Podcasts about Phishing

Crypto's newest threat isn't a smart contract exploit, it's a knock at your door. In this episode, Ryan sits down with Jameson Lopp (Casa) and Beau (former CIA, now safety at Pudgy Penguins) to map the real security landscape for crypto holders in 2026: the phishing traps you'll see daily, the physical “wrench attacks” that terrify the community, and the practical systems that can make both dramatically less effective. If going bankless is about freedom, this is the playbook for keeping that freedom without turning into your own security team. ---

En este episodio de No Hay Tos, Héctor y Beto entrevistan a Daniel, ingeniero en sistemas, sobre cómo es trabajar en tech en México. Hablan del uso diario del inglés y el spanglish, los tipos de proyectos (backend, frontend, nube, integración), las oportunidades internacionales y el ambiente laboral, desde empresas exigentes hasta startups con mejores condiciones y trabajo remoto. También comentan el estado de la ciberseguridad en México y comparten consejos prácticos para protegerse en línea. If you'd like to listen to our episodes ad-free and get the full word-for-word transcript of this episode — including English explanations and translations of Mexican slang and colloquial expressions — visit us on Patreon. You can also find more content and resources on our website: nohaytospodcast.com If the podcast has been helpful to you, please leave us a review on Apple Podcasts — it really helps! And if you prefer video, check out our YouTube channel. No Hay Tos is a Spanish podcast from Mexico for students who want to improve their listening comprehension, reinforce grammar, and learn about Mexican culture and Mexican Spanish. All rights reserved. No Hay Tos is a Spanish podcast from Mexico for students who want to improve their listening comprehension, reinforce grammar, and learn about Mexican culture and Mexican Spanish. All rights reserved.

Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

Cargo theft in the U.S. has changed dramatically in just a few years. What was once dominated by small regional crews is now increasingly driven by organized international crime rings using deception, cyber tactics, and strategic fraud.In this episode of HDT Talks Trucking, Deborah Lockridge speaks with Scott Cornell, vice president at LogistIQ Insurance and chair of the Transported Asset Protection Association (TAPA), about how cargo theft evolved after 2020 and why “strategic theft” is surging.They discuss:The shift from straight theft to organized strategic schemesHow double brokering scams workFreight “laundering” Phishing, social engineering, and identity theft in the supply chainHow cargo criminals manipulate tracking dataA practical three-layer prevention strategy trucking fleets can implement

In this episode of Future Fuzz, Vince Quinn sits down with Mike Rotondo, Founder of RITC Cybersecurity, to unpack the growing cybersecurity risks facing modern marketing teams.From phishing scams and business email compromise to AI vulnerabilities and data leakage, Mike explains why marketers are prime targets for cybercriminals—and why being “in the cloud” doesn't automatically mean you're secure.The conversation dives into how cybercriminals operate like full-scale corporations, why user training is the single most important defense, and how simple mistakes—like shared logins or unsecured home routers—can expose entire organizations. Mike also explores emerging threats like “quishing” (QR code phishing), AI exploitation, and the hidden risks of feeding sensitive data into large AI tools.If you're managing customer data, email lists, or AI-powered marketing tools, this episode is a must-listen.Guest BioMike Rotondo is the Founder of RITC Cybersecurity, a consulting firm focused exclusively on cybersecurity strategy, compliance, and risk mitigation.RITC provides services including penetration testing, security framework analysis, SOC 2 audit preparation, HIPAA and PCI compliance consulting, and virtual CISO (vCISO) services. Rather than hands-on IT implementation, Mike and his team specialize in advisory, governance, and security architecture—helping organizations build secure systems from the inside out.With decades of experience in cybersecurity dating back to the 1990s, Mike works with organizations to prevent breaches, reduce liability, and strengthen internal defenses against evolving cyber threats.TakeawaysBeing in the cloud does not mean you're secure.Most breaches start with users—not firewalls.Cybercriminals operate like corporations, with R&D and strategy teams.Phishing and business email compromise (BEC) are still the top threats.Shared logins and admin access for everyday users create major vulnerabilities.Remote work requires secured routers, patched systems, and enforced device standards.“Quishing” (QR code phishing) is an emerging attack vector.AI tools can create data leakage risks if policies aren't in place.Personally identifiable information (PII) exposure can financially destroy small companies.Cybersecurity training is the most effective prevention strategy.Chapters00:00 Introduction to Mike Rotondo 00:28 What RITC Cybersecurity Does 01:31 Why Businesses Are More Vulnerable Than They Think 03:01 How Cybercriminals Actually Operate 04:10 Real-World Impact of Phishing Attacks 06:30 Building Strong Cyber Defenses 07:57 Remote Work Security Risks 09:42 QR Code Phishing (“Quishing”) 10:45 Why Cybersecurity Feels Overwhelming 11:05 The Importance of Employee Training 12:26 AI's Role in Cybersecurity Threats 14:53 AI Server Vulnerabilities 15:15 How Marketers Should Approach AI Security 17:08 Data Leakage and PII Risks 18:31 The Financial Fallout of a Breach 19:08 The Ciphered Reality PodcastLinkedInFollow Mike on LinkedIn Follow Vince on LinkedIn

Ray O'Leary joins Dan, James and Andy to discuss Rousseau, rays, receptionists and remarkable royalties. Visit nosuchthingasafish.com for news about live shows, merchandise and more episodes. Join Club Fish for ad-free episodes and exclusive bonus content at apple.co/nosuchthingasafish or nosuchthingasafish.com/patreonGet an exclusive 15% discount on Saily data plans! Use code [fish] at checkout. Download Saily app or go to https://saily.com/fish

So you sent recipient statements to your vendors for Tax Year 2025 – and some came back.  Here is how to handle them to reduce penalties from the IRS. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in iOS/iPadOS https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the evolving landscape of cybersecurity training, particularly in light of generative AI and the limitations of traditional phishing simulations. They argue that expecting employees to outsmart sophisticated cybercriminals is unrealistic and emphasize the need for a robust security architecture that assumes clicks will happen. The conversation then shifts to recent updates regarding Microsoft Intune Suite, including pricing changes and new features, highlighting the importance of adapting to the changing cybersecurity environment.----------------------------------------------------YouTube Video Link: ⁠https://youtu.be/KzT_wOyC4-w⁠----------------------------------------------------Documentation:https://www.linkedin.com/posts/james-haynes_im-going-to-say-something-that-might-get-activity-7417944035304079360-s1D_/https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Ken Johnson and Seth Law examine the intensifying pressure on security practitioners as AI-driven development causes an unprecedented acceleration in industry velocity. A primary theme is the emergence of "shadow AI," where developers utilize unauthorized AI coding assistants and personal agents, introducing significant data classification risks and supply chain vulnerabilities. The discussion dives into technical concepts like AI agent "skills"—markdown files providing specialized directions—and the corresponding security risks found in new skill registries, such as malicious tools designed to exfiltrate credentials and crypto assets. The hosts also review 1Password's SCAM (Security Comprehension Awareness Measure), highlighting broad performance gaps in an AI's ability to detect phishing, with some models failing up to 65% of the time. To manage these unpredictable systems, the hosts advocate for a shift toward high-level validation roles, emphasizing the need for Subject Matter Expertise to combat "reasoning drift" and maintain safety through test-driven development and periodic "checkpoints". Ultimately, they conclude that while AI can simulate expertise, human oversight remains vital to secure the probabilistic nature of modern agentic workflows.

Global leaders call for collaboration at the Munich Cyber Security Conference. Phishing campaigns exploit fake video conference invitations. Italian authorities say cyber attacks on the Winter Olympics have met overall mitigation. AI reshapes the economics of ransomware attacks. CISA tags a critical Microsoft Configuration Manager vulnerability. Foxveil is a new malware loader targeting legitimate platforms. Researchers examine macOS infostealers. California fines Disney $2.75 million for violating the Consumer Privacy Act. Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes preview their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. When pull requests get personal. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Maria Varmazis, host of T-Minus space daily and CyberWire Producer Liz Stokes as they share  their coverage of the NATO Cyber Coalition 2025 Cyber Exercise in Tallinn, Estonia. Selected Reading US wants cyber partnerships to send ‘coordinated, strategic message' to adversaries (The Record)  Europe must adapt to ‘permanent' cyber and hybrid threats, Sweden warns (The Record)  Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures (Netskope) Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage (Intel 471) How AI is and is Not Changing Ransomware (Halcyon) CISA flags critical Microsoft SCCM flaw as exploited in attacks (Bleeping Computer) Foxveil malware loader abuses Discord, Cloudflare, Netlify for staging (SC Media) AMOS infostealer targets macOS through a popular AI app (Bleeping Computer) California fines Disney $2.75 million for data privacy violations (The Record) An AI Agent Published a Hit Piece on Me (The Shamblog) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Cybersecurity Today with host Jim Love, we discuss six critical exploited Microsoft vulnerabilities, new phishing tactics using your own servers, and a zero-click vulnerability in Claude's code desktop extensions. We also explore trends in modern romance scams highlighting the younger, tech-savvy adult targets. Tune in for expert insights and practical tips to stay secure. Special thanks to Meter for their support. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:45 Microsoft Vulnerabilities: A Growing Concern 02:38 Phishing Attacks Using Your Own Servers 04:16 Zero-Click Vulnerability in Claude AI 06:25 Romance Scams: Not Just Targeting the Elderly 09:14 Conclusion and Weekend Edition Teaser

At ITEXPO / MSP EXPO, Zack Schwartz, Vice President of Strategic Partnerships at Trustifi, joined Doug Green to discuss a critical but often overlooked reality: while AI dominates headlines, email remains the primary attack vector for cybercrime. Trustifi delivers a full-suite email security platform purpose-built for MSPs, enabling easy deployment, centralized management, and advanced protection against next-generation AI-driven phishing attacks. Schwartz emphasized that over 91% of cyberattacks still originate from inbound email—and the sophistication of those attacks has grown dramatically with AI tools. “Cyber criminals are leveraging AI to create extremely nuanced attacks,” he explained. Trustifi addresses this by combining high-efficacy inbound phishing detection with innovative AI-driven training tools. One standout feature allows MSPs to convert a real phishing attack into customized security awareness training, generating targeted video content based on an incident that actually occurred within a customer's environment. A key differentiator is Trustifi's “journal-only mode,” which allows MSPs to deploy the platform without interrupting live email flow. The system produces a full report showing how Trustifi would have responded to threats, creating what Schwartz described as a powerful “aha moment” for customers. According to Trustifi, this approach converts over 80% of opportunities and requires only minutes to set up—at no cost to the partner or end client. Beyond inbound threats, Trustifi also addresses outbound risk and compliance requirements, including HIPAA, PCI, GDPR, and broader data loss prevention (DLP) concerns. Many organizations underestimate how much sensitive information leaves their network via email. “It's a big issue of not knowing what you don't know,” Schwartz said, highlighting how classification and encryption tools expose hidden vulnerabilities. With no minimum requirements, free NFR licenses for MSPs, and strong momentum away from legacy email gateways, Trustifi is positioning itself as a high-margin opportunity within the channel. The message to MSPs: start internally, see the exposure firsthand, and then extend protection across your customer base. Visit https://trustifi.com/

In this episode from the Inch360 Conference, cybersecurity expert Heather Stratford explores how AI is revolutionizing phishing attacks and social engineering tactics. She breaks down the rapid adoption of AI—with ChatGPT reaching 100 million users in just two months—and explains how criminals are weaponizing machine learning, deep learning, and natural language processing to create highly personalized, sophisticated attacks.Stratford examines real-world breaches including the MGM hack and a $25 million deepfake Zoom scam, demonstrating how attackers combine voice impersonation, social engineering, and AI-generated content to bypass traditional security measures. She reveals the shocking accessibility of cybercrime tools, with AI-powered phishing kits available for just $20.The episode emphasizes that once-a-year security training is no longer sufficient. Stratford advocates for weekly micro-learning sessions, monthly phishing simulations, and role-specific training—especially for executives, accounting teams, and anyone with financial access. She stresses that while technology defenses are important, the human element remains the most vulnerable layer, making continuous employee education critical in the AI-driven threat landscape. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

What separates organizations that successfully fend off ransomware from those that don't? What were the top threats facing organizations? Can we (pretty please) get a sneak peek into the 2025 Year in Review?Amy is joined by Dave Liebenberg, Strategic Analysis Team Lead, to break down key findings from Q4 2025's Cisco Talos Incident Response Quarterly Trends Report. From the top threats facing organizations — like the persistent exploitation of public-facing applications and the rise of new vulnerabilities such as Oracle EBS and React2Shell — to the unexpected drop in ransomware cases, this episode is packed with useful info. Episode resources:Q4 2025 Quarterly Trends Report: https://blog.talosintelligence.com/ir-trends-q4-2025/Qilin blog: https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/Cybersecurity on a Budget blog: https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for-an-economic-downturn/

If you paid foreign vendors reportable income in TY 2025 and want to file the 1042-S forms using one of the two IRS free e-Filing tools – this episode will break down three differences between the FIRE and IRIS that might make your decision easier. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS IRIS Page: https://www.irs.gov/filing/e-file-information-returns-with-iris IRS FIRE Page:  https://www.irs.gov/e-file-providers/filing-information-returns-electronically-fire IRS Modernized eFile: https://www.irs.gov/e-file-providers/modernized-e-file-program-information Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Got a question or comment? Message us here!Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it's surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Quick Howto: Extract URLs from RTF files https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692 German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3 Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731 https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 Fortinet FortiClientEMS SQLi in the administrative interface https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the evolving landscape of cybersecurity training, particularly in light of generative AI and the limitations of traditional phishing simulations. They argue that expecting employees to outsmart sophisticated cybercriminals is unrealistic and emphasize the need for a robust security architecture that assumes clicks will happen. The conversation then shifts to recent updates regarding Microsoft Intune Suite, including pricing changes and new features, highlighting the importance of adapting to the changing cybersecurity environment.----------------------------------------------------YouTube Video Link: https://youtu.be/KzT_wOyC4-w----------------------------------------------------Documentation:https://www.linkedin.com/posts/james-haynes_im-going-to-say-something-that-might-get-activity-7417944035304079360-s1D_/https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Phishing simulations are one of the most debated tools in cybersecurity awareness, but do they actually work?In today's episode, we're joined by David Shipley, former soldier turned cybersecurity researcher and founder of Beauceron Security, to unpack what the data really says about phishing simulations, human behavior, and why zero clicks has never been, and will never be, the goal.

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves. What You'll Learn:Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally dropsHow ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional securityReal-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immuneThe privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recordingWhether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations todayFrom training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online.#phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation 

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail's web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: ⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices

Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit called InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail's web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: ⁠⁠⁠InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices

Broken Phishing URLs https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/ n8n command injection vulnerability https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 Android February Update https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en Watchguard Firebox LDAP Injection https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

Congrats!  You made the deadline for sending 1099-NEC and 1099-MISC recipient statements to your vendors and the related IRS tax filing deadline for the 1099-NEC.  Then your phone starts ringing with vendors, and now you have corrections to what you reported.  Or your organization has multiple entities and you realized income was reported for vendors using the wrong organization.  Or that file in IRIS or FIRE has an error status…. Now what? Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Publications: IRIS:  Publication 5717 (Rev. 1-2026) https://www.irs.gov/pub/irs-pdf/p5717.pdfFIRE: Publication 1220 (Rev. 9-2025) https://www.irs.gov/pub/irs-pdf/p1220.pdfFIRE (1042-S):  Publication 1187 (Rev. 9-2025) https://www.irs.gov/pub/irs-pdf/p1187.pdfIRS Page:  Information Return Penalty Chart https://www.irs.gov/payments/information-return-penalties Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss how attackers are increasingly abusing legitimate, trusted Microsoft workflows to make phishing campaigns more convincing and harder to spot. In device code phishing, victims are socially engineered into completing a real Microsoft OAuth login flow, inadvertently granting attackers valid access tokens without ever sharing a password. They also examined abuse of Microsoft 365 Direct Send, which allows threat actors to send phishing emails that appear to originate from inside an organization, reinforcing a broader shift toward weaponizing built-in cloud services rather than relying on obviously malicious infrastructure.

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss how attackers are increasingly abusing legitimate, trusted Microsoft workflows to make phishing campaigns more convincing and harder to spot. In device code phishing, victims are socially engineered into completing a real Microsoft OAuth login flow, inadvertently granting attackers valid access tokens without ever sharing a password. They also examined abuse of Microsoft 365 Direct Send, which allows threat actors to send phishing emails that appear to originate from inside an organization, reinforcing a broader shift toward weaponizing built-in cloud services rather than relying on obviously malicious infrastructure.

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

In this episode of Cybersecurity Today, host Jim Love welcomes David Shipley, CEO of Beauceron Security, as a guest. Together, they delve into the latest research from Beauceron  Security with assistance from he University of Montreal. They discuss the effectiveness of phishing simulations, the importance of reporting suspicious activities, and the psychological factors that lead to clicking on phishing emails. The episode also highlights the surprising advantages small businesses have over larger organizations in phishing defense, and how management's attitude towards cybersecurity significantly impacts a company's overall security culture. Don't miss this thorough, insightful conversation that will change how you think about cybersecurity training and culture! Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:19 Meet the Guest: David Shipley 01:46 David's Research with University of Montreal 02:17 Phishing Simulation Training Insights 03:16 The Importance of Real Research 04:30 Human Risk Management vs. Security Awareness 05:49 Understanding Phishing and Its Impact 11:10 The Role of Technology and Human Resilience 14:34 Effective Phishing Training Strategies 19:02 Analyzing Click Behavior and Reporting 27:17 Why People Click: Survey Insights 36:07 High Click Rates and Psychological Safety 38:13 Management's Role in Cybersecurity Culture 39:29 Impact of Tenure and Compensation on Click Rates 40:58 The Importance of Security Awareness Programs 43:35 Feedback and Reporting in Cybersecurity 54:12 Small Companies vs. Large Companies in Cybersecurity 56:44 Surprising Findings and Future Directions 01:02:12 Conclusion and Report Availability

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech. In our latest episode, we share advice on how to avoid phishing scams. We discuss: Phishing scams in text messages and email Common scams you might encounter What not to do when you get a suspicious text message PCT resources for how to identify scams and social engineering Listen here: https://personcenteredtech.com/group/podcast/ For more, visit our website.

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing didn't get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

professorjrod@gmail.comData protection didn't fail because encryption was weak; it faltered when trust was broken. In this episode of Technology Tap: CompTIA Study Guide, we explore how scattered systems, third-party vendors, and cloud replication complicate the question, “Where is our data right now?” We discuss why the true solution starts with people, not just technology. Whether you're a professor leading a study group, an IT professional preparing for your CompTIA exam, or anyone invested in IT skills development, this episode offers a practical map to not just pass tech exams but to uphold your promises in data security. Tune in for expert insights on technology education and effective tech exam prep strategies.We break down the crucial difference between data types and classifications, showing why labels don't override laws and how sensitivity should drive controls. You'll hear how data inventories, retention policies, and deletion-by-default strategies reduce both breach blast radius and legal exposure. We get specific about data states—at rest, in motion, in use—and the matching controls that actually hold up under pressure. Then we confront data sovereignty: how cross‑region replicas can quietly violate GDPR and how region‑restricted storage, geofencing, and vendor due diligence keep you on the right side of the border and the law.Privacy takes center stage as we clarify the roles of data subject, controller, and processor, and why documentation beats intention when regulators come calling. We outline what changes when a privacy breach occurs: tight timelines, mandated notifications, and the high cost of silence. Finally, we center the human layer with policies that guide behavior—acceptable use, social media, BYOD, clean desk—and an awareness training lifecycle that adapts to roles and evolving threats. Phishing drills, password hygiene, insider threat cues, and speak‑up culture turn security from slides into habits that stick.If this helped you think differently about compliance, data governance, and human risk, follow the show, share it with a teammate, and leave a quick review telling us which control you'll strengthen first. Your feedback helps more listeners protect what matters most.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

What do you do if it's getting down to the wire to be in compliance with the IRS deadlines for sending vendors their 1099-NEC or 1099-MISC or filing both with the IRS, and you know you are going to be late.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Extension Form:  Form 8809, Application for Extension of Time to File Information Returns  https://www.irs.gov/forms-pubs/about-form-8809IRS Extension Form:  Form 15397 Application For Extension of Time to Furnish Recipient Statements  https://www.irs.gov/forms-pubs/extension-of-time-to-furnish-statements-to-recipientsIRS Page:  Information Return Penalty Charthttps://www.irs.gov/payments/information-return-penalties Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Indignación por nuevo caso de maltrato animal en Naucalpan Dos detenidos por descarrilamiento del Tren Interoceánico: Sheinbaum  Sheinbaum y Trump dialogan sobre frontera, narcotráfico y comercioMás información en nuestro podcast  

Each week, the leading journalists in legal tech choose their top stories of the week to discuss with our other panelists.   00:00 Introductions 2:56 Law firm Phishing over christmas (Selected by Joe Patrice) 11:18 How much do legal leaders trust artificial intelligence in high-stakes decisions? New study sheds light (Selected by Victor Li) 18:06 Are mandatory hyperlinks a solution to the lawyers' hallucination problems? (Selected by Stephen Embry) 30:01 LawNext: From Roommates to Billionaires: Harvey's Founders Gabriel Pereyra and Winston Weinberg on Building AI Infrastructure for Law (Selected by Bob Ambrogi) 39:44 OpenAI wants your IP (Selected by Joe Patrice) 49:38 Alexi Fires Back at Fastcase Lawsuit with Counterclaims Alleging Anticompetitive Conduct Following Clio's $1B Acquisition (Selected by Bob Ambrogi)

Don't forget to still do your tax reporting research at the State level, even if that State participates in the Combined Federal/State Filing (CF/SF) Program.  For two reasons you still need to check and a process to do it….Keep listening.Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Publication 1220: Specifications for Electronic Filing of Forms 1097, 1098, 1099, 3921, 3922, 5498,IRS Publication 5717: Information Returns Intake System (IRIS) Taxpayer Portal User Guide Vendor Process Training Center > Resource Library: State Sites for Business/Tax ResearchCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

My head is starting to hurt as clients, subscribers and others reach out to ask about the impact of the IRS draft form W-9.  More and more questions are arising and I have 5 that you should start thinking about….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Form W-9:  https://www.irs.gov/pub/irs-pdf/fw9.pdf Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com 

This week in Bitcoin and global current events:SAYLOR VS KNOWLESWhat Bitcoin Did Got HOT When Saylor Couldn't Handle a Basic Question - Is Saylor Cooked?

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 FBI Warns of QR Code Phishing 04:44 Europol's Major Crackdown on Black Acts 07:11 Uncertainty Over Ransomware Alerts Program 09:41 US Withdraws from Cybersecurity Organizations 10:25 Conclusion and Final Thoughts

On this episode of the Power Up Wealth podcast, James Derrick sits down with Brandi Romero to share practical steps to protect your personal information and clean up your inbox. They discuss why it only takes one click to cause major damage, how decluttering your email helps you spot threats faster, and the biggest red flags to watch for—urgency, odd language, suspicious links, and sender addresses that don't match.Their top advice: slow down, hover before you click, never trust links you weren't expecting, and when in doubt, go directly to the source or pick up the phone. A cleaner inbox and a cautious approach can go a long way in keeping your financial life secure. 

A phishing campaign with QR codes rendered using an HTML table Phishing emails are bypassing filters by encoding QR codes as HTML tables. https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606 n8n vulnerabilities In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for. https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg Power bank feature creep is out of control Simple power banks are increasingly equipped with advanced features, including networking, which may expose them to security risks. https://www.theverge.com/tech/856225/power-banks-are-the-latest-victims-of-feature-creep

In the digital modern age, how can we protect our data from falling into the hands of scammers? This week on the Justice Team Podcast, Bob sits down with the Simon Law Group's CTO (that is, Chief Technology Officer), Matt Rhoads! Join us to hear how he protects and educates his law firm on the dangers of phishing, and the safety steps that you can take as well. And remember: ANYONE can fall victim to a scam. If you enjoy this video, like, subscribe, and share with a friend! This episode is brought to you by CallRail, a powerful lead engagement platform that helps law firms understand which campaigns are driving inbound leads—whether it's calls, texts, forms, or chats. Visit callrail.com/jtn for more! Attorney Share lets you track your co-counsel cases with automation, and turn cases you can't take into revenue for your firm with the public marketplace. You can sign up now for a free account at www.attorneyshare.com. Justice HQ community subscriptions are open to all starting at $20 a month. Go to www.justicehq.com or download the mobile app today! Have a legal need or question? Call our law firm, the Justice Team at 844-THE-TEAM, or visit justiceteam.com!

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017.

Our digital lives are under attack from every direction. Cyber Crisis author Eric Cole breaks down the threats and shows how to stay one step ahead!Full show notes and resources can be found here: jordanharbinger.com/1247What We Discuss with Dr. Eric Cole:Cyberattacks now happen constantly as AI automates phishing and vulnerability scanning against individuals, small businesses, and major institutions.Criminal operations abroad run like full corporations — thousands of employees, millions in revenue, and no risk of prosecution due to weak or nonexistent extradition.Critical infrastructure often uses outdated, insecure systems, allowing adversaries inside power grids and networks long before an attack becomes visible.Devices, apps, and "free" tools routinely track conversations and behavior — even smart speakers have been used as evidence after recording private moments.You can dramatically reduce your risk by treating security like investing: assess the benefit vs. the exposure, minimize downside, and adopt simple, deliberate habits.And much more...And if you're still game to support us, please leave a review here — even one sentence helps! Sign up for Six-Minute Networking — our free networking and relationship development mini course — at jordanharbinger.com/course!Subscribe to our once-a-week Wee Bit Wiser newsletter today and start filling your Wednesdays with wisdom!Do you even Reddit, bro? Join us at r/JordanHarbinger!This Episode Is Brought To You By Our Fine Sponsors: Momentous: 20% off first order: livemomentous.com, code JORDAN20Signos: $10 off select programs: signos.com, code JORDANFactor: 50% off first box: factormeals.com/jordan50off, code JORDAN50OFFProgressive Insurance: Free online quote: progressive.comHomes.com: Find your home: homes.comSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.