Podcasts about F5

In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident. The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security. Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments. Key topics covered: ✅ Understanding the dynamics of modern supply chain attacks ⚠️✅ Why detection and dwell time remain a major industry challenge✅ The growing importance of vendor risk and software transparency✅ Lessons learned for CISOs and IT leaders✅ Practical measures to improve visibility and response✅ Why collaboration and information sharing are key to resilience

In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident. The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security. Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments. Key topics covered: ✅ Understanding the dynamics of modern supply chain attacks ⚠️✅ Why detection and dwell time remain a major industry challenge✅ The growing importance of vendor risk and software transparency✅ Lessons learned for CISOs and IT leaders✅ Practical measures to improve visibility and response✅ Why collaboration and information sharing are key to resilience

In episode 159 of Cybersecurity Where You Are, Sean Atkinson is joined by Joshua Palsgraf, Sr. Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, Vice President of Security Operations & Intelligence at CIS. Together, they dive into the scariest malware of 2025 in this special Halloween edition.The conversation explores what makes today's malware truly terrifying, from stealthy threats that hide in plain sight to modular malware that evolves faster than defenses can adapt. The trio also discusses the corporatization of cybercrime, the rise of Malware as a Service, and how generative artificial intelligence (GenAI) is lowering the barrier to entry for cybercriminals.Here are some highlights from our episode:00:42. Introductions to Josh and Randy02:21. What makes the scariest malware of 2025 truly "scary"05:42. Evolution of malware: people, process, and technology09:33. How the corporatization of malware helps to democratize cybercrime11:25. The most "terrifying" malware strains of 202515:49. Malware reincarnation: Old threats with new masks17:20. GenAI as the great equalizer for cybercriminals, especially social engineers23:32. Defense-in-depth and threat-informed strategies24:45. Why incident response playbooks must evolve and become living documents27:02. What incident response looks like for cloud assets in the Fourth Industrial Revolution29:27. Naming malware after horror movie iconsResourcesMulti-State Information Sharing and Analysis Center®Episode 144: Carrying on the MS-ISAC's Character and CultureEpisode 126: A Day in the Life of a CTI AnalystA Short Guide for Spotting Phishing AttemptsThe CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber MaturityEpisode 157: How a Modern, Mission-Driven CIRT OperatesLiving Off the Land: Scheduled TasksCyber defenders sound the alarm as F5 hack exposes broad risksEpisode 134: How GenAI Lowers Bar for Cyber Threat ActorsActive Lumma Stealer Campaign Impacting U.S. SLTTsMS-ISAC Member-Reported Phishing Likely from Tycoon2FA PhaaSClickFix: An Adaptive Social Engineering TechniqueTop 10 Malware Q1 2025CTAs Leveraging Fake Browser Updates in Malware CampaignsItalian police freeze cash from AI-voice scam that targeted business leadersCornCon Cybersecurity ConferenceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Our show today is being sponsored by Free Float Analytics, the only platform measuring board power, connections, and performance for FREE.DAMIONAmazon to announce largest layoffs in company history, in AI push. WHO DO YOU BLAME?Former CEO Jeff BezosAICovid (This wave of layoffs results from overhiring during the pandemic)Executive Chair and largest shareholder Jeff BezosF5 Expects Revenue Hit From Cyber Attack. F5, a $20B billion technology company with impressive gross profit margins of 81%, experienced a cybersecurity incident involving unauthorized access to certain company systems by a sophisticated nation-state threat actor. WHO DO YOU BLAME?The Risk committee: Dreyer, Klein, Montoya, Budnik*Chair Marianne Budnik is deemed to have Cybersecurity experience because she serves as a Chief Marketing Officer in the cybersecurity industryPeter Klein was the CFO at Microsoft for less than 4 years, then was the CFO for WME for 6 months and then has only been a director since 2014.Risk committee member Michael Montoya specifically. F5 revealed that the director mysteriously resigned in the same filing it disclosed the cyberattack, despite having served for only 4 years. According to the proxy, had “extensive experience as an information security executive.” Following his resignation from the Board, Mr. Montoya continued his service with the Company and has been appointed as F5's Chief Technology Operations Officer.The entire board, for doing dumb modern day board things: announced that CEO François Locoh-Donou, would assume the additional role of Chair of the Board following the Company's next Annual Meeting of Shareholders 12 days after they announced the cyberattack.Investors. 98% YES average this year: 7 over 99.2%, including Risk Committee Chair Marriane Budnik with 99.6%. Nobody feels like they have to work hard to impress anyoneF5! It's a god damn cybersecurity company!How climate change is fueling Hurricane Melissa's ferocity. WHO DO YOU BLAME?Exxon CEO Darren Woods because he sued his own shareholders last year: Arjuna Capital, LLC and Follow ThisExxon CEO Darren Woods because just yesterday: Exxon sues California over new laws requiring corporate climate disclosuresExxon CEO Darren Woods because gas and oilClimate ChangeOpenAI says U.S. needs more power to stay ahead of China in AI: ‘Electrons are the new oil' WHO DO YOU BLAME?The fear-and-spending geniuses behind the original Cold War: Truman, Stalin, ChurchillPeople who historically ignored Eisenhower and his statements on the U.S. military-industrial complex when he explicitly warned that defense contractors and the military could exert undue influence on government policy. Sound familiar?Anyone who empowered the board to not be empowered when they tried to fire Sam Altman for such reasons as:Conflicts over OpenAI's rapid growth and direction, especially the tension between aggressive AI deployment vs. safety oversight.Power dynamics between Altman, key researchers, and board members — some may have felt he had too much unilateral control.The college that let Sam Altman drop outSammy Altman Citi's Jane Fraser consolidates power with board chair vote — and a $25 million-plus bonus to boot. WHO DO YOU BLAME?The entire Compensation, Performance Management and Culture CommitteeThese two long-tenured Compensation, Performance Management and Culture Committee membersDiana L. Taylor* 10 other directorships: Brookfield Corporation, Accion (Chair), Columbia Business School (Board of Overseers),Friends of Hudson River Park (Chair), Mailman School of Public Health (Board of Overseers), The Economic Club of New York (Member), Council on Foreign Relations (Member), Hot Bread Kitchen (Board Chair), Cold Spring Harbor Lab (Member), and New York City Ballet (Board Chair)Peter B. Henry*8 other directorships: Nike, Inc., Analog Devices, Inc., National Bureau of Economic Research (Board), The Economic Club of New York (Board), Protiviti (Advisory Board), Biospring Partners (Advisory Board), Makena Capital (Advisory Board), and Two Bridges Football Club (Board)The lowest common denominator effect of bank compensation committees:Wells Fargo CEO Charlie Scharf: ~$30M special equity grant tied to becoming Chair as well as CEO (3 months after meeting)Goldman Sachs: CEO David Solomon & COO John Waldron ~$80M each (retention RSUs vesting in ~5 yrs)KeyCorp: CEO Chris Gorman & four other senior execs: ~$8M for Gorman; ~$17M combined for the five NEOsThe passive ownership (re: management-friendly) of BlackRock, State Street, and Vanguard (combined 22%): without their votes at Goldman then Say on Pay was nearly tied, which might have dissuaded the year of one-off bonuses for banking CEOs??The world is about $4.5 trillion short of securing a sustainable food supply for the future, global food and ag business CEO [Sunny Verghese, CEO of food and ag company Olam Group] says. WHO DO YOU BLAME?The world's top 28 richest people (those worth ~$160 B each) together would equal $4.5 trillionThe world's greatest sycophant Tesla chair RobynDenholm: “On the pay package specifically: “It's not about the money for him. If there had been a way of delivering voting rights that didn't necessarily deliver dollars, that would have been an interesting proposition.”Any two of these basically redundant techbro companies' market caps would sufficeNvidia ~$4.2 trillion Microsoft ~$3.8 trillion Apple ~$3.1 trillion Amazon ~$2.4 trillion Alphabet ~$2.2 trillion Meta Platforms ~$1.8 trillion Broadcom ~$1.3 trillion Taiwan Semiconductor Manufacturing Company ~$1.2 trillionBill Ackman. Because he's a douche.MATTTarget is eliminating 1,800 roles as new CEO Michael Fiddelke gets set to take over the struggling retailer - WHO DO YOU BLAME?Current CEO Brian Cornell, who's “stepping down” to the role of Executive Chair - which is basically still CEO, just on the board and doesn't have to talk to employees anymore, so he can eliminate 1800 jobs and then fade away into a multimillion dollar unaccountable board roleFuture CEO Michael Fiddelke, who starts February 1, 2026, but is current COO and was forced to send the memo to employees telling them 8% of the workforce will be cutMonica Lozano, chair of the compensation and human capital management committee of the board, who's also on the BofA and Apple boards and is the most connected board member at a highly connected board - does the chair of the human capital committee have to weigh in on firing?OpenAI - the memo makes zero mention of the fact that part of Target's problem is that it shit on gays and blacks because of a feckless internet toad named Robby Starbuck, but feels very written by AI which would account for phrases like:“Adjusting our structure is one part of the work ahead of us. It will also require new behaviors and sharper priorities that strengthen our retail leadership in style and design and enable faster execution so we can: Lead with merchandising authority; Elevate the guest experience with every interaction; and Accelerate technology to enable our team and delight our guests.”Does anyone know what that word salad actually means? Doesn't it just mean “you're fired because we basically sucked at our jobs”?Hormel recalls 4.9M pounds of chicken possibly 'contaminated with pieces of metal' - WHO DO YOU BLAME?The audit committee, the closest committee responsible for enterprise risk (ie, metal in chicken) - Stephen M. Lacy, William A. Newlands (also lead director), Debbra L. Schoneman, Sally J. Smith (chair), Steven A. White, Michael P. ZechmeisterThe governance committee - James Snee, the now retired CEO who retired somehow in January but the company still hasn't found a permanent replacement 9 months later - so they're being run by Jeff Ettinger, interim CEO? Chair Gary C. Bhojwani, Elsa A. Murano, Ph.D., William A. Newlands (also lead director), Debbra L. Schoneman, Steven A. WhiteThe one black guy on the board - Steve White - who works at Comcast, is somehow qualified to be on Hormel board, and is on BOTH the audit committee AND governance committeeThe conveyor belt that spit pieces of metal as large as 17mm long into “fire braised chicken” sent to hotels and restaurantsCervoMed appoints McKinsey veteran David Quigley to board of directors - WHO DO YOU BLAME? Board is 2 VCs, a longtime biotech CFO, and five MD/PhDs. And among those 8, there are just two woman - the co-founder/wife of the CEO and a VC. And when they did their search, they could only find a longtime professional opinion haver - a consultant from the big three?Nominating committee for lack of imaginationEx or current McKinsey, Bain, and BCG employed directors - the opinion industrial complex - make up a whopping 4% of ALL US DIRECTORSAmong boards with MULTIPLE ex opinion directors: Kohl's is 25% consultantStarbucks is 27% consultantDisney is 30% consultantsWilliams-Sonoma is 38% consultantCBRE is 40% consultant!Nominating committee chair Jane Hollingsworth, for not looking around the room and saying, “hey dudes, can we add, like, maybe, ONE other lady?”Co founders Sylvie Gregoire and John Alam (also CEO) who own 17.3% of voting power - add in Josh Boger, board chair and 12.3% voter, and you basically have the CEO daddy and his buddy Josh with 29.6% of voting controlSylvie and John's bios, which neglect to mention they're married to one anotherWe are all terrified of the future - which headline is worse for your terror? WHO DO YOU BLAME?The world is about $4.5 trillion short of securing a sustainable food supply for the future, global food and ag business CEO saysBill Gates Says Climate Change ‘Will Not Lead to Humanity's Demise' - ostensibly because billionaires in bunkers will, in fact, survive on cans of metal-filled Hormel chili.Sorry, Yoda. Mentors are going out of styleMan Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His HouseJennifer Garner's baby food company is going public on the NYSE — should investors be putting their eggs in this basket?Woman Repeatedly Warned by Canadian Exchange Not to Transfer Crypto, Gets Scammed AnywayOpenAI completes restructure, solidifying Microsoft as a major shareholder - MSFT owns 27%, the non profit which controlled the company “for the benefit of humanity” now will only control it for 26% of humanity?Tesla risks losing CEO Musk if $1 trillion pay package isn't approved, board chair says - IF MUSK LEAVES, WHO DO YOU BLAME?Robyn Denholm, board chair, whose job it is to manage Musk, but does it like an overwhelmed permissive mother who parents with chocolate and Teletubbies when the kid has a tantrumKimbal Musk - I was told by a bunch of directors and institutional investors at a conference, no joke, that Kimbal was still on the board (ie, not voted out) to control his brother's ketamine intake and crazy episodes. So if he throws a tantrum and leaves, isn't it bro's fault? This is a binary trade - Musk gets extra pay/control, stock goes up and isn't de-meme'd. Musk doesn't, he leaves and the stock is de-meme'd and drops arguably by 66% or more to be more like a car company with some tech. So do we blame investors, no matter what they do? They meme'd the stock in the first place, he couldn't get a trillion extra dollars if they hadn't pumped up the stock - and now they could vote with humanity (no pay) or meme capitalism (pay)!Techbro middle school conservatism - is this Ben Shapiro and Joe Rogan's fault? A Yale economist paper suggests that Musk's politics cost between 1 and 1.26 million Tesla car sales… Would we even be worried if Musk stayed out of politics? Wouldn't the market have just paid him whatever?Pop quiz: which directors stay on the board if Musk leaves in a tantrum?Jeffrey StraubelKimbal MuskRobyn DenholmJames MurdochKathleen Wilson-ThompsonIra EhrenpreisJack HartungJoe Gebbia

Welcome back to another episode of Forcepoint's "To The Point Cybersecurity Podcast." This week, hosts Rachael Lyon and Jonathan Knepher continue their conversation with Dr. Josh Brunty, professor of Cyber Forensics and Cybersecurity at Marshall University and head coach of the U.S. Cyber Team for the U.S. Cyber Games. In part two of this insightful series, Josh shares his expert perspective on the evolving role of digital forensics and incident response in today's cybersecurity landscape, drawing from recent headline-making breaches like the F5 incident. Together, they explore the challenges organizations face in identifying lingering threats and discuss why proactive incident response is critical for all sectors—not just law enforcement. The conversation takes a deep dive into cyber education, debating whether our academic institutions are keeping pace with industry needs and what steps can bridge the workforce skills gap. Josh also reveals what it's like to lead and nurture some of the brightest young cyber talent in America, and how early investment in education and hands-on experience can shape the future of cybersecurity. If you're curious about the latest thinking on cyber forensics, practical incident response strategies, and the future pipeline of cyber talent, you won't want to miss this episode. Stay tuned for a lively and forward-looking discussion that'll leave you inspired and more informed about the ever-changing world of cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e356

SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant recent cybersecurity events, including the F5 breach attributed to state-backed actors, the implications of Windows 10 reaching end of life, and the risks associated with outdated mobile operating systems. They also explore the geopolitical context of cybersecurity threats from China and the lessons learned from a recent AWS outage, emphasizing the importance of preparedness and proactive security measures for organizations.----------------------------------------------------YouTube Video Link: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://youtu.be/zn6cgCe5W8I----------------------------------------------------Documentation:https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaignhttps://www.forbes.com/sites/zakdoffman/2025/10/25/unprotected-1-billion-iphone-and-android-users-must-act-now/https://www.wired.com/story/what-that-huge-aws-outage-reveals-about-the-internet/https://youtu.be/43vxbytjDSM?si=bzmgru3AHrhd7lP2https://youtu.be/vFu63JNtIZ4?si=DAi64IzjkwD5bSTW----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

If you like what you hear, please subscribe, leave us a review and tell a friend!

