Podcasts about Phishing

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how […] The post Are Phishing Simulations Still Worth It? appeared first on Shared Security Podcast.

At WHX Tech, cybersecurity expert Dr Leila Taghizade, Group Head of Cyber Risk Management / CISO IberoLatAm at Allianz, breaks down what every individual—and every hospital—should know about protecting themselves in 2025. From the basics of stronger passwords and two-factor authentication to the risks of free apps and third-party tools, she explains in clear terms why “there's no such thing as free lunch” in cybersecurity. Leila also highlights the dangers of phishing, the vulnerability of medical devices, and how AI both helps defenders and lowers the cost of attacks. Show Notes 00:00 – Introduction: why cybersecurity basics matter in 2025 00:30 – Strong passwords, two-factor authentication, limiting app permissions 02:00 – Giving apps only the access they really need 03:00 – Cybersecurity in healthcare: medical devices as weak links 04:30 – Default passwords and firmware updates as major risks 05:30 – Phishing: why reporting is critical for protection 07:00 – Everyday cyber hygiene: logging out, password managers 08:30 – AI's impact on cybersecurity: lowering cost of attacks, improving defense 10:00 – The risks of free apps and third-party tools 11:00 – Data leaks and how AI tools may unintentionally share information 12:30 – AI as a double-edged sword: prevention vs. risk 14:00 – Final advice: caution doesn't mean fear, but informed use www.facesofdigitalhealth.com Newsletter: https://fodh.substack.com/

We're doing the ransomware thing again - checking on the folks at Jaguar Land Rover, plus what may be a ransomware attack at Japanese brewery Asahi. Then - why isn't the anti-phishing training at your work working? UC San Diego has some thoughts. All of that plus tiny updates from Apple on this edition of The Checklist, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

Many automation software platforms including email to invoicing have artificial intelligence embedded in them.  You may not think that email or invoicing software can help fight fraud in the vendor process, but yes they can and here's how...  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Free Download:  5 Steps to Improve Your Vendor Callback Process https://training.debrarrichardson.com/confirmationGet the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Recent studies have shown how AI Agents have expanded the attack surface for federal agencies.   Today, we sit down with three leaders who demonstrate why fundamentals, such as visibility, inventory, runtime, and least-permissive access control, will be more critical than ever.   Rob Roser from Idaho National Labs looks at the proliferation of API in the past decade.  Although they facilitate communication, they can also give a path to attackers. He notes that today's attackers are interested in much more than money, the seek intellectual property that can compromise American security.   Phishing and security training are good starting points, but developers must learn what tools to use to be able to use AI an appropriate manner.   Where to start?  Steven Ringo from Akamai give four key points for handling the drastic increase in data generated by AI   ·       One: Discovery -  build an API inventory  ·       Two: Posture – implement policies that can control the APIs ·       Three: Run Time protection - design how to alert and take action to block ·       Four:  Active testing prevention that is continuous   The webinar underscored the urgency of integrating API security into comprehensive cybersecurity strategies and recommends programs to test and validate APIs before production deployment.

As artificial intelligence reshapes workplaces and business strategies, firms increasingly depend on AI providers, making AI a tool of geopolitical influence. We'll discuss the impact across industries, as digital currencies affect monetary control and cyber threats challenge operational resilience. Host: William Foster, Senior Vice President, Sovereign Risk Group, Moody's Ratings Guests: Vincent Gusdorf, Associate Managing Director, Digital Finance and AI Analytics, Moody's Ratings; Leroy Terrelonge, Vice President-Analyst, Cyber Credit Risk, Moody's Ratings  Related research:Artificial Intelligence – Global – Nations push for AI sovereignty to capture economic, geopolitical gains 30 September 2025 Sovereigns - Global – Digital currency growth, inconsistent regulation amplify countries' financial risks 25 September 2025Artificial Intelligence – Corporates – Pace of AI advances, regional disparities will steer credit trends across industries 23 September 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Gli attacchi informatici non sempre sfruttano falle tecnologiche: spesso il vero bug è tra lo schermo e la sedia… l'utente! In questo video parliamo del caso dei 160.000 documenti rubati dagli hotel e messi in vendita sul dark web. Un esempio concreto di come password deboli, cattiva gestione dei dati e poca formazione possano aprire le porte ai cybercriminali.Tutti i miei link: https://linktr.ee/br1brownFonti:In vendita documenti di identità trafugati da hotel italiani – CERT-AGIDHacker rubano migliaia di documenti dagli alberghi e li mettono in vendita nel dark webItaly: Nearly 100,000 ID scans from hotel guests found on dark web | Biometric Update160.000 documenti rubati. - GarantePiracy - Christian Bernieri (fucking good) DPO.TELEGRAM - INSTAGRAMSe ti va supportami https://it.tipeee.com/br1brown

Die Themen von Lisa und Matthis am 30.09.25: (00:00:00) Wahlpanne: Warum eine Siegerin bei der Kommunalwahl in NRW jetzt doch keine ist. (00:01:39) Nahost-Krieg: Was in Trumps Friedensplan für den Gaza-Streifen steht und was das für die Palästinenser:innen bedeuten könnte. (00:07:17) Cannabis-Bericht: Wie die Teil-Legalisierung den Cannabis-Konsum beeinflusst hat und ob der Schwarzmarkt dadurch wirklich bekämpft wird. (00:13:34) Phishing: Vor allem die Gen Z fällt offenbar auf die Online-Betrugsmasche rein. Wie wir Phishing erkennen können. Hier findet ihr den Phishing-Radar der Verbraucherzentrale: https://www.verbraucherzentrale.de/wissen/digitale-welt/phishingradar/phishingradar-aktuelle-warnungen-6059 Habt ihr Fragen oder Feedback? Schickt uns gerne eine Sprachnachricht an 0151 15071635 oder schreibt uns an 0630@wdr.de – und kommt gern in unseren WhatsApp-Channel: https://1.ard.de/0630-bei-Whatsapp Von 0630.

Referências do EpisódioWEBINAR Black Friday: Cibersegurança pra além do básico, sem esquecer o básicoSilent Smishing : The Hidden Abuse of Cellular Router APIsInside the Router: How I Accessed Industrial Routers and Reported the FlawsCVE-2023-43261 - PoCCISA Adds Five Known Exploited Vulnerabilities to CatalogCVE-2025-32463Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

If you are in this age group (or not) and looking for a job…..Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     VMF Tip of the Week Video:  Is It A Scam? The BBB Scam Tracker May Be Able to Tell You https://youtu.be/y_d6QVlqcSYBBB Scam Tracker: https://www.bbb.org/scamtrackerBBB Scam HQ:  https://www.bbb.org/all/scamtips BBB New Scam Alert Emails (Sign-Up):  https://signup.e2ma.net/signup/1900156/1902645/Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Big thanks to ‪@radware‬ for sponsoring this video. // Pascal Geenens' SOCIAL // LinkedIn: / Website: https://www.radware.com/ // Report REFERENCE // Internet of Agents: The Next Threat Surface: https://www.radware.com/pleaseregiste... ShadowLeak: https://www.radware.com/blog/threat-i... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:45 - Intro 01:15 - Pascals Take on AI and Cybersecurity 05:15 - Security First AI Implementation 06:49 - How Hackers use AI 11:10 - What is an Internet of Agents? 15:43 - The Security Threat of Internet Agents 20:08 - Prompt Injection 26:26 - Indirect Prompt Injection 31:51 - How Hackers can Find your Information 39:46 - What is Vibe Hacking? 43:22 - How to Fight Against Vibe Hacking? 44:46 - Can Young People get into Cyber? 46:50 - Malicious GPTs (Xanthorox) 51:20 - How to Protect yourself (Xbow) 57:31 - Radware's Solution 01:00:12 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #agenticai #radware #llm

La quarta puntata della settima stagione del Late Tech Show!

➡ Stay Ahead of Cyber Threats with AI-Driven Vulnerability Management with Maze:https://mazehq.com/ In this conversation, I speak with Harry about how AI is transforming vulnerability management and application security. We explore how modern approaches can move beyond endless reports and generic fixes, toward real context-aware workflows that actually empower developers and security teams. We talk about: The Real Problem in Vulnerability ManagementWhy remediation—not just prioritization—remains the toughest challenge, and how AI can help bridge the gap between vulnerabilities and the developers who need to fix them. Context, Ownership, and VelocityHow linking vulnerabilities to the right applications and teams inside their daily tools (like GitHub) reduces friction, speeds up patching, and improves security without slowing developers down. AI Agents and the Future of SecurityWhy we should think of AI agents as “extra eyes and hands,” and how they’re reshaping everything from threat detection to system design, phishing campaigns, and organizational defense models. Attackers Move FirstHow attackers are already building unified world models of their targets using AI, and why defenders need to match (or exceed) this intelligence to stay ahead. From Days to MinutesWhy the tolerance for vulnerability windows is shrinking fast, and how automation and AI are pushing us toward a future where hours—or even minutes—make the difference. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Welcome and Harry’s Background01:07 – The Real Problem: Remediation vs. Prioritization04:31 – Breaking Down Vulnerability Context and Threat Intel05:46 – Connecting Vulnerabilities to Developers and Workflows08:01 – Why Traditional Vulnerability Management Fails10:29 – Startup Lessons and The State of AI Agents13:26 – DARPA’s AI Cybersecurity Competition14:29 – System Design: Deterministic Code vs. AI16:05 – How the Product Works and Data Sources18:01 – AI as “Extra Eyes and Hands” in Security20:20 – Breaking Barriers: Rethinking Scale with AI23:22 – Building World Models for Defense (and Attack)25:22 – Attackers Move Faster: Why Context Matters27:04 – Phishing at Scale with AI Agents31:24 – Shrinking Windows of Vulnerability: From Days to Minutes32:47 – What’s Next for Harry’s Work34:13 – Closing ThoughtsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Jeremy Clarkson hacked https://www.thesun.co.uk/news/36577873/jeremy-clarkson-farmers-dog-pub-computer-hackers/ https://www.ladbible.com/entertainment/celebrity/jeremy-clarkson-farmers-dog-pub-hacked-27000-002780-20250907   AI-powered phishing confusion https://malwr-analysis.com/2025/08/24/phishing-emails-are-now-aimed-at-users-and-ai-defenses/   Rise of Linux Desktop malware https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery https://www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/   Companies experiment with replacing humans with AI https://www.wsj.com/articles/taco-bell-rethinks-future-of-voice-ai-at-the-drive-through-72990b5a  https://www.miaminewtimes.com/news/la-quinta-investigating-miamis-viral-remote-receptionist-23748941  https://www.ambscallcenter.com/blog/remote-receptionist-guide   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/ Daren - https://www.linkedin.com/in/daren-schneider/

Cárteles incorporaron a su estructura el uso de IA, les permite llegar a potenciales víctimas, eludir riesgos e incrementar ganancias, advierten expertos. Capítulos 00:20 - Ejemplos de delitos con IA 01:28 - Imágenes y videos con IA para extorsionar 02:27 - Phishing con IA

I asked ChatGPT what vendor onboarding professionals have been searching for in the past week – and one of the blaring results was how to onboard vendors faster.  I have five tips to speed up the vendor process….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Vendor Process Training Center:  AVM Vendor Toolkit (Substitute Forms, Vendor Banking Form)Vendor Banking Form (Separate Purchase):  https://debrarrichardson.com/store/vendor-banking-form-template Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com 

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI's cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek's full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt's cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Why You Need Phishing-Resistant Authentication NOW. The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be. https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290 S1ngularity/nx Attackers Strike Again A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories. https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again ChatGPT s Calendar Integration Can Be Exploited to Steal Emails ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP. https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/

House lawmakers move to extend two key cyber programs Apple 0-day likely used in spy attacks affected older devices Reuters crafts phishing scam with AI chatbot help Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io.

Apple Updates Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities. https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286 Microsoft End of Life October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end. https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011. https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605 Phishing Targeting Rust Developers Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week. https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064 Samsung Patches 0-Day Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day. https://security.samsungmobile.com/securityUpdate.smsb

The U.S. and China close in on a TikTok deal during Madrid trade talks. The Charlie Kirk shooting suspect is not cooperating with authorities, according to Utah's Governor.   A new Reuters investigation reveals that AI chatbots can be easily manipulated to help create phishing scams targeting elderly Americans. And The Pitt, The Studio and Adolescence win big at the Emmys. Sign up for the Reuters Econ World newsletter here. Listen to the Reuters Econ World podcast here. Find the Recommended Read here. Visit the Thomson Reuters Privacy Statement for information on our privacy and data protection practices. You may also visit megaphone.fm/adchoices to opt out of targeted advertising. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Identity at the Center podcast, Jeff and Jim discuss various aspects of identity access management (IAM) policies and the importance of having a solid foundation. They emphasize the need for automation, controls, and how IAM policies should be created without technology limitations in mind. The discussion also covers the implementation challenges and the evolving concept of identity verification. Jeff, Jim, and their guest, Nishant Kaushik, the new CTO at the FIDO Alliance, also delve into the issues surrounding the adoption of passkeys, highlighted by Rusty Deaton's IDPro article, and address some common concerns about their security. Nishant offers insights into ongoing work at FIDO Alliance, the potential of digital identity, and the importance of community in the identity sector. The episode concludes with mentions of upcoming conferences and an homage to the late identity expert, Andrew Nash.Timestamps00:00 Introduction and Greetings00:18 Importance of IAM Policies01:36 Challenges in Policy Implementation05:09 Conferences and Discount Codes07:59 Introducing the Guest: Nishant Kaushik08:42 The Role of the FIDO Alliance and Digital Identity10:35 Concerns and Solutions for Passkeys22:21 Final Thoughts on Passkeys and Authentication29:48 Credential Security Concerns30:03 FIDO Members and Their Contributions30:38 Getting Involved in Working Groups31:58 Conversations at Authenticate Conference32:29 Evolution of the Authenticate Conference34:32 Automotive Authentication Challenges36:04 Community and Collaboration38:33 Remembering Andrew Nash41:41 Lightning Round: Current State of AI and Identity44:21 Decentralized Identity: Current Trends49:47 Non-Human Identity: Future Perspectives52:19 New York Sports Fandom54:33 Conclusion and Upcoming EventsConnect with Nishant: https://www.linkedin.com/in/nishantkaushik/Learn more about the FIDO Alliance: https://fidoalliance.org/IDPro Article by Rusty Deaton: https://idpro.org/blackhat-and-def-con-2025-thoughts/Kill the Wallet? Rethinking the Metaphors Behind Digital Identity by Heather Flanagan: https://sphericalcowconsulting.com/2025/07/22/digital-wallet-metaphor/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A high-profile phishing incident has resulted in the compromise of several widely-used JavaScript packages on npm, after a developer known as "Qix" inadvertently clicked a malicious link from a fake support email.Multiple undersea cable cuts in the Red Sea have led to degraded internet connectivity across the Middle East and South Asia, affecting key infrastructure and cloud services.North Korean-aligned threat actors operating under the Contagious Interview campaign have been systematically abusing cyber threat intelligence (CTI) platforms to monitor exposure of their own infrastructure and scout for new assets.Researchers from Ontinue have detailed a sophisticated phishing campaign leveraging the Salty2FA phishing kit - a framework that reflects how cybercriminal tooling is increasingly mimicking enterprise-grade software in terms of design, capability, and operational maturity.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Guest: Cy Khormaee, CEO, AegisAI Ryan Luo, CTO, AegisAI Topics: What is the state of email security in 2025? Why start an email security company now? Is it true that there are new and accelerating AI threats to email? It sounds cliche, but do you really have to use good AI to fight bad AI? What did you learn from your time fighting abuse at scale at Google that is helping you now How do you see the future of email security and what role will AI play? Resources: aegisai.ai  EP40 2021: Phishing is Solved? EP41 Beyond Phishing: Email Security Isn't Solved EP28 Tales from the Trenches: Using AI for Gmail Security EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents  

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Do you have a non-vendor team member performing the confirmation call?  I don't recommend that certain steps are put into place to reduce the potential for both internal and external fraud.  What are they?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Get the Vendor Callback Confirmation Toolkit(TM) Today: https://training.debrarrichardson.com/course/callback-confirmation-toolkitCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices. 00:00 Introduction and Headlines 00:24 Phishing Scam via iCloud Calendar Invites 03:18 US Department of Defense Livestream Vulnerabilities 05:53 Critical Android Zero-Day Vulnerabilities 07:38 US Bounty on Russian FSB Hackers 09:42 Conclusion and Contact Information

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microsoft's Direct Send feature. Plex warns users of a data breach.  Researchers flag a surge in scans targeting Cisco ASA devices. CISA delays finalizing its incident reporting rule. The GAO says federal cyber workforce figures are incomplete and unreliable. Our guest is Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security, discussing cybersecurity education going back to school. AI earns its own Darwin awards.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kevin Magee, Global Director of Cybersecurity Startups at Microsoft Security discussing cybersecurity education going back to school. Selected Reading Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (Bleeping Computer) Open Source Community Thwarts Massive npm Supply Chain Attack (Infosecurity Magazine) US sanctions companies behind cyber scam centers in Cambodia, Myanmar (The Record) New Apple Warning, This iCloud Calendar Invite Is Actually An Attack (Forbes) New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs (HackRead) Axios User Agent Helps Automate Phishing on “Unprecedented Scale” (Infosecurity Magazine) Plex Urges Password Resets Following Data Breach (SecurityWeek) Surge in networks scans targeting Cisco ASA devices raise concerns (Bleeping Computer) CISA pushes final cyber incident reporting rule to May 2026 (CyberScoop) US government lacks clarity into its infosec workforce (The Register) AI Darwin Awards launch to celebrate spectacularly bad deployments (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we discuss a wild story about Jordan's sperm count, an absolutely insane phishing scam, how to get new online coaching clients without posting online, and more.We hope you enjoy this episode and if you'd like to join us in The Online Fitness Business Mentorship, you can grab your seat at https://www.fitnessbusinessmentorship.comThank you!-J & MWATCH this episode on YouTube: https://youtu.be/lc86Cc28EC8TIMESTAMPS:(00:00) — Intro(00:11) — Checking in on fear, anger, & stress(02:29) — Time vs money & the cost of convenience(08:12) — The ketchup conundrum(11:33) — These scams are getting intense (and scary)(17:28) — The art of conversation & the importance of delivery(25:12) — Jordan's sperm count & unhinged social media behavior(34:58) — Growing an online business WITHOUT social media(42:13) — Finding motivation beyond financial needs(48:52) — Has gym culture changed... Or is it just me?(53:44) — Some wisdom from the Tanakh(57:05) — Don't forget to get on our email list so you don't miss the Black Friday Mentorship saleFollow the show on social:YouTube - https://www.youtube.com/@personaltrainerpodcastInstagram - https://www.instagram.com/personaltrainerpodcastTikTok - https://www.tiktok.com/@personaltrainerpodcastJoin our email list & get our FREE '30 Ways To Build A Successful Online Coaching Business' manual: https://bit.ly/30O2l6pCheck out our new book 'Eat It!' at https://www.eatit-book.comIf you have any questions you'd like to have answered on the show, shoot us an email at info@fitnessbusinessmentorship.comIf you enjoyed the episode, we would sincerely appreciate it if you left a five-star review.----Post-Production by: David Margittai | In Post MediaWebsite: https://www.inpostmedia.comEmail: david@inpostmedia.com© 2025 Michael Vacanti & Jordan Syatt

The Absolute AppSec duo returns with an in-depth episode talking about true and false positives, where context matters and business impact must be taken into account in order to avoid rabbit holes. This discussion spurred by a recent article from signalblur of magonia.io discussing alerts in a security operations center. In short, only considering existence of a flaw (or alert) is not enough by itself. True impact comes by understanding context. Anyone want t-shirts? A discussion of the recent successful phish of an npm package maintainer, resulting in exposure of millions of projects depending on popular npm packages. It happens, folks, protect yourself.

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf

Phishing Awareness Training Doesn't Work... by Nick Espinosa, Chief Security Fanatic

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.  

A new APT group turns out to be a phishing test, Qantas cuts executives' bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites. Show notes Risky Bulletin: APT report? No, just a phishing test!

What if the next scam you receive looked perfect: no typos, no strange wording, just flawless and convincing?In this episode of AI Experience, I talk with Anthony Davis, security awareness leader and co-host of The Awareness Angle Podcast. For more than a decade, he has helped businesses build security cultures that stick, by making cybersecurity simple and human. Together, we explore how AI is changing the game: from phishing emails that feel authentic, to deepfake voices and videos that can trick even the cautious. You'll hear why emotions have become the new warning signs, and what practical steps you can take to protect yourself and your company. If you've ever wondered how to spot scams in the age of AI, this conversation will give you clear, actionable insights.Hosted by Ausha. See ausha.co/privacy-policy for more information.

Tariffs are here and many vendor team members may be busier than ever with how they have caused changes in the vendor process.  There may be additional validations involved in four areas…Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

  In this episode of Command Control Power, Joe and Sam catch up after attending a confidential Apple Technical Summit. They discuss the event's highlights, including networking opportunities and technical presentations. Sam shares his experience improving a client's old IT setup, moving them to modern managed services and security practices. Joe dives into his quest for an ideal phone solution with group SMS capabilities, ultimately considering sticking with RingCentral due to recent features supported by AI. The episode also touches on the importance and challenges of maintaining high-quality internet service at a fair price and explores the potential environmental impact of AI note-taking.   00:00 Introduction and Hosts Reunion 00:15 NDA Event and Apple Summit 01:31 Networking and Connections 03:01 San Jose and Big Basin Adventures 06:18 Technical Summit Insights 09:12 Funny Poolside Moments 11:03 Caseless Phones and Engineering Marvels 16:31 Coffee Talk and AeroPress Trivia 25:22 Billing Challenges and Solutions 28:29 Client Negotiations and Agreement 28:55 Email Security and Phishing 29:52 Security Training and Awareness 31:30 New Client with Technical Debt 33:45 Managed Services Plan Pitch 37:41 AI in Client Communication 38:32 Phone Service Saga 51:34 Optimum Fiber and Internet Deals 56:49 Concluding Thoughts and Future Topics

In this episode of Cybersecurity Today, host Jim Love delves into the latest cyber threats and risks. Key topics include the new phishing campaign Zipline that flips traditional tactics, Google's call for 2.5 billion Gmail users to reset passwords due to a phishing attack by Shiny Hunters, and the emergence of AI-driven ransomware like Prompt Lock. The episode also covers a hijack of the NX build platform leading to a sophisticated supply chain attack, and a whistleblower's claims that the Social Security Administration put personal data at risk by improperly handling sensitive information. Tune in to stay informed on these evolving cyber threats and defensive measures. 00:00 Introduction to Cybersecurity News 00:31 Zipline Phishing: A New Threat 02:14 Google Urges Password Resets 03:51 AI-Powered Ransomware: Prompt Lock 05:48 NX Supply Chain Attack 07:35 Social Security Data at Risk 09:20 Conclusion and Upcoming Shows

According to The Kaplan Group, tax scams have resulted in 2025 YTD reported financial losses of $5,742,463.91.  Monthly tax scam reports rose 62% year-over-year, from 227 in 2024 to 368 in 2025, and have increased by 323% since 2020.  So what can you do to protect yourself? To help you stay safe, here are three key takeaways: The IRS will almost always contact you by MAIL first.  If you get a text, email, or surprise phone call demanding personal information or payment, it's almost certainly a scam. Phishing and "smishing" are at an all-time high.  Scammers try to lure you with messages about fake refunds, threats, or "unusual activity." Never click suspicious links or share your personal info. Double-check everything.  Unsure about a tax communication?  Review it with your tax professional, or check official IRS resources (linked on the podcast and IRS website).  Remember—the IRS won't email or text you unless you've explicitly given permission. Stay vigilant, and don't let scammers get between you and your hard-earned money! Connect with Paul Contact Paul here or schedule a time to meet with Paul here. For resources discussed in this episode, visit tammacapital.com/podcast. Follow Paul on LinkedIn and YouTube. And feel free to email Paul at pfenner@tammacapital.com with any feedback, questions, or ideas for future guests and topics. Resources Featured in This Episode: How to know it's the IRS Dirty Dozen tax scams for 2025: IRS warns taxpayers to watch out for dangerous threats Understanding your IRS notice or letter

If you're looking for a low-cost vendor validation step to deter fraud – I have one for you in today's episode. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Article:  How to Vet Suppliers and Avoid Fake Vendor Scams https://www.bitdefender.com/en-gb/blog/hotforsecurity/how-to-vet-suppliers-and-avoid-fake-vendor-scamsCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Send us a textWhat do street food in Vietnam, varsity football, and DMARC email authentication have in common? In this immersive episode, Joey Pinz sits down with Michael Chester for a lively conversation that connects personal transformation with global impact.

Microsoft has launched Project IR, an advanced AI capable of reverse-engineering malware with a remarkable 90% accuracy rate. This autonomous agent utilizes a combination of large language models and specialized cybersecurity tools to identify threats effectively, achieving a low false positive rate of just 2%. Recent tests demonstrated its capability to analyze thousands of unclassified files and accurately flag a significant majority as malicious. However, as cybersecurity technology advances, so do the tactics of cybercriminals, with a notable increase in phishing attacks targeting managed service providers (MSPs), which now account for over half of all phishing incidents.The rise of AI-powered phishing and social engineering tactics has been highlighted in a recent Acronis report, revealing that 52% of phishing attacks are aimed at MSPs. Additionally, new research indicates that AI browsers may inadvertently assist scammers, as they can overlook red flags that human users would typically catch. A survey from One Password further emphasizes the challenges organizations face with the rapid adoption of AI tools, with many lacking visibility and control over these applications, leading to potential security vulnerabilities.Gartner has issued a warning to corporate leaders, stating that they have a limited timeframe to integrate AI agents into their operations or risk falling behind competitors. Despite the urgency, Gartner also acknowledges that a significant percentage of AI projects fail, raising concerns about the pressure vendors may place on businesses to adopt these technologies hastily. Meanwhile, XAI's claims regarding its Grok 2.5 model being open-sourced have been criticized as misleading, as the licensing terms impose restrictions that contradict open-source principles.In the realm of cybersecurity solutions, companies like SonicWall and VMware are introducing new tools and technologies to enhance security and operational efficiency. SonicWall has launched a new generation of firewalls with a unique cyber warranty, while VMware is focusing on ARM architecture to meet the growing demand for energy-efficient servers. However, the podcast emphasizes the importance of cutting through vendor noise and focusing on solutions that genuinely improve business operations, rather than getting caught up in marketing hype.Three things to know today 00:00 Microsoft's Project Ire Shows AI Can Catch Malware, But Attacks on MSPs Are Rising Faster06:36 AI Urgency, Open-Washing, and Federal Adoption: Sorting Hype From Reality10:09 From Billing Fixes to Firewalls and VMware's Arm Gamble: What Really Matters for MSPs   Supported by:  https://getnerdio.com/  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Tech commentator Tony Grasso joins Kathryn to talk about the big news in the cyber-crime world.

If Salesforce flutters its wings in San Francisco... How is this still tricking people? From tagging to bagging Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more atprophetsecurity.ai.  

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-421

Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year's Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: https://www.okta.com/oktane/ AI at Work 2025: Securing the AI-powered workforce Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack. Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-421

Microsoft releases emergency out-of-band (OOB) Windows updates. Trump targets NSA's leading AI and cyber expert in clearance revocations. A breach may have compromised the privacy of Ohio medical marijuana patients. Cybercriminals exploit an AI website builder to rapidly create phishing sites. Warlock ransomware operators target Microsoft's SharePoint ToolShell vulnerability. Google and Mozilla patch Chrome and Firefox. European officials report two cyber incidents targeting water infrastructure. A federal appeals court has upheld fines against T-Mobile and Sprint for illegally selling customer location data. Authorities dismantle DDoS powerhouse Rapper Bot. On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, speaking about ShinyHunters and the problems with securing Salesforce. Microsoft Copilot gets creative with compliance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Matt Radolec, VP - Incident Response, Cloud Operations, and Sales Engineering at Varonis, who is speaking about ShinyHunters and the problems with securing Salesforce. You can hear more from Matt here. Selected Reading Microsoft releases emergency updates to fix Windows recovery (Bleeping Computer) Trump Revokes Security Clearances of 37 Former and Current Officials (The New York Times) Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database (WIRED) AI Website Builder Lovable Abused for Phishing and Malware Scams (Hackread) Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit (InfoSecurity Magazine) High-Severity Vulnerabilities Patched in Chrome, Firefox (SecurityWeek) Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) T-Mobile claimed selling location data without consent is legal, judges disagree (Ars Technica) Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) Copilot Broke Your Audit Log, but Microsoft Won't Tell You (Pistachio Blog) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A ransomware attack exposes personal medical records of VA patients. New joint guidance from CISA and the NSA emphasizes asset inventory and OT taxonomy. The UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform.  Phishing attacks increasingly rely on personalization. Rooting and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw in FortiSIEM. Estonian nationals are sentenced in a crypto Ponzi scheme. Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Meet the Blockchain Bandits of Pyongyang. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Michele Campobasso from Forescout joins us to unpack new research separating the hype from reality around “vibe hacking.” Their team tested open-source, underground, and commercial AI models on vulnerability research and exploit development tasks—finding high failure rates and significant limitations, even among top commercial systems. Selected Reading Medical records for 1 million dialysis patients breached in data hack of VA vendor (Stars and Stripes) NSA Joins CISA and Others to Share OT Asset Inventory Guidance (NSA.gov) CISA warns of N-able N-central flaws exploited in zero-day attacks (Bleeping Computer) U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach (The New York Times) From Support Ticket to Zero Day  (Horizon3.ai) Personalization in Phishing: Advanced Tactics for Malware Delivery (Cofense) The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device (Zimperium) Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild (Bleeping Computer) Estonians behind $577 million cryptomining fraud sentenced to 16 months (The Record) Someone counter-hacked a North Korean IT worker: Here's what they found (Cointelegraph) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices