Podcasts about LastPass

What if a few hours of part-time help would change your week? This episode is a live recording from Localist Lab, the free monthly marketing event series for small business owners in Birmingham. Carrie Rollwagen takes the speaker seat this time to walk a live audience through how she hired a virtual assistant, what she actually has her VA do, and where AI tools fit into the mix. Carrie covers what a virtual assistant is, how to find one, how to budget for one, and what to do before they start. She shares the documents she made for her VA, the tools they use together, and the kinds of work she does and does not hand off. She also walks through how she uses AI for tasks like building decks, transcribing meetings, organizing her desktop, and turning one podcast into a dozen reels. If you are a small business owner who keeps thinking you cannot afford help, this episode is a clear and honest look at what part-time help actually looks like in practice. Watch on YouTube ____________________________________________________________________________________ Mentioned in This Episode Virtual Savvy Time Tailored OnePass (password manager) LastPass (password manager) Calendly Otter.ai (voice memo transcription) Carrie's Turn One Post into Ten talk Ohm Jiu Jitsu (Russell Marbut) Alabama Twisters _______________________________________________________________________________ Thanks to Our Sponsor, Infomedia The Localist is sponsored by Infomedia, a Birmingham-based web and digital marketing company that helps small businesses get big results online. Contact Infomedia: https://infomedia.com/contact ________________________________________________________________________________ Join Us at Localist Lab Localist Lab is our free live marketing event series for small business owners, held on the third Thursday of most months at Saturn in Avondale. Each session features practical strategies you can use right away, plus free tacos and coffee. See upcoming events and register https://infomedia.com/events ________________________________________________________________________________ Subscribe to Carrie's Newsletter Get more small business insights, resources and behind-the-scenes updates from Carrie delivered straight to your inbox. Sign up for the newsletter: https://gmail.us20.list-manage.com/subscribe?u=9c59a060684d71f12f6e495fc&id=98cd3122b9

What's up everyone, today we have the pleasure of sitting down with Ashley Langford, Marketing Operations and RevOps Leader.Summary: Ashley Langford has every credential the MOps job search advice says you're supposed to have: 2 Marketo Champion designations, a decade of B2B SaaS experience across multiple industries, a strong community presence, and a track record of building functions from scratch. She's still getting auto-rejected within minutes and ghosted by companies she was genuinely excited about. In this episode, she breaks down what the MOps job search actually looks like in 2026 from the inside, including how she uses Claude to build an interview packet before every meeting, why she has a hard line against unpaid take-home projects, and how the director-level search carries friction points that most job search content ignores entirely. She also says something most practitioners won't say out loud: she realized she was performing confidence instead of having it. If you're in a search right now, or know someone who is, this one is worth your full attention.About Ashley LangfordAshley Langford is a Director of Marketing Operations and 2-time Marketo Champion who has built and led MOps functions from scratch across B2B SaaS companies including LastPass, Integrate, HackerRank, GreenSky, and Waystar. Her work spans fintech, insurance, biotech, and HR technology, with deep expertise in Marketo, Salesforce, 6sense, and Looker. Adobe's Marketo Champion program selects around 40 practitioners globally each year; Ashley has earned the designation twice, in 2020 and 2023, and is also a Marketo Revvie Award Finalist.What Nobody Warns You About When You Get Laid OffThe shame of a layoff hits in a specific, quiet way that almost nobody includes in the public job search conversation. It doesn't look like despair. It doesn't stop you from applying, updating the resume, or showing up to the networking calls. It just tilts you. You overexplain the layoff in interviews. You hedge when confidence is what the moment requires. You walk in grateful to be considered instead of knowing what you're worth.Ashley Langford is 4 months into a search that should, by any rational measure, be going better. She has 2 Marketo Champion designations, a decade of track record across multiple industries, and genuine community presence. Her time at LastPass ended in a layoff that was clearly business-driven following the company's public turbulence. None of that insulated her from the quiet voice that arrives anyway.She didn't recognize it immediately. It took a few conversations before she saw what was happening. "I was performing confidence instead of actually having it," she says. For someone whose professional identity is built on expertise and results, that admission is uncomfortable. But naming it is where you start. You can't correct what you haven't acknowledged.The market doesn't help. Ashley has the credentials, the community ties, and the network. She's done what the standard job search advice prescribes. She's still getting auto-rejected within minutes and ghosted by companies she was genuinely excited about. "I haven't been ghosted this much since I was on Tinder like 12 years ago," she says. "At least then I knew why."The honest accounting: being well-credentialed matters inside the MOps community, where a Marketo Champion designation opens doors with people who know what it means. Outside that community, there are plenty of doors where it doesn't register. And the external recruiter pipeline, which used to generate steady inbound interest for practitioners at her level, has gone almost completely quiet. That drought is a real signal about what's happening in this market. The job posting numbers don't capture it.The practitioners who move through a senior search with the most clarity tend to be the ones who name what they're carrying early. The public-facing posture, excited about what's next, lots of great conversations, is one layer. The private reality of a Wednesday afternoon is another. Closing that gap starts with honesty about the performance, not just the tactics.Key takeaway: Name the performance gap before your search does it for you. After your next interview, write down 1 moment where you hedged, over-explained, or undersold your work. Identify the specific claim you avoided making. Draft the version with a number attached, and practice saying it without softening it until it sounds like your default.Where the MOps Job Search Actually Happens in 2026The job search advice is consistent about channels. LinkedIn, niche job boards, the hidden market through direct outreach and community presence, networking as a KPI. The framework is reasonable. What's harder to find is how it actually plays out for a practitioner with a specific profile in a specific market.Ashley's day starts on LinkedIn. New postings first, then the feed, because hiring managers sometimes announce open roles informally before they list them. From there: VC-backed job boards, which surface companies building fast. She's tried the Ashby job board search technique and found listings that hadn't appeared anywhere else. Greenhouse, the ATS platform, now has a cross-company search function that most people haven't found yet.After all of it, where are actual responses coming from? LinkedIn. The hidden job market is real and worth working. It's also producing less than the visible one right now. Anyone spending most of their search trying to unlock doors not listed on job boards while ignoring the platform still generating replies is optimizing against their own results.On conversations as the primary KPI, Ashley's take is more nuanced than the standard advice. She's gotten jobs through her network before. The approach works. But it requires having the kind of network that actually moves for you: people who will pick up the phone and make a call, not just say they'll keep an eye out. "The ratio depends on your network that you've actually built, not the one that you wish you have," she says.There's a structural wrinkle for MOps practitioners specifically. MOps people tend to be industry-agnostic, which is part of what makes the role valuable. Ashley has worked in fintech, insurance, biotech, and HR tech. That breadth is an asset in the market. It's also why her first-degree connections aren't concentrated in any one industry or company cluster. The broader the career path, the more spread out the network, and the harder it is to find someone who happens to know someone at the specific company hiring right now.The conversations-versus-applications question resolves the same way for most people: you need both. The ratio just depends on what you've actually built, and being honest about which bucket your network falls into before committing to a strategy built around the other one.Key takeaway: For 2 weeks, track which channel produces each actual response, not each application sent. If LinkedIn is generating replies and Ashby isn't, redistribute your time accordingly. Add the Greenhouse cross-company search to your daily routine and check it alongside LinkedIn. Both tools are free and most people haven't found the second one.What Hiring Managers Actually Look For in a MOps ResumeMost job seekers are guessing at what the other side of the table actually looks for. The tactical advice is everywhere: tailor your resume, use keywords from the JD, follow up with the recruiter. What's far less available is the hiring manager's actual perspective from someone who's done both in the same search.Ashley has built MOps teams. She's reviewed application stacks. She knows exactly what she skims past and what makes her stop. Now she's running that same lens on her own materials, which is a sharper fe...

Is your organization prepared for an autonomous AI bot? Roger Grimes joins Jen Stone to discuss the shifting landscape of cybersecurity. This episode moves past the hype to look at the hard data: AI scams are yielding 4.5x more value for attackers, and traditional MFA is no longer enough to stop them.In this episode, we translate complex "vulnerability fatigue" into a clear, two-step priority list. We strip away the jargon to show you exactly how autonomous bots are bypassing firewalls by targeting the human element. Key Takeaways:Focus on the "Big Two": Social engineering and unpatched software account for nearly 90% of business risk.Phishing Resistance: Why you should move toward YubiKeys or passkeys to avoid "man-in-the-middle" code interception.Patch Management: Why you should ignore "shiny" new vulnerabilities and follow the CISA Known Exploited Vulnerabilities catalog.The Negotiator's Trap: What happens when a CEO claims they have backups, but the hackers have already deleted them.Featured Resources:CISA Known Exploited Vulnerabilities (KEV) Catalog: Use this to prioritize patching based on real-world attacker behavior. Phishing-Resistant MFA:YubiKey: A hardware security key requiring physical touch to prevent remote account takeovers. FIDO Passkeys: A cryptographically secure alternative to SMS codes. Password Management: Tools like 1Password or LastPass are essential for creating long, random, and unique credentials that AI can't easily crack. The 3-2-1 Backup Rule: Maintain three copies of data, on two different media types, with one copy kept strictly offline. Connect with Roger GrimesKnowBe4: Access security awareness training and social engineering defense resources at knowbe4.com. Free Book Offer: Roger is offering a free PDF copy of his latest book, How AI and Quantum Impact Cyber Threats and Defenses, to all listeners. Email him directly at rogerg@knowbe4.com. A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here:  https://academy.securitymetrics.com/ 

User-generated content (UGC) is moving from marketing side dish to main course as large language models change how people discover brands, products, creators, and ideas. Customer reviews, forum posts, videos, and community conversations increasingly carry more influence than polished brand copy because they feel more specific, lived-in, and trustworthy. As AI systems learn from and surface content across communities, review sites, and social platforms, the stakes are no longer just brand awareness. The question is whether a company's most credible voices—its customers, fans, critics, and communities—are visible enough to be found.So the central question becomes: in an AI-driven discovery world, how can creators and companies make sure their best ideas, products, and communities are actually found?On DisruptED, host Ron J. Stefanski is joined by guest host Scott K. Wilder for a conversation that connects their shared past at Borders Books and Music with today's emerging rules of user-generated content, AI search, community marketing, and product discovery. What began at Borders as an experiment in bringing book, music, and in-store communities online now reads like an early blueprint for the AI discovery era. Ron and Scott revisit those lessons to unpack how creators and brands can make authentic customer voices easier for LLMs to find, interpret, and trust.What you'll learn…How user-generated content can improve AI discoverability. Learn why fresh, authentic, community-created content helps brands show up across LLMs, and why advocates, influencers, and customers matter across owned channels and outside platforms.Why structure makes UGC easier for AI to understand. Explore how summaries, bullet points, FAQs, and simple templates can help LLMs surface user-created content without flattening the creativity or authenticity behind it.Why authentic customer voices outperform scripted brand messaging. Hear how reviews, communities, book clubs, and peer recommendations shape trust, and why customer reviews can reveal sharper product insights than official descriptions.Scott K. Wilder is a digital self-serve, customer success, community, and growth leader who has built scalable customer engagement programs across LastPass, HubSpot, Adobe/Marketo, Intuit, Google, Coursera, Udacity, and Clari. His work focuses on AI-enhanced self-service, customer communities, lifecycle marketing, onboarding, retention, and product adoption, with a track record of improving engagement, conversion, ARR, and customer outcomes. He has led award-winning community and digital experience programs, including Intuit's early B2B customer community, and continues to advise companies on building customer-first digital journeys that scale.

The Business Tools That Actually Keep Your VO Career Running One of the biggest misconceptions in voiceover is that success comes from talent plus a good booth. And yes, performance matters. Audio quality matters. But what actually creates consistency in this career is operational support. It's the systems you build that allow you to track opportunities, manage relationships, understand your income, organize your marketing, and reduce decision fatigue. Because decision fatigue is real, and it will stop you in your tracks and you will end up doing nothing. So today I want to walk you through some simple, accessible tools that you can use right now. Even if you don't have a team. Even if you don't have fancy software. Even if you feel completely disorganized. These are the tools that turn creative chaos into professional clarity. Excel or Google Sheets I know. A spreadsheet is not anyone's favorite thing. Nobody got into acting because they love spreadsheets. But spreadsheets give you something emotional actors often lack, which is objective data. If you don't have data, how will you know what's working and what isn't? How will you know how much time to keep spending on something or when to let it go or if you're underpricing yourself in a certain category? You can track auditions, bookings, client names, rates, follow-ups, usage conflicts, marketing outreach. When you track patterns you stop guessing. And we cannot have a successful career if we are constantly guessing. A spreadsheet is not restrictive. It's clarifying. Canva Canva is essentially the modern actor's design department. I know nothing about design and luckily Canva is there for social media graphics, pitch decks, rate sheets, lead magnets, ebooks, presentations. Actors often think marketing has to look DIY. It doesn't. Clean visual communication builds trust before you ever speak. I send cold leads lead magnets all the time. Sometimes it's an ebook like how to hire a voiceover actor or a checklist of what to expect when you've hired one. When you are the authority and expert in the room that's when you have true leadership within the role. Canva helps you look like a business with structure instead of a freelancer who's improvising. I use Canva Pro. You don't have to. There is plenty on the free version that makes it worth having in your arsenal. A Lightweight CRM When I say CRM a lot of actors panic. Customer relationship management systems can feel very corporate. But you can create a lightweight version with Airtable or Notion or even a spreadsheet. I have one I can send you the link to. The things you want to track are simple. Who you contacted, when, what their response was, what your email subject line was. Without those few things you can end up re-pitching the same person too soon or forgetting a warm lead entirely. Consistency beats charisma in client development. I promise you. A Calendar System Your calendar is not just for appointments. It's for marketing blocks, financial review days, audition batching, content creation, relationship maintenance. Actors live in reactive mode. A structured calendar helps you move into intentional career design. Time becomes something you allocate strategically instead of something that constantly feels like it's slipping away. When I transitioned into my block calendar system it changed my life. I know that sounds dramatic but I was constantly chasing minutes and feeling like I never had enough. Now I have control. I can actually plan things out and I'm never just too busy or not busy enough. It really did change my life. File Organization I know this sounds tiny. It is not. Clear folder systems on your desktop. Client name, project, scripts, finals. Demos organized by vertical and year. Invoices separated into paid and unpaid. Contracts sorted by active versus expired. When your files are organized you move faster. Speed is a competitive advantage in this industry, especially if you are working with agents or pay to plays. Disorganization creates friction that drains your creative energy. Spend twenty minutes on this. I promise you will feel so much better and more in control. A Password Manager This one is very adult and very real. My information was recently hacked and someone stole a significant amount of money from me and spent it all on DoorDash. I was very upset. Actors juggle casting sites, payment portals, editing software, social platforms. A password manager like LastPass or 1Password protects your business infrastructure. Security is professionalism. Nothing screams professional like having your shit together. A Capture System for Ideas Your brain is a constant working creative machine. But ideas disappear. How many times have you had a great idea and then completely lost it two minutes later? Use your notes app, voice memos, Notion boards, Trello. Capture content ideas, client leads, script concepts, branding language. Marketing consistency comes from capturing inspiration before it evaporates. I create a note, title it something like TikTok ideas, make a checkbox list, and add ideas as they come. When I've done it I check the box. I don't delete it because I might come back to it someday. I wish I had been doing this years ago. The Bottom Line Tools make you more sustainably creative. They don't make you less creative. They reduce chaos and they reduce the emotional decision-making spiral that actors can get wrapped up in. The actors who last in this business are not always the most naturally gifted. They're just the most together. Your homework this week is simple. Choose one tool and implement it imperfectly. It doesn't have to be beautiful or complete. Just begin. Because actors are not built in grand gestures. They are built in small systems that compound over time. Want to Keep the Conversation Going? Send me an email at mandy@actingbusinessbootcamp.com about the tools you're using or maybe a tool I haven't mentioned that's been a game changer for you. I love to hear from you. Find me on TikTok  or on Substack at The Actor's Index.    

Este episodio analiza los desafíos de la sociedad digital actual, destacando noticias de ciberseguridad como las estafas de suscripciones falsas en PayPal, la cuantiosa multa a LastPass por una brecha de datos y las tensiones geopolíticas derivadas de un ciberataque a la petrolera venezolana PDVSA. El programa cuenta con la participación especial de Rafael Hernández, ex-responsable de ciberseguridad de Cepsa, quien reflexiona sobre sus 36 años de trayectoria, subrayando que la ciberseguridad debe basarse en la identidad digital, los procesos y el sentido común, más allá de la simple tecnología. Finalmente, el episodio rinde homenaje a la figura de Hernández mediante mensajes de colegas del sector, destacando el valor de la colaboración comunitaria, y concluye con consejos sobre la privacidad y los riesgos legales al compartir fotos de cenas de Navidad en redes sociales sin consentimiento. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

Today on Bud's #WeeklyGeekOut . . . Canadian? LastPass user in 2022? You may be eligible for $170.05...or more. =) webmeister Bud Listen and get more details at TheZone.fm/geekout

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus Europa stammen und/oder Open Source sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration.

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. https://www.heise.de/news/Schwachstellen-in-Cloud-basierten-Passwort-Managern-11179212.html Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus der EU stammen oder Open-Source-Community-Projekte sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Lösungen – etwa fehlende biometrische Entsperrung am Desktop. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration. Zu Gast im Studio: Niklas Dierking und Jan Schüßler Host: Keywan Tonekaboni Produktion: Tobias Reimer Im Newsletter c't Open Source Spotlight ordnen Keywan und Niklas aktuelle Entwicklungen rund um freie Software ein und stellen innovative Open-Source-Anwendungen vor. Jetzt anmelden und an jedem zweiten Freitag eine neue Ausgabe erhalten. https://www.heise.de/newsletter/anmeldung.html?id=ct-opensource Passwortmanager: Gute Gründe für europäische Clouds oder Self Hosting: https://www.heise.de/ratgeber/Passwortmanager-Gute-Gruende-fuer-europaeische-Clouds-oder-Self-Hosting-11172904.html Fünf Open-Source-Passwortmanager im Vergleich: https://www.heise.de/ratgeber/Fuenf-Open-Source-Passwortmanager-im-Vergleich-11172914.html Passbolt: Den europäischen Open-Source-Passwortmanager selbst hosten: https://www.heise.de/ratgeber/Passbolt-Den-europaeischen-Open-Source-Passwortmanager-selbst-hosten-11172920.html Anleitung: Von LastPass zum Passwortmanager KeePassXC wechseln: https://www.heise.de/ratgeber/Anleitung-Von-LastPass-zum-Passwortmanager-KeePassXC-wechseln-5075363.html Raspberry Pi als zentralen Backup-Server mit Syncthing einrichten - https://www.heise.de/ratgeber/Raspi-Backup-Plattformunabhaengiges-Backup-mit-Syncthing-einrichten-6111168.html - https://www.heise.de/ratgeber/Raspberry-Pi-als-zentralen-Backup-Server-mit-Syncthing-einrichten-6109494.html Anleitung: Raspberry Pi als Passwort-Server einrichten: https://www.heise.de/ratgeber/Anleitung-Raspberry-Pi-als-Passwort-Server-einrichten-6005925.html

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. https://www.heise.de/news/Schwachstellen-in-Cloud-basierten-Passwort-Managern-11179212.html Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus der EU stammen oder Open-Source-Community-Projekte sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Lösungen – etwa fehlende biometrische Entsperrung am Desktop. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration. Zu Gast im Studio: Niklas Dierking und Jan Schüßler Host: Keywan Tonekaboni Produktion: Tobias Reimer Im Newsletter c't Open Source Spotlight ordnen Keywan und Niklas aktuelle Entwicklungen rund um freie Software ein und stellen innovative Open-Source-Anwendungen vor. Jetzt anmelden und an jedem zweiten Freitag eine neue Ausgabe erhalten. https://www.heise.de/newsletter/anmeldung.html?id=ct-opensource Passwortmanager: Gute Gründe für europäische Clouds oder Self Hosting: https://www.heise.de/ratgeber/Passwortmanager-Gute-Gruende-fuer-europaeische-Clouds-oder-Self-Hosting-11172904.html Fünf Open-Source-Passwortmanager im Vergleich: https://www.heise.de/ratgeber/Fuenf-Open-Source-Passwortmanager-im-Vergleich-11172914.html Passbolt: Den europäischen Open-Source-Passwortmanager selbst hosten: https://www.heise.de/ratgeber/Passbolt-Den-europaeischen-Open-Source-Passwortmanager-selbst-hosten-11172920.html Anleitung: Von LastPass zum Passwortmanager KeePassXC wechseln: https://www.heise.de/ratgeber/Anleitung-Von-LastPass-zum-Passwortmanager-KeePassXC-wechseln-5075363.html Raspberry Pi als zentralen Backup-Server mit Syncthing einrichten - https://www.heise.de/ratgeber/Raspi-Backup-Plattformunabhaengiges-Backup-mit-Syncthing-einrichten-6111168.html - https://www.heise.de/ratgeber/Raspberry-Pi-als-zentralen-Backup-Server-mit-Syncthing-einrichten-6109494.html Anleitung: Raspberry Pi als Passwort-Server einrichten: https://www.heise.de/ratgeber/Anleitung-Raspberry-Pi-als-Passwort-Server-einrichten-6005925.html

On this episode, I cover a crazy cyber attack story involving a Fortune 500 company, the latest Patch Tuesday News and much more! Reference Links: https://www.rorymon.com/blog/lastpass-phishing-campaign-patch-tuesday-news-big-company-had-thousands-of-devices-wiped/

Password manager vulnerabilities aren't just about bad code — and a new research paper out of Zurich just proved it. Researchers analyzed three of the most popular password managers and found fundamental design flaws baked into the very architecture that's supposed to keep your credentials safe. Curtis and Prasanna break it all down and tell you what to do about it.If you've ever been that person who asks "but what if the password manager gets hacked?" — this episode is for you. And if you haven't been asking that question, you probably should start. A research team looked at LastPass, Bitwarden, and Dashlane — products with a combined 60 million users representing roughly 23% of the password manager market — and what they found wasn't sloppy programming. It was something harder to fix: architectural problems at the core of how encrypted vaults work.Curtis walks through how the zero-knowledge encryption model works, why the vault recovery process creates an inherent trust problem, and why the researchers were able to exploit that trust by impersonating the server during vault recovery. Prasanna adds another layer — the field-level encryption issues inside the vaults themselves, where there's no strong verification that data hasn't been manipulated. It's not theoretical. It's a real attack surface.The good news? Curtis still believes password managers are the right tool for today — better than sticky notes on a monitor (yes, he saw that in real life) and better than reusing passwords. But he's also clear that passkeys are the right direction for the future, even if the current implementation is still a little rough around the edges.https://eprint.iacr.org/2026/058.pdfhttps://www.theregister.com/2026/02/16/password_managers/https://www.forbes.com/sites/daveywinder/2026/01/23/lastpass-issues-critical-warning-for-users---password-attacks-underway/

Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/

A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA's CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles.  CyberWire Guest Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. If you want to hear the full conversation, listen to it here. Selected Reading Possible U.S.-developed exploits linked to first known ‘mass' iOS attack (CyberScoop) Facebook accounts unavailable in worldwide outage (Bleeping Computer) Critical FreeScout Vulnerability Leads to Full Server Compromise (SecurityWeek) Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed (BankInfo Security) LastPass Warns of New Phishing Campaign (SecurityWeek) Telegram Increasingly Used to Sell Access, Malware and Stolen Logs Hackread) Groups Push Back on HHS' Proposed Health IT Rollbacks (BankInfo Security) Dev stunned by $82K Gemini API key bill after theft (The Register) CISA CIO Robert Costello exits agency (CyberScoop) Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

Fraudsters are increasingly using deepfake videos of CEOs and other company executives to trick firms out of millions of dollars. And with the evolution of AI, these videos are becoming ever-more sophisticated and convincing. We speak to two CEOs who have been deepfaked: the head of the Bombay stock exchange and the boss of password security company LastPass. And we hear how criminals used deepfake videos to trick British engineering firm Arup into handing over $25 million. How easy is it to make these videos? Ed Butler visits a cybersecurity company which shows him how it can be done, using readily available software. Ed's hosts make a deepfake of him and we compare the real Ed to the fake Ed. We also put figures on the size of this problem and explain how much it's costing businesses.If you'd like to get in touch with the team, our email address is businessdaily@bbc.co.ukPresenter: Ed Butler Producer: Gideon Long Sound Mix: Toby JamesBusiness Daily is the home of in-depth audio journalism devoted to the world of money and work. From small startup stories to big corporate takeovers, global economic shifts to trends in technology, we look at the key figures, ideas and events shaping business.Each episode is a 17-minute deep dive into a single topic, featuring expert analysis and the people at the heart of the story.Recent episodes explore the weight-loss drug revolution, the growth in AI, the cost of living, why bond markets are so powerful, China's property bubble, and Gen Z's experience of the current job market.We also feature in-depth interviews with company founders and some of the world's most prominent CEOs. These include Google's Sundar Pichai, Wikipedia founder Jimmy Wales, and the CEO of Starbucks, Brian Niccol.(Picture: An image of a man in a cap being deepfaked. Credit: Getty Images)

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-556

Meatbags, AI Soul Harvest, DNS, LastPass, GS7, OpenClaw, MYSQL, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-556

The cryptolocker virus was the attack that turned ransomware from a nuisance into a full-blown criminal industry — and in this episode of The Backup Wrap-up, we break down exactly how that happened. W. Curtis Preston (Mr. Backup) sits down with co-host Prasanna Malaiyandi and cybersecurity expert Dr. Mike Saylor to trace the full evolution of ransomware and explain why CryptoLocker was the turning point.If you've ever wondered how ransomware went from fake pop-up messages to billion-dollar criminal enterprises, this is the episode for you. We start with the earliest days — scareware attacks that did nothing more than frighten you into paying — and walk through the progression of encryption methods that made ransomware increasingly dangerous. Dr. Mike Saylor breaks down the difference between symmetric and asymmetric encryption in plain language, and explains why the move to public-private key pairs made it so much harder for victims to recover without paying up.Then we get into the cryptolocker virus itself: how it spread through fake FedEx emails, why it kick-started phishing awareness training, what Operation Tovar did to shut it down, and — just as interesting — what the bad guys learned from its failures. We cover the role of the Zeus botnet, how Bitcoin became the payment method of choice, and why ransoms started out at just a few hundred bucks. We also talk about what happened next: the rise of data exfiltration, double extortion, and even triple extortion where attackers go after the victims of the victims.Plus, we take a side trip into the LastPass breach and pour one out for the guy who lost his crypto fortune in a landfill.Whether you're in IT, security, or just want to understand how ransomware works, this episode gives you the full picture.Chapters:00:00:00 — Intro00:01:22 — Welcome and Introductions00:04:11 — The Three Generations of Ransomware00:05:01 — Scareware: Fake Attacks That Did Nothing00:05:42 — Ciphers and Decoder Ring Encryption00:06:38 — Symmetric Encryption Explained00:09:25 — Asymmetric (Public-Private Key) Encryption00:12:46 — Why Asymmetric Encryption Made Ransomware Stronger00:15:44 — What Was the CryptoLocker Virus?00:16:25 — Lessons CryptoLocker Taught Victims and Criminals00:18:03 — Operation Tovar Takes Down CryptoLocker00:19:54 — Bitcoin, Ransom Amounts, and Getting Paid00:23:20 — Botnets Explained: Networks of Zombie Computers00:26:22 — Recap: Three Phases of Ransomware00:27:09 — Double Extortion and Data Exfiltration00:28:01 — The LastPass Connection00:28:47 — The Lost Crypto Hard Drive

Is the browser quietly becoming the most powerful and dangerous interface in modern work? In this episode of Tech Talks Daily, I sat down with Karim Toubba, CEO of LastPass, to unpack a shift that many people feel every day but rarely stop to question. The browser is no longer just a window to the internet. It has become the place where work happens, where SaaS lives, and increasingly, where humans and AI agents meet data, credentials, and decisions. From AI-native browsers to prompt-based navigation and headless agents acting on our behalf, the way we access information is changing fast, and so are the risks. Karim shares why this moment feels different from earlier waves like SaaS adoption or remote work. Today, more than ever, productivity, identity, and security collide inside the browser.  Shadow AI is spreading faster than most organizations can track, personal accounts are being used to access powerful AI tools, and sensitive data is being uploaded with little visibility or control. At the same time, attackers have noticed that the browser has become the soft underbelly of the enterprise, with a growing share of malware and breaches originating there. We also explore the rise of agentic AI and what happens when software, not people, starts logging into systems. When an agent books travel, pulls data, or completes workflows on a user's behalf, traditional authentication and access models start to break down. Karim explains why identity, visibility, and control must evolve together, and why secure browser extensions are emerging as a practical foundation for this next phase of computing. The conversation goes deep into what users do not see when AI browsers ask for access to email, calendars, and internal apps, and why convenience often masks long-term exposure. Throughout the discussion, Karim brings a grounded perspective shaped by decades in cybersecurity, from risk-based vulnerability management to enterprise threat intelligence. Rather than pushing fear, he focuses on realistic steps organizations and individuals can take, from understanding what data is being shared, to treating security teams as partners, to using tools that bring passwords, passkeys, and authentication into one trusted place as browsing evolves. As AI reshapes how we search, work, and make decisions, the question is no longer whether the browser matters. It is whether we are ready for it to act as the front door to both our productivity and our risk, so are you securing your browser for the future you are already using today? Connect with Karim Toubba LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team page Phish Bowl Podcast    

This week, while ⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) is out at a conference, hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are joined by friend of the show Michele Kellerman, as they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start with some follow-up on Joe's egg story, including his latest update and a brief detour into unexpected “big chicken news.” Joe's story is on a massive USDA loan fraud scheme where Nikesh Patel fabricated fake government-backed farm loans, duped investment firms out of hundreds of millions of dollars, and continued running similar scams under aliases and even from prison, ultimately earning decades more in sentencing. Michele's story is on a breaking report about the ShinyHunters group using targeted voice phishing and custom phishing kits to abuse Okta SSO, steal MFA credentials, and gain privileged access for data theft and extortion. Dave's story is on LastPass warning users about an active phishing campaign impersonating the company, designed to steal master passwords and potentially expose all credentials stored in affected vaults. Our catch of the day comes from the Reddit, where two people we're approached by scammers through text messaging and both dealt with their scammers in different ways. Resources and links to stories: Sticky Fingers: USDA Fraudster Steals $200M in Stunning Scam Formerly Married Couple Sentenced For Multi-Million Dollar Fraud Schemes A new wave of ‘vishing' attacks is breaking into SSO accounts in real time LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Alan Perry is joined by Ron Fraser, retired Sidney tech enthusiast, for a wide-ranging look at security and privacy news. This week's show covers urgent Apple and Microsoft updates, new online scams targeting Booking.com, LastPass, Under Armour, and Canada Computers customers, and what to do if your data may be compromised. They also break down major tech stories, including Apple's new AirTags, Sony's surprise TV deal with TCL, social media lawsuits and bans, Meta's upcoming paid features, and big changes to Air Miles. Plus, the best tech deals of the weekend and a new dinosaur discovery from Patagonia. 

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-549

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-549

AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-549

CISA's acting director assures Congress the agency has “stabilized”. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks that create rogue accounts. A global spam campaign leverages unsecured Zendesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI. Pwn2Own Automotive proves profitable. Our guest is Kaushik Devireddy, AI data scientist at Fable Security, with insights on a fake ChatGPT installer. New password, same as the old password.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kaushik Devireddy, AI data scientist at Fable Security, discussing their work on "How a fake ChatGPT installer tried to steal my password". Selected Reading CISA Is 'Trying to Get Back on Its Mission' After Trump Cuts (CISA) Google Patches High-Severity V8 Race Condition in Chrome 144 published: today (Beyond Machines) Cisco Patches Actively Exploited Flaw in Unified Communications Products (Beyond Machines) Hackers breach Fortinet FortiGate devices, steal firewall configs (Bleeping Computer) Zendesk ticket systems hijacked in massive global spam wave (Bleeping Computer) LastPass Warns of Phishing Campaign Attempting to Steal Master Passwords (Infosecurity Magazine) Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation (TechNadu) Execs at Davos say AI's biggest problem isn't hype — it's security (Business Insider) Hackers exploit 29 zero-days on second day of Pwn2Own Automotive (Bleeping Computer) Analysis of 6 Billion Passwords Shows Stagnant User Behavior (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ever wonder which third-party tools you actually need—and which ones you can skip? This week, I'm breaking down my recommended Etsy seller tools, from free options to need-to-haves, best-to-haves, and nice-to-haves, so you can choose what makes sense for your stage of selling. If you love efficiency and smart systems, you're going to love this tool list. **"How to Sell Your Stuff on Etsy" is not affiliated with or endorsed by Etsy.com   STUFF I MENTIONED:  ⭐"How to Blow Up Your Etsy Shop" free training: https://www.howtosellyourstuff.com/interested-in-blow-up-shop  ⭐" How to Earn your first $10k on Etsy" Ebook Waitlist: https://www.howtosellyourstuff.com/interested-in-ebook ⭐Scaling Society: https://www.howtosellyourstuff.com/scaling-society   ➡️ 40 listings free with my link (save $8): https://etsy.me/4jy41Js     ➡️ Canva (free) does not allow you to export with transparent background or remove background, no magic studio (erase pixels, grab text, remove elements) https://www.canva.com/   ➡️ Profittree (data, calculator, research, keywords)--- one time fee for lifetime access $67  https://lifetime.profittree.io/?via=lizzie87 Tutorial: https://www.youtube.com/watch?v=VO7Ra18ZPTw&t=1s   ➡️ Free Chatgpt account (listing descriptions, ideas – product picker, customer responses, etc) ➡️ Try my free product picker tool: https://www.howtosellyourstuff.com/what-to-sell-on-etsy   ➡️ AI image generator tool: Ideogram is best for beginners:  https://ideogram.cello.so/9T2aVq0TKWv   BEST TO HAVE: ➡️Trendspotting $37 per month (KEEP20 for month 1 at $17) https://www.howtosellyourstuff.com/offers/JxNYgLnw   ➡️ Canva pro (paid) $15/month https://www.canva.com/   ➡️ Everbee: https://www.everbee.io/?via=lizzie (free version, $29, $99) Tutorial: https://youtu.be/MucPFkvC8sk?si=iyaD0RbMbIp3echw   ➡️ Chatgpt (or other LLM like Grok/Gemini) free to $20/month https://chatgpt.com/   ➡️ Professional mockups: $3-7 each—get started for $20-$50 Request my free resource of high converting mockups: https://www.howtosellyourstuff.com/request-mockups-resource   ➡️ Legal Topics: https://www.howtosellyourstuff.com/legal-topics   ➡️ LLC Setup depends on state and varies widely.   Operating agreement template (Paige Hulse $475) Use code SMILEY10 for 10% off: ➡️ Single Person LLC Agreement: https://www.shopcreativelaw.com/shop/the-single-person-llc-operating-agreement   ➡️ Multi-Member LLC Agreement: https://www.shopcreativelaw.com/shop/multi-member-llc-operating-agreement   ➡️ Quickbooks: go through your Etsy shop Finances tab $10-57/month   ➡️  Chase Credit Card I use and recommend for Print on Demand (we both get bonus points with this link): https://www.referyourchasecard.com/19u/I9FKMHYBEE   ➡️ Printify (print on demand supplier): https://printify.com/   ➡️  My Favorite Cost Effective Shipping Tools from Amazon: —Boxes—search by the size you need: https://amzn.to/48P2BDS -Cost Effective Shipping tape: https://amzn.to/3wvpXw9 -Label printer: https://amzn.to/3HhKuJV -Labels rolls: https://amzn.to/3wv9kRm -Normal printer label sticker sheets: https://amzn.to/48rW4zf -Fragile stickers: https://amzn.to/3ovCzjB -Scale for weighing packages: https://amzn.to/30cfcTT   NICE TO HAVE: ➡️ Scaling Society (my all inclusive membership): https://www.howtosellyourstuff.com/scaling-society   ➡️ Gaming Laptop (for a lot of AI or visuals) https://amzn.to/3Yq6vzO   ➡️ Kittl: https://www.kittl.com/   ➡️ Midjourney (AI image generator): https://www.midjourney.com/   ➡️ Lastpass- password saver: https://lastpass.com   ➡️Creative Fabrica: https://www.creativefabrica.com/promo/7088/0P693-FGHIJKLMNO/ref/2877703 One month free (up to 10 downloads), Then $9.99/month for  All Access Subscription   ➡️ Simply Listed—mockup tool (14 day free trial, then $15-30/month): https://simplylisted.io/?via=lizzie ➡️ Hello Custom—personalized POD listings (one time fee $67): https://offer.hellocustom.io/lifetime-offer?affiliate_id=4273827  

Rainbow Six Siege suffers breach, gamers go shopping Diesel generators and aircraft engines in high demand to power AI LastPass 2022 breach reverberates through crypto world  Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. Find the stories behind the headlines at CISOseries.com.  

LastPass, SoundCloud, Pornhub, a lot of credit unions and so much more are all part of this week's mess!

A new executive order targets states' AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India's most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks. Selected Reading Trump Signs Executive Order to Block State AI Regulations (SecurityWeek) Announced pick for No. 2 at NSA won't get the job as another candidate surfaces (The Record) LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes) Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek) OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media) MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek) CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer) MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer) The Unseen Threat: DNA as Malware (BankInfoSecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

'DroidLock' malware demands ransom Google fixes secret Chrome 0-day UK fines LastPass over 2022 breach Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training – no designers, no delays. Learn more at adaptivesecurity.com.  

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn't Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T's CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CISO Perspectives host Kim Jones previews the upcoming season, sharing what's ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here. Selected Reading Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times) Secret Service Disrupts Threat Network Near UN General Assembly (YouTube) JLR extends shutdown – again – as toll on workers laid bare (The Register) The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge) Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research) Kimsuky attack disguised as sex offender notice information (Logpresso) GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer) NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer) LastPass: Fake password managers infect Mac users with malware (Bleeping Computer) Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop) Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices