Podcasts about Fortinet

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this timely episode of The Voice of Retail, host Michael LeBlanc is joined by Aamir Lakhani, Global Director of Threat Intelligence and Artificial Intelligence at Fortinet, for a deep and sobering conversation on the evolving cyber threat landscape facing retailers as they close out 2025 and prepare for 2026.Lakhani leads adversarial AI research within FortiGuard Labs, Fortinet's global R&D arm, where his team studies how cybercriminals—ranging from lone actors to state-sponsored groups—exploit technology, human behaviour, and increasingly, artificial intelligence. With Fortinet protecting over half of the world's firewall traffic, Lakhani brings unparalleled visibility into global cybercrime trends.A central theme of the discussion is the explosion of credential-based attacks, where hackers no longer “break in” but simply log in using stolen usernames and passwords. Lakhani explains how years of data breaches have enabled automated attacks across thousands of retail, banking, and corporate systems, often at massive scale. Two-factor authentication, passkeys, and password-less systems are no longer optional—they are table stakes.The conversation then turns to AI-driven fraud, which Lakhani describes as one of the most urgent threats retailers face today. From deepfake voice scams impersonating CEOs to hyper-personalized phishing attacks fueled by social media data, AI has dramatically lowered the cost and increased the sophistication of fraud. On a scale of concern, Lakhani rates AI fraud “off the charts.”LeBlanc and Lakhani also explore deceptive domains, poisoned AI shopping results, and the risks associated with buy-now-pay-later programs, which fraudsters increasingly exploit through urgency-based scams. Importantly, Lakhani emphasizes that cybersecurity is now a shared responsibility across platforms, retailers, and consumers—especially as many small and mid-sized retailers rely heavily on platforms like Shopify.Looking ahead to 2026, Lakhani offers clear guidance for retail leaders: invest in education, embrace AI-powered security tools, and do not shy away from automation. Cybersecurity, he argues, is no longer just an IT issue—it is a brand trust issue, a revenue protection issue, and a core leadership responsibility. Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know and the report Cyber Threat Landscape Overview for the 2025 Holiday Season. The Voice of Retail podcast is presented by Hale, a performance marketing partner trusted by brands like ASICS, Saje, and Orangetheory to scale with focus and impact. Michael LeBlanc is the president and founder of M.E. LeBlanc & Company Inc, a senior retail advisor, keynote speaker and now, media entrepreneur. He has been on the front lines of retail industry change for his entire career. Michael has delivered keynotes, hosted fire-side discussions and participated worldwide in thought leadership panels, most recently on the main stage in Toronto at Retail Council of Canada's Retail Marketing conference with leaders from Walmart & Google. He brings 25+ years of brand/retail/marketing & eCommerce leadership experience with Levi's, Black & Decker, Hudson's Bay, CanWest Media, Pandora Jewellery, The Shopping Channel and Retail Council of Canada to his advisory, speaking and media practice.Michael produces and hosts a network of leading retail trade podcasts, including the award-winning No.1 independent retail industry podcast in America, Remarkable Retail with his partner, Dallas-based best-selling author Steve Dennis; Canada's top retail industry podcast The Voice of Retail and Canada's top food industry and one of the top Canadian-produced management independent podcasts in the country, The Food Professor with Dr. Sylvain Charlebois from Dalhousie University in Halifax.Rethink Retail has recognized Michael as one of the top global retail experts for the fifth year in a row, the National Retail Federation has designated Michael as on their Top Retail Voices for 2025, Thinkers 360 has named him on of the Top 50 global thought leaders in retail, RTIH has named him a top 100 global though leader in retail technology and Coresight Research has named Michael a Retail AI Influencer. If you are a BBQ fan, you can tune into Michael's cooking show, Last Request BBQ, on YouTube, Instagram, X and yes, TikTok.Michael is available for keynote presentations helping retailers, brands and retail industry insiders explaining the current state and future of the retail industry in North America and around the world.

