience's mind, including how YOU alleviate stress! Unleash Your Brain w/ Keto Brainz Nootropic Promo code FRANKLY: https://tinyurl.com/2cess6y7 Read the latest Quite Frankly Bulletin: http://www.tinyurl.com/5c8ybku7 Sponsor The Show and Get VIP Perks: https://www.quitefrankly.tv/sponsor Badass QF Apparel: https://tinyurl.com/f3kbkr4s Elevation Blend Coffee: https://tinyurl.com/2p9m8ndb One-Time Tip: http://www.paypal.me/QuiteFranklyLive Send Holiday cards, Letters, and other small gifts, to the Quite Frankly P.O. Box! 15 East Putnam Ave, #356 Greenwich, CT, 06830 Send Crypto: BTC: 1EafWUDPHY6y6HQNBjZ4kLWzQJFnE5k9PK LTC: LRs6my7scMxpTD5j7i8WkgBgxpbjXABYXX ETH: 0x80cd26f708815003F11Bd99310a47069320641fC For Everything Else Quite Frankly: Official Website: http://www.QuiteFrankly.tv Official Forum: https://bit.ly/3SToJFJ Official Telegram: https://t.me/quitefranklytv Twitter Community: https://tinyurl.com/5n8zmwx8 GUILDED Chat: https://bit.ly/3SmpV4G Discord Chat: https://discord.gg/KCdh92Fn Twitter: @QuiteFranklyTV Gab: @QuiteFrankly Truth: @QuiteFrankly GETTR: @QuiteFrankly MINDS: @QuiteFrankly Streaming Live On: QuiteFrankly.tv (Powered by Foxhole) FULL Episodes On Demand: Spotify: https://spoti.fi/301gcES iTunes: http://apple.co/2dMURMq Amazon: https://amzn.to/3afgEXZ SoundCloud: http://bit.ly/2dTMD13 Google Play: https://bit.ly/2SMi1SF BitChute: https://bit.ly/2vNSMFq Rumble: https://bit.ly/31h2HUg Kick: https://kick.com/quitefranklytv