Die seit gestern Abend gemeldeten Ergebnisse sind gemischt ausgefallen, wobei einige der großen Konzerne die Erwartungen und Aussichten übertreffen. Wir sehen daher vor allem im Dow Jones Rückenwind, mit soliden Gewinnen bei den Aktien von UnitedHealth und Sherwin-Williams. Auch UPS und die Aktien von PayPal können von den soliden Zahlen stark profitieren, mit den Werten vorbörslich rund 12% und rund 16% im Plus. Abgesehen von diesen Schwergewichten, ist das Bild uneinheitlich bis enttäuschend. Die Aktien von Alexandria Real Estate, Royal Caribbean, F5, Waste Management, Corning und Whirlpool stehen den teils flauen Zahlen oder Aussichten unter Druck. Nach dem Closing melden Booking Holdings, Mondelez und Visa Quartalszahlen. Die Wall Street fokussiert sich bis zum Wochenende auf drei Faktoren: Die erwartete Zinssenkung am Mittwoch, wie auch die Mega-Tech-Ergebnisse von Google, Meta und Microsoft nach dem Closing am Mittwoch, und von Apple und Amazon nach dem Closing am Donnerstag. Neben den Mega-Tech-Aktien wird am Donnerstag das Treffen zwischen Xi und Trump im Fokus stehen. Die Wall Street geht von einer deutlichen Entspannung der Lage aus. Ein Podcast - featured by Handelsblatt. +++ Alle Rabattcodes und Infos zu unseren Werbepartnern findet ihr hier: https://linktr.ee/wallstreet_podcast +++ +++ Hinweis zur Werbeplatzierung von Meta: https://backend.ad-alliance.de/fileadmin/Transparency_Notice/Meta_DMAJ_TTPA_Transparency_Notice_-_Ad_Alliance_approved.pdf +++ Der Podcast wird vermarktet durch die Ad Alliance. Die allgemeinen Datenschutzrichtlinien der Ad Alliance finden Sie unter https://datenschutz.ad-alliance.de/podcast.html Die Ad Alliance verarbeitet im Zusammenhang mit dem Angebot die Podcasts-Daten. Wenn Sie der automatischen Übermittlung der Daten widersprechen wollen, klicken Sie hier: https://datenschutz.ad-alliance.de/podcast.html Impressum: https://www.360wallstreet.de/impressum

Die seit gestern Abend gemeldeten Ergebnisse sind gemischt ausgefallen, wobei einige der großen Konzerne die Erwartungen und Aussichten übertreffen. Wir sehen daher vor allem im Dow Jones Rückenwind, mit soliden Gewinnen bei den Aktien von UnitedHealth und Sherwin-Williams. Auch UPS und die Aktien von PayPal können von den soliden Zahlen stark profitieren, mit den Werten vorbörslich rund 12% und rund 16% im Plus. Abgesehen von diesen Schwergewichten, ist das Bild uneinheitlich bis enttäuschend. Die Aktien von Alexandria Real Estate, Royal Caribbean, F5, Waste Management, Corning und Whirlpool stehen den teils flauen Zahlen oder Aussichten unter Druck. Nach dem Closing melden Booking Holdings, Mondelez und Visa Quartalszahlen. Die Wall Street fokussiert sich bis zum Wochenende auf drei Faktoren: Die erwartete Zinssenkung am Mittwoch, wie auch die Mega-Tech-Ergebnisse von Google, Meta und Microsoft nach dem Closing am Mittwoch, und von Apple und Amazon nach dem Closing am Donnerstag. Neben den Mega-Tech-Aktien wird am Donnerstag das Treffen zwischen Xi und Trump im Fokus stehen. Die Wall Street geht von einer deutlichen Entspannung der Lage aus. Abonniere den Podcast, um keine Folge zu verpassen! ____ Folge uns, um auf dem Laufenden zu bleiben: • X: http://fal.cn/SQtwitter • LinkedIn: http://fal.cn/SQlinkedin • Instagram: http://fal.cn/SQInstagram

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI's Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

This week saw a blessed lack of major vulnerabilities, but there was plenty of other news to dig into. We discuss the fallout from the AWS outage (0:36), the conclusions from the latest Cyberspace Solarium Commission report (4:37), and the effects of CISA's shakeup on the private sector (14:07), and the continued effects of the F5 incident (21:21). Finally, we have some extremely important updates on whether Dennis has a dog yet and a WILD story about woodland creatures in Lindsey's house that can not be missed! (32:50)

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: China has been rummaging in F5's networks for a couple of years Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system Salesforce hackers use their stolen data trove to dox NSA, ICE employees Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah Adam gets humbled by new Linux-capabilities backdoor trick Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned. This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it. This episode is also available on Youtube. Show notes Why the F5 Hack Created an ‘Imminent Threat' for Thousands of Networks | WIRED Breach at US-based cybersecurity provider F5 blamed on China, sources say | Reuters Network security devices endanger orgs with '90s era flaws | CSO Online China claims it caught US attempting cyberattack on national time center | The Record from Recorded Future News Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials ICE amps up its surveillance powers, targeting immigrants and antifa - The Washington Post John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt US court orders spyware company NSO to stop targeting WhatsApp, reduces damages | Reuters Apple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunch A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIRED GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog European police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future News Stephan Berger on X: "We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root" / X Linux Capabilities Revisited | dfir.ch CVE-2025-59287 WSUS Remote Code Execution | HawkTrace TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog Browser threat detection & response | Push Security | Push Security How Push stopped a high risk LinkedIn spear-phishing attack

A nation-state attacker quietly lived inside F5's network and walked away with BIG-IP source code and undisclosed vulnerability details. In this episode we pull apart why a breach of a cybersecurity company is far more dangerous than a breach of a bank or retailer — and what individuals and businesses can do to protect themselves when even the “experts” get compromised.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle's E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian's COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar's military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Josh Kamdjou, CEO and co-founder of Sublime Security and former DOD white hat hacker, is discussing how teams should get ahead of Scattered Spider's next move. Selected Reading CISA warns of active exploitation of Windows SMB privilege escalation flaw (Beyond Machines) Windows 11 KB5070773 emergency update fixes Windows Recovery issues (Bleeping Computer) Hackers Had Been Lurking in Cyber Firm F5 Systems Since 2023 (Bloomberg) Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p (Hackread) Cyberattack Disrupts Services at 2 Massachusetts Hospitals (BankInfo Security) Russian Coldriver Hackers Deploy New ‘NoRobot' Malware (Infosecurity Magazine) Self-spreading GlassWorm malware hits OpenVSX, VS Code registries (Bleeping Computer) Police Shutter SIM Farm Provider in Latvia, Bust 7 Suspects (Data Breach Today) Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People (SecurityWeek) Scouts will now be able to earn badges in AI and cybersecurity (CNN Business) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, I cover the worrying breach disclosed by F5, the tumultuous services outage around the globe caused by an AWS outage and much more! Reference Links: https://www.rorymon.com/blog/major-aws-outage-concerning-breach-of-f5-many-issues-caused-by-windows-updates/

In this episode, Ryan Williams Sr. and Chris Abacon discuss the latest cybersecurity news, including the emergency directive regarding F5 vulnerabilities, the persistent threat posed by Chinese state actors, and the recent seizure of $15 billion in Bitcoin linked to human trafficking scams. They also share personal updates and reflections on their lives, emphasizing the importance of vigilance in cybersecurity and the human element in scams. Article: ED 26-01: Mitigate Vulnerabilities in F5 Devices https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExMTlYOWM0amlEUlhlcGRhaQEe81SKXeFH9RxVLZZAbRkDQEtOgoMMSplG8clyMUy6rAMrG6pvi1AJtPGvTSQ_aem_pKc3XyUqmDiSRv2jdR0NIw China accessed classified UK systems for a decade, officials say https://www.businesstimes.com.sg/international/china-accessed-classified-uk-systems-decade-officials-say?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExMTlYOWM0amlEUlhlcGRhaQEerSBlhQq3UeoMgS7wAyT23_UuHG-lCvjJBqDl4oaMiGlWi-zw_eDARK1H310_aem_u6P4GrEr3cY7Z8DgboMrCQ Feds seize $15B worth of bitcoin in 'pig butchering' scams that used 'forced labor camps' https://www.usatoday.com/story/news/nation/2025/10/15/bitcoin-chen-zhi-pig-butchering-scams-cambodia/86699378007/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExMTlYOWM0amlEUlhlcGRhaQEeWxaNcIq51rJ2Ia86R-a9IbvPgj607GG5GlO0GuAbYs3UmQKXEhvRUr688A0_aem_eBExvIR6GGnllNEvFb0LnQ# Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

A worm hits VS Code users, F5 was breached via its own devices back in 2023, Korea Telecom's CEO says he'll resign following a recent security breach, and the Boy Scouts will award cybersecurity merit badges. Show notes Risky Bulletin: Clever worm hits the DevOps scene

An AWS outage sparks speculation. An F5 exposure and breach raise patching and supply-chain concerns. Salt Typhoon breaches a European telecom via a Netscaler flaw. A judge bans NSO Group from Whatsapp. China alleges “irrefutable evidence” of NSA hacking. Connectwise patches adversary in the middle risks. A Dolby decoder flaw enables zero-click remote code execution on Android. A Cyber M&A and funding surge signals a busy consolidation cycle.  Our guest Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps. One man's quest to make AI art legit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jeff Collins, CEO of WanAware, sharing how hospital consolidations are reshaping IT asset visibility and what it takes to close these gaps. Selected Reading Cyberattack: Did China just bring Amazon down, along with Robinhood, Snapchat - what happened? Here's what experts are saying (The Economic Times) F5 breach exposes 262,000 BIG-IP systems worldwide (Security Affairs) Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack (Infosecurity Magazine) Israeli spyware company blocked from WhatsApp (Courthouse News Service) China Says It Found Evidence of US Cyber Attack on State Agency (Bloomberg) ConnectWise Patches Critical Flaw in Automate RMM Tool (SecurityWeek) Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks (SecurityWeek) NSO Group acquired by American investors. LevelBlue to acquire Cybereason. (N2K Pro Business Briefing) Creator of Infamous AI Painting Tells Court He's a Real Artist (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Take a Network Break! On today’s coverage, F5 releases an emergency security update after state-backed threat actors breach internal systems, and North Korean attackers use the blockchain to host and hide malware. Broadcom is shipping an 800G NIC aimed at AI workloads, and Broadcom joins the Wi-Fi 8 party early with a sampling of pre-standard... Read more »

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429

Take a Network Break! On today’s coverage, F5 releases an emergency security update after state-backed threat actors breach internal systems, and North Korean attackers use the blockchain to host and hide malware. Broadcom is shipping an 800G NIC aimed at AI workloads, and Broadcom joins the Wi-Fi 8 party early with a sampling of pre-standard... Read more »

Take a Network Break! On today’s coverage, F5 releases an emergency security update after state-backed threat actors breach internal systems, and North Korean attackers use the blockchain to host and hide malware. Broadcom is shipping an 800G NIC aimed at AI workloads, and Broadcom joins the Wi-Fi 8 party early with a sampling of pre-standard... Read more »

The Monday Microsegment for the week of October 20th. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast.F5 breach shakes confidence in core cyber defensesEurope takes down a SIM-farm empireAnd China flips the script with hacking accusation against the U.S.And Gary Barlet joins us for an "Ask the Expert" segment. Head to The Zero Trust Hub: hub.illumio.comDownload The 2025 Global Cloud Detection and Response Report: https://www.illumio.com/resource-center/global-cloud-detection-and-response-report-2025 

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Windows 10 End of Support https://support.microsoft.com/en-us/windows/windows-10-support-has-ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281 https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates  https://www.theverge.com/news/793579/microsoft-windows-11-local-account-bypass-workaround-changes  https://www.bleepingcomputer.com/news/microsoft/final-windows-10-patch-tuesday-update-rolls-out-as-support-ends/  Chuck Wagon race: https://www.youtube.com/watch?v=6WRpHrvHjcs    Jeep bricks EV vehicles with faulty software update https://www.thestack.technology/jeep-software-update-bricks-vehicles-leaves-owners-stranded/   F5 hacked by China https://www.cisa.gov/news-events/news/cisa-issues-emergency-directive-address-critical-vulnerabilities-f5-devices https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices   China requires watching ads for toilet paper https://metro.co.uk/2025/09/17/dystopian-toilets-wont-give-loo-roll-unless-watch-advert-first-24189061/     Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/ Darren - https://www.linkedin.com/in/darrenmayes/

Federal cyber authorities issued an emergency directive last week requiring federal agencies to identify and apply security updates to F5 devices after the cybersecurity vendor said a nation-state attacker had long-term, persistent access to its systems. The order, which mandates federal civilian executive branch agencies take action by Wednesday, Oct. 22, marked the second emergency directive issued by the Cybersecurity and Infrastructure Security Agency in three weeks. CISA issued both of the emergency directives months after impacted vendors were first made aware of attacks on their internal systems or products. F5 said it first learned of unauthorized access to its systems Aug. 9, resulting in data theft including segments of BIG-IP source code and details on vulnerabilities the company was addressing internally at the time. CISA declined to say when F5 first alerted the agency to the intrusion. CISA officials said they're not currently aware of any federal agencies that have been compromised, but similar to the emergency directive issued following an attack spree involving zero-day vulnerabilities affecting Cisco firewalls, they expect the response and mitigation efforts to provide a better understanding of the scope of any potential compromise in federal networks. Many federal agencies and private organizations could be impacted. CISA said there are thousands of F5 product types in use across executive branch agencies. Sens. Maria Cantwell, D-Wash., and Ted Cruz, R-Texas, moved to mandate comprehensive new safety reviews for all aircraft operations near DCA and at all major and mid-size U.S. airports, in a new bipartisan agreement that would also require fleets across the nation to be equipped with more precise situational awareness technology. Their proposal aims to resolve safety issues identified by the federal investigation into the tragic crash in January, where an Army UH-60M Black Hawk helicopter fatally collided with an American Airlines passenger plane over the Potomac River near Ronald Reagan Washington National Airport. All 67 people aboard both aircraft were killed in the collision. In a statement on Thursday, Tim and Sheri Lilley — whose son was the first officer onboard that AA Flight 5342 — called on Congress “to continue moving quickly and decisively to pass and fully implement these reforms, because every person who boards an aircraft depends on it.” The 42-page Cantwell-Cruz Bipartisan Aviation Safety Agreement combines elements of legislation the lawmakers previously put forward separately in the months after the fatal collision. It includes language that directs every military service with an aviation component to sign a memorandum of understanding with the Federal Aviation Administration to share appropriate safety information and expand coordination to prevent future accidents. Another safety failure that came to light in the wake of the crash was associated with the Army Black Hawk helicopter not transmitting via Automatic Dependent Surveillance–Broadcast (ADS-B) technology, which essentially enables aircraft to receive data and information about other systems, weather and traffic — delivered directly in the cockpit. The senators' proposal would set a clear 2031 deadline for aircraft operators to equip their fleets with the full package of ADS-B capabilities. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-429

CISA, F5, PNC, Canadian Tire, Discord and so much more are all part of breaches of the week!

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-429

Segment 1: David Brauchler on AI attacks and stopping them David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks. NCC Group's AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data. More about David's Black Hat talk: Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/ Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112 Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf Additional blogs by David about AI security: Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/ Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/ Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/ Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/ Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/ AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/ Segment 2: Should we replace the CIA triad? An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement. Segment 3: The Weekly Enterprise News Finally, in the enterprise security news, Slow week for funding, older companies raising via debt financing A useful AI framework from the Cloud Security Alliance two interesting essays, one of which is wrong Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it getting hacked during a job interview LLM poisoning is far easier than previously thought F5 got breached Be careful when patching your Jeep ('s software) All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-429

Send us a textHeadlines about a massive F5 Big-IP exposure aren't noise—they're a masterclass in why Security Operations must be disciplined, fast, and auditable. We open with what the F5 situation means for enterprise risk, patch urgency, and long-term persistence threats, then shift into a practical, exam-ready walkthrough of CISSP Domain 7. The goal: help you think like an operator and answer like a pro when pressure spikes.We map investigations from preparation to presentation, showing how evidence collection, handling, and chain of custody turn raw logs into defensible findings. You'll hear how live versus dead forensics trade-offs play out, which artifacts matter across endpoints, networks, and mobile, and why standardized procedures keep teams synchronized. From there, we connect visibility to action: IDS and IPS for detection and control, SIEM for correlation and retention, and egress monitoring to catch data theft and command-and-control that slip past perimeter thinking. Threat intelligence and UEBA add context and behavior baselines so you find the meaningful anomalies without drowning in alerts.We also dig into the operational backbone that keeps environments stable: configuration management, security baselines, and automation to eliminate drift and reduce manual error. Then we anchor on foundational principles—least privilege, need-to-know, separation of duties, job rotation, and PAM—to limit blast radius when credentials or processes fail. Finally, we close with resource protection and media management: classification, encryption, verifiable backups, and secure disposal and transport, so your controls hold up under legal scrutiny and real-world adversaries.Whether you're tightening controls after the F5 news or sharpening focus for the CISSP, this guide to Domain 7 gives you a clear, actionable path. If this was helpful, follow the show, share it with a teammate, and leave a quick review—what Security Operations topic should we explore next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

En el episodio 736 del pódcast hago un resumen de la actualidad tecnológica más destacada de la semana. De ciberseguridad a noticias económicas pasando por un hito de Nvidia. 13/10/25 Bruselas revisa las medidas de seguridad infantil en Snapchat, YouTube y las tiendas de aplicaciones de Apple y Google. 13/10/25 Los grandes minoristas en línea de EE. UU. retiran millones de productos electrónicos chinos prohibidos tras una ofensiva de la FCC. 13/10/25 Qantas confirma la filtración de datos de clientes tras un ciberataque y apunta a un grupo de hackers internacional. 14/10/25 Los podcasts de vídeo de Spotify llegarán a Netflix en 2026 tras un acuerdo de distribución global. 14/10/25 Meta refuerza la seguridad de los adolescentes en Instagram con nuevos filtros de contenido tipo PG-13. 15/10/25 Walmart se alía con OpenAI para integrar compras directas dentro de ChatGPT. 15/10/25 Broadcom lanza su nuevo chip de red Thor Ultra y desafía el dominio de Nvidia en inteligencia artificial. 15/10/25 Rakuten estudia sacar a bolsa en Estados Unidos su negocio de tarjetas de crédito. 16/10/25 Waymo debutará en Londres con su servicio de transporte totalmente autónomo en 2026. 16/10/25 Apple lanza sus nuevos MacBook Pro, iPad Pro y Vision Pro con el chip M5, su procesador más potente hasta la fecha. 17/10/25 EE. UU. emite una alerta urgente tras detectar ciberataques a redes gubernamentales mediante dispositivos F5. 17/10/25 YouTube restablece su servicio tras una breve interrupción global en la transmisión de vídeo. 17/10/25 La disputa entre China y Países Bajos por Nexperia amenaza la producción automotriz europea. 18/10/25 El CEO de Bolt insta a la Unión Europea a priorizar la conducción autónoma para no quedar rezagada frente a EE. UU. y China. 18/10/25 EssilorLuxottica alcanza un máximo histórico impulsada por el éxito de las gafas Ray-Ban Meta con IA. 19/10/25 Apple adquiere los derechos exclusivos de la Fórmula 1 en Estados Unidos por cinco años. 19/10/25 Nvidia y TSMC marcan un hito al fabricar en Estados Unidos la primera oblea Blackwell para chips de inteligencia artificial.

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-521

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-521

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-521

Agencies are on a tight deadline to address a new and major cyber security vulnerability. The cyber security and infrastructure security agency directed agencies to patch potentially vulnerable F5 devices in an emergency. Directive comes as agencies also navigate reduced staffing during the shutdown. For more on all of this, we bring in Federal News Network's Justin Doubleday. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Erotic Chats, UEFI, F5, Cisco, Doug Sings, Insiders, Lastpass, Sora, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-521

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn't Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for federal agencies to update their F5 products following a significant breach where hackers accessed source code and undisclosed vulnerabilities. This incident, discovered in August, poses a serious risk to federal networks, as the threat actor could exploit these vulnerabilities to gain unauthorized access and exfiltrate sensitive data. Agencies are required to apply the latest updates by October 22nd and report their F5 deployments by October 29th, highlighting the urgency of addressing these security concerns.In a related development, the National Institute of Standards and Technology (NIST) is encouraging federal agencies to take calculated risks with artificial intelligence (AI) under new federal guidance. Martin Stanley, an AI and cybersecurity researcher, emphasized the importance of risk management in AI deployment, particularly in comparison to more established sectors like financial services. As agencies adapt to this guidance, they must identify high-impact AI applications that require thorough risk management to ensure both innovation and safety.A report from Cork Protection underscores the need for small and medium-sized businesses (SMBs) to adopt a security-first approach in light of evolving cyber threats. Many SMBs remain complacent, mistakenly believing they are not targets for cybercriminals. The report warns that this mindset, combined with the rising financial risks associated with breaches, necessitates a shift towards a security-centric operational model. The cybersecurity services market is projected to grow significantly, presenting opportunities for IT service providers that prioritize security.Apple has announced a substantial increase in its bug bounty program, now offering up to $5 million for critical vulnerabilities. This move reflects the growing importance of addressing security challenges within its ecosystem, which includes over 2.35 billion active devices. The company has previously awarded millions to security researchers, emphasizing its commitment to user privacy and security. As the landscape of cybersecurity evolves, managed service providers (MSPs) are urged to tighten vendor monitoring, incorporate AI risk assessments, and focus on continuous assurance to meet the increasing demands for security. Three things to know today00:00 Cybersecurity Crossroads: F5 Breach, AI Risk, and Apple's $5M Bug Bounty Signal Security Accountability06:44 Nearly a Third of MSPs Admit to Preventable Microsoft 365 Data Loss, Syncro Survey Finds09:22 AI Reality Check: Workers' Overconfidence, Cheaper Models, and Microsoft's Scientific Breakthrough Signal Maturity in the Market This is the Business of Tech.     Supported by:  https://mailprotector.com/mspradio/ 

MANGO discloses data breach Threat group 'Jewelbug' infiltrates Russian IT network F5 discloses breach tied to nation-state threat actor Huge thanks to our sponsor, Vanta What's your 2 AM security worry?   Is it “Do I have the right controls in place?”   Or “Are my vendors secure?”   ....or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires.   Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale.   Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME.   With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines  

If you like what you hear, please subscribe, leave us a review and tell a friend!Today's cybersecurity incidents highlight the growing risks in digital infrastructure and crypto markets. From major data breaches at Mango and Capita, malicious VSCode extensions, and F5 source code theft, to global outages like YouTube and high-profile crypto scams, organizations and users face escalating threats.

In the wake of the disclosure of a serious intrusion at F5 that reportedly lasted about a year, we talk about the details of the disclosure, the potential link to Chinese state actors, the fallout from the attackers' access to source code and bug reports, and what this could mean in the long term. 

An APT stole source code and vulnerability reports from F5, a European MP files a criminal hacking complaint against Hungary's Prime Minister, airport PA systems are hijacked in Canada and the US, and the PowerSchool hacker gets prison time. Show notes Risky Bulletin: F5 says an APT stole source code, vulnerability reports

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.com/manage/s/article/K000157005 https://my.f5.com/manage/s/article/K000156572 https://my.f5.com/manage/s/article/K000154696 Adobe Updates Adobe updated 12 different products yesterday. https://helpx.adobe.com/security.html SAP Patchday Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html https://onapsis.com/blog/sap-security-patch-day-october-2025/

What does it take to build an all-star cheer empire that redefines an entire generation of athletes? Whether you're a coach looking for long-term success, a cheer parent navigating the intense world of all-star, or an athlete chasing the dream of Worlds glory, this episode delivers. True Hall of the Maryland Twisters, coach of the iconic F5, joins Jason for a deep, raw, and real conversation about legacy, leadership, and standing on business in an ever-evolving cheer landscape. Hear how F5 went from rec cheer on grass fields to dominating NCA and Worlds with unforgettable themes, killer routines, and a message that shifted the culture. Discover the behind-the-scenes truth about judging frustrations, division politics, and why True's team got snubbed from The MAJORS. Get inspired by the origin story, real struggles, and 30-year journey that built one of the most respected and diverse programs in the sport. Hit play to hear True Hall drop truth, tea, and timeless wisdom about cheerleading, coaching, and creating something legendary. Sign Up For Patreon- Early Access and Ad-Free Listening  Buy the Jason's Book, Upside Down and Back Again ⁠ Jason's On-Demand Coaches Training Videos⁠⁠⁠⁠⁠⁠ ⁠⁠ ⁠⁠⁠⁠ Code of Points Cheatsheet FREE⁠ Support Our Sponsors Cheer Biz Accelerator- https://nextgenowners.com/cheer-biz-accelerator/patreon.com/user?u=122505157 Brittany's Comp Cheer Checklist- instagram.com/stories/highlights/18356656174188077 Jason's Book Recommendations- ⁠⁠⁠⁠Amazon Affiliate Link⁠⁠⁠⁠ ⁠⁠⁠⁠Follow Let's Talk Cheer on Instagram⁠⁠⁠⁠ Submit a Question of the Week ⁠⁠⁠ You can support this podcast by making donations here⁠⁠⁠⁠ Other great cheerleading podcast to check out- The Cheer Biz Podcast, The Cheer Mom Podcast, Spill the Cheer, Mat Talk Table Talk, Cheer Chats Podcast, MotUS Edge Podcast, The Cheer Dad Podcast and the Here 4 Cheer Podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The team is back for a hot one!!! We get into discussion about Wrestlepalooza and the issues of the ESPN app, did WWE lie to us when this news first hit??? Will this be an ongoing issue moving forward, will numbers go down, will Stephanie continue to be the voice of the voiceless??? ESPN and TKO have created a storm of issues and the fans are unhappy.......we ALL know TKO could give two shits about us but does WWE care??? All this and so much more!!! CHEERS!!!JERKING THE CURTAINROUND TABLE OF TOPICSNEWSStephanie McMahon announced for WWE HOFCody Rhodes is your PWI number one guy…..againMacho Man is getting his own Biopic!!! Ohhhh YeahhhhPiper Niven's wrestling career could be over “You Just Made the List” Top 5 heels (Males)SMACKDOWN Graves takes two F5's for MC…..Miz answers the callHeyman/Lesnar reunion???Great to see Charlotte and Alexa defending the titles and keeping them relevant Did I miss something with the Street Profits???The USO Penitentiary has been missed Nia spittin facts…..Triple Threat match works as long as we get a new champion……please!!! R Truth selling the ESPN app is comical and sadCody and Drew sign…..time to Rassell!!!WRESTLEPALOOZA RAWCody and Seth face off for Crown Jewel Jeys been hit in the head too many times……heel vibes and the obsession with LAK is real That Mexican Destroyer was AWESOME!!!Is this what Finn wanted for Judgement Day???Congratulations Stephanie……give me a list of opponents No room for Lyra, Bayleys circle Poor JDIyo and Asuka drama is entertaining but Iyo's facial expressions are awkward 4 letter word battle…..YEET with the help of the vision What's on Seth's mind???Iyo asks for a favor…..does Iyo and Rhea have the hots for each other???Long live Grande Americano The right opportunity for Maxine is evolve Asuka vs any of the female roster is great for business NXTWar Games for NXT!!!Charlotte and Bliss leave out certain females???Lexus and Myles lights out match was NXT level dumb TNA invading NXT is grrrreat for business All Ego slippin Gotta give the verbal judo to JacyBriggs can kick rocks Stop with the Joe Hendry push already….we get it, he's with WWE now  War Games!!!!NXT No Mercy 9/27TNA Bound for Glory 10/12Episodes dropping weekly!!!Follow on the gram @the.funkaholiks.pod THEE POD THAT TALKS WHAT THEY LOVE 

If you like what you hear, please subscribe, leave us a review and tell a friend!Recent cybersecurity developments span phishing campaigns, malicious extensions, insider breaches, and major corporate acquisitions. Companies like Google, Microsoft, Gucci, Balenciaga, and Alexander McQueen faced security incidents, while F5 and Silent Push announced significant business moves.

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »

In the changing landscape of AI data infrastructure, F5 and MinIO are partnering on a solution that brings together the best of each company. This solution bookends the AI stack—it uses F5 for reliable, secure, and observable data delivery and MinIO’s AIStor for storage of all data types. The goal is to help organizations be... Read more »