Podcasts about Phishing

The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be  behind the decision and what it means for countries and businesses that depend on American AI platforms. The FBI also disrupts Outsider Enterprise, a China-based phishing-as-a-service network linked to more than 9,000 fake websites, one million fraudulent URLs, 3.8 million stolen payment-card records and an estimated $1.9 billion in losses. Also in this episode: A critical Splunk vulnerability could allow an unauthenticated attacker to remotely execute code through a PostgreSQL sidecar service enabled by default in some deployments. A former Iowa school IT worker is sentenced after retaining access for 21 months and using it to delete accounts and disrupt school systems. And FortiWatch returns with a critical FortiSandbox command-injection vulnerability that requires no authentication. Cybersecurity Today is hosted by David Shipley. Chapters 00:00 Cybersecurity Today headlines 00:26 U.S. government shuts down Anthropic AI models 02:59 FBI takes down Outsider Enterprise phishing network 04:47 Critical Splunk vulnerability explained 06:31 Former school IT worker sentenced for cyberattack 08:29 FortiWatch: FortiSandbox command-injection vulnerability 10:08 What's ahead this week

This Day in Legal History: Magna Carta Sealed at RunnymedeOn this day in 1215, in a meadow at Runnymede on the south bank of the Thames, King John of England affixed his seal to a document the rebellious English barons had drafted, in which the king conceded a series of limits on his own royal authority. We call it Magna Carta — the Great Charter. The immediate political context was a baronial revolt against John's tax exactions for his disastrous French wars, and most of the sixty-three chapters as drafted in 1215 are concerned with the highly specific grievances of a feudal aristocracy: scutage, wardship, the inheritance fees of widows, the freedom of the church, the standardization of weights and measures in the king's markets. The two chapters that the centuries have remembered are 39 and 40. Chapter 39 says that no free man shall be taken or imprisoned or dispossessed except by the lawful judgment of his peers or by the law of the land. Chapter 40 says that to no one will the king sell, deny, or delay right or justice. The Charter was annulled by Pope Innocent III within ten weeks of sealing — the pope held that John, as a vassal of the Holy See, could not be bound by a treaty extracted under duress — and the country immediately collapsed into the First Barons' War. But John died in October 1216, his nine-year-old son Henry III's regents reissued the Charter as a tactical concession the next month, it was reissued again in 1217 and 1225, and by the late thirteenth century the 1225 version had been confirmed by successive kings as a foundational statute of the realm. Edward Coke, writing in the seventeenth century, transformed Chapter 39's “law of the land” into the doctrine of due process, and the founding generation of the American Republic picked up Coke's reading and wrote it directly into the Fifth and Fourteenth Amendments of the United States Constitution. The phrase “due process of law” in those amendments is the most consequential American inheritance from the Runnymede document. The principle the barons were trying to extract from a beleaguered king — that the law constrains the sovereign too — is the substrate on which everything we recognize as constitutionalism is built. Eight hundred and eleven years on, the principle is still the work.The Rhode Island travel-ban lawsuit we covered on June 8 took a sharp turn on Friday. Chief Judge John J. McConnell, Jr., of the District of Rhode Island held a status conference in Dorcas International Institute v. USCIS at which he was openly frustrated with the Justice Department for failing to immediately implement his June 5 vacatur of the four USCIS benefit-freeze policies for nationals of the thirty-nine travel-ban countries. The judge's message, in plain terms, was that vacatur under the Administrative Procedure Act is self-executing — the moment the order was entered, the policies ceased to exist, and the agency was obligated to resume processing affirmative benefits, asylum claims, and adjudicator-instruction reviews on the prior pre-freeze basis. The Trump administration, after the hearing, told the court it would comply, restart adjudications, and clear the backlog. It also did what defendants typically do when they have lost on the merits and lost again on compliance: it filed a notice of appeal with the First Circuit and asked the appellate court to stay the vacatur pending appeal. That is the live question now. The First Circuit's stay analysis runs through the standard Nken v. Holder factors — likelihood of success on the merits, irreparable harm, the balance of equities, and the public interest — and the administration's strongest argument on each is going to be familiar: the executive needs administrative breathing room to implement a travel ban, mass restoration of adjudications creates national-security risk, the harm to applicants is reversible if their adjudications are paused for a few more weeks. The plaintiffs' strongest counterarguments are also familiar: the policies were unlawful when adopted and the agency had no business adopting them, the harm to applicants from continued delay is concrete and accruing daily, and the First Circuit is not in the business of staying vacaturs of unlawful agency action in order to let the agency continue acting unlawfully. Watch the First Circuit's calendar this week. The stay motion is the next inflection point.Trump officials agree to resume asylum processing after being scolded by judge | The Washington PostGoogle filed suit on Friday in the U.S. District Court for the Southern District of New York against a China-based cybercrime network it calls the “Outsider Enterprise,” alleging that the network's members used Google's Gemini large-language model to generate the code, copy, and templates for a phishing-as-a-service platform that has built more than nine thousand fraudulent websites and sent two and a half million scam text messages in the two weeks ending June 1 alone. The complaint is significant for two reasons. First, it is, to Google's knowledge, the first time the company has affirmatively sued threat actors for using its own generative-AI product as the input to a scaled criminal operation, as distinct from the more usual posture of suing scammers who impersonate Google brands. The legal theories are a mix of Lanham Act false-designation-of-origin and trademark-infringement counts, Computer Fraud and Abuse Act counts based on Outsider's unauthorized access to Google services, breach-of-contract counts on the Gemini terms of service, and a RICO count. Second, the factual record will be a road map for the next decade of AI-misuse litigation. The complaint describes Telegram channels in which Outsider members trade prompts that get Gemini to write phishing code, a library of two hundred and ninety prebuilt templates impersonating brands ranging from the U.S. Postal Service to state DMVs to E-ZPass, and an FBI estimate that the broader campaign Outsider participates in has stolen roughly 3.87 million card numbers and caused $1.9 billion in losses since July 2023. The remedy Google is seeking is a permanent injunction shutting the operation down, plus domain seizures and account terminations across Google's services and at major U.S. carriers, which Google says it has been coordinating with the FBI, AT&T, T-Mobile, and Verizon. The deeper legal question the case may end up clarifying is whether and to what extent platforms can use private civil suits as the front-line enforcement mechanism against AI-augmented criminal activity that the public criminal-justice system has had trouble keeping up with.Google sues Chinese cybercrime ring that weaponized Gemini AI for phishing scams | TechCrunchA federal district judge in Washington on Friday issued a preliminary injunction barring the Trump administration from continuing to implement Executive Order 14253, the order under which the National Park Service had been scrubbing exhibits, signage, and online materials at sites administered by the Department of the Interior. The judge gave the administration three weeks to restore the materials it had already removed. The order at issue, signed in March, directed federal cultural agencies to identify and remove content that, in the executive's view, reflected “improper, divisive, or anti-American ideology” or “partisan” framing. In the months that followed, the National Park Service had taken down or altered displays addressing slavery, the Civil Rights Movement, the internment of Japanese Americans during the Second World War, climate change, and the histories of Native American dispossession at sites including the Stonewall National Monument, Independence Hall, and the Manzanar National Historic Site. The case is American Historical Association v. Department of the Interior, brought by historians' professional associations and a coalition of plaintiffs that includes affected park employees and visitor-experience contractors. The legal theory pleaded was multi-strand: First Amendment viewpoint discrimination as applied to government speech that has taken on a public-forum character, Administrative Procedure Act challenges on the ground that the agency failed to provide a reasoned basis for the removals and failed to consider statutory commands under the Organic Act of 1916, and a Federal Records Act challenge to the destruction of materials that constituted federal records. The judge held that the plaintiffs were likely to succeed on the First Amendment claim and the APA claim, found irreparable harm in the ongoing loss of public access to the underlying historical materials, and found that the public interest was best served by restoration. The administration is widely expected to appeal to the D.C. Circuit. In the meantime, the three-week restoration clock is running.Judge blocks Trump national parks order, calling it “censorship” | The Washington Post This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.minimumcomp.com/subscribe

An underground forum post breaks down how hackers scan, exploit, and cash out on vulnerabilities — and it reads like a step-by-step guide. Meanwhile, Microsoft is catching heat for stonewalling a researcher who found real zero-days, and a new phishing campaign is hitting small businesses through the platforms they trust most. The OG crew — Joshua Schmidt, Eric Brown, and Nick Mellem — digs into this week's biggest cybersecurity headlines with sharp takes and real-world context that practitioners can actually use. 

Send us Fan MailAn article outlines what's wrong with traditional cybersecurity awareness training against today's fraudsters but misses the mark on the resolution to evolving fraudster tactics.  Let's fill-in the gaps. Keep listening.Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Citybiz Article: The Deepfake CEO Call: Why AI Voice Fraud Is the Business Threat Executives Keep UnderestimatingYouTube:  Authentication | Vendor Master File Tip of the WeekVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

In deze aflevering gaat Manon Vandebergh dieper in op wat Phished doet en hoe haar eigen rol is mee gegroeid met het bedrijf. Phished helpt bedrijven om hun medewerkers digitaal weerbaarder te maken: het trainen van mensen om phishing en verdachte e-mails te herkennen, gekoppeld aan een technische assistent in de mailbox die meerdere analyses doet. Haar dagen starten met KPI's en rapportering, gevolgd door stand-ups, planningmeetings, rekrutering, strategie en veel afstemming tussen departementen. Phished groeide in vijf jaar van nul naar 120 medewerkers, 6.000 klanten en 2 miljoen getrainde medewerkers wereldwijd. De omzet verdubbelt elk jaar. Dat betekent dat het bedrijf zich om de twaalf maanden in een compleet andere realiteit bevindt. Manon begon aan de voordeur als office manager, kreeg nadien HR onder haar hoede, en zo via customer success naar operations. Ze bracht in elk departement structuur, visie en rapportering aan, en bouwde daarmee geloofwaardigheid op — tot ze gevraagd werd als Chief Operations Officer. Rekruteren is een van haar kernopdrachten, en vooral in tijden van AI kijkt ze verder dan pure kennis. Skills die AI niet kan vervangen — integriteit, sociale vaardigheden, veerkracht, flexibiliteit — wegen voor haar zwaarder. Ze spreekt ook openhartig over de pijn van schalen: niet iedereen groeit mee met elke fase, en soms moet je afscheid nemen van mensen die in een vorige fase geweldig werk hebben geleverd. Een andere les: successen vieren. Phished sluit deals af waar andere bedrijven van dromen, maar gaat vaak meteen door naar de volgende uitdaging. Manon werd recent verkozen tot Young ICT Lady of the Year, een titel die ze ook als verantwoordelijkheid ziet. Bij Phished schrijven ze vacatures bewust toegankelijker en laten ze kandidaten andere vrouwen zien in het rekruteringsproces. Ze combineert haar rol met sport — ze liep recent een marathon — en gelooft niet in een strikte work-life balance, zolang ze haar grenzen kent. Voor haar is CEO van je leven zijn: doen wat je graag doet, elke dag een betere versie van jezelf worden en dat combineren met zingeving. Trends is een podcastkanaal van de redactie van Trends.--- --- Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Als je slachtoffer bent van phishing, zegt de wet dat de bank ten laatste de dag nadien moet zorgen dat het verloren geld weer op je rekening staat. Dat gebeurt al zelden, en Belfius zegt zelfs zwart op wit in hun algemene voorwaarden dat het die wet naast zich neerlegt. "Eigenlijk is Belfius geen uitzondering, maar ze hebben het wel op papier gezet, wat het toch een beetje brutaal maakt." Hoe zorg je er als consument dan wél voor dat de bank de wet volgt? Je hoort het in deze Insider.See omnystudio.com/listener for privacy information.

This week the gang talked about OPTCG pre-release, I Love Boosters, more Mina The Hollower, Esoteric Ebb, Xbox Show Case, PlayStation State of Play, Summer Games Fest, and more! Follow us on Instagram  Leave us a voicemail at (804) 286-0626  and consider supporting us through our Patreon  Check out the Discord!  Theme song remixed by Poisonfrog  News Links:  Xbox Showcase  PlayStation State of Play  Steam console coming?  Nintendo Direct coming 

Show Summary:    Mudita Khurana — Tech Lead at Airbnb and the person who always says, “I got this” No Password Required Season 7: Episode 6 - Mudita Khurana   Mudita Khurana is a Tech Lead for Automated Tooling and Vulnerability Management at Airbnb, where she focuses on building modular, scalable security systems in an era of rapidly evolving AI threats. Before Airbnb, she spent nearly a decade in security roles across Accenture, Meta, and PwC, making bold career pivots along the way, including turning down a PwC return offer to join Facebook's product security team. In this episode, Mudita shares her journey from a family of doctors in India to Carnegie Mellon and into the heart of Big Tech security. She discusses what it means to thrive as a non-traditional engineer in a deeply technical field, why she stepped back from management to get closer to the work, and how she thinks about building security tooling that won't be obsolete in three months. Jack Clabby and co-host Kayley Melton, recording live from Tampa B-Sides at the University of South Florida, talk with Mudita about imposter syndrome, AI's curveballs for security teams, leadership without a leadership title, and the importance of community in staying on top of a field that never stops moving. She also reflects on what great mentorship looks like early in a career and why clarity, ownership, and consistency are the leadership qualities she keeps coming back to. In the Lifestyle Polygraph, Mudita firmly plants her flag in the Harry Potter universe as Hermione, explains why Deadpool doesn't qualify as a superhero, debates gym vs. nature as a reset strategy, and reveals her dream remote work base: a high-altitude Buddhist mountain town in the Himalayas.   Follow Mudita on LinkedIn: https://www.linkedin.com/in/muditakhurana/     In this episode: Mudita shares her unconventional path into cybersecurity, highlighting the importance of mentorship and curiosity (0:25 - 1:37) The significance of mentorship, especially Vandana Verma, in her career development (2:26 - 4:00) Transition from management to technical IC roles and why staying close to technical work matters (9:29 - 10:23) The influence of her education at Carnegie Mellon and how it broadened her problem-solving skills (6:23 - 7:41) Navigating imposter syndrome and embracing challenges as growth opportunities (3:26 - 5:29) How AI is changing cybersecurity strategies—building modular, layered systems for agility (15:31 - 16:26) The importance of community, trust, and consensus in cybersecurity decision-making (17:06 - 17:47) Mudita's favorite places for remote work and balancing planning with spontaneity in travel (23:01 - 24:13) Her personal approach to wellness, exercise, and resets during busy days (21:32 - 22:36) Her unique perspective on superhero characters, favorite places, and cultural roots (18:54 - 19:36, 25:19 - 26:21) Timestamp Highlights: (00:25) Mudita's 10-year journey into cybersecurity starting from India (02:26) Mentorship's critical role in her growth and her admiration for Vandana Verma (09:29) Transition from management back to technical roles and why staying close to the work matters (15:31) How AI fosters layered, modular security systems for faster adaptation (17:06) The importance of community and trusted information sources in security (21:32) Reset routines—gym versus nature hikes—and staying grounded during busy days (25:19) Leh, Ladakh: Mudita's ideal remote work location nestled in Himalayan beauty Resources & Links: Vandana Verma - Influential mentor in cybersecurity ThreatLocker - Supporter of this podcast Cyber Florida – The Mother Ship

This week’s Cyber Sense feature takes a look at scams which continue to use the same plotline over and over again, despite them being flagged as scams for many years. From offers of a free baby grand piano to a desperate CEO relying on you to wire money through urgently, these are ploys which scammers have been using for many years and led to warnings to the public, and yet they continue to be used by them. Lester Kiewit speaks to Boikokobetso Makhetloane, also known online as Mr Fingerz, a cybersecurity expert, educator, trainer, and TikTok content creator, after a colleague spotted an email and noticed the familiar scenario. Good Morning Cape Town with Lester Kiewit is a podcast of the CapeTalk breakfast show. This programme is your authentic Cape Town wake-up call. Good Morning Cape Town with Lester Kiewit is informative, enlightening and accessible. The team’s ability to spot & share relevant and unusual stories make the programme inclusive and thought-provoking. Don’t miss the popular World View feature at 7:45am daily. Listen out for #LesterInYourLounge which is an outside broadcast – from the home of a listener in a different part of Cape Town - on the first Wednesday of every month. This show introduces you to interesting Capetonians as well as their favourite communities, habits, local personalities and neighbourhood news. Thank you for listening to a podcast from Good Morning Cape Town with Lester Kiewit. Listen live on Primedia+ weekdays between 06:00 and 09:00 (SA Time) to Good Morning CapeTalk with Lester Kiewit broadcast on CapeTalk https://buff.ly/NnFM3Nk For more from the show go to https://buff.ly/xGkqLbT or find all the catch-up podcasts here https://buff.ly/f9Eeb7i Subscribe to the CapeTalk Daily and Weekly Newsletters https://buff.ly/sbvVZD5 Follow us on social media CapeTalk on Facebook: https://www.facebook.com/CapeTalk CapeTalk on TikTok: https://www.tiktok.com/@capetalk CapeTalk on Instagram: https://www.instagram.com/ CapeTalk on X: https://x.com/CapeTalk CapeTalk on YouTube: https://www.youtube.com/@CapeTalkSee omnystudio.com/listener for privacy information.

Ein Familienvater aus Bern will an einem Freitag im März auf Ricardo einfach nur ein Paar Schuhe verkaufen. Am Montag ist das gesamte Familienkonto leer. Mit einer Phishingmail haben Cyberkriminelle die Zwei-Faktor-Authentifizierung seiner Bank ausgehebelt. Und diese lehnt jede Haftung ab, weil der 34-Jährige die Authentifizierung selbst betätigt hat. Wie konnte es passieren, dass der Familienvater Opfer einer Phishing-Attacke wurde? Warum bleibt die Familie auf ihrem leeren Konto sitzen? Wieso nehmen Meldungen zu Kleinanzeigen-Phishing so stark zu? Und wie kann man sich trotz immer neuer Tricks vor Cyberkriminellen schützen? Darüber spricht Redaktor Andres Marti einer neuen Folge vom Podcast Gesprächsstoff. Er hat den Familienvater aus Bern getroffen und zu Phishing-Attacken und der rechtlichen Lage dazu recherchiert. Nebst dem Betroffenen kommt im Podcast auch Lucien Jucker, Leiter Datenschutz und Digitalisierung vom Konsumentenschutz, zu Wort. Moderation und Produktion: Sibylle Hartmann Zu Gast: Andres Marti Artikel zur Phishing-Attacken auf Berner Familie Kleinanzeigen-Phishing: Konto leer geräumt: Konsumentenschutz kritisiert Banken nach Ricardo-Betrug Cyberkriminelle auf Ricardo: «Du verlierst den Boden unter den Füssen»: Wie einer Berner Familie das Konto leer geräumt wurde 3 für 1: Lesen Sie drei Monate, bezahlen Sie nur einenGefällt Ihnen unser «Gesprächsstoff» Podcast? Entdecken Sie dann die besten Recherchen und Hintergründe unserer Journalist:innen. Speziell für Sie haben wir das ‘3 für 1' Angebot konzipiert: 3 Monate lesen, nur 1 Monat bezahlen. Gute Lektüre und viel Spass.https://info.tamedia.ch/gespraechsstoffHabt ihr Feedback, Ideen oder Kritik zu «Gesprächsstoff»? Schreibt uns an podcast.bern@tamedia.ch Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Send us Fan MailThe August 1st deadline for filing 1099 corrections is closer than you think—and missing it could cost your company in IRS penalties. In this episode, I'm breaking down which errors demand immediate correction, which ones may not, and the two options to reduce or avoid unnecessary fines.  So, to know exactly what to fix, what to ignore, and how to protect your organization before the deadline hits…..Keep listening.  Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Vendor Master File Tip of the Week:  IRS 2027 Due Dates for TY 2026 Information Returns For the 1099-NEC | 1099-MISC | 1042-SIRS Page > Information Return Penalties Get Help Identifying Corrections: Vendor Master File Clean-Up Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

New Wave Of Phishing Emails with SVG Files https://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability details https://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826 https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083 https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Got a question or comment? Message us here!The FBI is warning about Kali365, a new phishing‑as‑a‑service tool designed to steal Microsoft 365 credentials and enable account takeovers at scale. In this episode, we break down how it works, why it's so effective, and what your SOC can do right now to detect and defend against it. 

Een bank moet een bejaard koppel dat opgelicht werd en bijna 50.000 euro verloor, terugbetalen. Dat heeft de ondernemingsrechtbank van Antwerpen geoordeeld. Welke impact kan deze beslissing hebben op andere zaken? In het VK is er grote verontwaardiging na de moord op de 18-jarige Henry Nowak. Waarom roept deze zaak zoveel emoties op? En uit een onderzoek van Knack blijkt dat de Albanese maffia sterk staat in de Belgische onderwereld. Hoe komt dat?

This episode covers recent cybersecurity incidents, social engineering tactics, AI vulnerabilities, and best practices for security awareness. Ryan, Shannon, and Chris discuss how organizations and individuals can protect themselves in an increasingly digital world. Article: Carnival Data Breach Exposed 6 Million People https://www.securityweek.com/carnival-data-breach-exposed-6-million-people/amp/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExTDJiaXU3Yk5hT3hNZTVCN3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR4pzOsAQi5dcv7EV53g1r1KdERC4IuPmhuUCdbbZjdVNNWGt55oTzq3MbA3Hw_aem_aS2cuL5GhCCR5oG0iYRrIA ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html?m=1&fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExTDJiaXU3Yk5hT3hNZTVCN3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR4VJUMvbNLMq7EIlSbtKb0nuC8QICmd_k5AtCuOAOq4I3d8hAhCLSbdKcNhNA_aem_o20R5LIqGBQHwe3sDKkNLw FBI issues alert on cyber actors impersonating IT personnel https://www.aha.org/news/headline/2026-05-29-fbi-issues-alert-cyber-actors-impersonating-it-personnel?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExTDJiaXU3Yk5hT3hNZTVCN3NydGMGYXBwX2lkEDIyMjAzOTE3ODgyMDA4OTIAAR7tFwtKnMAcEnTs1hcAdu1CEqbW7nRQFxlgJKkqEIxM72GC0bhFTl-seTvP1g_aem_UDAqahgucKh7qK0h6yyYTQ Buy my book: https://www.theothersideofthefirewall.com/ Please LISTEN

Raising Expectations with Pastor Joe Schofield, Dr. Paul Hall, Stefanie Thayer, Dr. Craig Thayer, Pastor Ron Greer Digital Threats, Family Safety, and Faithful Preparedness in a Changing World Guest, Frank Roberson with the Black Rhino Protection Agency Friends, Monday night we're thrilled to welcome back our dear friend and valued family member Frank Roberson. With expertise in protective services, counterintelligence, and threat analysis, Frank will share insights on safeguarding political leaders, like President Trump, and cultivating 'Situational Awareness' for everyday life. By learning from Frank's expertise, you'll gain clarity on navigating life's challenges and understand the importance of preparedness in the face of adversity. Lives can depend on it, and with this knowledge, you'll be better equipped to protect and serve your loved ones. Frank will offer practical wisdom to help you navigate life's complexities with confidence. You won't want to miss this powerful discussion. Pastor Joe Opens Raising Expectations In this episode of Raising Expectations, Pastor Joe Schofield welcomes listeners and introduces the show's regular team, including Stefanie Thayer, Dr. Craig Thayer, Dr. Paul Hall, Ron Greer, and the wider Raising Expectations family. Pastor Joe reminds listeners that the program is rooted in Christian faith, encouragement, prayer, and practical wisdom for life in America today. He also highlights the show's website, the hosts' books, and the program's ongoing desire to help people move forward with hope, clarity, and stronger faith. Frank Roberson and Black Rhino Group The guest for the episode is Frank Roberson, founder of the Black Rhino Group, a protection and security organization. Pastor Joe introduces Frank as someone who works in protective services, counterintelligence, and security preparedness for families, businesses, and public leaders. When Frank joins the show, he shares that Black Rhino is expanding and may be acquiring its first security company to build out a uniformed division. He also says the world of protection is changing quickly because technology is evolving so fast. Smart Glasses, AI, and the New Surveillance Problem A major focus of the conversation is emerging technology, especially Ray-Ban Meta smart glasses and similar devices. Frank explains that glasses with hidden or subtle camera functions create new security risks because people can record video, capture documents, photograph credit cards, observe jewelry stores, or gather private information without others realizing it. The group discusses how this can affect malls, medical offices, corporate meetings, financial institutions, and everyday family privacy. Frank emphasizes that the same tools available to security professionals are also available to criminals. Data Privacy, Cloud Storage, and Digital Exposure The discussion expands into data privacy and the risks of cloud storage, facial recognition, AI-generated images, and social media data. Frank explains that uploaded videos, photos, and recordings may pass through systems controlled by third parties, contractors, or cloud providers, leaving people uncertain about who has access. He also discusses AI photo tools that can create realistic images of people using uploaded pictures, warning that someone could gather photos from social media and create fake profiles, poses, websites, or misleading content. Scams, Phishing, and Protecting Personal Information Frank gives several examples of modern scams, including fake invoices, fraudulent text messages, fake Apple or AT&T alerts, payday-loan threats, gift-card scams, fake legal-service calls, and voice imitation scams targeting grandparents. He explains that criminals may study billing patterns, imitate companies, slightly alter email addresses, and trick people into paying fake bills. His advice is to avoid clicking suspicious links, independently look up company contact information, call the company directly, and never volunteer personal details just because someone on the phone asks for verification. Social Security Numbers, Travel Posts, and Everyday Risk The hosts discuss how easily people give away identifying information. Frank explains that social security numbers, birth dates, addresses, and travel information can be combined to steal identities, commit fraud, or target homes. He warns against posting vacation photos while still away, because criminals can use public social media information to know that a house is empty. The group also discusses family code words as a practical tool when someone receives a frightening call that appears to be from a relative in danger. Security, Churches, and the Problem of Visibility The conversation turns to physical security, including churches, public events, and protective details. Frank says many churches are vulnerable because they are open, welcoming, and often not security-minded. He also criticizes overly visible security teams that draw attention to themselves with tactical gear, open firearms, or dramatic behavior. In his view, good protection often means blending into the environment, staying unnoticed, and positioning people wisely rather than making a show of force. Protective Work and Practical Wisdom Frank uses examples from jewelry escorts, public figures, high-net-worth families, restaurants, malls, and public events to explain how proper security works. He says protection is often about preparation, observation, and quiet placement, not ego or intimidation. Pastor Joe and the team connect Frank's practical advice to a larger theme of preparedness: people should not live in fear, but they should be aware, wise, and ready. The episode closes with Dr. Paul Hall praying for Frank, his wife Chrissy, Black Rhino, and all those involved in protection work, asking for wisdom, safety, and God's guidance.

Stichproben von SRF Investigativ zeigen: In 10 von 27 Energydrinks aus dem Schweizer Handel wird der erlaubte Höchstgehalt an Koffein zum Teil deutlich überschritten. +++ Weiteres Thema: Polizei und Banken starten eine Präventionskampagne gegen Phishing - mit der Fischerin Linda.

Nel podcast ho discusso l'articolo di Tullio Jappelli dedicato al rapporto tra evidenza scientifica, opinioni pubbliche e polarizzazione politica, proponendo una riflessione ispirata al volume Phishing for Phools di George Akerlof e Robert Shiller. Lo studio evidenzia come una parte significativa dei cittadini sia disposta a modificare le proprie convinzioni quando viene esposta a risultati fondati su evidenze empiriche, indipendentemente dall'orientamento politico della fonte che li comunica. A partire da questi risultati, ho avanzato un'ipotesi di ricerca ulteriore: la credibilità della scienza potrebbe diminuire qualora le evidenze fossero associate non a istituzioni accademiche o pubbliche, ma a soggetti privati con interessi economici diretti nei risultati della ricerca. Seguendo l'approccio di Akerlof e Shiller, secondo cui i processi decisionali sono influenzati anche da incentivi, interessi e percezioni di manipolazione, sarebbe interessante verificare se i lettori continuino ad attribuire lo stesso grado di affidabilità a una ricerca quando vengono informati che essa è stata finanziata da un'impresa interessata alla conferma di determinate conclusioni. La questione non riguarda necessariamente la qualità scientifica dello studio, ma la percezione della sua indipendenza. Un simile esperimento consentirebbe di comprendere meglio come il finanziamento della ricerca influenzi la fiducia pubblica nella scienza e nella produzione di conoscenza.Diventa un supporter di questo podcast: https://www.spreaker.com/podcast/commentario-de-lavoce-info--3612556/support.

What if the best way to improve cybersecurity — or any other form of human risk — wasn't another policy, training course, or piece of technology, but a board game?  That's the kind of question my guest, Jill Wick, loves asking.Episode Summary Jill is a cybersecurity awareness consultant, business psychologist, podcaster, and author. Her work sits at the intersection of psychology, marketing, behavioural science, and cybersecurity, and she is passionate about helping organisations understand that security is fundamentally a human challenge, not simply a technical one. Drawing on her experience in fraud prevention and her academic background in business psychology, Jill explains why traditional approaches to awareness often fail, why experimentation matters, and how a simple Snakes and Ladders-inspired game can create meaningful conversations about risk and decision-making. The discussion ranges far beyond cybersecurity. We explore creativity, curiosity, communication, organisational culture, social media, learning, and the challenge of measuring success when the outcome you're seeking is something that doesn't happen. Key TopicsIn this episode, we discuss:Why cybersecurity is ultimately a human problem rather than a technology problemThe psychology behind phishing, scams, and social engineeringWhy more policies and more training often fail to change behaviourHow unclear policies can create confusion instead of complianceThe role of curiosity, creativity, and experimentation in risk managementHow games can create psychologically safe environments for learningThe importance of conversation and peer learning in awareness programmesWhat compliance, safety, conduct, and operational risk professionals can learn from cybersecurity awarenessWhy awareness professionals should think more like marketersThe value of experimentation, iteration, and A/B testingHow social media can help build communities around important ideasWhy measuring engagement may be just as important as measuring failuresGuest BiographyJill Wick is a cybersecurity awareness consultant, business psychologist, author, and podcast host who specialises in the human side of cybersecurity. Drawing on a background in fraud prevention and behavioural science, she helps organisations build stronger security cultures through creative, engaging approaches that go beyond traditional training and compliance. Known for her innovative use of games, psychology, and marketing techniques, Jill is a passionate advocate for making cybersecurity awareness more human, effective, and enjoyableLinksJill's LinkedIn profile - https://www.linkedin.com/in/jill-wick/Jill's website - https://www.jillwick.com/Cyber & Psych, Jill's podcast - https://open.spotify.com/show/5uteiqHvCTGCVtCsKCzGJ6?si=322ef51fd6a3423c&nd=1&dlsi=c6d8309550784df9Security-Awareness-Tools, Jill's book - https://www.isbn.de/buch/9783658511111/security-awareness-toolsAI-Generated Timestamped Outline00:00 – Introduction02:15 – Jill's background: From fraud prevention and business psychology to cybersecurity awareness.05:30 – Understanding why people fall for scams, phishing attacks, and social engineering.06:00 – Why cybersecurity is fundamentally a human problem, not just a technical one.08:00 – The limitations of rules, policies, and traditional awareness training.12:00 – The origin of Jill's cybersecurity board game and why simplicity matters.14:00 – How games create psychologically safe conversations and improve learning.19:30 – The game as a conversation tool: building culture, peer learning, and engagement.22:00 – Creativity, curiosity, and the courage to experiment with new approaches.26:00 – What cybersecurity awareness can learn from marketing, advertising, and A/B testing.35:30 – Why awareness and technology must work together rather than compete.41:30 – New projects: workshops, events, games, and Jill's forthcoming book Security Awareness Tools.44:00 – Lessons for compliance and risk professionals: attention is a limited resource.51:00 – Measuring success: engagement, participation, reporting, and positive signals.

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs https://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault https://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/

Send us Fan MailAccording to the Association of Certified Fraud Examiners (ACFE) after studying 2,402 cases that led to $3.4 Billion in losses across in 143 countries and territories, they have both the profile of an internal fraudster and 8 behavioral red flags to look for.  Not to mention the #1 weakness that allowed the fraud and the #1way employers found out about the fraud.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    YouTube Video:  All The Queens Horses Association of Certified Fraud Examiners (ACFE):  Occupational Fraud 2026:  A Report To The Nations Training Session:  Mitigating Segregation of Duties Conflicts in the P2P Process Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Nimbus Manticore learning new tricks Phishing moves to real-time credential harvesting India wants 12-hour patches Check out your show notes here: https://cisoseries.com/cybersecurity-news-nimbus-manticore-real-time-credential-harvesting-12-hour-patches/  Huge thanks to our sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic's AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels supply-chain attacks hitting thousands of GitHub repos. Plus, a new LMS zero-day, bulletproof hosting arrests in the Netherlands, FTC action over bogus “active listening” claims, and another busy week for cyber funding and M&A. Our guest is Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation.” Please disregard all searches for disregard. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation." Selected Reading FBI warns of Kali365 phishing service targeting Microsoft 365 accounts (Bleeping Computer) India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws (Infosecurity Magazine) Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign (Infosecurity Magazine) Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects (SecurityWeek)  HackerOne takes an axe to its bug bounty rewards (The Register) Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors (GovInfo Security) Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment (SecurityWeek) Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands (SecurityWeek) FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service (Federal Trade Commission) Socket raises $60 million in Series C funding. (N2K Pro Business Briefing) You can no longer Google the word 'disregard' (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 300: AI's extremes are on full display in our 300th episode. Anthropic's Mythos model reportedly uncovered more than 10,000 security flaws in a month, accelerating vulnerability discovery for major partners. Yet the same “AI efficiency” falls apart in the real world, as seen in Starbucks' failed AI inventory rollout that miscounted products and mislabeled items. That contrast sets up the core question of the hour: when is AI a powerful tool, and when is it just expensive theater?We also dig into the rising stakes around biometric privacy, from Disney's facial‑scan lawsuit to stadium and theme‑park “optional” recognition systems that don't feel optional when the alternative line barely moves. Add in real phishing examples hitting DocuSign, Microsoft 365, and fake IRS notices, plus a case where an AI court summarizer caused a wrongful arrest, and the theme becomes clear: trust is getting harder to earn. We close with tech nostalgia, a blunt whiskey review, Waymo's robotaxi recall, and Elon Musk's failed lawsuit against OpenAI all coming up on TechTime Radio, with a little whiskey on the side.-- Full Episode Details:AI is getting dangerously good at the things we want and embarrassingly bad at the things we assumed were easy. We kick off our 300th show with a perfect contrast: Anthropic's Mythos model reportedly uncovers 10,000+ security flaws in a month, boosting vulnerability discovery across major partners, yet the same “automation magic” falls flat when Starbucks tries AI inventory counting and ends up with mislabeled products and missed items. That tension drives the big question we keep circling: when is AI a genuine tool, and when is it just expensive theater? From there we get into facial recognition privacy and consent, sparked by Disney's lawsuit over facial scanning at Disneyland. We compare it to Universal and stadium biometric entry, talk about what “optional” really means when the non-scan line is the long one, and why public tolerance shifts once AI becomes part of the story. If you care about digital identity, biometric data retention, and surveillance creep, this segment lands hard. We also bring the practical stuff: real phishing email examples that mimic DocuSign and Microsoft 365 quarantine notices, plus a fake “IRS statement” that screams malware. Then Mike's AI Guy segment hits a gut-punch case where an AI court summarizer mashed files together and an innocent man got arrested. We round it out with tech nostalgia (Apple Newton), a brutally honest whiskey review, Waymo's robotaxi flood fiasco and recall, and a quick hit on Elon Musk losing his lawsuit against OpenAI. Subscribe for weekly tech news with zero political agenda, share the episode with a friend who clicks too fast, and leave a review so more people can find the show.Send us Fan MailSupport the show

Herzlich willkommen zu Ihrem morgendlichen Newsletter! Die Mittelstands- und Wirtschaftsunion (MIT) lehnt die diskutierten Steuererhöhungen zur Gegenfinanzierung von Entlastungen ab. MIT-Chefin Gitta Connemann und der Parlamentskreis Mittelstand fordern, auf Mehrbelastungen bei der Einkommensteuer zu verzichten, da diese als zentrale Steuer des Mittelstandes betrachtet wird. Zudem kritisiert die MIT anhaltende Bürokratie und fehlende Planungssicherheit. Parallel dazu formuliert Wirtschaftsministerin Katherina Reiche arbeits- und steuerpolitische Forderungen. Sie plädiert für einen Stopp von Frühverrentungsprogrammen, um das Arbeitsvolumen in Deutschland zu erhöhen. Weiterhin strebt die Ministerin an, die ab 2028 geplante Körperschaftsteuerreform zeitlich vorzuziehen. Beide Positionen verweisen auf unterschiedliche, aber miteinander verbundene wirtschaftspolitische Ansätze: Während die MIT vor allem steuerliche Zurückhaltung, weniger Bürokratie und mehr Verlässlichkeit für mittelständische Unternehmen anmahnt, setzt Reiche zusätzlich auf Reformen bei Arbeit, Rente und Unternehmensbesteuerung, um die wirtschaftlichen Rahmenbedingungen in Deutschland zu verbessern.

Send us Fan MailFinally – some great news from the IRS of all places.  Yes there is a new IRS Draft W-9 form and it's good for the vendor team.   Keep listening.  Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Draft Version of the W-9: https://www.irs.gov/pub/irs-dft/fw9--dft.pdfIRS Published Version of the W-9: https://www.irs.gov/pub/irs-pdf/fw9.pdfIRS Draft Version Site:  https://www.irs.gov/draft-tax-formsVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

With the Calgary marathon and Unbound 200 coming up, we (Alex and Meredith) are both in full on taper mode. Tapering is one of the most effective ways to get the most out of your training leading into a race but it doesn't happen without some mental and sometimes physical difficulty. This episode covers the science of tapering and how it works in practice. And in the spirit of mentally challenging situations, we tell the funny and emotionally fraught stories of Meredith's recent experience with scammers.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.   In this episode you'll learn:       How EvilTokens bypasses MFA using device code phishing  Why AI-powered phishing campaigns are harder to detect  What makes modern phishing kits highly scalable and automated  Some questions we ask:      What role does trusted infrastructure play in these attacks?  Why are traditional phishing defenses struggling against these tactics?  How are modern phishing kits becoming more professionalized?  Resources:   Watch the LinkedIn live recording  Read Huntress' related research  View Lindsay O'Donnell-Welch on LinkedIn  View Jamie Levy on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Security Insider Conversations  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 

Tax season may be over, but tax scams are not. In this episode, Joel Garris and Christina Lamb break down the IRS's annual “Dirty Dozen” list of the most common tax scams targeting taxpayers right now—from phishing texts and AI-powered phone scams to fake charities, ghost preparers, identity theft, and misleading social media tax advice.They also unpack the IRS's ongoing digital shift and explain what it means for refunds, payments, online accounts, and why taxpayers need to prepare now.If you want practical tips to protect your money, avoid costly mistakes, and stay ahead of major IRS changes, this is an episode you won't want to miss.

Phishing, vishing, spoofing en andere vormen van online fraude woekeren als nooit tevoren, maar slachtoffers staan er niet volledige machteloos tegenover. Jean Cattaruzza, hoofd van Ombudsfin, vertelt hoe mensen zich kunnen wapenen tegen potentiële fraude en hoe ze verhaal kunnen halen bij hun financiële instelling wanneer ze toch slachtoffer zijn. Host: Jef Poortmans Expert: Jean Cattaruzza Productie: Jens Leen   Trends is een podcastkanaal van de redactie van https://www.trends.be--- --- Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, we break down the SAG-AFTRA Health Plan's $950,000 phishing settlement, Medtronic's nine-million-record breach, and the Inc Ransom attack on Sandhills Medical Foundation. We also highlight Henderson Behavioral Health's patient-centered approach and discuss practical takeaways for strengthening your organization's security posture through staff training, system patching, and incident response planning.

Cyber phishing remains one of the most significant and rapidly growing cybersecurity threats, accounting for the vast majority of successful cyberattacks and impacting both individuals and organizations on a daily basis. As highlighted by Dean Stockford and Len Suzio, phishing schemes exploit human trust—rather than technical vulnerabilities—through increasingly sophisticated tactics, many now powered by generative AI, which has driven a dramatic surge in highly convincing and personalized attacks. Real-world incidents, including major corporate breaches and multimillion-dollar fraud cases, demonstrate the severe financial and operational consequences. Given this evolving threat landscape, organizations must prioritize continuous employee training, strengthen email authentication and filtering systems, adopt AI-driven detection tools, and implement multi-factor authentication, all while tailoring their defenses to their specific risk profiles to effectively mitigate phishing risks. Brought to you by GeoDataVision and M&M Consulting

Send us Fan MailAgentic AI in email can be the difference between making a fraudulent payment and catching the payment fraud before the request moves past email.  As with all tools, there are activities that require a human.    Keep listening.Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Vendor Master File Tip of the Week:  Email Burnout Can Cause Payment Fraud - 3 Warning Signs & FixesAgentic AI Training Session:  Build a Copilot Agent For Outlook to Spot Vendor Bank Change Red FlagsVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Aubrey Masango speaks to Chad Thomas, Crime Expert at IRS Forensic Investigations on South Africa being ranked top in the continent in the number of cyberattacks on companies and institutions. They also explore some of the reasons why there's been an increased number of cyberattacks in the country over the years. Tags: 702, The Aubrey Masango Show, Aubrey Masango, Crime Time, Cyber-Crime, Cyber Security, Hacking, Data Breaches, Technology, Artificial Intelligence, Deep Fakes, Phishing, POPIA, Information Security, Encryption The Aubrey Masango Show is presented by late night radio broadcaster Aubrey Masango. Aubrey hosts in-depth interviews on controversial political issues and chats to experts offering life advice and guidance in areas of psychology, personal finance and more. All Aubrey’s interviews are podcasted for you to catch-up and listen. Thank you for listening to this podcast from The Aubrey Masango Show. Listen live on weekdays between 20:00 and 24:00 (SA Time) to The Aubrey Masango Show broadcast on 702 https://buff.ly/gk3y0Kj and on CapeTalk between 20:00 and 21:00 (SA Time) https://buff.ly/NnFM3Nk Find out more about the show here https://buff.ly/lzyKCv0 and get all the catch-up podcasts https://buff.ly/rT6znsn Subscribe to the 702 and CapeTalk Daily and Weekly Newsletters https://buff.ly/v5mfet Follow us on social media: 702 on Facebook: https://www.facebook.com/TalkRadio702 702 on TikTok: https://www.tiktok.com/@talkradio702 702 on Instagram: https://www.instagram.com/talkradio702/ 702 on X: https://x.com/Radio702 702 on YouTube: https://www.youtube.com/@radio702 CapeTalk on Facebook: https://www.facebook.com/CapeTalk CapeTalk on TikTok: https://www.tiktok.com/@capetalk CapeTalk on Instagram: https://www.instagram.com/ CapeTalk on X: https://x.com/CapeTalk CapeTalk on YouTube: https://www.youtube.com/@CapeTalk567See omnystudio.com/listener for privacy information.

Betrug beim Online-Einkauf, Phishing-Mails, KI-Fake: Jeder Neunte wurde im vergangenen Jahr Opfer von Cyberkriminalität. Was haben Sie erlebt? Diskussion mit Caroline Krohn-Atug (BSI) und Moderatorin Elif Şenel. Von WDR 5.

The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458

The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458

The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Show Notes: https://securityweekly.com/esw-458

Three of our favorite segments from the week, in case you missed them. Demise of Spirit Airlines  (First) | Is a Rent Freeze Coming? (Starts at 38:21) | Avoiding Phishing Scams (Starts at 57:35) If you don't subscribe to the Brian Lehrer Show on iTunes, you can do that here.   Photo: The self-service check-in kiosks of Spirit Airlines stand idle with a message to customers after the company ceased global operations at Fort Lauderdale-Hollywood International Airport in Fort Lauderdale, Florida, on May 2, 2026. US air carriers mobilized Saturday to help passengers and crew members stranded by the overnight shutdown of Spirit Airlines, after last-minute talks with creditors and the White House collapsed. The budget airline known for its bright yellow planes succumbed to crushing fuel prices and announced in the early hours of Saturday that "all flights have been canceled, and customer service is no longer available" as it "started winding down its global operations, effective immediately." (GIORGIO VIERA / AFP via Getty Images)

This week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Topics include: Anthropic's Mythos AI security research and whether large language models can realistically replace traditional vulnerability testing Why "vibe coding" may be creating a wave of insecure software The growing risk of autonomous AI agents making damaging decisions The massive Instructure Canvas data breach affecting schools, students, and educators Alberta's voter list privacy failure and what it says about public sector data protection Microsoft's warning about the rapid surge in QR code phishing attacks bypassing traditional email security AI is accelerating software development. It may also be accelerating software insecurity. If your organisation is experimenting with AI coding tools, AI agents, or automated application development, this conversation is worth your time. #Cybersecurity #AI #DataBreach #QRPhishing #ApplicationSecurity #VibeCoding #Canvas #CyberSecurityToday #JimLove 00:00 Sponsor Message 00:22 Meet the Panel 00:55 Jeff Williams Introduction 02:21 AI Bug Hunting with Mythos 05:40 Cost and Limits of AI Security Testing 10:16 The Vibe Coding Security Problem 13:24 Context Window and Data Flow Limits 16:59 Spec-Driven AI Development 18:29 Software Liability and EU Regulation 24:47 When AI Agents Go Rogue 27:05 Trust in the AI Era 28:24 Enterprise Reality Check 29:03 Critical Thinking vs AI 30:31 Testing AI Agents Safely 31:30 Canvas Data Breach Fallout 34:45 Real-World Data Harm 38:00 Liability and Attack Methods 41:39 Alberta Voter List Privacy Failure 48:56 Government Breach Lessons 51:26 QR Code Phishing Surge 55:00 Wrap Up and Sponsor

In this episode, we examine a Microsoft-flagged phishing campaign that bypassed MFA across 13,000 organizations, analyze Saint Anthony Hospital's breach notification that expanded from 6,500 to 146,000 affected individuals, and discuss the ransomware attack impacting 92,000 patients at a Puerto Rico community hospital. Key takeaways include the importance of layered email security, thorough incident scoping, and addressing configuration blind spots before threat actors exploit them.

Send us Fan MailWhat if you had not only had second set of eyes to review a vendor email to make sure there are no red flags in when there is a request to change banking, but also to check for this new fraudster trend to pass your confirmation call?  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Vendor Master File Tip of the Week:  Email Burnout Can Cause Payment Fraud - 3 Warning Signs & FixesAgentic AI Training Session:  Build a Copilot Agent For Outlook to Spot Vendor Bank Change Red Flags Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately. We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined radio gear to trigger emergency braking on four high-speed trains. Finally, CISA's new "CI Fortify" guidance urges critical infrastructure operators to prepare for scenarios where they may need to disconnect from the internet and continue operating manually during a geopolitical cyber crisis. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Stories include: • Microsoft reports QR phishing attacks surged 146% in Q1 2026 • Apache HTTP Server CVE-2026-23918 urgent patch warning • Ubuntu developer Canonical hit by ongoing DDoS and extortion campaign • Taiwanese student allegedly halts high-speed trains with fake emergency radio signal • CISA tells critical infrastructure operators to prepare for isolation and manual operations Chapters: 00:00 Intro 01:02 QR phishing explodes in Q1 2026 06:15 Critical Apache HTTP Server flaw patched 09:15 Ubuntu maintainer Canonical hit by extortion DDoS attack 14:25 Taiwanese student wirelessly halts high-speed trains 20:32 CISA warns critical infrastructure to prepare for isolation 26:10 Closing thoughts

How secure is your Active Directory infrastructure? While at Zero Trust World in Orlando, Richard chatted with Spencer Alessi about his work helping companies secure Active Directory, making it more difficult for black hats to exploit it for lateral moves during a breach attempt. Spencer talks about the increasing speed of these exploits, making it much harder to block them after the fact, so it's best to make AD too difficult to target. Jake Hildreth's Locksmith tools are a great place to start - free and open source. There are also Microsoft tools and Spencer's own AD Security Resource Kit to help evaluate your AD infrastructure and lock it down! Links Locksmith Enhanced Security Admin Environment Active Directory Security Resource Kit Recorded March 4, 2026

WNYC has been targeted by scammers who posed as hosts and offered authors interviews -- for a fee (which WNYC would never do). Rachel Tobac, co-founder and CEO of Social Proof Security, and Kenneth Atkins, assistant director of IT and data security at WNYC, talk about how to spot sneaky online phishing scams, and how to deal if you fall for it. Photo: Stock image (Vertigo3d via Getty Creative)

Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT. The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful. RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He'll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today. Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach. RSAC Interview: OT: Segmented Today, Breached Tomorrow As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely. This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them! RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents. Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac. RSAC Interview: The Threat Curve Has Reset: Why AI Made “Solved” Attacks Dangerous Again AI hasn't just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even “solved” problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach. This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-457

Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT. The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful. RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He'll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today. Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach. RSAC Interview: OT: Segmented Today, Breached Tomorrow As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely. This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them! RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents. Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac. RSAC Interview: The Threat Curve Has Reset: Why AI Made "Solved" Attacks Dangerous Again AI hasn't just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even "solved" problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach. This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-457

Email scams have been around almost as long as there has been email. But between COVID and the rise of generative AI, they have gotten a lot more sophisticated, and have otherwise grown in scope and scale. Lily Hay Newman, senior writer at WIRED, talks about what we know about scammers, and how to protect yourself. Image by jabkitticha/Getty Creative

A .WAV With A Payload https://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Case https://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet https://morganrobertson.net/p4wned/