　独立行政法人情報処理推進機構（IPA）は12月17日、Fortinet製品における認証回避の脆弱性について発表した。影響を受けるシステムは以下の通り。

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel's cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you'd like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here. Selected Reading Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence) IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post) CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines) Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines) AI models are perfecting their hacking skills (Axios) AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ) MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre) Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica) Locked out: How a gift card purchase destroyed an Apple account (Apple Insider) Racks of AI chips are too damn heavy (The Verge) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Beyond RC4 for Windows authentication Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change. https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication FortiCloud SSO Login Vuln Exploited Arctic Wolf observed exploit attempts against vulnerable FortiGate appliances. https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ FrePBX Vulnerability Horizon3.ai identified three distinct vulnerabilities in FreePBX. In particular, the authentication by-pass issue should be of concern, but default FreePBX installs do not use the vulnerable web authentication feature. https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/

Rogue NuGet package steals data Venezuela's PDVSA suffers attack Patched Fortinet flaws exploited Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. Learn more at adaptivesecurity.com.  

«Ta place ne t'attend pas. Elle t'appelle. » -Mélanie FortinEt si ton prochain niveau n'avait absolument rien à voir avec une nouvelle stratégie, une nouvelle offre, ou un meilleur message ?Et si ce qui te bloque en ce moment était beaucoup plus subtil… Beaucoup plus intérieur… Et surtout, beaucoup plus proche de toi que tu ne le crois ?Dans cet épisode, je t'amène dans un espace que la majorité évite, souvent sans même s'en rendre compte. Un espace où tes ambitions, tes peurs, tes contradictions et ta posture se rencontrent. Un espace qui peut soit te propulser… soit te retenir indéfiniment.On ne parle pas de tactiques.On ne parle pas d'outils.On ne parle même pas d'efficacité.On parle de toi.De ce que tu permets.De ce que tu assumes.De l'espace que tu occupes… ou que tu laisses encore entre les mains des autres.C'est un épisode qui t'amène à réfléchir sur la façon dont tu avances, dont tu te présentes, dont tu te retiens parfois sans t'en rendre compte. Il met en lumière un aspect essentiel de la croissance que beaucoup essaient d'éviter, parce qu'il demande de la lucidité, du courage et une forme d'honnêteté intérieure que peu osent vraiment pratiquer.Tu vas y découvrir une perspective différente sur la progression : une perspective qui ne cherche pas à te donner plus de choses à faire, mais à changer la manière dont tu te positionnes face à ce que tu veux créer.Ton prochain niveau n'est pas caché.Il n'est pas inaccessible.Il attend simplement que tu t'avances vers lui, réellement, pleinement, sans détour.Bonne écoute !

Venezuela's state oil company blames a cyberattack on the U.S. An Iranian hacker group offers cash bounties for doxing Israelis. Germany's lower house of parliament suffers a major email outage. South Korea's e-commerce breach exposes personal information of nearly all of that nation's adults. Researchers report active exploitation of two critical Fortinet authentication bypass vulnerabilities, and three critical vulnerabilities in the FreePBX VoIP platform. An auto-industry credit reporting agency suffers a data breach. Google is shutting down its dark web reporting service. European law enforcement dismantles a Ukrainian fraud network. Our guest is Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discussing how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. A Pornhub breach proves the internet never forgets.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, guest Christiaan Beek, Senior Director Threat Intelligence & Analytics from Rapid7, discusses how attackers are accelerating exploitation, refining ransomware, and expanding nation-state operations. Dive into the details in Rapid7's report. Tune into Christiaan's full conversation here. Selected Reading Venezuela Says Oil Export System Down After Weekend Cyberattack (Bloomberg) Iran-linked hackers dox Israelis, offer cash bounties (The Jerusalem Post) German Parliament Allegedly Hit by Email Outage During US-Ukraine Talks Amid Cyberattack Suspicions (TechNadu) Breach at South Korea's Equivalent of Amazon Exposed Data of Almost Every Adult (Wall Street Journal) Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 (Arctic Wolf) Critical authentication bypass and multiple flaws discovered in FreePBX VoIP platform (Beyond Machines) Millions Affected by Massive 700Credit Data Breach (Tech.co) Google Is Shutting Down Its Dark Web Monitoring Tool (Technology.org)  European authorities dismantle call center fraud ring in Ukraine (Bleeping Computer) Porn User Data Stolen—Pornhub ‘Search, Watch And Download' Activity (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Referências do EpisódioWebinar Tendências em Cyber 2026Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground ForumsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

La época de Navidad de 2025 se verá marcada por un aumento en el volumen de páginas maliciosas, la vulneración de cuentas de los usuarios y la explotación de tiendas en línea para cometer fraudes, de acuerdo con el Reporte de FortiRecon sobre el Panorama de ciberamenazas para la época navideña 2025 de la empresa de ciberseguridad Fortinet.

When your firewall forgets to buckle up, the crash doesn't happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aquia and host of the Resilient Cyber podcast. Chris helps reframe vulnerability work as exposure management, connect technical risk to human resilience, and break down the scoring and runtime tools security teams actually need today. Expect clear takeaways on EPSS, reachability analysis, ADR, AI's double-edged role, and the one habit Chris swears by as a CEO. This episode fuses attack-surface reality with mental-attack-surface strategy so you walk away with both tactical moves and daily practices that protect systems and people. Impactful Moments: 00:00 - Intro 02:00 - Breaking: Fortinet WAF zero-day & visibility lesson 05:00 - Meet Chris Hughes: CEO, author, Resilient Cyber host 08:00 - Mental attack surface explained and why it matters 18:00 - From CVSS to EPSS, reachability, and ADR realities 21:00 - AI as force-multiplier for attackers and defenders 24:30 - Exposure vs vulnerability naming, market trends 26:00 - Chris's book & how to follow his work 30:00 - Ron's solo: 3 pillars to patch your mindset 34:00 - Closing takeaways and subscribe reminder Links: Connect with our guest, Chris Hughes, on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out the article on the Fortinet exploit here: https://www.helpnetsecurity.com/2025/11/14/fortinet-fortiweb-zero-day-exploited/  Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. https://helpx.adobe.com/security.html Ivanti Endpoint Manager Patches Ivanti patched four vulnerabilities in End Point Manager. https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024?language=en_US Fortinet FortiCloud SSO Vulnerability Due to a cryptographic vulnerability, Forinet s FortiCloud SSO authentication is bypassable. https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ruby-saml vulnerability Ruby fixed a vulnerability in ruby-saml. The issue is due to an incomplete patch for another vulnerability a few months ago. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3

If you like what you hear, please subscribe, leave us a review and tell a friend!

Ask Me Anything: vCISO Strategy, IR, and Cyber Leadership | DailyCyber 281 ~ Watch Now ~In this AMA edition of DailyCyber, I answer questions cybersecurity leaders face every day — from rebuilding income after a layoff to navigating account compromise scenarios.This episode is packed with insights on mindset, leadership, communication, and technical decision-making. 

Take a Network Break! We start with listener follow-up on Fortinet’s vulnerability numbering, and sound a red alert about an authentication bypass vulnerability in ASUS's AiCloud service. AWS and Google announce a joint cross-cloud interconnect offering (other cloud providers are invited to play), Microsoft and Ciena pitch a new design to boost optical network resiliency,... Read more »

Take a Network Break! We start with listener follow-up on Fortinet’s vulnerability numbering, and sound a red alert about an authentication bypass vulnerability in ASUS's AiCloud service. AWS and Google announce a joint cross-cloud interconnect offering (other cloud providers are invited to play), Microsoft and Ciena pitch a new design to boost optical network resiliency,... Read more »

Take a Network Break! We start with listener follow-up on Fortinet’s vulnerability numbering, and sound a red alert about an authentication bypass vulnerability in ASUS's AiCloud service. AWS and Google announce a joint cross-cloud interconnect offering (other cloud providers are invited to play), Microsoft and Ciena pitch a new design to boost optical network resiliency,... Read more »

Synopsis Dans cet épisode, Steve, Patrick, Richer et Francis discutent d'actualité technologique et de cybersécurité, en abordant la résilience des réseaux, les enjeux du Gouvernement du Québec et l'impact croissant de l'IA. Ils explorent aussi les défis touchant les infrastructures critiques, les incidents récents et l'usage parfois excessif du buzzword AI dans l'industrie. Nouvelles Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses Fortinet warns of new FortiWeb zero-day exploited in attacks Résilience de nos réseaux de télécommunication vs. la profitabilité Avis de consultation de télécom CRTC 2025-226 TVA Nouvelles 18h QUB - Isabelle Maréchal - Fragilité des infrastructures essentielles: un appel urgent renforce la résilience des télécoms RADIO-X - Le Québec est le tiers-monde des télécoms Researchers question Anthropic claim that AI-assisted attack was 90% autonomous China has lent $200B to U.S. tech and infrastructure projects, report finds Chasing China: Learning to Play by Beijing's Global Lending Rules Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts Fortinet's delayed alert on actively exploited defect put defenders at a disadvantage Quand la cybersécurité s'invite dans la rémunération des PDG China fail Cloudflare - Patrick Mathieu en discute à Radio-Canada Crew Patrick Mathieu Steve Waterhouse Francis Coats Richer Dinelle Shamelessplug Join Hackfest/La French Connection Discord #La-French-Connection Join Hackfest us on Masodon POLAR - Québec - 29 Octobre 2026 Hackfest - Québec - 29-30-31 Octobre 2026 Crédits Montage audio par Hackfest Communication Music par Kazuki – Four Day Weekend - Interstella Locaux virtuels par Streamyard

Got a question or comment? Message us here!This week's #SOCBrief dives into the FortiWeb zero-day that's letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lock down configs, audit firewalls, and patch fast. We break down what happened, who's affected, and how to defend before attackers pivot deeper into your network.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Web applications have always been tricky to protect. They're meant to be accessible over the Internet, which exposes them to malicious actors, they're designed to take end-user inputs, which can be manipulated for malicious purposes, and they often handle sensitive data. Then the rise of public cloud and microservices architectures added new layers of complexity... Read more »

Web applications have always been tricky to protect. They're meant to be accessible over the Internet, which exposes them to malicious actors, they're designed to take end-user inputs, which can be manipulated for malicious purposes, and they often handle sensitive data. Then the rise of public cloud and microservices architectures added new layers of complexity... Read more »

Take a Network Break!  We start with a relative path traversal vulnerability in Fortinet’s FortiWeb.  We’ll move on to an acquisition by Palo Alto Networks, another hiccup from our friends at Cloudflare, some AI announcements by Itential and Gluware, and finish with first quarter 2026 fiscal results from Palo Alto Networks. AdSpot Sponsor: Itential  ... Read more »

Take a Network Break!  We start with a relative path traversal vulnerability in Fortinet’s FortiWeb.  We’ll move on to an acquisition by Palo Alto Networks, another hiccup from our friends at Cloudflare, some AI announcements by Itential and Gluware, and finish with first quarter 2026 fiscal results from Palo Alto Networks. AdSpot Sponsor: Itential  ... Read more »

Take a Network Break!  We start with a relative path traversal vulnerability in Fortinet’s FortiWeb.  We’ll move on to an acquisition by Palo Alto Networks, another hiccup from our friends at Cloudflare, some AI announcements by Itential and Gluware, and finish with first quarter 2026 fiscal results from Palo Alto Networks. AdSpot Sponsor: Itential  ... Read more »

(Presented by Material Security (https://material.security): We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.) Three Buddy Problem - Episode 73: The buddies react to Google's release of Gemini 3 and its early performance, new Chrome interface changes landing on users' machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon's latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline. Plus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

The US and allies sanction Russian bulletproof hosting providers. The White House looks to sue states over AI regulations. The US Border Patrol flags citizens' “suspicious” travel patterns. Lawmakers seek to strengthen the SEC's cybersecurity posture. A new Android banking trojan captures content from end-to-end encrypted apps. A hidden browser API raises security concerns. Fortinet patches a zero-day. A Philippine former mayor gets life in prison for scam center human trafficking. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Green energy gets hijacked for a blockchain side-hustle.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Cliff Crosland, CEO and Co-founder at Scanner.dev, discussing why security data lakes are ideal for AI in the SOC. Listen to Cliff's full conversation here. Selected Reading Russian bulletproof hosting provider sanctioned over ransomware ties (Bleeping Computer) White House drafts order directing Justice Department to sue states that pass AI regulations (Washington Post) Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns (Associated Press) Lawmakers reintroduce bill to bolster cybersecurity at Securities and Exchange Commission (The Record) Multi-threat Android malware Sturnus steals Signal, WhatsApp messages (Bleeping Computer) Hidden API in Comet AI browser raises security red flags for enterprises (CSO Online) Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime (Infosecurity Magazine) Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw (HIPAA Journal) Ex-Philippine mayor Alice Guo given life sentence for human trafficking (Reuters) Wind farm worker sentenced after turning turbines into a secret crypto mine (Bitdefender) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloudflare's outage is rooted in an internal configuration error. The Trump administration is preparing a new national cyber strategy. CISA gives federal agencies a week to secure a new Fortinet flaw. MI5 warns that China is using LinkedIn headhunters and covert operatives to target lawmakers. Experts question the national security risks of TP-Link routers. The China-aligned PlushDaemon threat group hijacks software updates. Researchers discover WhatsApp's entire global member directory accessible online without protection. LG Energy Solution confirms a ransomware attack. ShinySp1d3r makes its debut. Rotem Tsadok, Director of Security Operations and Forensics at Varonis, is sharing lessons learned from thousands of forensics investigations. A judge says Google's claims to water use secrecy are all wet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Rotem Tsadok, Director of Security Operations and Forensics at Varonis, sharing lessons learned from thousands of forensics investigations. Listen to Rotem's full conversation here. Selected Reading Cloudflare blames this week's massive outage on database issues (Bleeping Computer) National cyber strategy will include focus on ‘shaping adversary behavior,' White House official says (The Record) CISA gives govt agencies 7 days to patch new Fortinet flaw (Bleeping Computer) Chinese Spies Are Using LinkedIn to Target U.K. Lawmakers, MI5 Warns (The New York Times) No evidence that TP-Link routers are a Chinese security threat (CSO Online) PlushDaemon compromises network devices for adversary-in-the-middle attacks (welivesecurity) 3.5 Billion Accounts: Complete WhatsApp Directory Retrieved and Evaluated (heise online) LG Energy Solution reports ransomware attack, hackers claim theft of 1.7 terabytes of data (beyondmachines) Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters (Bleeping Computer) Google Strives To Keep Data Center Water Use Secret After Judge Orders Records Released (Roanoke Rambler) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: Anthropic says a Chinese APT orchestrated attacks using its AI It's a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild Turns out slashing CISA was a bad idea, now it's time for a hiring spree Researchers brute force entire phone number space against Whatsapp contact discovery API DOJ figures out how to make SpaceX turn off scam compounds' Starlink service This week's episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world. This episode is also available on Youtube. Show notes Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica China's ‘autonomous' AI-powered hacking campaign still required a ton of human work | CyberScoop Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News PSIRT | FortiGuard Labs CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive This Is the Platform Google Claims Is Behind a 'Staggering' Scam Text Operation | WIRED A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED

Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/ https://fortiguard.fortinet.com/psirt/FG-IR-25-910?ref=labs.watchtowr.com Flnger.exe and ClickFix Attackers started to use the finger.exe binary to retrieve additional payload in ClickFix attacks https://isc.sans.edu/diary/Finger.exe%20%26%20ClickFix/32492

Critical Cybersecurity Updates: Fortinet Zero Day, North Korean Infiltration & JLR Cyber Attack In this episode of Cybersecurity Today, host David Chipley discusses the latest critical updates in the cybersecurity world. Fortinet faces a massive zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia. Stay updated, stay secure! 00:00 Introduction and Sponsor Message 00:55 Fortinet Zero-Day Vulnerability 04:32 North Korean IT Worker Infiltration 07:45 Jaguar Land Rover Cyber Attack Impact 10:19 AI Platforms Hit with Copy-Pasted Flaw 13:42 Conclusion and Upcoming Events

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The KK Park scam compound in Myanmar gets blasted with actual dynamite China sentences more scammers TO DEATH While Singapore is opting to lash them with the cane Chinese security firm KnownSec leaks a bunch of documents Necromancy continues on NSO Group, with a Trump associate in charge OWASP freshens up the Top 10, you won't believe what's number three! This week's episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you're going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”? This episode is also available on Youtube. Show notes Myanmar Junta Dynamites Scam Hub in PR Move as Global Pressure Grows China sentences 5 Myanmar scam kingpins to death | The Record from Recorded Future News Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020 | The Straits Times KnownSec breach: What we know so far. - NetAskari Risky Bulletin: Another Chinese security firm has its data leaked Inside Congress Live The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED Former Trump official named NSO Group executive chairman | The Record from Recorded Future News Short-term renewal of cyber information sharing law appears in bill to end shutdown | The Record from Recorded Future News Jaguar Land Rover hack hurt the U.K.'s GDP, Bank of England says Monetary Policy Report - November 2025 | Bank of England SonicWall says state-linked actor behind attacks against cloud backup service | Cybersecurity Dive Japanese media giant Nikkei reports Slack breach exposing employee and partner records | The Record from Recorded Future News "Intel sues former employee for allegedly stealing confidential data" Post by @campuscodi.risky.biz — Bluesky Introduction - OWASP Top 10:2025 RC1

Sustainability goals are everywhere in manufacturing; net-zero by 2030, carbon neutral by 2035. While many manufacturers have set ambitious targets, the gap between goals and execution remains a challenge, especially when sustainability projects compete with production priorities for capital.Eric Spink and Shiva Subramanya from Veregy join the show to talk about energy transition and what it looks like in practice. Energy used to be just another line item and the cost of doing business, now it's tied to resilience, sustainability, and a company's long-term strategy.One key insight from the conversation was how the equipment on the perimeter of your manufacturing floor (think compressed air systems, boilers, refrigeration, and HVAC) consumes 60-80% of your plant's total energy.But manufacturers typically don't have expertise in these support utilities, which is why they get overlooked for efficiency opportunities.We dive into real projects, including a five-plant dairy operation where AI can predict steam demand based on production data. Plus, how performance contracting allows manufacturers to fund these projects using energy savings rather than tying up capital.In this episode, find out:Why energy has evolved from an expense to a strategic priorityHow perimeter equipment consumes 60-80% of plant energy but often receives the least attentionWhy sustainability projects typically compete with production priorities for budgetHow performance contracting uses energy savings to fund improvements without capital investmentThe low-hanging fruit in most plants, such as compressed air leaks, lighting upgrades, and controls optimizationWhat happens when you connect production data with utility systems using AI and advanced controlsReal examples from dairy processing that delivered significant energy savingsEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“Traditionally, manufacturing companies have relied on their own capital to implement sustainability projects. But they always compete with productivity goals. With performance contractors, companies can now use the savings from energy reductions and put their capital elsewhere but still implement energy efficiency projects.” - Eric Spink“Upgrading control systems by putting in PLC-based controls, and adding instrumentation and metering really allows all these systems to consume a lot less energy. Historically these have yielded very high paybacks, between one and a half and two years in many cases.” - Eric Spink“Having a sustainability goal is important, but having a sustainability plan is key. The sustainability plan needs to include how the organization is going to implement it and how it's going to be funded year-on-year.” - Shiva SubramanyaLinks & mentions:Veregy, an award-winning decarbonization company providing turnkey engineering and construction services to reduce energy costs through efficiency upgrades, smart building technology, EV infrastructure, and clean energy solutions.Skillwork, a premier staffing agency providing skilled industrial technicians on a contract basis to augment facility teams across 30+ states for elevated impact and decreased downtime.Fortinet, securing the world's largest enterprises, service...

Der Grundton an der Wall Street ist positiv, wobei das Bild zerrissen bleibt. In Folge der Quartalszahlen geht es bei den Aktien von Snap, Moderna, Figma, ARM und Albermarle teils deutlich bergauf. Wir sehen hingegen massive Kurseinbrüche bei Duolingo, DoorDash, Elf Beauty und Fortinet. Medienberichten zur Folge hat Softbank zu Beginn des Jahres eine Übernahme von Marvell in Erwägung gezogen. Die beiden Parteien konnten sich nicht einigen. Wie dem auch sei, geht es wegen dieser Berichte bei dem Wert aufwärts. Nach dem Closing werden die Ergebnisse von Airbnb, Affirm und Block im Fokus stehen. Außerdem beginnt um 22 Uhr MEZ die Hauptversammlung von Tesla. Marktteilnehmer gehen davon aus, dass trotz des Widerstands einiger Aktionäre, das $1 Bio. Zahlungspaket an Musk genehmigt wird. Was den Regierungs-Shutdown betrifft, sehen wir ab diesen Freitag bei 40 Flughäfen eine Reduktion der Flüge um 10%. Immer mehr Fluglotsen bleiben wegen der Gehaltsausfälle Zuhause. Ein Podcast - featured by Handelsblatt. +++ Alle Rabattcodes und Infos zu unseren Werbepartnern findet ihr hier: https://linktr.ee/wallstreet_podcast +++ +++ Hinweis zur Werbeplatzierung von Meta: https://backend.ad-alliance.de/fileadmin/Transparency_Notice/Meta_DMAJ_TTPA_Transparency_Notice_-_Ad_Alliance_approved.pdf +++ Der Podcast wird vermarktet durch die Ad Alliance. Die allgemeinen Datenschutzrichtlinien der Ad Alliance finden Sie unter https://datenschutz.ad-alliance.de/podcast.html Die Ad Alliance verarbeitet im Zusammenhang mit dem Angebot die Podcasts-Daten. Wenn Sie der automatischen Übermittlung der Daten widersprechen wollen, klicken Sie hier: https://datenschutz.ad-alliance.de/podcast.html Impressum: https://www.360wallstreet.de/impressum

In Folge der Quartalszahlen geht es bei den Aktien von Snap, Moderna, Figma, ARM und Albermarle teils deutlich bergauf. Wir sehen hingegen massive Kurseinbrüche bei Duolingo, DoorDash, Elf Beauty und Fortinet. Medienberichten zur Folge hat Softbank zu Beginn des Jahres eine Übernahme von Marvell in Erwägung gezogen. Die beiden Parteien konnten sich nicht einigen. Wie dem auch sei, geht es wegen dieser Berichte bei dem Wert aufwärts. Nach dem Closing werden die Ergebnisse von Airbnb, Affirm und Block im Fokus stehen. Außerdem beginnt um 22 Uhr MEZ die Hauptversammlung von Tesla. Marktteilnehmer gehen davon aus, dass trotz des Widerstands einiger Aktionäre, das $1 Bio. Zahlungspaket an Musk genehmigt wird. Was den Regierungs-Shutdown betrifft, sehen wir ab diesen Freitag bei 40 Flughäfen eine Reduktion der Flüge um 10%. Immer mehr Fluglotsen bleiben wegen der Gehaltsausfälle zu Hause. Abonniere den Podcast, um keine Folge zu verpassen! ____ Folge uns, um auf dem Laufenden zu bleiben: • X: http://fal.cn/SQtwitter • LinkedIn: http://fal.cn/SQlinkedin • Instagram: http://fal.cn/SQInstagram

The managed service provider (MSP) market has surpassed $305 billion and is projected to reach $571 billion by 2033, indicating a strong trend toward consolidation within the sector. In the second quarter of 2025 alone, there were 92 announced mergers and acquisitions, as companies aim to enhance their cybersecurity capabilities and automate operations. Key areas of focus for leading MSPs include operations, talent, security, automation, and compliance, which are essential for navigating the current landscape. Notable transactions include Comcast's acquisition of Nitell and Telus Digital's acquisition of Garrent.Research indicates that while artificial intelligence (AI) investments are expected to rise, particularly in telecommunications for predictive maintenance and network optimization, many AI projects struggle to scale effectively. A recent study from the Remote Labor Index found that top AI models completed less than 3% of assigned freelance tasks, highlighting a gap between expectations and actual performance. Additionally, a report from Fortinet revealed that 87% of cybersecurity professionals believe AI will enhance their roles, yet a significant skills gap persists, with over 4.7 million positions unfilled globally.Further developments include Intuit's launch of its AI-driven system, Intuit Intelligence, designed to streamline decision-making for small business owners, and Adobe's introduction of Firefly Foundry, which offers customized generative AI models for branding. Service Leadership has also released a new benchmarking tool aimed at smaller IT solution providers, enhancing their financial reporting capabilities. These initiatives reflect a growing trend of embedding AI into everyday business tools, which MSPs must navigate.For MSPs and IT service leaders, the implications are clear: the market is maturing rapidly, and providers must adapt by tightening operations, investing in automation, and prioritizing compliance. As AI becomes increasingly integrated into existing systems, MSPs should conduct audits to identify where AI is already active and establish governance frameworks to manage these technologies effectively. The focus should be on leveraging AI to enhance service delivery while ensuring that human oversight remains a critical component of technology management.Three things to know today00:00 From “Digital Transformation” to AI Operations: The MSP and IoT Boom Signals a More Mature IT Services Era05:28 AI's Promise Meets Its Limits: Reports Expose Gaps in Skills, Safety, and Real-World Capability09:22 From Finance to Branding, AI Is Already Inside Your Clients' SaaS Stack — Whether You Put It There or Not This is the Business of Tech.    Supported by:  https://try.auvik.com/dave-switchhttps://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship

This week on the GetConnected Podcast with Mike Agerbo, tech journalist Carmi Levy joins us to dig into the biggest stories in tech — including OpenAI's new Atlas browser and whether it could be a Google Chrome killer. We'll also look at YouTube's new deepfake detection tools and WhatsApp's war on spammers. Then, Robert May from Fortinet shares important advice on cybersecurity for small businesses, and Omer Waysman from Michelin explains how the company is using AI to power smarter marketing and education

If you like what you hear, please subscribe, leave us a review and tell a friend!

Please enjoy this encore of Word Notes. Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together. Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the field. He hopes to have made a real dent, or "hopefully a crater" in cyber crime when he ends his career. We thank Derek for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together. Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the field. He hopes to have made a real dent, or "hopefully a crater" in cyber crime when he ends his career. We thank Derek for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The architecture and tech stack of a Secure Access Service Edge (SASE) solution will influence how the service performs, the robustness of its security controls, and the complexity of its operations. Sponsor Fortinet joins Heavy Networking to make the case that a unified offering, which integrates SD-WAN and SSE from a single vendor, provides a... Read more »

The architecture and tech stack of a Secure Access Service Edge (SASE) solution will influence how the service performs, the robustness of its security controls, and the complexity of its operations. Sponsor Fortinet joins Heavy Networking to make the case that a unified offering, which integrates SD-WAN and SSE from a single vendor, provides a... Read more »

The architecture and tech stack of a Secure Access Service Edge (SASE) solution will influence how the service performs, the robustness of its security controls, and the complexity of its operations. Sponsor Fortinet joins Heavy Networking to make the case that a unified offering, which integrates SD-WAN and SSE from a single vendor, provides a... Read more »

Microsoft Patch Tuesday Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368 Ivanti Advisory Ivanti released an advisory with some mitigation steps users can take until the recently made public vulnerablities are patched. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US Fortinet Patches https://fortiguard.fortinet.com/psirt/FG-IR-25-010 https://fortiguard.fortinet.com/psirt/FG-IR-24-361

International law enforcement take down the Breachforums domains. Researchers link exploitation campaigns targeting Cisco, Palo Alto Networks, and Fortinet. Juniper Networks patches over 200 vulnerabilities. Apple and Google update their bug bounties. Evaluating AI use in application security (AppSec) programs. Microsegmentation can contain ransomware much faster and yield better cyber insurance terms. The new RondoDox botnet exploits over 50 vulnerabilities. Researchers tag 13 unpatched Ivanti Endpoint Manager flaws. Our guest is Jason Manar, CISO of Kaseya, sharing his insight into how the private and public sectors can work together for national security. Hackers mistake a decoy for glory.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by ⁠Jason Manar⁠, CISO of ⁠Kaseya⁠, sharing his insight into how the private and public sectors can/must work together for national security. Selected Reading FBI takes down BreachForums portal used for Salesforce extortion (Bleeping Computer) Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign (SecurityWeek) Juniper Networks Patches Critical Junos Space Vulnerabilities (OffSeq)   Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits (WIRED) Google Launches AI Bug Bounty with $30,000 Top Reward (Infosecurity Magazine) In AI We Trust? Increasing AI Adoption in AppSec Despite Limited Oversight (Fastly) Reducing Risk: Microsegmentation Means Faster Incident Response, Lower Insurance Premiums for Organizations (Akamai) RondoDox Botnet Takes ‘Exploit Shotgun' Approach (SecurityWeek) ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities (SecurityWeek) Pro-Russian hackers caught bragging about attack on fake water utility (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

What does the risk environment for Operational Technology (OT) look like in 2025? JJ and Drew review four recent reports on the state of OT security from Dragos, Fortinet, and others. We discuss ransomware impacts, ongoing risks of RDP traffic, directly exposed OT devices, and overall attack trends and the tools and processes that organizations... Read more »

What does the risk environment for Operational Technology (OT) look like in 2025? JJ and Drew review four recent reports on the state of OT security from Dragos, Fortinet, and others. We discuss ransomware impacts, ongoing risks of RDP traffic, directly exposed OT devices, and overall attack trends and the tools and processes that organizations... Read more »

On today's Heavy Networking: the Security Operations Center, or SOC. When I think of a SOC, I picture a miniature version of NASA's mission control: lots of computers, lots of people, some big boards with lines and arrows and telemetry scrolling across the screens. I also think of SOCs as requiring a lot of gear,... Read more »

On today's Heavy Networking: the Security Operations Center, or SOC. When I think of a SOC, I picture a miniature version of NASA's mission control: lots of computers, lots of people, some big boards with lines and arrows and telemetry scrolling across the screens. I also think of SOCs as requiring a lot of gear,... Read more »

On today's Heavy Networking: the Security Operations Center, or SOC. When I think of a SOC, I picture a miniature version of NASA's mission control: lots of computers, lots of people, some big boards with lines and arrows and telemetry scrolling across the screens. I also think of SOCs as requiring a lot of gear,... Read more »