Podcasts about Phishing

Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/

Nick Akers started by founding a venture-capital-backed company, then moved into a more "traditional" track leading a manufacturing company before spending ~2.5–3 years doing an ETA-style search. He ultimately acquired an IT services business (STL Communications) and rebranded it to Enzo Technologies, where he focuses heavily on cybersecurity for small/legacy businesses. He sees buyers walking into messy, outdated environments (personal email accounts, weak licensing, no backups/firewalls, passwords shared everywhere) and argues IT + cybersecurity due diligence should be part of every deal. Podcast Nuggies: Legacy IT is usually a "mess" post-close Add IT/cyber due diligence before closing MFA + password manager are non-negotiable Phishing clicks can wreck you in minutes USE POSITIVE PAY to approve every expense SMBs are the biggest target for cyber attacks. Protect your business with Inzo Technologies. Check out....www.inzotechnologies.com, I-N-Z-O, or email Nick directly at nick@inzotechnologies.com. ****** Join the last cohort for a while. **How to Buy a Business Live Cohort** - April 2026 https://www.letsbuyabusiness.com/

Possible iPhone-hacking toolkit used by spies Hacker mass-mails HungerRush extortion emails Tycoon 2FA phishing platform dismantled Get the show notes here: https://cisoseries.com/cybersecurity-news-iphone-hacking-toolkit-used-by-spies-hungerrush-extortion-emails-tycoon-phishing-platform-dismantled/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. adaptivesecurity.com.

If you're already performing the confirmation call for vendor changes – are you already compliant with the upcoming Nacha ACH fraud monitoring rule with a March 20, 2026 deadline?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Nacha:  RISK MANAGEMENT TOPICS – (Fraud Monitoring Phase 1) Get Your Free Download: 5 Steps to Improve Your Vendor Confirmation Call LinkedIn Article:  Nacha's ACH Fraud Monitoring Rule: Is the Confirmation Call You're Already Doing Compliant? Free Nacha Compliance Webinar:  Last Minute Compliance:  3 Ways To Meet Nacha's ACH Fraud Monitoring Rule Before the Deadline! Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/

In this episode of the Fraudology podcast, Karisse Hendrick is joined by Matt Vega, Chief Fraud Strategist at Sardine, to explore how artificial intelligence has fundamentally altered the threat landscape for financial institutions and online retailers.First, Matt reveals the alarming ease with which AI can now be used to orchestrate phishing campaigns. Using advanced tools like Vercel's v0, Matt demonstrates how he can clone a legitimate website—complete with branding, functional images, and login flows—in less than five minutes. He explains how attackers use these replicas to execute sophisticated "man-in-the-middle" attacks, tricking victims into handing over two-factor authentication (2FA) codes to gain fully authenticated access to accounts.Later in the episode, Matt and Karisse dive into the rise of "polymorphic" AI attacks. These autonomous agents are capable of adapting their behavior in real-time to bypass bot detection and security thresholds as soon as they are implemented. Matt also discusses "dust trailing," a tactic where fraudsters spread large volumes of small transactions across hundreds of platforms to make traditional human investigation cost-prohibitive.In this episode, we discuss:The 5-Minute Phish: How AI models use simple screenshots and prompts to create pixel-perfect clones of banks and government agencies.Polymorphic Attacks: The emergence of autonomous AI agents that instantly adapt to security controls, making traditional bot mitigation obsolete.The Power of Basics: Why "low-tech" solutions like card-to-name matching and behavioral biometrics remain the most effective tools against high-tech fraud.Threat Intelligence: Best practices for proactive defense, including beacon technology, "hidden watermarks," and strategic domain acquisition.Upcoming Events: Details on meeting Matt and the Sardine team at the upcoming MRC conference in Las Vegas.

Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be

⚠️ Arnaques bancaires : comment les fraudeurs vous manipulent (et comment l'éviter)Dans cet épisode de CrypTalk, Chloé aborde un sujet qui concerne absolument tout le monde : les arnaques et scams bancaires. Phishing, faux conseillers, smishing, faux coursiers, faux placements… Les fraudeurs sont de plus en plus sophistiqués, et une seconde d'inattention peut suffire à tout perdre.Ce n'est pas une question de naïveté ou d'incompétence technologique. Les arnaques bancaires reposent avant tout sur la psychologie : la confiance et l'urgence. Et avec la digitalisation croissante de nos finances, le terrain de jeu des fraudeurs n'a jamais été aussi vaste.

Nacha rules – just keep coming.  If you are involved in the vendor process, there are two Nacha rules with a compliance deadline of March 20, 2026.  So, if you haven't heard of them yet or have and are not quite sure what they are, here is where you can go to get more information.  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    NachaAbout US https://www.nacha.org/content/about-usRISK MANAGEMENT TOPICS – (Fraud Monitoring Phase 1) RISK MANAGEMENT TOPICS – Company Entry Descriptions Free Nacha Compliance Webinar:  Last Minute Compliance:  3 Ways To Meet Nacha's ACH Fraud Monitoring Rule Before the Deadline! Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Crypto's newest threat isn't a smart contract exploit, it's a knock at your door. In this episode, Ryan sits down with Jameson Lopp (Casa) and Beau (former CIA, now safety at Pudgy Penguins) to map the real security landscape for crypto holders in 2026: the phishing traps you'll see daily, the physical “wrench attacks” that terrify the community, and the practical systems that can make both dramatically less effective. If going bankless is about freedom, this is the playbook for keeping that freedom without turning into your own security team. ---

En este episodio de No Hay Tos, Héctor y Beto entrevistan a Daniel, ingeniero en sistemas, sobre cómo es trabajar en tech en México. Hablan del uso diario del inglés y el spanglish, los tipos de proyectos (backend, frontend, nube, integración), las oportunidades internacionales y el ambiente laboral, desde empresas exigentes hasta startups con mejores condiciones y trabajo remoto. También comentan el estado de la ciberseguridad en México y comparten consejos prácticos para protegerse en línea. If you'd like to listen to our episodes ad-free and get the full word-for-word transcript of this episode — including English explanations and translations of Mexican slang and colloquial expressions — visit us on Patreon. You can also find more content and resources on our website: nohaytospodcast.com If the podcast has been helpful to you, please leave us a review on Apple Podcasts — it really helps! And if you prefer video, check out our YouTube channel. No Hay Tos is a Spanish podcast from Mexico for students who want to improve their listening comprehension, reinforce grammar, and learn about Mexican culture and Mexican Spanish. All rights reserved. No Hay Tos is a Spanish podcast from Mexico for students who want to improve their listening comprehension, reinforce grammar, and learn about Mexican culture and Mexican Spanish. All rights reserved.

Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

Cargo theft in the U.S. has changed dramatically in just a few years. What was once dominated by small regional crews is now increasingly driven by organized international crime rings using deception, cyber tactics, and strategic fraud.In this episode of HDT Talks Trucking, Deborah Lockridge speaks with Scott Cornell, vice president at LogistIQ Insurance and chair of the Transported Asset Protection Association (TAPA), about how cargo theft evolved after 2020 and why “strategic theft” is surging.They discuss:The shift from straight theft to organized strategic schemesHow double brokering scams workFreight “laundering” Phishing, social engineering, and identity theft in the supply chainHow cargo criminals manipulate tracking dataA practical three-layer prevention strategy trucking fleets can implement

In this episode of Future Fuzz, Vince Quinn sits down with Mike Rotondo, Founder of RITC Cybersecurity, to unpack the growing cybersecurity risks facing modern marketing teams.From phishing scams and business email compromise to AI vulnerabilities and data leakage, Mike explains why marketers are prime targets for cybercriminals—and why being “in the cloud” doesn't automatically mean you're secure.The conversation dives into how cybercriminals operate like full-scale corporations, why user training is the single most important defense, and how simple mistakes—like shared logins or unsecured home routers—can expose entire organizations. Mike also explores emerging threats like “quishing” (QR code phishing), AI exploitation, and the hidden risks of feeding sensitive data into large AI tools.If you're managing customer data, email lists, or AI-powered marketing tools, this episode is a must-listen.Guest BioMike Rotondo is the Founder of RITC Cybersecurity, a consulting firm focused exclusively on cybersecurity strategy, compliance, and risk mitigation.RITC provides services including penetration testing, security framework analysis, SOC 2 audit preparation, HIPAA and PCI compliance consulting, and virtual CISO (vCISO) services. Rather than hands-on IT implementation, Mike and his team specialize in advisory, governance, and security architecture—helping organizations build secure systems from the inside out.With decades of experience in cybersecurity dating back to the 1990s, Mike works with organizations to prevent breaches, reduce liability, and strengthen internal defenses against evolving cyber threats.TakeawaysBeing in the cloud does not mean you're secure.Most breaches start with users—not firewalls.Cybercriminals operate like corporations, with R&D and strategy teams.Phishing and business email compromise (BEC) are still the top threats.Shared logins and admin access for everyday users create major vulnerabilities.Remote work requires secured routers, patched systems, and enforced device standards.“Quishing” (QR code phishing) is an emerging attack vector.AI tools can create data leakage risks if policies aren't in place.Personally identifiable information (PII) exposure can financially destroy small companies.Cybersecurity training is the most effective prevention strategy.Chapters00:00 Introduction to Mike Rotondo 00:28 What RITC Cybersecurity Does 01:31 Why Businesses Are More Vulnerable Than They Think 03:01 How Cybercriminals Actually Operate 04:10 Real-World Impact of Phishing Attacks 06:30 Building Strong Cyber Defenses 07:57 Remote Work Security Risks 09:42 QR Code Phishing (“Quishing”) 10:45 Why Cybersecurity Feels Overwhelming 11:05 The Importance of Employee Training 12:26 AI's Role in Cybersecurity Threats 14:53 AI Server Vulnerabilities 15:15 How Marketers Should Approach AI Security 17:08 Data Leakage and PII Risks 18:31 The Financial Fallout of a Breach 19:08 The Ciphered Reality PodcastLinkedInFollow Mike on LinkedIn Follow Vince on LinkedIn

Ray O'Leary joins Dan, James and Andy to discuss Rousseau, rays, receptionists and remarkable royalties. Visit nosuchthingasafish.com for news about live shows, merchandise and more episodes. Join Club Fish for ad-free episodes and exclusive bonus content at apple.co/nosuchthingasafish or nosuchthingasafish.com/patreonGet an exclusive 15% discount on Saily data plans! Use code [fish] at checkout. Download Saily app or go to https://saily.com/fish

So you sent recipient statements to your vendors for Tax Year 2025 – and some came back.  Here is how to handle them to reduce penalties from the IRS. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in iOS/iPadOS https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the evolving landscape of cybersecurity training, particularly in light of generative AI and the limitations of traditional phishing simulations. They argue that expecting employees to outsmart sophisticated cybercriminals is unrealistic and emphasize the need for a robust security architecture that assumes clicks will happen. The conversation then shifts to recent updates regarding Microsoft Intune Suite, including pricing changes and new features, highlighting the importance of adapting to the changing cybersecurity environment.----------------------------------------------------YouTube Video Link: ⁠https://youtu.be/KzT_wOyC4-w⁠----------------------------------------------------Documentation:https://www.linkedin.com/posts/james-haynes_im-going-to-say-something-that-might-get-activity-7417944035304079360-s1D_/https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Ken Johnson and Seth Law examine the intensifying pressure on security practitioners as AI-driven development causes an unprecedented acceleration in industry velocity. A primary theme is the emergence of "shadow AI," where developers utilize unauthorized AI coding assistants and personal agents, introducing significant data classification risks and supply chain vulnerabilities. The discussion dives into technical concepts like AI agent "skills"—markdown files providing specialized directions—and the corresponding security risks found in new skill registries, such as malicious tools designed to exfiltrate credentials and crypto assets. The hosts also review 1Password's SCAM (Security Comprehension Awareness Measure), highlighting broad performance gaps in an AI's ability to detect phishing, with some models failing up to 65% of the time. To manage these unpredictable systems, the hosts advocate for a shift toward high-level validation roles, emphasizing the need for Subject Matter Expertise to combat "reasoning drift" and maintain safety through test-driven development and periodic "checkpoints". Ultimately, they conclude that while AI can simulate expertise, human oversight remains vital to secure the probabilistic nature of modern agentic workflows.

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes as they share  their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. Selected Reading US wants cyber partnerships to send ‘coordinated, strategic message' to adversaries (The Record)  Europe must adapt to ‘permanent' cyber and hybrid threats, Sweden warns (The Record)  Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures (Netskope) Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage (Intel 471) How AI is and is Not Changing Ransomware (Halcyon) CISA flags critical Microsoft SCCM flaw as exploited in attacks (Bleeping Computer) Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging (SC Media) AMOS infostealer targets macOS through a popular AI app (Bleeping Computer) California fines Disney $2.75 million for data privacy violations (The Record) An AI Agent Published a Hit Piece on Me (The Shamblog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:45 Microsoft Vulnerabilities: A Growing Concern 02:38 Phishing Attacks Using Your Own Servers 04:16 Zero-Click Vulnerability in Claude AI 06:25 Romance Scams: Not Just Targeting the Elderly 09:14 Conclusion and Weekend Edition Teaser

At ITEXPO / MSP EXPO, Zack Schwartz, Vice President of Strategic Partnerships at Trustifi, joined Doug Green to discuss a critical but often overlooked reality: while AI dominates headlines, email remains the primary attack vector for cybercrime. Trustifi delivers a full-suite email security platform purpose-built for MSPs, enabling easy deployment, centralized management, and advanced protection against next-generation AI-driven phishing attacks. Schwartz emphasized that over 91% of cyberattacks still originate from inbound email—and the sophistication of those attacks has grown dramatically with AI tools. “Cyber criminals are leveraging AI to create extremely nuanced attacks,” he explained. Trustifi addresses this by combining high-efficacy inbound phishing detection with innovative AI-driven training tools. One standout feature allows MSPs to convert a real phishing attack into customized security awareness training, generating targeted video content based on an incident that actually occurred within a customer's environment. A key differentiator is Trustifi's “journal-only mode,” which allows MSPs to deploy the platform without interrupting live email flow. The system produces a full report showing how Trustifi would have responded to threats, creating what Schwartz described as a powerful “aha moment” for customers. According to Trustifi, this approach converts over 80% of opportunities and requires only minutes to set up—at no cost to the partner or end client. Beyond inbound threats, Trustifi also addresses outbound risk and compliance requirements, including HIPAA, PCI, GDPR, and broader data loss prevention (DLP) concerns. Many organizations underestimate how much sensitive information leaves their network via email. “It's a big issue of not knowing what you don't know,” Schwartz said, highlighting how classification and encryption tools expose hidden vulnerabilities. With no minimum requirements, free NFR licenses for MSPs, and strong momentum away from legacy email gateways, Trustifi is positioning itself as a high-margin opportunity within the channel. The message to MSPs: start internally, see the exposure firsthand, and then extend protection across your customer base. Visit https://trustifi.com/

In this episode from the Inch360 Conference, cybersecurity expert Heather Stratford explores how AI is revolutionizing phishing attacks and social engineering tactics. She breaks down the rapid adoption of AI—with ChatGPT reaching 100 million users in just two months—and explains how criminals are weaponizing machine learning, deep learning, and natural language processing to create highly personalized, sophisticated attacks.Stratford examines real-world breaches including the MGM hack and a $25 million deepfake Zoom scam, demonstrating how attackers combine voice impersonation, social engineering, and AI-generated content to bypass traditional security measures. She reveals the shocking accessibility of cybercrime tools, with AI-powered phishing kits available for just $20.The episode emphasizes that once-a-year security training is no longer sufficient. Stratford advocates for weekly micro-learning sessions, monthly phishing simulations, and role-specific training—especially for executives, accounting teams, and anyone with financial access. She stresses that while technology defenses are important, the human element remains the most vulnerable layer, making continuous employee education critical in the AI-driven threat landscape. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

What separates organizations that successfully fend off ransomware from those that don't? What were the top threats facing organizations? Can we (pretty please) get a sneak peek into the 2025 Year in Review?Amy is joined by Dave Liebenberg, Strategic Analysis Team Lead, to break down key findings from Q4 2025's Cisco Talos Incident Response Quarterly Trends Report. From the top threats facing organizations — like the persistent exploitation of public-facing applications and the rise of new vulnerabilities such as Oracle EBS and React2Shell — to the unexpected drop in ransomware cases, this episode is packed with useful info. Episode resources:Q4 2025 Quarterly Trends Report: https://blog.talosintelligence.com/ir-trends-q4-2025/Qilin blog: https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/Cybersecurity on a Budget blog: https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for-an-economic-downturn/

If you paid foreign vendors reportable income in TY 2025 and want to file the 1042-S forms using one of the two IRS free e-Filing tools – this episode will break down three differences between the FIRE and IRIS that might make your decision easier. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS IRIS Page: https://www.irs.gov/filing/e-file-information-returns-with-iris IRS FIRE Page:  https://www.irs.gov/e-file-providers/filing-information-returns-electronically-fire IRS Modernized eFile: https://www.irs.gov/e-file-providers/modernized-e-file-program-information Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it's surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Quick Howto: Extract URLs from RTF files https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692 German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3 Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731 https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 Fortinet FortiClientEMS SQLi in the administrative interface https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the evolving landscape of cybersecurity training, particularly in light of generative AI and the limitations of traditional phishing simulations. They argue that expecting employees to outsmart sophisticated cybercriminals is unrealistic and emphasize the need for a robust security architecture that assumes clicks will happen. The conversation then shifts to recent updates regarding Microsoft Intune Suite, including pricing changes and new features, highlighting the importance of adapting to the changing cybersecurity environment.----------------------------------------------------YouTube Video Link: https://youtu.be/KzT_wOyC4-w----------------------------------------------------Documentation:https://www.linkedin.com/posts/james-haynes_im-going-to-say-something-that-might-get-activity-7417944035304079360-s1D_/https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today's episode, we're joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves. What You'll Learn:Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally dropsHow ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional securityReal-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immuneThe privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recordingWhether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations todayFrom training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online.#phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation 

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail's web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: ⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail's web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: ⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices

Broken Phishing URLs https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/ n8n command injection vulnerability https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 Android February Update https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en Watchguard Firebox LDAP Injection https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

Congrats!  You made the deadline for sending 1099-NEC and 1099-MISC recipient statements to your vendors and the related IRS tax filing deadline for the 1099-NEC.  Then your phone starts ringing with vendors, and now you have corrections to what you reported.  Or your organization has multiple entities and you realized income was reported for vendors using the wrong organization.  Or that file in IRIS or FIRE has an error status…. Now what? Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Publications: IRIS:  Publication 5717 (Rev. 1-2026) https://www.irs.gov/pub/irs-pdf/p5717.pdfFIRE: Publication 1220 (Rev. 9-2025) https://www.irs.gov/pub/irs-pdf/p1220.pdfFIRE (1042-S):  Publication 1187 (Rev. 9-2025) https://www.irs.gov/pub/irs-pdf/p1187.pdfIRS Page:  Information Return Penalty Chart https://www.irs.gov/payments/information-return-penalties Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss how attackers are increasingly abusing legitimate, trusted Microsoft workflows to make phishing campaigns more convincing and harder to spot. In device code phishing, victims are socially engineered into completing a real Microsoft OAuth login flow, inadvertently granting attackers valid access tokens without ever sharing a password. They also examined abuse of Microsoft 365 Direct Send, which allows threat actors to send phishing emails that appear to originate from inside an organization, reinforcing a broader shift toward weaponizing built-in cloud services rather than relying on obviously malicious infrastructure.

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss how attackers are increasingly abusing legitimate, trusted Microsoft workflows to make phishing campaigns more convincing and harder to spot. In device code phishing, victims are socially engineered into completing a real Microsoft OAuth login flow, inadvertently granting attackers valid access tokens without ever sharing a password. They also examined abuse of Microsoft 365 Direct Send, which allows threat actors to send phishing emails that appear to originate from inside an organization, reinforcing a broader shift toward weaponizing built-in cloud services rather than relying on obviously malicious infrastructure.

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

In this episode of Cybersecurity Today, host Jim Love welcomes David Shipley, CEO of Beauceron Security, as a guest. Together, they delve into the latest research from Beauceron  Security with assistance from he University of Montreal. They discuss the effectiveness of phishing simulations, the importance of reporting suspicious activities, and the psychological factors that lead to clicking on phishing emails. The episode also highlights the surprising advantages small businesses have over larger organizations in phishing defense, and how management's attitude towards cybersecurity significantly impacts a company's overall security culture. Don't miss this thorough, insightful conversation that will change how you think about cybersecurity training and culture! Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:19 Meet the Guest: David Shipley 01:46 David's Research with University of Montreal 02:17 Phishing Simulation Training Insights 03:16 The Importance of Real Research 04:30 Human Risk Management vs. Security Awareness 05:49 Understanding Phishing and Its Impact 11:10 The Role of Technology and Human Resilience 14:34 Effective Phishing Training Strategies 19:02 Analyzing Click Behavior and Reporting 27:17 Why People Click: Survey Insights 36:07 High Click Rates and Psychological Safety 38:13 Management's Role in Cybersecurity Culture 39:29 Impact of Tenure and Compensation on Click Rates 40:58 The Importance of Security Awareness Programs 43:35 Feedback and Reporting in Cybersecurity 54:12 Small Companies vs. Large Companies in Cybersecurity 56:44 Surprising Findings and Future Directions 01:02:12 Conclusion and Report Availability

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share advice on how to avoid phishing scams. We discuss: Phishing scams in text messages and email Common scams you might encounter What not to do when you get a suspicious text message PCT resources for how to identify scams and social engineering Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website.

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing didn't get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

professorjrod@gmail.comData protection didn't fail because encryption was weak; it faltered when trust was broken. In this episode of Technology Tap: CompTIA Study Guide, we explore how scattered systems, third-party vendors, and cloud replication complicate the question, “Where is our data right now?” We discuss why the true solution starts with people, not just technology. Whether you're a professor leading a study group, an IT professional preparing for your CompTIA exam, or anyone invested in IT skills development, this episode offers a practical map to not just pass tech exams but to uphold your promises in data security. Tune in for expert insights on technology education and effective tech exam prep strategies.We break down the crucial difference between data types and classifications, showing why labels don't override laws and how sensitivity should drive controls. You'll hear how data inventories, retention policies, and deletion-by-default strategies reduce both breach blast radius and legal exposure. We get specific about data states—at rest, in motion, in use—and the matching controls that actually hold up under pressure. Then we confront data sovereignty: how cross‑region replicas can quietly violate GDPR and how region‑restricted storage, geofencing, and vendor due diligence keep you on the right side of the border and the law.Privacy takes center stage as we clarify the roles of data subject, controller, and processor, and why documentation beats intention when regulators come calling. We outline what changes when a privacy breach occurs: tight timelines, mandated notifications, and the high cost of silence. Finally, we center the human layer with policies that guide behavior—acceptable use, social media, BYOD, clean desk—and an awareness training lifecycle that adapts to roles and evolving threats. Phishing drills, password hygiene, insider threat cues, and speak‑up culture turn security from slides into habits that stick.If this helped you think differently about compliance, data governance, and human risk, follow the show, share it with a teammate, and leave a quick review telling us which control you'll strengthen first. Your feedback helps more listeners protect what matters most.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

What do you do if it's getting down to the wire to be in compliance with the IRS deadlines for sending vendors their 1099-NEC or 1099-MISC or filing both with the IRS, and you know you are going to be late.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Extension Form:  Form 8809, Application for Extension of Time to File Information Returns  https://www.irs.gov/forms-pubs/about-form-8809IRS Extension Form:  Form 15397 Application For Extension of Time to Furnish Recipient Statements  https://www.irs.gov/forms-pubs/extension-of-time-to-furnish-statements-to-recipientsIRS Page:  Information Return Penalty Charthttps://www.irs.gov/payments/information-return-penalties Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Indignación por nuevo caso de maltrato animal en Naucalpan Dos detenidos por descarrilamiento del Tren Interoceánico: Sheinbaum  Sheinbaum y Trump dialogan sobre frontera, narcotráfico y comercioMás información en nuestro podcast  

Each week, the leading journalists in legal tech choose their top stories of the week to discuss with our other panelists.   00:00 Introductions 2:56 Law firm Phishing over christmas (Selected by Joe Patrice) 11:18 How much do legal leaders trust artificial intelligence in high-stakes decisions? New study sheds light (Selected by Victor Li) 18:06 Are mandatory hyperlinks a solution to the lawyers' hallucination problems? (Selected by Stephen Embry) 30:01 LawNext: From Roommates to Billionaires: Harvey's Founders Gabriel Pereyra and Winston Weinberg on Building AI Infrastructure for Law (Selected by Bob Ambrogi) 39:44 OpenAI wants your IP (Selected by Joe Patrice) 49:38 Alexi Fires Back at Fastcase Lawsuit with Counterclaims Alleging Anticompetitive Conduct Following Clio's $1B Acquisition (Selected by Bob Ambrogi)

A phishing campaign with QR codes rendered using an HTML table Phishing emails are bypassing filters by encoding QR codes as HTML tables. https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606 n8n vulnerabilities In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for. https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg Power bank feature creep is out of control Simple power banks are increasingly equipped with advanced features, including networking, which may expose them to security risks. https://www.theverge.com/tech/856225/power-banks-are-the-latest-victims-of-feature-creep