POPULARITY
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
A flood of everyday gadgets, from cheap streaming boxes to digital photo frames, are being secretly conscripted into global proxy networks and used to mask major cyberattacks—possibly even targeting your own home network. Worries of AI-power cyberattacks are spreading. Mythos "missed some" important vulnerabilities in Firefox. Every recent patch Tuesday Nightmare Eclipse has struck. What now? Massive store of valid FortiGate VPN credentials found. F5 issues emergency updates to their NGINX-based server offerings. Introducing "AI Potpourri" -- deeply altering an AI's personality. A close look at the explosion in malicious proxy networks. A Canadian judge okayed the illegal removal of such infections Show Notes - https://www.grc.com/sn/SN-1084-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com trustedtech.team/securitynow365 XBOW.com threatlocker.com/twit guardsquare.com
This episode ultimately reflects on how organisations must adapt to an environment where solutions are no longer neatly balanced between simplicity and capability. Instead, businesses need to reassess priorities, stay informed, and make deliberate choices about which innovations deliver real value. For SMBs, the challenge is not just keeping up—but identifying what's truly “good enough” in an increasingly complex cloud-first world. Resources CIAOPS Need to Know podcast - CIAOPS - Need to Know podcasts | CIAOPS X - https://www.twitter.com/directorcia director@ciaops.com CIAOPS Blog Join my Teams Shared Channel – CIAOPS CIAOPS Merch store - CIAOPS Become a CIAOPS Patron CIAOPS AI Dojo CIAOPS weekly news update - CIA Brief – CIAOPS CIAOPS Labs – The Special Activities Division of the CIAOPS Support CIAOPS Get your M365 questions answered via email Join my email list A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com AutoJack: How a single page can RCE the host running your AI agent Azure Sets a New Performance Record for LLM Training Benchmark at Extreme Scale Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave report Copilot Cowork is now generally available Microsoft Defender email security benchmarking: Key insights from one year of data Stay productive in new Outlook for Windows with these 5 features What's new in Power Platform: June 2026 feature update What's New in Notebooks | June 2026 Mercedes-AMG PETRONAS F1 Team responds to the intensity of race weekends with Microsoft AI brands as bait: How threat actors are using the AI hype in social engineering
(Disclaimer: erstellt mit ChatGPT)Hallo liebe Community,
On this week's show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week's cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhile, researchers are choosing full disclosure instead of engaging MSRC Meta's AI support agent allowed a staggering 20,000 accounts to be stolen! Apple pulls Russia's MAX messenger from the App Store and disables notifications Anthropic gives the public our first Mythos-class model but it won't do cybersecurity work Stripe and Google Tag Manager used in eCommerce website hack campaign And much, much more! This week's show is brought to you by runZero. HD Moore, runZeros' founder, drops by in this week's sponsor interview to talk about the AI vibe shift. Everyone is very worried about getting owned all of a sudden, and it's really changing the cybersecurity business. This episode is also available on YouTube. Show notes Microsoft Hacked to Deliver Malware to Claude and Gemini Users | 404.feed.press Researcher publishes GitHub token-stealing exploit, blames Microsoft's disclosure process | therecord.media Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | BleepingComputer Microsoft breaks Patch Tuesday record with 206 vulnerabilities | CyberScoop chompie1337 | X WhatsApp says NSO targeted users with spearfishing attacks in violation of court order | therecord.media Over 20,000 Instagram accounts stolen in Meta AI support hack | BleepingComputer New Apple feature automatically changes your compromised passwords | BleepingComputer Apple removes Russia's state-backed messaging app Max from its store | therecord.media Exclusive: Anthropic's Mythos can exploit new flaws in hours | Anthropic's new model is Mythos on a leash | CyberScoop Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe' Version for the Rest of You | wired.com OpenClaw AI agent found falling for phishing attacks, spills user data | BleepingComputer OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks | TechCrunch Security Hands on with Intelligent Terminal, an AI-powered Windows Terminal | BleepingComputer Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms | Mandiant Check Point warns of zero-day flaw targeted by ransomware affiliate | Cybersecurity Dive ServiceNow discloses security incident exposing customer data | BleepingComputer Credit card theft campaign abuses Stripe to host stolen payment info | BleepingComputer CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand | Cybersecurity Dive The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,' Evidence Suggests | 404.feed.press New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | BleepingComputer Google has quietly cut staff across its Cloud business | businessinsider.com
Recorded live at PSConfEU 2026, Andrew sits down with returning guest Miriam Wiesner, Senior Security Researcher at Microsoft, for a wide-ranging conversation on PowerShell security, cookie-based attacks, and the evolving threat landscape. Miriam walks through her two conference talks — one on Microsoft Teams session cookie hijacking (a follow-up to her 2025 Entra ID cookie talk, complete with Cookie Monster branding and actual handcuffs), and a joint session with Stéphane van Gulick on using Microsoft Defender's Live Response feature for incident investigation. The conversation also covers the current state of PowerShell security, why sophisticated attackers are moving away from PowerShell, and why defenders who haven't enabled script block logging and AMSI are leaving easy wins on the table. On top of the technical deep dive, Miriam and Andrew get into the human side of the conference community — nerves before presenting, imposter syndrome, and why showing up is already half the battle. Key Takeaways: Cookie-based identity attacks are an active and growing threat. Microsoft Teams, SharePoint, and OneDrive share session cookies, meaning a single cookie theft can give an attacker broad access across your organization's collaboration tools — no re-authentication required. Sophisticated threat actors are moving away from PowerShell specifically because its security features work. Script block logging, AMSI, and Constrained Language Mode make PowerShell activity highly visible and detectable. If your org hasn't enabled these, you're handing attackers an easy path. Visibility beats prevention. You can't prevent what you can't see. Detection through proper logging is not a consolation prize — it's a core security strategy, and Microsoft Defender's Live Response feature gives teams a powerful way to investigate isolated endpoints without needing RDP or PowerShell remoting enabled. Guest Bio: Miriam Wiesner is a Senior Security Research Program Manager at Microsoft with over 15 years of experience in IT security, penetration testing, and security automation. She works on research behind Microsoft Defender and Sentinel and is the creator of widely used open source PowerShell security tools EventList and JEAnalyzer. Miriam is a sought-after speaker at major security and PowerShell conferences including Black Hat, PSConfEU, and MITRE ATT&CK Workshops. She's also the author of "PowerShell Automation and Scripting for Cybersecurity," published by Packt. Her conference speaker career started at PSConfEU 2018 and she's been a fixture of the community ever since. Resource Links Miriam's 2025 Cookies talk - https://www.youtube.com/watch?v=8xDcq0pPNPs Book – PowerShell Automation and Scripting for Cybersecurity (Packt): https://www.amazon.com/PowerShell-Automation-Scripting-Cybersecurity-Hacking/dp/1800566379 Miriam on LinkedIn: https://www.linkedin.com/in/miriamwiesner Miriam on X/Twitter: https://x.com/MiriamXyra Miriam's GitHub (EventList, JEAnalyzer, and more): https://github.com/miriamxyra Miriam's Website: https://miriamxyra.com Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/zxJOqcEwgWE
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic's reported IPO plans and valuation, AI's impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CISA commands federal agencies to update Drupal. Can the largest botnet ever, be killed. Defender endpoint can cutoff a PC from the network. Charter Communications big account leak. Chrome moves device-bound session cookies from beta. Anthropic to release Mythos shortly. cURL and Daniel Stenberg. IBM & RedHat commit to fixing open source with AI. LOTS of terrific listener feedback this week. AI spells the end of a terrific source of training Show Notes - https://www.grc.com/sn/SN-1081-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit hoxhunt.com/securitynow zscaler.com/security material.security meter.com/securitynow
Surface every AI agent in your tenant and expose the ones throwing security signals — across both the IT and SOC view. Triage high-severity alerts as IT in the Microsoft 365 admin center, then pivot into the full incident graph as a SOC analyst in Microsoft Defender. Block malicious tool invocations the instant they fire and catch jailbreak attempts on Copilot Studio agents before they take hold. Trace a compromised user back to suspicious agent activity, then trigger Microsoft Entra conditional access to revoke the session and force a password reset straight from the incident. Hunt overpermissioned agents with pre-built advanced hunting templates — including one that exposes every agent running MCP tools on the maker's standing credentials — and pull risky builds from the Agent Store using the Agent Registry. Spencer Berg, AI & Security Product Manager, shares how to turn agent risk signals into coordinated remediation across Defender, Entra, and the Microsoft 365 admin center. ► QUICK LINKS: 00:00 - Stay in control with Agent 365 00:40 - Gain visibility with unified control plane 01:48 - Unified IT & SOC agent view 02:54 - Real-time blocking and jailbreak detection 04:08 - Auto-revoke via Entra conditional access 04:32 - Prevent future incidents 05:28 - Advanced hunting for AI agents 06:43 - Block risky agents 07:15 - Wrap up ► Link References Check out https://aka.ms/Agent365SecOps ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Synopsis Cette semaine, Patrick et Jacques reçoivent Jonathan Bastille, technicien informatique avec mandat sécurité au Cégep de Rivière-du-Loup. Jonathan raconte sa transition du privé vers le secteur public, et le contraste brutal entre la rapidité de décision en PME et le rythme « paquebot » d'un milieu où chaque changement passe par un conseil d'administration. La discussion bifurque rapidement vers la loi 25, l'illusion de conformité par bouts de papier, et l'attitude de trop de PME québécoises : « la sécurité, c'est pas important — j'attends que ça le devienne ». Le trio s'attaque ensuite à un sujet récurrent du podcast : la futilité de la majorité des campagnes de phishing simulé. Renforcement positif vs punition, tests qui ne mesurent que le clic au lieu du processus de détection en arrière, et l'argument central de Patrick — si vos employés deviennent bons à reconnaître votre simulation, ils ne deviennent pas pour autant bons à reconnaître les vraies attaques. Jonathan partage aussi une histoire concrète où il a bloqué le device code flow dans Microsoft, juste avant qu'une attaque réelle utilisant exactement cette technique frappe l'organisation. Côté actualités, plusieurs nouvelles passent au crible : le retour forcé au bureau qui a accouché du néologisme « téléprésentiel », la sortie maladroite du chef du CST qui blâme la proximité avec les États-Unis pour les cyberattaques canadiennes, et surtout le combo explosif CopyFeld + cPanel — une vulnérabilité Linux d'escalade de privilèges présente depuis 2007 et un piratage massif de panneaux d'administration d'hébergeurs. L'épisode se ferme sur une campagne de phishing déployant ScreenConnect chez 80+ organisations, un faux positif retentissant de Microsoft Defender sur des certificats DigiCert, et un rappel martelé : tant que les utilisateurs travaillent en local admin, aucun EDR ne va vous sauver. Crew Patrick Mathieu Jacques Sauvé Jonathan Bastille (invité spécial) Liens et ressources Patrick Microsoft Attack Surface Reduction Rules Device code phishing - Microsoft Microsoft Digital Defense Report Téléprésentiel – retour au bureau, 3 h de trafic pour Teams (Journal de Montréal) Proximité avec les États-Unis et cyberattaques – Radio-Canada cPanel / WHM – exploitation massive du contournement d'authentification (TechCrunch) Copy Fail – exploitation pour obtenir root sur Linux (CISA / BleepingComputer) Jacques Campagne phishing ScreenConnect 80+ organisations Microsoft Defender faux positif DigiCert / Cerdigent Jonathan Microsoft Defender for Endpoint Microsoft Sentinel Microsoft Intune Shamelessplug Inscriptions Hackfest 2026 Hackfest CTF Polar - journée pour les gestionnaires en cybersécurité Call for Paper Hackfest 2026 (mai à fin août) iHack - 30 mai 2026 (Québec, Trois-Rivières, Chicoutimi, Montréal) Discord Hackfest securite.fm Crédits Montage audio par Hackfest Communication Musique par Caleidisco – Candy Island - Much Too Loose Locaux virtuels par Streamyard
Managing Servers, and Kubernetes across on-prem, and multiple clouds, can quickly become complex, especially when you're juggling multiple tools. In this video, we explore how Azure Arc simplifies hybrid and multi-cloud operations by providing a single, consistent control plane for managing your entire infrastructure across Linux and Windows, on-prem, in Azure, or in any cloud. Once connected, you can patch Windows and Linux together with Azure Update Manager, enforce CIS benchmarks and Azure Security Baselines through Azure Policy, and pull consistent inventory, tags, and RBAC across your whole estate. Auto-recover unbootable Windows Server 2025 machines with Quick Machine Recovery, audit and configure WinRE using built-in Azure Policy. Run your virtual machines as Azure Virtual Desktop session hosts on Nutanix, VMware, Hyper-V, or using physical Windows hardware. Satya Vel, Azure Arc Principal Group PDM Manager (https://x.com/satya_vel) shares how to make Azure your operational standard for every workload, anywhere it runs. Learn more about Azure Arc at https://aka.ms/AzureArcServer, or join the community at https://aka.ms/ArcServerForumSignup ► QUICK LINKS: 00:00 - Azure Arc in hybrid environments 00:46 - Transitioning to Azure Arc 02:35 - Unified management 03:43 - How to bring in servers and containers 04:48 - Inventory management 05:30 - Patching 06:48 - Auto-manage future updates 08:25 - One-time update 09:32 - Configuration in a hybrid environment 11:05 - Auditing Windows machines 11:34 - Microsoft Defender for Cloud 13:06 - Desktop virtualization 13:51 - Wrap up ► Link References For more information go to https://aka.ms/AzureArc ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this week's Security Sprint Dave and Andy covered the following topics:Opening• Homeland Security Funding Bill Passed, Includes Money for CISA • Browser Extensions and Shadow AI: Unmanaged Threats to Privacy — Gate 15• Data Centers, Telecommunications Networks, and Space-Based Systems: Modernizing DHS's SRMA Role for the Communications and IT Sectors — House Committee on Homeland Security• New Cybersecurity Guide Targets Rising Threats to Food and Agriculture SMBs • Maine Law Requires Hospitals to Enact Cybersecurity PlansMain TopicsNew FTC Data Show People Have Lost Billions to Social Media Scams - Federal Trade Commission - 23 Apr 2026 The Federal Trade Commission reported that consumers have lost billions of dollars to scams originating on social media platforms, with fraudsters leveraging impersonation, investment schemes, and romance scams to exploit user trust. Take9! 9 Seconds For A Safer World. Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation? New 2026 ‘IOCTA' highlights sophisticated tactics and emerging challenges in the digital landscape – Europol unveils comprehensive analysis of evolving cybercrime threats - Europol - 28 Apr 2026 Europol released its 2026 Internet Organised Crime Threat Assessment, warning that encryption, proxies, artificial intelligence, dark web marketplaces, cryptocurrencies, fraud ecosystems, ransomware, and child sexual exploitation are expanding the cybercrime landscape. Global Encryption Coalition (GEC). The Global Encryption Coalition (GEC) was founded in 2020 by the Center for Democracy & Technology, Global Partners Digital and the Internet Society and now has over 350 members. Gate 15 is a proud member of the GEC. Ransomware! Weekly ransomware & data leak landscape; A seven-day view of claim activity, leak escalation, actor concentration, sector shifts, and supporting news context from eCrime.ch. — eCrime.ch — 26 Apr 2026. The eCrime weekly report provides a seven-day analysis of ransomware claim activity, data leak site postings, actor concentration, and sector targeting trends. • NCC Group Monthly Threat Pulse - Review of March 2026 • Ransomware and Cyber Extortion in Q1 2026 - ReliaQuest Presidential Message on National Hurricane Preparedness Week - The White House - 03 May 2026 This message encourages Americans in hurricane-prone areas to prepare before the season by protecting property, building emergency plans, assembling supplies, and monitoring forecasts and evacuation routes. It emphasizes local and state frontline roles while describing federal support for response and recovery. • Hurricane Preparedness - NOAA • Summer forecast 2026: Heat, severe storms to shape the season as El Niño develops, strengthens - AccuWeather• 2026 Hurricane Awareness Webinars - NOAA Quick Hits• Email threat landscape: Q1 2026 trends and insights — Microsoft Security Blog • Tycoon2FA disruption impact• QR code phishing attacks• CAPTCHA tactics• Malicious payloads• Business email compromise• Defending against email threats• Microsoft Defender detections• Alert - AL26-008 - Vulnerability affecting cPanel and WebHost Manager (WHM) - CVE-2026-41940 - Canadian Centre for Cyber Security • Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks • To recover your files kindly send 0.1 BTC to… ransom note appears on websites • The cPanel Situation Is… - • cPanel authentication bypass vulnerability CVE-2026-41940 exploited • Over 40,000 Servers Compromised in Ongoing cPanel Exploitation • Cole Allen's journey from Caltech grad to accused gunman in D.C. attack • Footage shows White House correspondents' dinner suspect 'casing' hotel: US attorney • Washington Hilton says it was using Secret Service protocols on night of attack
Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0. At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign. Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption. Also in this episode: The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now. Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]security Suggested Chapters (for retention and SEO) 00:00 Microsoft Defender deletes trusted certificates 02:20 DigiCert breach and stolen code-signing certificates 05:20 cPanel zero-day exploited, 44,000 servers compromised 08:40 Linux Copyfail vulnerability now actively exploited 10:40 Critical flaw in open-source car software
Most organizations think they're protected. They're not. Microsoft Defender sounds solid on paper — but in the real world, it's letting phishing, malware, and business email compromise walk right through the door. In this episode of The Audit, the crew pulls back the curtain on one of the most exploited attack surfaces in any organization: email. Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem are joined by IT Audit Labs' own Cameron Birkland — fresh off three first-place CTF wins in Vegas — for a live walkthrough of Check Point Harmony Email, a tool that plugs directly into your Microsoft 365 environment and shows you exactly what your current setup is missing.
This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls. The research and executive brief can be found here: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls. The research and executive brief can be found here: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter. Learn more about your ad choices. Visit megaphone.fm/adchoices
I reflect on the significance of the day before diving into the week's major developments, including the arrival of the Microsoft AI Tour in Sydney. The episode covers both partner and public events, with a focus on enterprise-level AI advancements and networking opportunities. The podcast features a comprehensive weekly news roundup: The general availability of Copilot Agent capabilities in Microsoft 365 apps. New data security tools for AI in Microsoft Purview. Innovations in identity resilience and backup with Microsoft Entra. Microsoft's $25 billion investment in Australian AI infrastructure and training. Practical security playbooks for tenant protection and device analytics. Updates on decluttering promotional mail with Microsoft Defender. Guidance on preventing oversharing in Copilot, deploying Defender, and enforcing data security with Purview. I also share my workflow for automating podcast production using Copilot Cowork, including narration scripts and link management. I discuss experimenting with AI-driven voice narration and invites listener feedback on pacing and voice options. The episode concludes with reflections on the Microsoft AI Tour's enterprise focus, the importance of networking, and the challenges SMBs face in accessing relevant content. Listeners are encouraged to reach out with questions or feedback and to stay tuned for upcoming events like Microsoft Build and Ignite. Resources CIAOPS Need to Know podcast - CIAOPS - Need to Know podcasts | CIAOPS X - https://www.twitter.com/directorcia director@ciaops.com CIAOPS Blog - CIAOPS – Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency Join my Teams shared channel - Join my Teams Shared Channel – CIAOPS CIAOPS Merch store - CIAOPS Become a CIAOPS Patron - CIAOPS Patron CIAOPS Brief - CIA Brief – CIAOPS CIAOPS Labs - CIAOPS Labs – The Special Activities Division of the CIAOPS Support CIAOPS - Support CIAOPS Get your M365 questions answered via email Please fill out this form A special thanks to the CIAOPS Patron community for making this podcast possible. You can find the benefits of a subscription to the community and become a member at https://www.ciaopspatron.com Microsoft 365 Insider Round-Up — April 2026 Declutter and Defend: Reducing Promotional Mail Noise with Microsoft Defender Prevent Oversharing in Microsoft 365 Copilot Microsoft Defender Deployment Tool From Oversharing to Enforcement: A Practical Guide to AI Data Security with Microsoft Purview Investing in Australia's AI Future Copilot's Agentic Capabilities in Word, Excel and PowerPoint Are Generally Available Predictive Shielding: Just-in-Time Tamper Protection Threat Hunting Agent in Advanced Hunting Bringing Transparency to AI-Generated Content with Watermarks in Microsoft 365 Microsoft 365 Copilot Readiness and Resiliency with SharePoint and Microsoft 365 Backup Introducing the Microsoft Sentinel Training Lab A Practical Look at Device Analytics and Risk Signals with Microsoft Intune Innovations in OneDrive for Collaboration, Intelligence and Control Strengthening Identity Resilience: A Deep Dive Into Microsoft Entra Backup and Recovery Detection Strategies for Cloud Identities Against Infiltrating IT Workers (Jasper Sleet) Safeguarding Sensitive Data in Microsoft 365 Copilot Interactions: DLP for Microsoft 365 Copilot Detecting Plain-Text Password Exposure Using Custom Regex in Microsoft Purview Cross-Tenant Helpdesk Impersonation to Data Exfiltration: A Human-Operated Intrusion Playbook
Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attackers poison AI with hidden web prompts. Apple patches lingering notification data. macOS admin tools become attacker pathways. CISA orders urgent fixes for a Microsoft Defender zero-day, and their Director nominee withdraws. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. A meteorological mystery meets market manipulation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Introducing the AI Security Brief podcast. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. They join Dave to introduce their new show on the N2K CyberWire Network. You can find their first episode here and catch new episodes every other Thursday on your favorite podcast app. Selected Reading Surveillance vendors caught abusing access to telcos to track people's phone locations, researchers say (TechCrunch) Committees on Energy and Commerce and Financial Services Introduce Pair of Privacy Bills to Establish Comprehensive Data Protections for All Americans (Energy Commerce) International cyber agencies share fresh advice to defend against China-linked covert networks (NCSC) RAMP Uncovered: Anatomy of Russia's Ransomware Marketplace (Security Affairs) New GopherWhisper APT group abuses Outlook, Slack, Discord for comms (Bleeping Computer) Hackers Use Hidden Website Instructions in New Attacks on AI Assistants (Hackread) Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) (Help Net Security) Bad Apples: Weaponizing native macOS primitives for movement and execution (Talos Intelligence) CISA orders feds to patch BlueHammer flaw exploited as zero-day (Bleeping Computer) Trump's pick to lead CISA withdraws nomination after months of political impasse (POLITICO) A Hair Dryer May Have Gamed a Paris Weather Sensor for $34,000 on Polymarket (Bitcoin News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send us Fan MailThree Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in Patch Tuesday while Red Sun and Undefend were described as still unpatched at the time, and the practical response: update fast, verify coverage, and keep your eyes on threat intel so local privilege escalation does not become a bigger incident.From there, I keep the CISSP momentum going with Domain 2.5 retention requirements, because retention is one of those “boring” topics that turns you into a hero the day something goes wrong. We walk through why retention exists (regulatory compliance, legal mandates, litigation holds, audits, and business continuity), what you should actually retain (security logs, audit trails, backups, PCAP where it makes sense, and especially configuration files and system documentation), and how to test backup and recovery so it works when you need it. We also hit the real-world trade-offs: cost vs risk, over-retention vs under-retention, GDPR-style data minimisation, and secure disposal with documentation you can show an auditor.Then I shift into security leadership with segment two of the boardroom cybersecurity series: five business translations that convert security speak into language boards can act on. Vulnerabilities become business exposure, alert volume becomes risk prevented, budget requests become ROI, AI threats become operational risk, and compliance becomes business continuity. If you want clearer retention policies, stronger audit readiness, and better executive buy-in, subscribe, share the show, and leave a review so more security pros can find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
This text provides detailed instructions for creating a senior-friendly presentation that evaluates the necessity of third-party security software on modern computers. The core focus is a side-by-side comparison between the built-in Microsoft Defender and the free version of Bitdefender, emphasizing clarity and honesty for non-technical users. It highlights critical factors such as ease of use, the frequency of annoying advertisements, and overall system performance to help users make an informed choice. The source ultimately suggests that while Windows 11 offers excellent native protection, Bitdefender Free is a reputable alternative for those seeking a dedicated third-party option. By weighing the benefits of integrated convenience against specialized security engines, the material aims to simplify a complex technical decision for an older audience.
In der neuen Folge von Breach FM starten Max und ich mit einem kurzen Mythos-Nachklang, bevor wir in die eigentlichen Themen einsteigen.NIST kündigt an, die National Vulnerability Database künftig zu priorisieren statt alles gleichmäßig anzureichern. CVEs im CISA-Katalog oder für US-Bundesbehörden werden weiterhin vollständig verarbeitet, der Rest nicht mehr zwingend. Nachvollziehbar angesichts des KI-getriebenen Vulnfloods, aber problematisch: Wer das Triage-Sieb kontrolliert, kontrolliert die Priorisierung aller anderen.Dann eine skurrile IoT-Geschichte: Ampelsteuerungen von Polara Enterprises lassen sich per Bluetooth und einer öffentlichen App konfigurieren. Default-Passwort: 1234, dokumentiert in der öffentlichen Doku. Im April 2025 spielten Unbekannte so Deepfake-Stimmen von Elon Musk, Zuckerberg und Bezos an Ampeln in Palo Alto und Seattle ein. Security-Researcher Deviant Ollam hatte das Problem bereits 2024 dokumentiert.Microsoft Defender hat eine Zero-Day namens Red Sun: Payloads können so konstruiert werden, dass der Defender beim Scanning selbst zur Angriffskette wird und aus der eigenen Sandbox ausbricht. Kein Argument gegen EDR, aber ein Argument dafür, Security-Tooling in BCM-Prozesse einzubeziehen.Ein technisch wichtiger Fall: Im Bundesterrorismus-Prozess in Texas extrahierte das FBI Signal-Nachrichten von einem iPhone, obwohl die App gelöscht war und Disappearing Messages aktiv waren. Kein gebrochenes Encryption, sondern iOS-Design: eingehende Notifications werden in einer eigenen Datenbank gecacht. Wer das vermeiden will: Signal-Einstellungen, Notifications, "No Name or Content" aktivieren.Zum Abschluss der Vercel-Breach: Ein Mitarbeiter hatte dem Third-Party-AI-Tool Context.ai weitreichende Google Workspace OAuth-Permissions erteilt. Über einen kompromittierten OAuth-Token kamen Angreifer an Environment Variables. Jemand gab sich als ShinyHunters aus, was diese dementiert haben. Robert fragt, ob Hacktivismus eine Rolle spielt: CEO Guillermo Rauch steht seit Monaten online unter Feuer, und der Breach folgte auffällig zeitnah auf die durchgesickerten IPO-Pläne.NIST Updates NVD Operations to Address Record CVE Growthhttps://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growthMicrosoft Defender 0-Day Vulnerability “RedSun” Enables Full SYSTEM Accesshttps://cybersecuritynews.com/defender-0-day-redsun/Vercel April 2026 security incidenthttps://vercel.com/kb/bulletin/vercel-april-2026-security-incidentThe Dumbest Hack of the Year Exposed a Very Real Problemhttps://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/FBI Extracts Suspect's Deleted Signal Messages Saved in iPhone Notification Databasehttps://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyerhttps://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/
Microsoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a Microsoft Defender flaw enabling privilege escalation on fully patched Windows 10/11 and Server—amid claims Microsoft mistreated them, highlighting strain on responsible disclosure as vendors face mounting vulnerability volume and AI-driven bug discovery. NIST announced it can no longer fully enrich all CVEs in the National Vulnerability Database, prioritizing only exploited-in-the-wild issues, federal software, and critical software, leaving the rest backlogged. In "FortiWatch," two critical FortiSandbox flaws allow auth bypass and remote command execution; patches are available. Vercel confirmed attackers accessed internal systems and urges customers to review and rotate environment variables amid unverified ShinyHunters ransom claims. Finally, alleged Scattered Spider member Tyler Buchanan pled guilty to an $8M crypto theft case, with reporting describing the group's social engineering tactics and escalating real-world violence tied to cybercrime. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Headlines And Sponsor 00:49 Microsoft Bug Drop 03:00 Disclosure System Strain 05:59 NVD Backlog Crisis 08:47 FortiWatch FortiSandbox 11:43 Vercel Breach Fallout 14:43 Scattered Spider Guilty Plea 18:54 Wrap Up And Thanks
This episode features Drew Russell, Identity Resilience Platform Owner at Rubrik. Jim McDonald and Jeff Steadman explore the intersection of backup, recovery, and identity security. Drew explains how Rubrik evolved from data backup into a cyber resilience platform with identity as a core pillar. Topics include recovering Active Directory, Okta, and Entra ID after ransomware, Rubrik's "bunker in a box" appliance for immutable air-gapped recovery, proactive posture management, CrowdStrike and Defender integrations, and where AI and non-human identities fit into Rubrik's roadmap. The episode wraps with measuring success for a product you hope to never use, and a detour into watch collecting.This episode was made possible by the support of Rubrik. Learn more at rubrik.com/idacConnect with Drew: https://www.linkedin.com/in/drew-russell-3762411b/Learn more about Rubrik: https://www.rubrik.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 - Welcome and Introduction00:01:19 - Introducing Drew Russell00:01:36 - How Drew Got Into Identity00:02:43 - What Is Rubrik and What Sets It Apart00:03:38 - From Backup to Cyber Resilience00:05:31 - Where Rubrik Fits in the IAM Landscape00:07:08 - Rubrik's Scale: Clients and Growth00:07:51 - Primary Use Cases: Post-Incident Recovery and AD00:09:09 - Kicking Out Compromised Accounts and ADR00:10:11 - Proactive Threat Detection and Mandiant Integration00:11:28 - Scanning Backups to Find the Clean Recovery Point00:12:14 - The Bunker in a Box Explained00:13:18 - Posture Management and Upstream Tool Integration00:14:19 - AI Agent Swarms and the Future Attack Surface00:15:37 - The Taiwan Bank Case Study: Six Weeks to Rebuild AD00:17:16 - The State of Nevada Incident: $400K and 30 Days00:17:56 - What Recovery Covers: AD, Okta, and Entra ID00:19:26 - Post-Restore Change Management and Whitelisting00:20:08 - How Long Should You Store Backups?00:21:19 - Indexing Identity for Intelligent Recovery Points00:22:29 - Excluding Malicious Actions During Restore00:24:41 - Zero Trust for Rubrik's Own Backups00:26:21 - No Windows, No Virtualization Architecture00:27:49 - Proactive Posture Management00:29:00 - CrowdStrike and Defender Real-Time Integration00:30:48 - Why Tabletop Exercises Often Fall Short00:31:53 - AI Roadmap and Non-Human Identities00:34:22 - The Three Pillars: Data, Identity, and AI00:35:29 - Deployment: SaaS vs. On-Prem00:38:37 - Appliance Sizing and Redundancy00:42:23 - Measuring Success for a Product You Hope to Never Use00:43:46 - The Ludacris Rubrik Commercial00:45:31 - Watch Collecting and the Omega Speedmaster00:53:39 - Drew's Closing WordsKEYWORDSIdentity at the Center, IDAC, Jeff Steadman, Jim McDonald, Rubrik, Drew Russell, identity resilience, cyber resilience, Active Directory recovery, AD backup, Okta recovery, Entra ID recovery, identity backup, ITDR, ISPM, non-human identity, NHI, agentic AI, ransomware recovery, bunker in a box, immutable backup, CrowdStrike integration, Microsoft Defender integration, Mandiant integration, identity disaster recovery, ADR, zero trust, tabletop exercises, posture management, IAM, identity security podcast, cybersecurity podcast
Stay ahead of real-world threats without overwhelming your team using Microsoft Defender Experts for XDR. Offload high-severity incidents, gain full visibility into every investigation, and follow clear, guided remediation steps so you can contain attacks quickly and confidently, day or night. Extend your security operations with always-on managed detection and response and proactive threat hunting, so you can uncover hidden risks early, stop threats threats they spread, and strengthen your defenses to prevent future attacks. Maynald Savatdy, Microsoft Defender Expert, shows how to detect, contain, and hunt threats across your environment with support from human experts. ► QUICK LINKS: 00:00 - Microsoft Defender Experts 00:54 - 24/7 Security Coverage 01:35 - Visibility & guidance actions 03:34 - Incidents and alerts 04:25 - Social engineering attack 05:36 - Defender Experts for hunting 06:34 - Wrap up ► Link References Get started at https://aka.ms/DefenderExperts ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Microsoft Defender is often treated as “good enough” security—built in, always on, and quietly doing its job. But what happens when malware convinces Windows to turn it off without triggering alarms?In this episode, cybersecurity expert Tyler Mofitt breaks down a real-world Windows malware campaign that disables Defender before anything else happens. No zero-days. No flashy exploits. Just a quiet abuse of built-in trust that causes Windows to step aside its own protection.He walks through how shortcut files, PowerShell, and legitimate cloud services are used to blend into normal activity, why Defender doesn't fail so much as follow the rules, and what defenders should be watching for when “installed” doesn't always mean “active.”A conversation about assumptions, visibility, and why the most dangerous attacks don't look dangerous at all.Link mentioned in the episode - threat intel hub with all the latest trends and stories going on with threat intelligence.https://community.opentextcybersecurity.com/As featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking Podcasts This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best! Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jason Shockey, CISO, Cenlar FSB, and Mike Lockhart, CISO, Eagleview Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will exploit. Adaptive runs realistic simulations and delivers tailored, engaging training so teams respond correctly when it counts. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com
The integration of advanced AI capabilities in tools like OpenAI Atlas and Microsoft Teams has raised significant security concerns, particularly regarding identity and trust vulnerabilities. Recent findings from LayerX indicate that the Atlas browser has critical vulnerabilities that could allow attackers to inject harmful instructions, while Microsoft Teams has a flaw that enables attackers to bypass Microsoft Defender protections through guest access. These issues highlight the fragility of AI integrations and the need for organizations to implement strict B2B collaboration configurations to mitigate risks associated with external collaborations.The FBI has reported over $262 million in losses due to account takeover fraud, with more than 5,100 complaints filed this year. Cybercriminals are increasingly using social engineering tactics to gain unauthorized access to online banking accounts, often changing passwords to lock victims out and quickly transferring funds to cryptocurrency wallets, complicating recovery efforts. The FBI advises individuals to monitor their financial accounts closely and adopt security measures such as complex passwords and multi-factor authentication to protect against these threats.Managed Service Providers (MSPs) are experiencing a growing demand for integrated security solutions, with a recent survey indicating that 92% of MSPs are seeing business growth driven by interest in AI. However, less than half feel prepared to guide clients in deploying AI tools, particularly autonomous agents. This gap in readiness reflects a significant drop from the previous year's 90% preparedness figure, emphasizing the need for MSPs to focus on data governance and security before implementing AI solutions.The episode underscores the importance of managing identity and data governance as the primary control mechanisms in modern security. MSPs that prioritize these areas will be better positioned to offer secure collaboration and effective automation. As the landscape evolves, providers must choose tools that enhance service delivery without adding unnecessary complexity, ensuring they can meet client demands for security and efficiency in an increasingly AI-driven environment.
Microsoft Defender outage disrupts threats Apple resists India's state-run app order MuddyWater strikes Israel with MuddyViper Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO
Ken, Senior Solutions Engineer at LimaCharlie, dives into the incredibly confusing licensing tiers, pricing models and feature sets for Microsoft Defender for Endpoint. Today we discuss: The difference between tiersWays to solve Defender visibility issues and increase operational transparencyHow its capabilities can be customized and expanded for better flexibility and scalability for service providersJoin the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.A big picture thinker, Ken ferrets out trends, seeking to understand what happens when businesses are breached and the methods behind the attacks. Then he figures out how to protect customers before they're hit.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastruture for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge Find the stories behind the headlines at CISOseries.com.
Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »
Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »
Take a Network Break! We start with a listener correction on Cisco’s history of wireless certifications, then dig into a couple of red alerts on Microsoft Defender and a backdoor in Outlook. On the news front, Cisco announces new AI agents and SoC packages for Splunk; F5 spends $180 million to buy an AI security... Read more »
This week on Azure Friday, Scott Hanselman meets with Vamshi Kommineni and Eitan Bremler to explore and demo how Microsoft is helping organizations protect cloud storage data at the core of their applications—by embedding intelligent, built-in posture management, threat protection, and malware scanning directly into Azure Blob Storage through its deep integration with Microsoft Defender for Cloud. Chapters 00:00 - Introduction 00:37 - Azure Blob Storage overview 02:15 - Storage Security philosophy - Start Secure and Stay Secure 03:30 - Demo part 1 - Microsoft Defender for Cloud Storage Security - Start Secure 09:28 - Demo part 2 - Microsoft Defender for Cloud Storage Security - Stay Secure Recommended resources Introduction to Azure Blob Storage What is Microsoft Defender for Storage? What is Microsoft Defender for Cloud? Connect Scott Hanselman | Twitter/X: @SHanselman Eitan Bremler | Twitter/X: @EBremler | LinkedIn: Eitan Bremler Vamshi Kommineni | Twitter/X: @VamshiKommineni | LinkedIn: Vamshi Kommineni Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure
This week on Azure Friday, Scott Hanselman meets with Vamshi Kommineni and Eitan Bremler to explore and demo how Microsoft is helping organizations protect cloud storage data at the core of their applications—by embedding intelligent, built-in posture management, threat protection, and malware scanning directly into Azure Blob Storage through its deep integration with Microsoft Defender for Cloud. Chapters 00:00 - Introduction 00:37 - Azure Blob Storage overview 02:15 - Storage Security philosophy - Start Secure and Stay Secure 03:30 - Demo part 1 - Microsoft Defender for Cloud Storage Security - Start Secure 09:28 - Demo part 2 - Microsoft Defender for Cloud Storage Security - Stay Secure Recommended resources Introduction to Azure Blob Storage What is Microsoft Defender for Storage? What is Microsoft Defender for Cloud? Connect Scott Hanselman | Twitter/X: @SHanselman Eitan Bremler | Twitter/X: @EBremler | LinkedIn: Eitan Bremler Vamshi Kommineni | Twitter/X: @VamshiKommineni | LinkedIn: Vamshi Kommineni Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure
This week on Azure Friday, Scott Hanselman meets with Vamshi Kommineni and Eitan Bremler to explore and demo how Microsoft is helping organizations protect cloud storage data at the core of their applications—by embedding intelligent, built-in posture management, threat protection, and malware scanning directly into Azure Blob Storage through its deep integration with Microsoft Defender for Cloud. Chapters 00:00 - Introduction 00:37 - Azure Blob Storage overview 02:15 - Storage Security philosophy - Start Secure and Stay Secure 03:30 - Demo part 1 - Microsoft Defender for Cloud Storage Security - Start Secure 09:28 - Demo part 2 - Microsoft Defender for Cloud Storage Security - Stay Secure Recommended resources Introduction to Azure Blob Storage What is Microsoft Defender for Storage? What is Microsoft Defender for Cloud? Connect Scott Hanselman | Twitter/X: @SHanselman Eitan Bremler | Twitter/X: @EBremler | LinkedIn: Eitan Bremler Vamshi Kommineni | Twitter/X: @VamshiKommineni | LinkedIn: Vamshi Kommineni Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure
This week on Azure Friday, Scott Hanselman meets with Vamshi Kommineni and Eitan Bremler to explore and demo how Microsoft is helping organizations protect cloud storage data at the core of their applications—by embedding intelligent, built-in posture management, threat protection, and malware scanning directly into Azure Blob Storage through its deep integration with Microsoft Defender for Cloud. Chapters 00:00 - Introduction 00:37 - Azure Blob Storage overview 02:15 - Storage Security philosophy - Start Secure and Stay Secure 03:30 - Demo part 1 - Microsoft Defender for Cloud Storage Security - Start Secure 09:28 - Demo part 2 - Microsoft Defender for Cloud Storage Security - Stay Secure Recommended resources Introduction to Azure Blob Storage What is Microsoft Defender for Storage? What is Microsoft Defender for Cloud? Connect Scott Hanselman | Twitter/X: @SHanselman Eitan Bremler | Twitter/X: @EBremler | LinkedIn: Eitan Bremler Vamshi Kommineni | Twitter/X: @VamshiKommineni | LinkedIn: Vamshi Kommineni Azure Friday | Twitter/X: @AzureFriday Azure | Twitter/X: @Azure
Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man on the street at Black Hat. Do androids dream of concierge duty? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We continue our coverage from the floor at Black Hat USA 2025 with another edition of Man on the Street. This time, we're catching up with Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, to hear what's buzzing at the conference. Selected Reading Microsoft warns of high-severity flaw in hybrid Exchange deployments (Bleeping Computer) KLM suffers cyber breach affecting six million passengers (IO+) Cyberattack hits France's third-largest mobile operator, millions of customers affected (The Record) New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites (SecurityWeek) Candiru Spyware Infrastructure Uncovered (BankInfoSecurity) Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities (SecurityWeek) Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (Bleeping Computer) A Single Poisoned Document Could Leak ‘Secret' Data Via ChatGPT (WIRED) Researchers Expose Infrastructure Behind Cybercrime Network VexTrio (Infosecurity Magazine) Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity (SonicWall) Want a Different Kind of Work Trip? Try a Robot Hotel (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices