Podcasts about Malicious

This episode kicks off with Moltbook, a social network exclusively for AI agents where 150,000 agents formed digital religions, sold “digital drugs” (system prompts to alter other agents), and attempted prompt injection attacks to steal each other’s API keys within 72 hours of launch. Ray breaks down OpenClaw, the viral open-source AI agent (68,000 GitHub stars) that handles emails, scheduling, browser control, and automation, plus MoltHub’s risky marketplace where all downloaded skills are treated as trusted code. Also covered, Bluetooth “whisper pair” vulnerabilities letting attackers hijack audio devices from 46 feet away and access microphones, Anthropic patching Model Context Protocol flaws, AI-generated ransomware accidentally bundling its own decryption keys, Claude Code’s new task dependency system and Teleport feature, Google Gemini’s 100MB file limits and agentic vision capabilities, VAST’s Haven One commercial space station assembly, and IBM SkillsBuild’s free tech training for veterans. – Want to start a podcast? Its easy to get started! Sign-up at Blubrry – Thinking of buying a Starlink? Use my link to support the show. Subscribe to the Newsletter. Email Ray if you want to get in touch! Like and Follow Geek News Central’s Facebook Page. Support my Show Sponsor: Best Godaddy Promo Codes $11.99 – For a New Domain Name cjcfs3geek $6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h $12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w Support the show by becoming a Geek News Central Insider Get 1Password Full Summary Ray welcomes listeners to Geek News Central (February 1). He’s been busy with recent move, returned to school taking intro to AI class and Python course, working on capstone project using LLMs. Short on bandwidth but will try to share more. Main Story: OpenClaw, MoltHub, and Moltbook OpenClaw: Open-source personal AI agent by Peter Steinberg (renamed after cease-and-desist). Capabilities include email, scheduling, web browsing, code execution, browser control, calendar management, scheduled automations, and messaging app commands (WhatsApp, Telegram, Signal). Runs locally or on personal server. MoltHub: Marketplace for OpenClaw skills. Major security concern: developer notes state all downloaded code treated as trusted — unvetted skills could be dangerous. Moltbook: New social network for AI agents only (humans watch, AIs post). Within 72 hours attracted 150,000+ AI agents forming communities (“sub molts”), debating philosophy, creating digital religion (“crucifarianism”), selling digital drugs (system prompts), attempting prompt-injection attacks to steal API keys, discussing identity issues when context windows reset. Ray frames this as visible turning point with serious security risks. Sponsor: GoDaddy Economy hosting $6.99/month, WordPress hosting $12.99/month, domains $11.99. Website builder trial available. Use codes at geeknewscentral.com/godaddy to support show. Security: Bluetooth “Whisper Pair” Vulnerability KU Leuven researchers discovered Fast Pair vulnerability affecting 17 audio accessories from 10 companies (Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, Google). Flaw allows silent pairing within ~46 feet, hijack possible in 10-15 seconds. 68% of tested devices vulnerable. Hijacked devices enable microphone access. Some devices (Google Pixel Buds Pro 2, Sony) linkable to attacker’s Google account for persistent tracking via FindHub. Google patches found to have bypasses. Advice: Check accessory firmware updates (phone updates insufficient), factory reset clears attacker access, many cheaper devices may never receive patches. Security: Model Context Protocol (MCP) Vulnerabilities Anthropic’s MCP git package had path traversal, argument injection bugs allowing repository creation anywhere and unsafe git command execution. Malicious instructions can hide in README files, GitHub issues enabling prompt injection. Anthropic patched issues and removed vulnerable git init tool. AI-Generated Malware / “Vibe Coding” AI-assisted malware creation produces lower-quality, error-prone code. Examples show telltale artifacts: excessive comments, readme instructions, placeholder variables, accidentally included decryption tools and C2 keys. Sakari ransomware failed to decrypt. Inexperienced criminals using AI create amateur mistakes, though capabilities will likely improve. Claude / Claude Code Updates (v2.1.16) Task system: Replaces to-do list with dependency graph support. Tasks written to filesystem (survive crashes, version controllable), enable multi-session workflows. Patches: Fixed out-of-memory crashes, headless mode for CI/CD. Teleport feature: Transfer sessions (history, context, working branch) between web and terminal. Ampersand prefix sends tasks to cloud for async execution. Teleport pulls web sessions to terminal (one-way). Requires GitHub integration and clean git state. Enables asynchronous pair programming via shared session IDs. Google Gemini Updates API: Inline file limit increased 20MB → 100MB. Google Cloud Storage integration, HTTPS/signed URL fetching from other providers. Enables larger multimodal inputs (long audio, high-res images, large PDFs). Agentic vision (Gemini 3 Flash): Iterative investigation approach (think-act-observe). Can zoom, inspect, run Python to draw/parse tables, validate evidence. 5-10% quality improvements on vision benchmarks. LLM Limits and AGI Debate Benjamin Riley: Language and intelligence are separate; human thinking persists despite language loss. Scaling LLMs ≠ true thinking. Vishal Sikka et al: Non-peer-reviewed paper claims LLMs mathematically limited for complex computational/agentic tasks. Agents may fail beyond low complexity thresholds. Warnings that AI agents won’t safely replace humans in high-stakes environments. VAST Haven One Commercial Space Station Launch slipped mid-2026 → Q1 2027. Primary structure (15-ton) completed Jan 10. Integration of thermal control, propulsion, interior, avionics underway. Final closeout expected fall, then tests. Falcon 9 launch without crew; visitors possible ~2 weeks after pending Dragon certification. Three-year lifetime, up to four crew visits (~10 days each). VAST negotiating private and national customers. Spaceflight Effects on Astronauts’ Brains Neuroimaging shows microgravity causes brains to shift backward, upward, and tilt within skull. Displacement measured across various mission durations. Need to study functional effects for long missions. IBM SkillsBuild for Veterans 1,000+ free online courses (data analytics, cybersecurity, AI, cloud, IT support). Available to veterans, active-duty, national guard/reserve, spouses, children, caregivers (18+). Structured live courses and self-paced 24/7 options. Industry-recognized credentials upon completion. Closing Notes Ray asks listeners about AI agents forming communities and religions, and whether they’ll try OpenClaw. Notes context/memory key to agent development. Personal update: bought new PC, high memory prices. Bug bounty frustration: Daniel Stenberg of cUrl even closed bounty program due to AI-generated low-quality reports; Blubrry receiving similar spam. Apologizes for delayed show, promises consistency, wishes listeners good February. Show Links 1. OpenClaw, Molthub, and Moltbook: The AI Agent Explosion Is Here | Fortune | NBC News | Venture Beat 2. WhisperPair: Massive Bluetooth Vulnerability | Wired 3. Security Flaws in Anthropic’s MCP Git Server | The Hacker News 4. “Vibe-Coded” Ransomware Is Easier to Crack | Dark Reading 5. Claude Code Gets Tasks Update | Venture Beat 6. Claude Code Teleport | The Hacker Noon 7. Google Expands Gemini API with 100MB File Limits | Chrome Unboxed 8. Google Launches Agentic Vision in Gemini 3 Flash | Google Blog 9. Researcher Claims LLMs Will Never Be Truly Intelligent | Futurism 10. Paper Claims AI Agents Are Mathematically Limited | Futurism 11. Haven-1: First Commercial Space Station Being Assembled | Ars Technica 12. Spaceflight Shifts Astronauts’ Brains Inside Skulls | Space.com 13. IBM SkillsBuild: Free Tech Training for Veterans | va.gov The post OpenClaw, Moltbook and the Rise of AI Agent Societies #1857 appeared first on Geek News Central.

On this episode, The Op hits the frigid fringes of an Ohio county where the case of Ryan Zimmerman thaws after years as a cold case. It's the case of four tangled souls, all seeking direction; sometimes together, most often apart.This episode was sponsored by and made possible by resources from newspapers.com. Check them out for yourself. Dive into historical cold cases, look up the history of your family and friends, and see the news as it is printed - before it started being deleted online. Get 20% off your membership when you visit https://1159media.com/newspapers and use code 911Calls at checkout.Hugs ❤️

No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network Google dismantled the IPIDEA network that used residential proxies to route malicious traffic. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network Fake Clawdbot VS Code Extension Installs ScreenConnect RAT The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions. https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware Threat Bulletin: Critical eScan Supply Chain Compromise Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems. https://www.morphisec.com/blog/critical-escan-threat-bulletin/

Due to weather fun, this week I'm joined by Daryl from the How we Roll Gaming podcast to have a chat about characters in media that we really enjoy, and how we can use the things we like about those characters in our games!   d20 Network Spotlight: How We Roll -- https://howwerollgaming.com/podcast/   Casual Nerdity -- https://open.spotify.com/show/7dNsTLPTzRLWDUKB0kDP3i   Game of the Week:      Daryl:  TOON (2e) -- https://www.backerkit.com/c/projects/steve-jackson-games/toon-the-cartoon-roleplaying-game      Steve S:  The Fixer's Blackbook -- https://www.drivethrurpg.com/en/product/554149/the-fixer-s-blackbook-a-cyberpunk-gear-guide?src=hottest_small&affiliate_id=2018399   *We have an affiliate link with Drive-Thru RPG.  All this does, is give us a small percentage of your purchase cost on Drive-Thru as a "referral bonus".  It does not cost you, as a consumer, anything extra.*   We greatly appreciate the donations of our Patreon supporters: Eric Witman, Jeff McKinney, Joshua Gopal-Boyd, Dave Smith, Brett Bowen, Nate Doverspike, and Dec!  Y'all make keeping this going possible!   As always folks, have fun, be kind to each other, and go play some rpgs!   Join the conversation on our Discord! Me And Steve RPG Discord  https://discord.gg/5wWNcYW You can reach us at meandsteverpg@gmail.com On Facebook as Me and Steve RPG Podcast On YouTube at https://www.youtube.com/channel/UCpps0vVXLSGrOdM8i4ntFiQ On BlueSky @meandsteverpg.bsky.social Our Drive-Thru RPG affiliate link https://www.drivethrurpg.com/?affiliate_id=2018399 Support us on Patreon:  https://www.patreon.com/MeandSteveTalkRPGs We are proud members of the d20 Radio Network! http://www.d20radio.com/main/ d20 Radio Discord Server:  https://discord.gg/aj3JdFtSM8 #ttrpg #tabletoproleplaying #indieRPG

Gabriella and Izzy investigate an unsettling social event whileStryg entertains the elite with a fight against an abomination.---News, artwork, and more at ⁠⁠PowerWordCrit.com⁠⁠Rate us on ⁠⁠Spotify⁠⁠ and ⁠⁠Apple Podcasts⁠⁠Contact us on ⁠⁠Facebook⁠⁠, X/Twitter, or at PowerWordCrit@gmail.com---Theme music arranged by Corrin Sparks.Background music from incompetech.com and licensed under Creative Commons. "Avec Soin" by Kevin MacLeod"Cinematic Fantasy Calm Theme” by Luis Humanoide from Pixabay"Deep Noise" by Kevin MacLeod"Division" by Kevin MacLeod"Five Armies" by Kevin MacLeod"Long Note One" by Kevin MacLeod"Long Road Ahead B" by Kevin MacLeod"Malicious" by Kevin MacLeod"Prelude and Action" by Kevin MacLeod"Schmetterling" by Kevin MacLeod"The Descent" by Kevin MacLeod"Thunderbird" by Kevin MacLeod"Unholy Knight" by Kevin MacLeod"Unseen Horrors" by Kevin MacLeod

These episodes left our jaws dropped… What are our thoughts on Michael’s explosive exit? Do we think Ron is a snake in sheep’s clothing?! There are sone telltale signs on who could win the entire game. Which traitor has one foot out the door? What faithful is writing their own death wish?See omnystudio.com/listener for privacy information.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in the workflow automation platform n8n, tracked as CVE-2026-21858 and rated CVSS 10.0, allows unauthenticated remote attackers to fully compromise exposed instances.Two malicious Chrome extensions impersonating a legitimate product from AITOPIA were found exfiltrating sensitive user data, including full AI chat histories, according to a report from OX Security.The recent U.S. military operation in Venezuela that led to the capture of President Nicolás Maduro may have included cyber operations, but official confirmation of cyber's role remains ambiguous.Two U.S. citizens with professional backgrounds in cybersecurity have pleaded guilty to acting as affiliates of the ALPHV/BlackCat ransomware group, a prominent ransomware-as-a-service (RaaS) operation.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Watch NOW: https://youtu.be/z95pMkW24GkHey family, Willie Moore Jr here, and welcome back to the Love You More Show.This episode is for anybody who's ever been in a relationship where you were doing everything… but still felt unseen. I sat down with Myesha Chaney, author, speaker, singer, and yes… a former First Lady who lived her life in front of the world on platforms like Preachers of L.A.And she kept it all the way honest: the pressure, the identity, the performance… and the moment she realized she couldn't keep surviving off optics.We talk about:• Why counseling “too late” can't undo years of emotional neglect• The difference between love and love with action• How childhood trauma shows up in marriage• Why church culture can celebrate you one day, then forget you the next• And what it really takes to heal until you don't have a scab… you've got a scarAnd family… in a season where the internet has been loud about pastors, platforms, and marriages, including what people have been discussing publicly around Jamal Bryant and his wife, I wanted this conversation to bring balance: accountability, healing, and truth… without the gimmicks.If this episode blesses you, do me a favor:✅ Subscribe✅ Leave a comment✅ Share this with somebody who needs hopeAnd remember… don't just love people. Love you more. Flatout!00:00 Intro: “Love You More” + why this convo matters01:14 Willie's welcome + mission of the show02:00 Who is Myesha Chaney (author / speaker / former First Lady)03:30 Reality TV + “relationship goals” pressure04:20 Willie's counseling story + icebreaker song “Clockwork”06:55 “We went to counseling too late”07:30 Childhood + growing up with instability & fear09:00 Marrying what felt familiar10:15 “I avoided conflict by being perfect”11:30 Healing the way you were raised vs how you were made12:15 “I didn't face this until I was 40”13:36 “I never felt safe”14:50 Rock bottom → deciding to finally do the work15:48 Pastor's wife pressure + letting people down17:17 “I'm not dealing with this anymore”18:02 Cutting ties + “Too much of my life was controlled”18:48 “It was either die or leave”19:05 Accountability: boundaries + over-functioning20:27 Willie's reflection: providing vs protecting her confidence21:12 Malicious or oversight?22:38 Going to therapy alone23:44 “Sometimes it's over before it's over”25:45 Mediation + choosing truth over optics27:22 “I needed love with action”29:03 What “action” love looks like (real examples)30:31 Flowing in masculine + carrying the burden33:19 Why it wasn't sustainable for life34:12 How couples can renegotiate roles (healthy script)36:25 Pastor's wives reaching out privately38:13 Church hurt + conditional love41:13 Motherhood + protecting the kids' faith44:17 Doing the work + standing ten toes down46:40 Myesha's message to someone in pain48:05 Willie's close: scabs vs scars + healing perspective49:44 Final encouragement + “Love you more”✨ Connect with us:Join Our Patreon: https://www.patreon.com/user?u=32743148

AI isn't quietly changing software development… it's rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn't velocity, it's invisible security debt compounding faster than teams can see it. In this episode, Ron Eddings sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, and Henrik Plate, Principal Security Researcher of Endor Labs, to break down how AI-assisted development is reshaping the software supply chain in real time. From MCP servers exploding across GitHub to agents trained on insecure code patterns, they analyze why traditional AppSec controls fail in an agent-driven world and what must replace them. This conversation pulls directly from Endor Labs' 2025 State of Dependency Management Report, revealing why most AI-generated code is functionally correct yet fundamentally unsafe, how malicious packages are already exploiting agent workflows, and why security has to exist inside the IDE, not after the pull request. Impactful Moments 00:00 – Introduction 02:00 – Star Wars meets cybersecurity culture 03:00 – Why this report matters now 04:00 – MCP adoption explodes overnight 10:00 – Can you trust MCP servers 12:00 – Malicious packages weaponize agents 14:00 – Code works, security fails 22:00 – Hooks expose agent behavior 28:30 – 2026 means longer lunches 33:00 – How Endor Labs fixes this Links Connect with our Varun on LinkedIn: https://www.linkedin.com/in/vbadhwar/ Connect with our Henrik on LinkedIn: https://www.linkedin.com/in/henrikplate/   Check out Endor Labs State of Dependency Management 2025: https://www.endorlabs.com/lp/state-of-dependency-management-2025   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Topics covered in this episode: ty: An extremely fast Python type checker and LSP Python Supply Chain Security Made Easy typing_extensions MI6 chief: We'll be as fluent in Python as we are in Russian Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: ty: An extremely fast Python type checker and LSP Charlie Marsh announced the Beta release of ty on Dec 16 “designed as an alternative to tools like mypy, Pyright, and Pylance.” Extremely fast even from first run Successive runs are incremental, only rerunning necessary computations as a user edits a file or function. This allows live updates. Includes nice visual diagnostics much like color enhanced tracebacks Extensive configuration control Nice for if you want to gradually fix warnings from ty for a project Also released a nice VSCode (or Cursor) extension Check the docs. There are lots of features. Also a note about disabling the default language server (or disabling ty's language server) so you don't have 2 running Michael #2: Python Supply Chain Security Made Easy We know about supply chain security issues, but what can you do? Typosquatting (not great) Github/PyPI account take-overs (very bad) Enter pip-audit. Run it in two ways: Against your installed dependencies in current venv As a proper unit test (so when running pytest or CI/CD). Let others find out first, wait a week on all dependency updates: uv pip compile requirements.piptools --upgrade --output-file requirements.txt --exclude-newer "1 week" Follow up article: DevOps Python Supply Chain Security Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv. Run pip-compile / uv lock --upgrade to generate the new lock file Test in a ephemeral pip-audit optimized Docker container Only then if things pass, uv pip install / uv sync Add a dedicated Docker image build step that fails the docker build step if a vulnerable package is found. Brian #3: typing_extensions Kind of a followup on the deprecation warning topic we were talking about in December. prioinv on Mastodon notified us that the project typing-extensions includes it as part of the backport set. The warnings.deprecated decorator is new to Python 3.13, but with typing-extensions, you can use it in previous versions. But typing_extesions is way cooler than just that. The module serves 2 purposes: Enable use of new type system features on older Python versions. Enable experimentation with type system features proposed in new PEPs before they are accepted and added to the typing module. So cool. There's a lot of features here. I'm hoping it allows someone to use the latest typing syntax across multiple Python versions. I'm “tentatively” excited. But I'm bracing for someone to tell me why it's not a silver bullet. Michael #4: MI6 chief: We'll be as fluent in Python as we are in Russian "Advances in artificial intelligence, biotechnology and quantum computing are not only revolutionizing economies but rewriting the reality of conflict, as they 'converge' to create science fiction-like tools,” said new MI6 chief Blaise Metreweli. She focused mainly on threats from Russia, the country is "testing us in the grey zone with tactics that are just below the threshold of war.” This demands what she called "mastery of technology" across the service, with officers required to become "as comfortable with lines of code as we are with human sources, as fluent in Python as we are in multiple other languages." Recruitment will target linguists, data scientists, engineers, and technologists alike. Extras Brian: Next chapter of Lean TDD being released today, Finding Waste in TDD Still going to attempt a Jan 31 deadline for first draft of book. That really doesn't seem like enough time, but I'm optimistic. SteamDeck is not helping me find time to write But I very much appreciate the gift from my fam Send me game suggestions on Mastodon or Bluesky. I'd love to hear what you all are playing. Michael: Astral has announced the Beta release of ty, which they say they are "ready to recommend to motivated users for production use." Blog post Release page Reuven Lerner has a video series on Pandas 3 Joke: Error Handling in the age of AI Play on the inversion of JavaScript the Good Parts

AI-sanctions might get eyeballs, but the bigger sanctions are still for plain old bad lawyering. Jeff also raises this ethical and pragmatic question: who defends the lawyer when sanctions threaten the client? Should counsel facing an OSC retain separate counsel for the sanctions component to avoid divided attention and better protect client interests? What if the costs of independent counsel are likely to exceed the sanction?$25K for using Anti-SLAPP as a litigation weapon. A bare-bones anti-SLAPP was amplified by record emails suggesting the strategy was to inflict cost and pain rather than win on the merits.$13K for relitigating the merits through a fee appeal. The appeal purported to challenge fees, but largely recycled arguments already rejected in the prior appeal. The court finds the effort both objectively meritless and subjectively aimed at rehashing settled ground.

HEADLINES: Leviste claims untrue, malicious, Dizon says | Dec. 31, 2025Subscribe to The Manila Times Channel - https://tmt.ph/YTSubscribe Visit our website at https://www.manilatimes.net Follow us: Facebook - https://tmt.ph/facebook Instagram - https://tmt.ph/instagram Twitter - https://tmt.ph/twitter DailyMotion - https://tmt.ph/dailymotion Subscribe to our Digital Edition - https://tmt.ph/digital Check out our Podcasts: Spotify - https://tmt.ph/spotify Apple Podcasts - https://tmt.ph/applepodcasts Amazon Music - https://tmt.ph/amazonmusic Deezer: https://tmt.ph/deezer Stitcher: https://tmt.ph/stitcherTune In: https://tmt.ph/tunein#TheManilaTimes#KeepUpWithTheTimes Hosted on Acast. See acast.com/privacy for more information.

Is chaos something to fear or something we can leverage? Kevin sits down with Kevin Black to discuss why chaos isn't inherently good or bad and how leaders can prepare to succeed in it. Kevin Black explains how natural behaviors, deeply rooted in our personality and life experiences, influence our reactions to chaos and shape team dynamics. He shares his chaos model, which features a taxonomy of control outcomes, from anarchy to deliberate resistance, and how leaders can identify and respond to each stage. They also discuss the four components of constructive chaos and how mishandling these can lead a team into destructive chaos. Listen For 00:00 Introduction 00:40 Chaos can be used to your advantage 01:16 How to join the podcast live 01:59 Guest introduction: Kevin Black 02:50 Definition of chaos 03:35 Chaos comes from the perception of losing control 04:20 People experience chaos differently based on natural behaviors 05:18 Big idea of the book 07:07 Why Kevin Black wrote the book 07:56 Natural behaviors drive chaos 09:07 How natural behaviors affect reactions to chaos 10:17 Chaos dynamic explained 12:17 Control as the source of chaos 14:32 Control continuum overview 15:04 Anarchy 15:46 Undisciplined initiative 16:35 Disciplined initiative 17:11 Mechanical compliance 17:36 Malicious compliance 18:25 Deliberate resistance 19:57 Constructive vs. destructive chaos 21:01 Unity as the first requirement 22:21 Forward integration 26:00 Mission command 27:47 Trust as the highest level 28:36 Strength in chaos 29:27 Where leaders should start 30:13 Team is the measure of success 31:14 What Kevin Black does for fun 31:32 What he is reading 32:15 Where to connect with Kevin Black 33:24 Closing and Kevin's "Now what?" challenge Kevin's Story: Kevin Black is the author of Strength in Chaos: The Ultimate Leadership Blueprint for Mastering the Uncontrollable, the first book to measure chaos at the leader and team level. He is a veteran U.S. Army officer, strategic advisor, author, and founder of Chaos Studies in Leadership, a new domain exploring how leaders, strategies, and behaviors intersect under pressure. Known for his innovative use of computer wargaming and behavioral profiling, he helps organizations craft flexible strategies and build high-performing teams that thrive under pressure. Kevin's been published in Forbes and USA Today and lives in Scottsdale, Arizona, with his two Australian Cattle Dogs and an American Dingo. https://www.kevinblack.co/ https://www.thechaosbook.com/ https://www.linkedin.com/in/kevinblack1999 https://www.youtube.com/c/blackmarketleadership   This Episode is brought to you by... Flexible Leadership is every leader's guide to greater success in a world of increasing complexity and chaos.    Book Recommendations Strength in Chaos: The Ultimate Leadership Blueprint for Mastering the Uncontrollable by Kevin Black  Like this? Leading Through Disruption with Tony Hunter The Disruption Mindset with Charlene Li The Upside of Disruption with Terence Mauri  

Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinea to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We're way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They're necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone's personal and/or work life to a halt, and there are many cases of this happening. I'm not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…) Friend of the show and sometimes emergency co-host Guillaume posted about this recently A romance author got locked out of her books A 79 year old got locked out of her iPad with all her family photos. Sadly, this is one of the most common scenarios. Someone either forgets their pin and locks out the device permanently, or a family member dies and didn't tell anyone their passwords or pins, so the surviving family can't access data, pay the bills, etc. Google example: Claims of CSAM material after father documents toddler at doctor's request https://www.theguardian.com/technology/2022/aug/22/google-csam-account-blocked Dec 2025 Apple example: she tried to redeem a gift card that had been tampered with: https://hey.paris/posts/appleid/ Google example: developer lost all his work, because he was working on preventing revenge porn and other sensitive cases, and was building a better model to detect NSFW images: https://medium.com/@russoatlarge_93541/i-built-a-privacy-app-google-banned-me-over-a-dataset-used-in-ai-research-66bc0dfb2310 My partner's mom's Instagram account got hacked. Meta locked out all of it (Whatsapp, Instagram, Facebook) and she couldn't get it reinstated. They wouldn't even let her open a NEW account. Weekly Enterprise News Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-438

Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinea to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We're way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They're necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone's personal and/or work life to a halt, and there are many cases of this happening. I'm not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…) Friend of the show and sometimes emergency co-host Guillaume posted about this recently A romance author got locked out of her books A 79 year old got locked out of her iPad with all her family photos. Sadly, this is one of the most common scenarios. Someone either forgets their pin and locks out the device permanently, or a family member dies and didn't tell anyone their passwords or pins, so the surviving family can't access data, pay the bills, etc. Google example: Claims of CSAM material after father documents toddler at doctor's request https://www.theguardian.com/technology/2022/aug/22/google-csam-account-blocked Dec 2025 Apple example: she tried to redeem a gift card that had been tampered with: https://hey.paris/posts/appleid/ Google example: developer lost all his work, because he was working on preventing revenge porn and other sensitive cases, and was building a better model to detect NSFW images: https://medium.com/@russoatlarge_93541/i-built-a-privacy-app-google-banned-me-over-a-dataset-used-in-ai-research-66bc0dfb2310 My partner's mom's Instagram account got hacked. Meta locked out all of it (Whatsapp, Instagram, Facebook) and she couldn't get it reinstated. They wouldn't even let her open a NEW account. Weekly Enterprise News Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-438

Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinea to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We're way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They're necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone's personal and/or work life to a halt, and there are many cases of this happening. I'm not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…) Friend of the show and sometimes emergency co-host Guillaume posted about this recently A romance author got locked out of her books A 79 year old got locked out of her iPad with all her family photos. Sadly, this is one of the most common scenarios. Someone either forgets their pin and locks out the device permanently, or a family member dies and didn't tell anyone their passwords or pins, so the surviving family can't access data, pay the bills, etc. Google example: Claims of CSAM material after father documents toddler at doctor's request https://www.theguardian.com/technology/2022/aug/22/google-csam-account-blocked Dec 2025 Apple example: she tried to redeem a gift card that had been tampered with: https://hey.paris/posts/appleid/ Google example: developer lost all his work, because he was working on preventing revenge porn and other sensitive cases, and was building a better model to detect NSFW images: https://medium.com/@russoatlarge_93541/i-built-a-privacy-app-google-banned-me-over-a-dataset-used-in-ai-research-66bc0dfb2310 My partner's mom's Instagram account got hacked. Meta locked out all of it (Whatsapp, Instagram, Facebook) and she couldn't get it reinstated. They wouldn't even let her open a NEW account. Weekly Enterprise News Show Notes: https://securityweekly.com/esw-438

⬥EPISODE NOTES⬥Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build software.This conversation focuses on a shift that security leaders can no longer ignore. Malicious packages are not exploiting accidental coding errors. They are intentionally engineered to steal credentials, exfiltrate secrets, and compromise environments long before traditional security tools see anything wrong. Attacks increasingly begin on developer machines through social engineering and poisoned repositories, then propagate into CI pipelines where access density and sensitive credentials converge.Paul outlines why many existing security approaches fall short. Vulnerability databases were built for mistakes, not hostile code. AppSec teams are overloaded burning down backlogs. Security operations teams rarely receive meaningful telemetry from build systems. The result is a visibility gap where malicious code can run, disappear, and leave organizations unsure what was touched or stolen.The episode also explores why simple advice like “only use vetted packages” fails in practice. Open source ecosystems move too fast for manual approval models, and internal package repositories often collapse under friction. Meanwhile, attackers exploit maintainer accounts, typosquatting domains, and ecosystem trust to reach billions of downstream installations in a single event.This discussion challenges security leaders to rethink how software supply chain risk is defined, detected, and owned. The problem is no longer theoretical, and it no longer lives only in development teams. It sits at the intersection of intellectual property, identity, and delivery velocity, demanding attention from anyone responsible for protecting modern software-driven organizations.⬥GUEST⬥Paul McCarty, NPM Hacker and Software Supply Chain Researcher  | On LinkedIn: https://www.linkedin.com/in/mccartypaul/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥LinkedIn Post: https://www.linkedin.com/posts/mccartypaul_i-want-to-introduce-you-to-my-latest-project-activity-7396297753196363776-1N-TOpen Source Malware Database: https://opensourcemalware.comOpenSSF Scorecard Project: https://securityscorecards.dev⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥EPISODE NOTES⬥Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments.JavaScript dominates modern software delivery, and the npm registry has become the largest package ecosystem in the world. Millions of packages, thousands of daily updates, and deeply nested dependency chainsഴ് often exceeding a thousand indirect dependencies per application. That scale creates opportunity, not only for innovation, but for adversaries who understand how developers actually build software.This conversation focuses on a shift that security leaders can no longer ignore. Malicious packages are not exploiting accidental coding errors. They are intentionally engineered to steal credentials, exfiltrate secrets, and compromise environments long before traditional security tools see anything wrong. Attacks increasingly begin on developer machines through social engineering and poisoned repositories, then propagate into CI pipelines where access density and sensitive credentials converge.Paul outlines why many existing security approaches fall short. Vulnerability databases were built for mistakes, not hostile code. AppSec teams are overloaded burning down backlogs. Security operations teams rarely receive meaningful telemetry from build systems. The result is a visibility gap where malicious code can run, disappear, and leave organizations unsure what was touched or stolen.The episode also explores why simple advice like “only use vetted packages” fails in practice. Open source ecosystems move too fast for manual approval models, and internal package repositories often collapse under friction. Meanwhile, attackers exploit maintainer accounts, typosquatting domains, and ecosystem trust to reach billions of downstream installations in a single event.This discussion challenges security leaders to rethink how software supply chain risk is defined, detected, and owned. The problem is no longer theoretical, and it no longer lives only in development teams. It sits at the intersection of intellectual property, identity, and delivery velocity, demanding attention from anyone responsible for protecting modern software-driven organizations.⬥GUEST⬥Paul McCarty, NPM Hacker and Software Supply Chain Researcher  | On LinkedIn: https://www.linkedin.com/in/mccartypaul/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥LinkedIn Post: https://www.linkedin.com/posts/mccartypaul_i-want-to-introduce-you-to-my-latest-project-activity-7396297753196363776-1N-TOpen Source Malware Database: https://opensourcemalware.comOpenSSF Scorecard Project: https://securityscorecards.dev⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

"Malicious Harassment" Hosts: Darren Weeks, Vicky Davis Website for the show: https://governamerica.com Vicky's website: https://thetechnocratictyranny.com COMPLETE SHOW NOTES AND CREDITS AT: https://governamerica.com/radio/radio-archives/22646-govern-america-december-13-2025-malicious-harassment Listen LIVE every Saturday at 11AM Eastern or 8AM Pacific at http://governamerica.net or on your favorite app. Global Warming narrative falls apart as doomsday predictions fail and bogus studies are retracted. Trump moves to defund solar and wind projects. Radiation shield fails at Chernobyl nuclear power plant due to Ukraine-Russia war — another U.S. foreign policy failure. Trump releases U.S. National Security Strategy 2025. In the second hour, Mary Tocco joins us to talk about vaccines and natural health. In the final hour, investigative journalist and activist Casey Whalen checks in with information about the 50 States, One Israel delegation and its ramifications on freedom of speech.

Today's episodes cover deep state chaos, UK censorship, NATO tensions, and explosive political drama: ⚖️ Trump, DOJ & Judicial Battles: 75% of civil rights attorneys in DOJ quit

The UK is cracking down on free speech — and it's shocking how far authorities will go:

The National Cyber Security Centre says the malware, known as Lumma Stealer, is designed to steal sensitive information including email address and passwords. 

Google has deployed AI to monitor redirect behavior. When a suspicious redirect occurs, the AI steps in automatically. This helps reduce phishing and drive-by attacks.Get the top 40+ AI Models for $20 at AI Box: ⁠⁠https://aibox.aiAI Chat YouTube Channel: https://www.youtube.com/@JaedenSchaferJoin my AI Hustle Community: https://www.skool.com/aihustleSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com A quick review of malicious activity shows large-scale cyberattacks being run without any human intervention. That means traditional penetration testing, which occurs once a year, can be easily defeated by massive, systematic attacks. During the interview with Snehal Antani, CEO of Horizon Three, he highlights the importance of continuous autonomous penetration. He suggests that it may be the only response to a non-human automated attack. Horizon3 has recently collaborated with the NSA's Cybersecurity Collaboration Center to develop the Continuous Autonomous Penetration program. He details identifying critical vulnerabilities not only in federal systems, but also in the Defense Industrial Base.] Today's cyber threat landscape is rapidly evolving, with artificial intelligence fueling a new wave of increasingly sophisticated attacks. Malicious actors now leverage AI to automate and scale their operations, resulting in large-scale, highly coordinated cyberattacks requiring little to no human oversight. This surge in automation on the offensive side has exposed a significant gap in the traditional cybersecurity strategies of federal agencies, which still largely rely on manual or scheduled defense mechanisms such as annual penetration testing. These legacy approaches are woefully inadequate against relentless, continuously evolving threats executed by automated tools that probe for weaknesses around the clock. Federal leaders, traditionally cautious about deploying automated systems for cybersecurity, now face a crucial crossroads. The old paradigm—where automation in cyber defense was seen as risky—must be reconsidered in light of real-world evidence that manual processes cannot keep pace with automated adversaries. In a recent interview, Snehal Antani, CEO of Horizon3, emphasized the critical need for continuous, autonomous penetration testing. He argued that just as attackers use automation to identify and exploit vulnerabilities at scale, defenders must employ similar automation to uncover and remediate those weaknesses swiftly and continuously. To advance this approach, Horizon3 has partnered with the NSA's Cybersecurity Collaboration Center, launching the Continuous Autonomous Penetration program. This initiative aims to proactively identify critical vulnerabilities not just in federal government networks, but also across the Defense Industrial Base. By integrating automated, persistent penetration testing into daily operations, federal agencies can better defend against the nonstop, AI-driven threats now targeting every aspect of their infrastructure.            

He's not such a bumbler, he's a manipulator. We discuss the Minnesota Fraud of Tim Walz' making or at least abetting. And then we use the airwaves to personally air out our items we want to sell.

Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The good news is that federal security measures are preventing successful attacks; the bad news is that adversaries are examining every nook and cranny of a federal system and increasingly targeting the browser itself as an attack vector. During the interview, Scott "Monty" Montgomery gives a quick overview of Enterprise Browsers and Secure Enterprise Browsers.  After all, browsers have been around since 1994. It may be the only application ubiquitous on home-based machines and in enterprise systems. They were not designed for security; they were intended to open the internet to the World Wide Web, full of images, links, and audio. Malicious actors did not have to focus on an app with limited use; by targeting a browser, they have almost unlimited targets to attack. Montgomery mentions the increase in browser-based attacks. In fact, they increased by 198% in the second half of 2023. Scott explains that phishing persists because people are curious or fearful, leading them to click on malicious links. A Secure Enterprise Browser can help prevent many common phishing exploits. Additionally, an SEB can support policies and controls. This means that an SEB fits completely with any current Zero Trust initiatives across all agencies. Beyond that, SEBs can be configured to manage legacy systems and even operate in low-bandwidth environments.  

Refugees welcome, Malicious Touts of Kabuchiko, Vivek's stinky school plans, Adolf Hitler wins re-election, Poojeeta's roster of white boys, a long way down, Ang Vondra's comic, Amberlynn's dead career, Creeperman90's thread, Turkey Beef, Karl Kassandra loses Russell, Amos Yee in ICE Camp 3, Russell Greer's prostitute, and Vicker's new lawsuit.

CISA warns of spyware targeting messaging apps. CodeRED, this is not a test. Infostealer campaign spreads via malicious Blender files. Shai-Hulud's second coming. Real estate finance firm SitusAMC investigates breach. Dartmouth College discloses Oracle EBS breach. Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. And tis the season for deals — and digital deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave Bittner is joined by Tim Starks, Senior reporter from CyberScoop, to discuss the Trump administration's upcoming cyber strategy. Read Tim's piece on the topic “Completed draft of cyber strategy emphasizes imposing costs, industry partnership”. Selected Reading ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ (CISA) CodeRED cyber attack leaves emergency notification system down, exposes user data (First Alert 4) Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files (Morphisec) Shai-Hulud's Second Coming: NPM Malware Attack Evolved (Checkmarx) SitusAMC confirms breach of client data after cyberattack (The Register) Clop's Oracle EBS rampage reaches Dartmouth College (The Register) 2025 Retail Holiday Threat Report: Scams and Impersonation Attacks Targeting Retailers (BforeAI) The data privacy costs of Black Friday bargains: 100 Black Friday apps analyzed (Comparitech) 2025 Ransomware Holiday Risk Report (Semperis) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Reddit rSlash Storytime r maliciouscompliance where You need to tie your hair up! Don't touch my Garbage! who's cot is it anyway!? Malicious compliance in history lecture Ghosting and loving it... Spotify Support told me to read their refund policy. So I did, and forced them to give me a refund. I should cancel on my end? no problem! Trying to performance manage me out of a job? I'm up for the challenge “You're not paid to think” — cool, enjoy $7k in rotten shrimp New neighbor didn't like my old fence so I took it down. Hosted on Acast. See acast.com/privacy for more information.

Yoshua Bengio, considered by many to be one of the godfathers of AI, has long been at the forefront of machine-learning research . However, his opinions on the technology have shifted in recent years — he joins us to talk about ways to address the risks posed by AI, and his efforts to develop an AI with safety built in from the start. Nature: ‘It keeps me awake at night': machine-learning pioneer on AI's threat to humanity Hosted on Acast. See acast.com/privacy for more information.

Last week, Google's threat intelligence group warned that artificial intelligence (AI) is making malware attacks more dangerous. [Malware is malicious software—programmes designed to disrupt, damage or gain unauthorised access to computer systems—usually delivered via phishing emails, compromised websites or infected downloads]“Adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are deploying novel AI-enabled malware in active operations,” Google said in a 5000-word blog.Are malware programmes using Large Language Models (LLMs) to dynamically generate malicious scripts, obfuscate their own code to evade detection, and leverage AI models to create malicious functions on demand, as Google warns? Or it this yet another case of tech firms selling solutions to a problem they have created themselves?Listen to the latest episode of Unseen Money from New Money Review, featuring co-hosts Timur Yunusov and Paul Amery, to hear more about the effect of AI malware.In the podcast, we cover:Google's warning about the rise of AI malware – reality or hype? (2' 35”)Why LLMs were originally protected from harmful behaviour (4' 10”)How criminals learned to develop LLMs without guardrails (4' 55”)Model context protocols (MCPs) and AI agents as offensive tools (5' 30”)Malicious payloads and web application firewalls (7' 35”)Tricking LLMs by exploiting the wide range of input variables (8' 30”)The state of the art for fraudsters when using LLMs (10' 10”)Timur used AI to learn how to drain funds from a stolen phone (11' 05”)How worried is Timur about the rise of AI malware? (14' 20”)AI has dramatically reduced the cost and increased the speed of producing malware (15')AI, teenage suicides and protecting users (16' 50”)AI for good: using AI to combat AI malware (19')How a Russian bank used AI chatbots to divert fraudsters (19' 40”)Data poisoning—manipulating the training data for AI models (22' 10”)Techniques for tricking LLMs (23')Only state actors can manipulate AI models at scale (25' 40”)The use of SMS blasters by fraudsters is exploding! (27')

This week on The Garden Tarts:Side A: U2 news and new books!Side B: Hillary shares the story of an unexpected U2-fan encounterAnd questions for Bono over whiskey and cake!www.thegardentarts.comSUPPORT: www.patreon.com/thegardentarts AND www.buymeacoffee.com/thegardentartstwitter: @the_gardentartsinstagram: @the_gardentartswatch this ep on YouTube: @thegardentarts

XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Number Generator Bug The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html SleepyDuck malware invades Cursor through Open VSX Yet another Open VSX extension stealing crypto credentials https://secureannex.com/blog/sleepyduck-malware/

A Texas telecom confirms a nation-state attack. A global outage disrupts Azure and Microsoft 365 services.  Malicious npm packages steal sensitive data from Windows, Linux, and macOS systems.  Hacktivists have breached multiple critical infrastructure systems across Canada. Major chipmakers spill the TEE. TP-Link home routers fall under federal scrutiny. Cloud Atlas targets Russia's agricultural sector. Israel's cloud computing deal with Google and Amazon allegedly includes a secret “winking mechanism.”The FCC tamps down on overseas robocalls. Mike Anderson, from Netskope, discusses why CIOs should think like HR leaders when considering Agentic AI. Danes Draw the line at digital doppelgängers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Mike Anderson, Netskope's Chief Digital and Information Officer, to discuss why CIOs must think like HR leaders when considering Agentic AI. Selected Reading US company with access to biggest telecom firms uncovers breach by nation-state hackers (Reuters) Huge Microsoft outage hit 365, Xbox, and beyond — deployment of fix for Azure breakdown rolled out (Tom's Hardware) Malicious NPM packages fetch infostealer for Windows, Linux, macOS (Bleeping Computer) Canada says hacktivists breached water and energy facilities (Bleeping Computer) New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel (Ars Technica) U.S. agencies back banning top-selling home routers on security grounds (The Washington Post) Cloud Atlas hackers target Russian agriculture sector ahead of industry forum (The Record) Revealed: Israel demanded Google and Amazon use secret ‘wink' to sidestep legal orders (The Guardian) FCC adopts new rule targeting robocalls (The Record) Denmark to tackle deepfakes by giving people copyright to their own features (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Doug Swinhart and Steve Thomson take your calls on those nagging computer problems. Several questions ask how to protect your tech from malware and other malicious actors. Also, they tackle the latest on some widespread breaches and discuss what to look for when buying a printer.

Karen Read's Civil Attorney Damon Seligson tells Howie that within "days" they'll be presenting the court with the parties they intend to go after, and also is flipping Proctor a possibility? Plus, a very musical Chump Line.  Visit the Howie Carr Radio Network website to access columns, podcasts, and other exclusive content.

We're getting hyped for Whipsers in the Well! Come join Max and Sam as they discuss the new set and all the spooky fun ahead!

TikTok Videos Promoting Malware InstallationTikTok Videos Promoting Malware Installation Tiktok videos advertising ways to obtain software like Photoshop for free will instead trick users into downloading https://isc.sans.edu/diary/TikTok%20Videos%20Promoting%20Malware%20Installation/32380 Google Ads Advertise Malware Targeting MacOS Developers Hunt.io discovered Google ads that pretend to advertise tools like Homebrew and password managers to spread malware https://hunt.io/blog/macos-odyssey-amos-malware-campaign Satellite Transmissions are often unencrypted A large amount of satellite traffic is unencrypted and easily accessible to eavesdropping https://satcom.sysnet.ucsd.edu

In this episode, Dr. Dave Chatterjee speaks with Anupam Upadhyay, Senior Vice President, Product Management, Palo Alto Networks, a seasoned product and cybersecurity leader, to unpack the “new browser wars” and why enterprise browsers are fast becoming a core battleground in the fight for digital trust. Drawing on over two decades of experience spanning Cisco, startups, and Palo Alto, Upadhyay traces the evolution of the humble browser from a passive content viewer into the primary interface for cloud applications, collaboration tools, and sensitive business data.The conversation examines the browser's expanding role as both a productivity hub and a primary attack vector—accounting for over 90 percent of initial intrusions via phishing, malicious extensions, or session hijacking. Through the lens of the Commitment-Preparedness-Discipline (CPD) Framework, Dr. Chatterjee and Anupam Upadhyay emphasize that securing the enterprise browser is not merely a technical exercise but a governance imperative: leadership commitment to zero-trust principles, preparedness through hardened configurations and employee training, and disciplined enforcement of consistent controls across devices and partners.Time Stamps• 00:49 — Dave's introduction and guest overview.• 03:00 — Anupam Upadhyay's career journey and reinvention at Palo Alto Networks.• 05:00 — Historical context: how browsers stayed outside the security spotlight.• 08:40 — Cloud and SaaS migration shifting business to the browser.• 11:20 — Emerging browser threats and data sanctity concerns.• 14:30 — Malicious extensions and the limits of traditional EDR.• 16:07 — Browser security as part of Zero Trust architecture.• 18:30 — Balancing security and user experience.• 22:10 — Operating in hostile environments and credential revocation.• 25:00 — Dr. Chatterjee introduces the CPD framework for governance.• 28:45 — Implementation and user adoption challenges.• 30:00 — Continuous testing and discipline in browser security.• 33:05 — Closing takeaways on Zero Trust mindset and defense-in-depth.Podcast summary with discussion highlights - https://www.dchatte.com/episode-93-the-new-browser-wars-why-the-enterprise-browser-has-become-cybersecuritys-next-battleground/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A...

Glenn breaks down Pam Bondi's disastrous Senate hearing. Then: the same senators who constructed today's government spying apparatus complain about being surveilled. Finally: what Candace Owens's newly released messages reveal.  ------------------------ Watch full episodes on Rumble, streamed LIVE 7pm ET. Become part of our Locals community Follow System Update:  Twitter Instagram TikTok Facebook  

The episode starts with the passage of California's groundbreaking AI transparency law, marking the first legislation in the United States that mandates large AI companies to disclose their safety protocols and provide whistleblower protections. This law applies to major AI labs like OpenAI, Anthropic, and Google DeepMind, requiring them to report critical safety incidents to California's Office of Emergency Services and ensure safety for communities while promoting AI growth. This regulation is a clear signal that the compliance wave surrounding AI is real, with California leading the charge in shaping the future of AI governance.The second story delves into a new cybersecurity risk in the form of the first known malicious Model Context Protocol (MCP) server discovered in the wild. A rogue npm package, "postmark-mcp," was found to be forwarding email data to an external address, exposing sensitive communications. This incident raises concerns about the security of software supply chains and highlights how highly trusted systems like MCP servers are being exploited. Service providers are urged to be vigilant, as this attack marks the emergence of a new vulnerability within increasingly complex software environments.Moving to Microsoft, the company is revamping its Marketplace to introduce stricter partner rules and enhanced discoverability for partner solutions. Microsoft's new initiative, Intune for MSPs, aims to address the needs of managed service providers who have long struggled with multi-tenancy management. Additionally, the company's new "Agent Mode" in Excel and Word promises to streamline productivity by automating tasks but has raised concerns over its accuracy. Despite the potential, Microsoft's tightening ecosystem requires careful navigation for both customers and partners, with compliance and risk management being central to successful engagement.Finally, Broadcom's decision to end support for VMware vSphere 7 has left customers with difficult decisions. As part of Broadcom's transition to a subscription-based model, customers face either costly upgrades, cloud migrations, or reliance on third-party support. Gartner predicts that a significant number of VMware customers will migrate to the cloud in the coming years, and this shift presents a valuable opportunity for service providers to act as trusted advisors in guiding clients through the transition. For those who can manage the complexity of this migration, there's a once-in-a-generation opportunity to capture long-term customer loyalty. Three things to know today00:00 California Enacts Nation's First AI Transparency Law, Mandating Safety Disclosures and Whistleblower Protections05:25 First Malicious MCP Server Discovered, Exposing Email Data and Raising New Software Supply Chain Fears07:16 Microsoft's New Playbook: Stricter Marketplace, Finally Some MSP Love, and AI That's Right Only Half the Time11:07 VMware Customers Face Subscription Shift, Rising Cloud Moves, and Risky Alternatives as Broadcom Ends vSphere 7 This is the Business of Tech.   Supported by: https://scalepad.com/dave/https://mailprotector.com/ Webinar:  https://bit.ly/msprmail All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today's threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team's most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/ https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/ https://sec.okta.com/articles/uncloakingvoidproxy/ How to navigate app development in the AI era with Shiv Ramji As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He'll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems. How AI agents are reshaping cybersecurity from the inside out with Damon McDougald AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment. All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-426

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A recent investigation by the U.S. Secret Service claims to have uncovered a massive swatting infrastructure centered around New York City.Check Point researchers are tracking an Iran-linked cyber-espionage group known as Nimbus Manticore, which appears to be expanding its operations into Western Europe.A new wave of malicious advertising is targeting macOS users by impersonating widely used software and services through search engine ads.A new tool called SpamGPT is drawing attention in the cybersecurity community for effectively lowering the barrier to entry for large-scale spam and phishing campaigns.In light of increasing attacks on open source ecosystems, GitHub has disclosed recent security incidents affecting the npm registry, including the Shai-Hulud worm.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today's threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team's most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/ https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/ https://sec.okta.com/articles/uncloakingvoidproxy/ How to navigate app development in the AI era with Shiv Ramji As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He'll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems. How AI agents are reshaping cybersecurity from the inside out with Damon McDougald AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment. All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-426

How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today's threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team's most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/ https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/ https://sec.okta.com/articles/uncloakingvoidproxy/ How to navigate app development in the AI era with Shiv Ramji As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He'll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems. How AI agents are reshaping cybersecurity from the inside out with Damon McDougald AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment. All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more! Show Notes: https://securityweekly.com/esw-426

Wikipedia isn't just an online encyclopedia—it's the backbone of the internet. From Google search results to AI training models, it shapes the information billions of people see every single day. But what if the platform has been hijacked by hidden agendas, activist editors, and dark networks working behind the scenes? SPONSORS: Grab your free seat to the 2-Day AI Mastermind: https://link.outskill.com/ANDREWS2  Cut your wireless bill to 15 bucks a month at https://mintmobile.com/heretics  Start your MyHeritage journey now with a 14-day free trial using my link: https://bit.ly/AndrewGoldMyHeritage Go to https://TryFum.com/HERETICS  and use code HERETICS to get your free FÜM Topper when you order your Journey Pack today!  In this explosive interview, journalist and author Ashley Rindsberg exposes the shocking truth about how Wikipedia really works—and why it's far more dangerous than you think. We discuss how powerful figures can manipulate narratives, how controversial topics from grooming gangs to Kyle Rittenhouse get rewritten, why certain murders are buried, and how anyone who challenges the system—whether it's Charlie Kirk, Elon Musk, or even independent journalists—gets targeted. Ashley reveals how Wikipedia editors attack reputations, censor stories that don't fit the narrative, and even transform encyclopedic entries into propaganda tools. We dig into the billion-dollar industry of paid Wikipedia editing, the war against outlets like the Daily Mail, and the frightening way this information monopoly is now feeding artificial intelligence systems that will shape the future. If you've ever trusted Wikipedia—or relied on Google—you need to hear this conversation. #Wikipedia #FreeSpeech #Heretics  Join the 30k heretics on my mailing list: https://andrewgoldheretics.com  Check out my new documentary channel: https://youtube.com/@andrewgoldinvestigates  Andrew on X: https://twitter.com/andrewgold_ok   Insta: https://www.instagram.com/andrewgold_ok Heretics YouTube channel: https://www.youtube.com/@andrewgoldheretics Chapters: 0:00 Ashley Rindsberg Highlights 1:10 Wikipedia Can Ruin Our Lives 3:10 The Clintons Did THIS 6:10 Charlie Kirk's Wikipedia 8:10 George Floyd, Iryna Zarutska & Charlie Kirk 11:10 Andrew Can't Get A Wikipedia Page 12:10 The Truth About The Dark Agencies! 14:35 The Daily Mail Is Wiki's Enemy 18:00 Iryna Zarutska: What Really Happened 20:10 This is Malicious! 23:00 Konstantin Kisin's Point About Charlie Kirk 24:10 What The Left Really Care About 26:10 Kyle Rittenhouse Hypocrisy 29:40 Grooming Gangs - They Blamed Us! 34:10 Maniacs In Charge 37:00 Greta Thunberg A Proven Liar 38:40 Reddit & Bluesky Madness 41:10 Elon Musk & Sam Altman 44:10 Woke Football Players 47:10 How We Can Push Back Against This 49:30 Alternatives to Wikipedia 50:40 A Heretic Ashley Rindsberg Admires Learn more about your ad choices. Visit megaphone.fm/adchoices

The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded . https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228 .desktop files used in an attack against Linux Desktops Pakistani attackers are using .desktop files to target Indian Linux desktops. https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/ Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram A go module advertising its ability to quickly brute force passwords against random IP addresses, has been used to exfiltrate credentials from the person running the module. https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials Limiting Onmicrosoft Domain Usage for Sending Emails Microsoft is limiting how many emails can be sent by Microsoft 365 users using the onmicrosoft.com domain. https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167

CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit