Podcasts about security risks

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

CrowdStrike research into AI coding assistants reveals a new, subtle vulnerability surface: When DeepSeek-R1 receives prompts the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security flaws increases by up to 50%. Stefan Stein, manager of the CrowdStrike Counter Adversary Operations Data Science team, joined Adam and Cristian for a live recording at Fal.Con 2025 to discuss how this project got started, the methodology behind the team's research, and the significance of their findings. The research began with a simple question: What are the security risks of using DeepSeek-R1 as a coding assistant? AI coding assistants are commonly used and often have access to sensitive information. Any systemic issue can have a major and far-reaching impact.  It concluded with the discovery that the presence of certain trigger words — such as mentions of Falun Gong, Uyghurs, or Tibet — in DeepSeek-R1 prompts can have severe effects on the quality and security of the code it produces. Unlike most large language model (LLM) security research focused on jailbreaks or prompt injections, this work exposes subtle biases that can lead to real-world vulnerabilities in production systems. Tune in for a fascinating deep dive into how Stefan and his team explored the biases in DeepSeek-R1, the implications of this research, and what this means for organizations adopting AI. 

This week, Lois Houston and Nikita Abraham are joined by Principal OCI Instructor Orlando Gentil to explore what truly keeps data safe, and what puts it at risk.   They discuss the CIA triad, dive into hashing and encryption, and shed light on how cyber threats like malware, phishing, and ransomware try to sneak past defenses.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hey everyone! Last week, we discussed how you can keep your data safe with authentication and authorization. Today, we'll talk about various security risks that could threaten your systems. 00:48 Lois: And to help us understand this better, we have Orlando Gentil, Principal OCI Instructor, back with us. Orlando, welcome back! Let's start with the big picture—why is security such a crucial part of our digital world today? Orlando: Whether you are dealing with files stored on a server or data flying across the internet, one thing is always true—security matters. In today's digital world, it's critical to ensure that data stays private, accurate, and accessible only to the right people.  01:20 Nikita: And how do we keep data private, secure, and unaltered? Is there a security framework that we can use to make sense of different security practices? Orlando: The CIA triad defines three core goals of information security.  CIA stands for confidentiality. It's about keeping data private. Only authorized users should be able to access sensitive information. This is where encryption plays a huge role. Integrity means ensuring that the data hasn't been altered, whether accidentally or maliciously. That's where hashing helps. You can compare a stored hash of data to a new hash to make sure nothing's changed. Availability ensures that data is accessible when it's needed. This includes protections like system redundancy, backups, and anti-DDoS mechanisms. Encryption and hashing directly support confidentiality and integrity. And they indirectly support availability by helping keep systems secure and resilient. 02:31 Lois: Let's rewind a bit. You spoke about something called hashing. What does that mean? Orlando: Hashing is a one-way transformation. You feed in data and it produces a unique fixed length string called a hash. The important part is the same input always gives the same output, but you cannot go backward and recover the original data from the hash. It's commonly used for verifying integrity. For example, to check if a file has changed or a message was altered in transit. Hashing is also used in password storage. Systems don't store actual passwords, just their hashes. When you log in, the system hashes what you type it and compare the stored hash. If they match, you're in. But your actual password was never stored or revealed. So hashing isn't about hiding data, it's about providing it hasn't changed. So, while hashing is all about protecting integrity, encryption is the tool we use to ensure confidentiality. 03:42 Nikita: Right, the C in CIA. And how does it do that? Orlando: Encryption takes readable data, also known as plaintext, and turns it into something unreadable called ciphertext using a key. To get the original data back, you need to decrypt it using the right key. This is especially useful when you are storing sensitive files or sending data across networks. If someone intercepts the data, all they will see is gibberish, unless they have the correct key to decrypt it. Unlike hashing, encryption is reversible as long as you have the right key. 04:23 Lois: And are there different types of encryption that serve different purposes? Orlando: Symmetric and asymmetric encryption. With symmetric encryption, the same key is used to both encrypt and decrypt the data. It's fast and great for securing large volumes of data, but the challenge lies in safely sharing the key. Asymmetric encryption solves that problem. It uses a pair of keys: public key that anyone can use to encrypt data, and a private key that only the recipient holds to decrypt it. This method is more secure for communications, but also slower and more resource-intensive. In practice, systems often use both asymmetric encryption to exchange a secure symmetric key and then symmetric encryption for the actual data transfer. 05:21 Nikita: Orlando, where is encryption typically used in day-to-day activities? Orlando: Data can exist in two primary states: at rest and in transit. Data at rest refers to data stored on disk, in databases, backups, or object storage. It needs protection from unauthorized access, especially if a device is stolen or compromised. This is where things like full disk encryption or encrypted storage volumes come in. Data in transit is data being sent from one place to another, like a user logging into a website or an API sending information between services. To protect it from interception, we use protocols like TLS, SSL, VPNs, and encrypted communication channels. Both forms data need encryption, but the strategies and threats can differ. 06:19 Lois: Can you do a quick comparison between hashing and encryption? Orlando: Hashing is one way. It's used to confirm that data hasn't changed. Once data is hashed, it cannot be reversed. It's perfect for use cases like password storage or checking the integrity of files. Encryption, on the other hand, it's two-way. It's designed to protect data from unauthorized access. You encrypt the data so only someone with the right key can decrypt and read it. That's what makes it ideal for keeping files, messages, or network traffic confidential. Both are essential for different reasons. Hashing for trust and encryption for privacy. 07:11 Adopting a multicloud strategy is a big step towards future-proofing your business and we're here to help you navigate this complex landscape. With our suite of courses, you'll gain insights into network connectivity, security protocols, and the considerations of working across different cloud platforms. Start your journey to multicloud today by visiting mylearn.oracle.com.  07:39 Nikita: Welcome back! When we talk about cybersecurity, we hear a lot about threats and vulnerabilities. But what do those terms really mean? Orlando: In cybersecurity, a threat is a potential danger and a vulnerability is a weakness an asset possess that a threat can exploit. When a threat and a vulnerability align, it creates a risk of harm. A threat actor then performs an exploit to leverage that vulnerability, leading to undesirable impact, such as data loss or downtime. After an impact, the focus shifts to response and recovery to mitigate damage and restore operations.  08:23 Lois: Ok, let's zero in on vulnerabilities. What counts as a vulnerability, and what categories do attackers usually target first?  Orlando: Software and hardware bugs are simply unintended flaws in a system's core programming or design. Misconfigurations arise when systems aren't set up securely, leaving gaps. Weak passwords and authentication provide easy entry points for attackers. A lack of encryption means sensitive data is openly exposed. Human error involves mistakes made by people that unintentionally create security risks. Understanding these common vulnerability types is the first step in building more resilient and secure systems as they represent the critical entry points attackers leverage to compromise systems and data. By addressing these, we can significantly reduce our attack surface and enhance overall security.  09:28 Nikita: Can we get more specific here? What are the most common cybersecurity threats that go after vulnerabilities in our systems and data? Orlando: Malware is a broad category, including viruses, worms, Trojans, and spyware. Its goal is to disrupt or damage systems. Ransomware has been on the rise, targeting everything from hospitals to government agencies. It lock your files and demands a ransom, usually in cryptocurrency. Phishing relies on deception. Attackers impersonate legitimate contacts to trick users into clicking malicious links or giving up credentials. Insider threats are particularly dangerous because they come within employees, contractors, or even former staff with lingering access. Lastly, DDoS attacks aim to make online services unavailable by overwhelming them with traffic, often using a botnet—a network of compromised devices. 10:34 Lois: Orlando, can you walk us through how each of these common cybersecurity threats work? Orlando: Malware, short for malicious software, is one of the oldest and most pervasive types of threats. It comes in many forms, each with unique methods and objectives. A virus typically attaches itself to executable files and documents and spreads when those are shared or opened. Worms are even more dangerous in networked environments as they self-replicate and spread without any user action. Trojans deceive users by posing as harmless or helpful applications. Once inside, they can steal data or open backdoors for remote access. Spyware runs silently in the background, collecting sensitive information like keystrokes or login credentials. Adware might seem like just an annoyance, but it can also track your activity and compromise privacy. Finally, rootkits are among the most dangerous because they operate at a low system level, often evading detection tools and allowing attackers long-term access. In practice, malware can be a combination of these types. Attackers often bundle different techniques to maximize damage.  12:03 Nikita: And what about ransomware? Why it is such a serious threat? Orlando: Ransomware has become one of the most disruptive and costly types of cyber attacks in recent years. Its goal is simple but devastating, to encrypt your data and demand payment in exchange for access. It usually enters through phishing emails, insecure remote desktop protocol ports or known vulnerabilities. Once inside, it often spreads laterally across the network before activating, ensuring maximum impact. There are two common main forms. Crypto ransomware encrypts user files, making them inaccessible. Locker ransomware goes a step further, locking the entire system interface, preventing any use at all. Victims are then presented with a ransom note, typically requesting cryptocurrency payments in exchange for the decryption key. What makes ransomware so dangerous is not just the encryption itself, but the pressure it creates. Healthcare institutions, for instance, can't afford the downtime, making them prime targets.  13:18 Lois: Wow. Thanks, Orlando, for joining us today.  Nikita: Yeah, thanks Orlando. We'll be back next week with more on how you use security models to tackle these threats head-on. And if you want to learn about the topics we covered today, go to mylearn.oracle.com and search for the Cloud Tech Jumpstart  course. Until next time, this is Nikita Abraham… Lois: And Lois Houston, signing off! 13:42 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

In this episode of Alexa's Input (AI) Podcast, host Alexa Griffith sits down with Liana Tomescu, founder of Sonny Labs and host of the AI Hacks podcast. Dive into the world of AI security and compliance as Liana shares her journey from Microsoft to founding her own company. Discover the challenges and opportunities in making AI applications secure and compliant, and learn about the latest in AI regulations, including the EU AI Act. Whether you're an AI enthusiast or a tech professional, this episode offers valuable insights into the evolving landscape of AI technology.LinksSonnyLabs Website: https://sonnylabs.ai/SonnyLabs LinkedIn: https://www.linkedin.com/company/sonnylabs-ai/Liana's LinkedIn: https://www.linkedin.com/in/liana-anca-tomescu/Alexa's LinksLinkTree: https://linktr.ee/alexagriffithAlexa's Input YouTube Channel: https://www.youtube.com/@alexa_griffithWebsite: https://alexagriffith.com/LinkedIn: https://www.linkedin.com/in/alexa-griffith/Substack: https://alexasinput.substack.com/KeywordsAI security, compliance, female founder, Sunny Labs, EU AI Act, cybersecurity, prompt injection, AI agents, technology innovation, startup journeyChapters00:00 Introduction to Liana Tomescu and Sunny Labs02:53 The Journey of a Female Founder in Tech05:49 From Microsoft to Startup: The Transition09:04 Exploring AI Security and Compliance11:41 The Role of Curiosity in Entrepreneurship14:52 Understanding Sunny Labs and Its Mission17:52 The Importance of Community and Networking20:42 MCP: Model Context Protocol Explained23:54 Security Risks in AI and MCP Servers27:03 The Future of AI Security and Compliance38:25 Understanding Prompt Injection Risks45:34 The Shadow AI Phenomenon45:48 Navigating the EU AI Act52:28 Banned and High-Risk AI Practices01:00:43 Implementing AI Security Measures01:17:28 Exploring AI Security Training

PREVIEW. The DeepSeek AI Model: Low Cost, Open Source, and Security Risks. John Batchelor and Jack Burnham discuss the US-China AI contest and microchips, noting China's ban on the best chips. DeepSeek, an open-source, low-cost model, is appealing but may not perform as well as American models. Concerns persist about its true costs, potential use of Nvidia chips, and security flaws like providing CCP talking points. 1954

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

Send us a textSecurity gets sharper when we stop treating AI like magic and start treating it like an untrusted user. We sit down with Eric Galinkin to unpack the real-world ways red teams and defenders are using language models today, where they fall apart, and how to build guardrails that hold up under pressure. From MCP servers that look a lot like ordinary APIs to the messy truths of model hallucination, this conversation trades buzzwords for practical patterns you can apply right now.Eric shares takeaways from Offensive AI Con: how models help triage code and surface likely bug classes, why decomposed workflows beat “find all vulns” prompts, and what happens when toy benchmarks meet stubborn, real binaries. We explore reinforcement learning environments as a scalable way to train security behaviors without leaking sensitive data, and we grapple with the uncomfortable reality that jailbreaks aren't going away—so output validation, sandboxing, and principled boundaries must do the heavy lifting.We also dig into Garak, the open-source system security scanner that targets LLM-integrated apps where it hurts: prompted cross-site scripting, template injection in Jinja, and OS command execution. By mapping findings to CWE, Garak turns vague model “misbehavior” into concrete fixes tied to known controls. Along the way, we compare GPT, Claude, and Grok, talk through verification habits to counter confident nonsense, and zoom out on careers: cultivate niche depth, stay broadly literate, and keep your skepticism calibrated. If you've ever wondered how to harness AI without handing it the keys to prod, this one's for you.Enjoyed the episode? Follow, share with a teammate, and leave a quick review so more builders and defenders can find the show.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Enjoying the content? Let us know your feedback!Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was racing to release AI-powered browsers that don't just load web pages—they can read your emails, book your travel, and access every logged-in account you have, all autonomously. The marketing promises unprecedented productivity, but security researchers found critical vulnerabilities within days—attacks where a single Reddit comment could drain your bank account or a malicious website could steal all your emails without you knowing. Today, we're breaking down what it means for your security, asking the question that actually matters: Are AI browsers a productivity breakthrough or a security disaster? Let's dive in.- https://openai.com: Introducing ChatGPT Atlas- https://www.perplexity.ai: Introducing Comet- https://blogs.windows.com: Your AI BrowserBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

On this episode of the Tudor Dixon Podcast, Nebraska Attorney General Mike Hilgers exposes the growing threats posed by foreign surveillance technology—especially from Chinese companies—and what it means for American privacy and national security. From everyday devices like baby monitors to popular apps such as TikTok, Hilgers warns how consumer technology can be weaponized for espionage, data harvesting, and misinformation campaigns. He underscores the urgent need for federal action and stronger safeguards while urging individuals to stay vigilant about the products and platforms they trust. The Tudor Dixon Podcast is part of the Clay Travis & Buck Sexton Podcast Network. For more visit TudorDixonPodcast.comSee omnystudio.com/listener for privacy information.

In this conversation, Aidan Larkin sits down with Alison Jimenez, President of Dynamic Securities Analytics and AML expert witness, to unpack the realities of crypto crime, the challenges it poses for asset recovery, and the risks surrounding strategic Bitcoin reserves. They explore how digital assets are used for illicit purposes, why a common industry definition matters, the critical role of the asset recovery ecosystem, and how geopolitical tensions can expose vulnerabilities in decentralized systems. Timestamps 00:00 – Introduction and Background 00:30 – Defining Crypto Crime 00:59 – Asset Recovery Ecosystem 01:12 – Strategic Reserves and Security Risks 18:26 – Crypto's Role in Illicit Activities 28:58 – Analysing Crypto Crime Metrics About our Guest Alison Jimenez is the President of Dynamic Securities Analytics and an AML expert witness. As a former securities regulator and economist, she advises on financial crime cases, including fraud, corruption, and cryptocurrency scams. Alison has helped define crypto crime, exploring how digital assets enable illicit activity and highlighting the national security risks of Bitcoin strategic reserves. Key TakeawaysDefining Crypto Crime: Establishing a common industry definition for crypto crime is essential for effectively addressing and understanding the misuse of cryptocurrency in illegal activities. Asset Recovery Ecosystem: Asset recovery is crucial for reducing the financial incentives for crime, emphasizing its role in combating illicit finance. Cross-Border Illicit Activities: Cryptocurrency facilitates cross-border illicit activities, posing challenges for law enforcement and necessitating international cooperation to address these issues effectively. Decentralisation Challenges: Centralised chip production undermines crypto's decentralisation, highlighting vulnerabilities in strategic reserves and the need for robust security measures. National Security Risks: Strategic Bitcoin reserves pose national security risks due to geopolitical tensions, which can impact the security and stability of these reserves. Resources Mentioned Alison's Securities Analytics blog Alison's op-ed on Strategic Bitcoin Reserves and National SecurityAmazon | There's No Such Thing as Crypto Crime by Nick Furneaux Nick Furneaux on Seize & Desist Miles Johnson on Seize & Desist Stay Connected Dive deeper into the world of asset recovery with Seize & Desist. Subscribe for exclusive insights into the stories that are redefining asset recovery: https://link.cohostpodcasting.com/b36b929c-6ca3-4e49-8258-44c310d012c9?d=sG5Qi2MdL DisclaimerOur podcasts are for informational purposes only. They are not intended to provide legal, tax, financial, and/or investment advice. Listeners must consult their own advisors before making decisions on the topics discussed. Asset Reality has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Asset Reality employees are those of the employees and do not necessarily reflect the views of the company. Asset Reality does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Asset Reality.

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open:• Nerd Out EP 61. The 2/3 of the Year Awards!Main Topics:FBI PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally. Info Ops: • Most Adults in 25 Countries Say Spread of False Information Is a Top National Threat. The findings come from Pew's seventh iteration of its Global Attitudes Survey: International Opinion on Global Threats, which was last published in 2022. • Foreign disinformation enters AI-powered era. At least one China-based technology company, GoLaxy, seems to be using generative AI to build influence operations in Taiwan and Hong Kong… Documents also show that GoLaxy has created profiles for at least 117 members of Congress and over 2,000 American political figures and thought leaders.• Toxic politics and TikTok engagement in the 2024 U.S. election• Why wind farms attract so much misinformation and conspiracy theory UN - Terror threat posed by ISIL ‘remains volatile and complex,' Security Council hears. The threat posed by the terrorist group ISIL – known more widely in the Middle East as Da'esh – remains dynamic and diverse, with Africa currently experiencing the highest level of activity worldwide.• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General for Counter-Terrorism, United Nations Office of Counter-Terrorism. • PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General, United Nations Office of Counter-Terrorism.• UN Report: ISIS Fighters' Migration to Afghanistan and the Taliban's Failure• ISIS-K poses major threat with 2,000 fighters in Afghanistan, UN saysFEMA Employees Warn That Trump Is Gutting Disaster Response. After Hurricane Katrina, Congress passed a law to strengthen the nation's disaster response. FEMA employees say the Trump administration has reversed that progress. Employees at the Federal Emergency Management Agency wrote to Congress on Monday warning that the Trump administration had reversed much of the progress made in disaster response and recovery since Hurricane Katrina pummeled the Gulf Coast two decades ago. The letter to Congress, titled the “Katrina Declaration,” rebuked President Trump's plan to drastically scale down FEMA and shift more responsibility for disaster response — and more costs — to the states. It came days before the 20th anniversary of Hurricane Katrina, one of the deadliest and costliest storms to ever strike the United States.Quick Hits:• 25% of security leaders replaced after ransomware attack• Gate 15: Hack Yourself First: Pen Testing for Prevention • FB-ISAO: Ransomware Incident Review January to June 2025• Dissecting PipeMagic: Inside the architecture of a modular backdoor framework• Maryland Transit Administration says cybersecurity incident is affecting some of its servicesNevada state government offices closed after network security incident• Audit of Antisemitic Incidents 2024• MIT report: 95% of generative AI pilots at companies are failing• Report: Russian Sabotage Operations In Europe Have Quadrupled Since 2023• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials• Risky Bulletin: NIST releases face-morphing detection guideline• CVE-2025–41688: Bypassing Restrictions in an OT Remote Access Device• Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Anthropic's Model Context Protocol (MCP) has become the standard for connecting AI agents to tools and data, but its security has lagged behind. In The New Stack Agents podcast, Tzvika Shneider, CEO of API security startup Pynt, discussed the growing risks MCP introduces. Shneider sees MCP as a natural evolution from traditional APIs to LLMs and now to AI agents. However, MCP adds complexity and vulnerability, especially as agents interact across multiple servers. Pynt's research found that 72% of MCP plugins expose high-risk operations, like code execution or accessing privileged APIs, often without proper approval or validation. The danger compounds when untrusted inputs from one agent influence another with elevated permissions. Unlike traditional APIs, MCP calls are made by non-deterministic agents, making it harder to enforce security guardrails. While MCP exploits remain rare for now, most companies lack mature security strategies for it. Shneider believes MCP merely highlights existing API vulnerabilities, and organizations are only beginning to address these risks. Learn more from The New Stack about the latest in Model Context Protocol: Model Context Protocol: A Primer for the Developers Building With MCP? Mind the Security Gaps MCP-UI Creators on Why AI Agents Need Rich User InterfacesJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

The United States and China are locked in a race for dominance in artificial intelligence, including its applications and diffusion. American and Chinese AI firms like OpenAI and DeepSeek respectively have captured global attention and major companies like Google and Microsoft have been actively investing in AI development. While the US currently boasts world-leading AI models, China is ahead in some areas of AI research and application. With the release of US and Chinese AI action plans in July, we may be on the cusp of a new phase in US-China AI competition.Why is AI so important for a country's global influence? What are the strengths of China's AI strategy? And what does China's new AI action plan tell us about its AI ambitions? To discuss these questions, we are joined by Owen Daniels. Owen is the Associate Director of Analysis at Georgetown's Center for Security and Emerging Technology and a Non-Resident Fellow at the Atlantic Council. His recently published article in Foreign Affairs co-authored with Hanna Dohmen -- titled China's Overlooked AI Strategy -- provides insights into how Beijing is utilizing AI to gain global dominance and what the US can and should do to sustain and bolster its lead.Timestamps[00:00] Start [02:05] US Policy Risks to Chinese AI Leadership [05:28] Deepseek and Kimi's Newest Models  [07:54] US vs. China's Approach to AI [10:42] Limitations to China's AI Strategy  [13:08] Using AI as a Soft Power Tool  [16:10] AI Action Plans  [19:34] Trump's Approach to AI Competition [22:30] Can China Lead Global AI Governance?  [25:10] Evolving US Policy for Open Models

As the U.S. faces rising global threats, a new warning from national security leaders is raising alarms at home. The National Security Leaders for America (NSL4A) say recent layoffs at the State Department, impacting over 2,000 positions—could do “lasting harm” to U.S. foreign policy and national security. The group says rebuilding the diplomatic corps will require more than just hiring, it will take a generational investment in talent, training, and trust. Here with the details behind this position is former Ambassador Gordon Gray.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

China's cyberspace regulator has summoned Nvidia over alleged security risks concerning its H20 AI chip sold to China.

In this episode, I sit down with Daniel Bardenstein, CTO & Co-Founder of Manifest Cyber.We discussed the AI supply chain security, including open source risks, AIBOMs, best practices for CISOs, and regulatory approaches in the U.S. and EU.We dove into:What is the same and different between the risks AI introduces across the enterprise compared to open source software, and where and how the two converge.The rise of an “AIBOM” and why it is becoming a critical part of enterprise risk management in the AI EraThe work Daniel and others are doing as part of a Tiger Team defining “SBOM-for-AI-Use Cases”.Why is it so difficult for organizations to gain visibility into their AI models' internals, especially training data, model provenance, and pipeline dependencies?Where CISOs and security teams can get started when it comes to understanding where and how AI is being used and avoiding some mistakes.Gaps among the current waves of AI security startups and how they contrast with the approach Manifest is taking when managing AI supply chain risks.Real-world insights and examples of how organizations operationalize SBOM for risk reduction.Key differences between the U.S. and EU regarding regulatory approaches to AI and supply chain security risks.

In this episode of Energy Newsbeat – Conversations in Energy, Stuart Turley, along with industry experts Doomberg, Mike Umbro, and David Blackmon, discusses the ongoing energy and political crisis in California, particularly focusing on the state's energy policies, oil production, and refinery shutdowns. They highlight the mismanagement of California's resources, the decline in domestic oil production, and the state's reliance on imported oil, including sources such as Russia and Iran that are controversial. The discussion highlights the national security risks associated with California's energy policies and their broader implications for the U.S. economy and energy independence, with a call for federal intervention to address the crisis and support sustainable energy solutions.Highlights of the Podcast 00:00 - Intro00:28 - Doomberg's Insights on California's Energy Crisis05:10 - Mike Umbro on California's Energy Decline08:30 - David Blackmon Talks Refinery Shutdowns09:20 - California's Imports and National Security13:08 - The EV Mandate and Its Impact on California's Economy16:49 - The Lack of Infrastructure in California19:25 - The Political Situation in California25:58 - How the Federal Government Can Help30:12 - Chevron's Role in California's Energy Future34:19 - Closing Thoughts and Final RemarksCheck out the Energy News Beat Substack for the full article and a list of California National Security issues we've covered in the last two weeks. https://theenergynewsbeat.substack.com/And Check out Doomberg at https://doomberg.com/and David Blackmon at https://blackmon.substack.com/And Mike Umbro on X https://x.com/MikeUmbro

A recent report by Auvik reveals significant challenges faced by managed service providers (MSPs), highlighting issues such as tool sprawl, burnout among IT professionals, and the increasing reliance on IT generalists. The report indicates that 50% of MSPs use over ten tools to manage client networks, with many professionals experiencing high levels of stress and burnout. The ongoing retirement of baby boomers in the IT sector exacerbates these issues, leading to a demand for specialists who can assist generalists in navigating the complexities of technology. Key areas of interest for IT professionals include cybersecurity planning and cloud computing, as they seek to enhance productivity and user experience.In addition to the challenges faced by MSPs, two significant cybersecurity incidents have come to light. Kaseya's Network Detective tool was found to have critical vulnerabilities that could expose sensitive data across managed environments. Similarly, a flaw in McDonald's chatbot job application platform compromised the personal information of over 64 million applicants due to weak security measures. These incidents underscore the importance of robust vendor security practices, as clients often hold their MSPs accountable for data breaches, regardless of the source.The podcast also discusses the ongoing struggle for right-to-repair legislation, which has seen limited enforcement despite public support. A report indicates that many products lack accessible repair materials, and manufacturers continue to resist changes that would facilitate repairs. This situation presents an opportunity for service firms to incorporate repairability into their procurement strategies and asset management services, aligning with client values around sustainability and cost control.Finally, Sonomi has launched new tools aimed at enhancing business impact analysis and continuity planning for cybersecurity professionals. These tools are designed to help MSPs communicate the business value of cybersecurity to leadership, shifting the perception of security from a cost center to a value driver. The success of these initiatives will depend on MSPs' ability to integrate these features into their service delivery, ultimately positioning them as strategic partners who understand both technology and business needs. Four things to know today 00:00 Auvik Report Warns MSPs of Tool Sprawl, Talent Drain, and Rising Burnout04:10 Kaseya and McDonald's Incidents Reveal Fragile Trust in Vendor Security Practices07:01 Manufacturers Withhold Parts, Manuals Despite State-Level Repair Rights Legislation08:40 Cynomi Adds Business Impact and Continuity Planning Tools to Help MSPs Drive Strategic Outcomes This is the Business of Tech.    Supported by: https://getflexpoint.com/msp-radio/ ThreatDown Webinar:  https://bit.ly/threatdown  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information

Artificial intelligence (AI) is evolving beyond a mere tool to become the foundational operating system for modern businesses, particularly in the SMB and mid-market sectors. Anurag Agarwal, founder and chief global analyst at TechIsle, discusses the transformative potential of AI as an operating system (AIOS), which would integrate intelligent capabilities at the core of computing. This concept envisions a system that learns user behavior, anticipates needs, and automates tasks, blurring the lines between user intent and system action. However, Agarwal emphasizes that we are still in the early stages of this evolution, with AIOS being more of an aspirational goal than a current reality.The conversation also delves into the concept of agentic AI, which represents a shift from traditional robotic process automation (RPA) to more autonomous, judgment-driven automation. While many SMBs are exploring agentic AI for applications like customer service and IT operations, the adoption remains nascent. The research indicates that businesses are looking for solutions that can handle complex processes without human intervention, highlighting the need for operational autonomy. Agarwal points out that the challenges of integrating AI into existing workflows and ensuring accountability for AI-driven decisions are significant hurdles that need to be addressed.Security is another critical theme discussed, as AI presents both opportunities and risks. The podcast highlights the dual nature of AI as a "sword and a shield," where it can be used to enhance security measures but also introduces new attack vectors. Threats such as social engineering, data poisoning, and automated exploitation are becoming more prevalent, necessitating advanced security solutions. Agarwal mentions that while some vendors are making strides in AI-powered security, there is still a gap in readiness for SMBs and mid-market firms to effectively implement these solutions.Finally, the discussion touches on the importance of unified experience platforms (UXPs) that integrate customer and employee experiences. Agarwal explains that these platforms aim to streamline communication and enhance interactions across various touchpoints, ultimately driving operational efficiency and customer satisfaction. However, there is a notable gap in the readiness of the partner channel to implement these solutions effectively. The conversation concludes with a call for MSPs to focus on understanding customer needs and building their capabilities to bridge this gap, ensuring they can deliver the integrated solutions that businesses are increasingly seeking. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

National security expert Frank Gaffney joins Kevin Freeman to reveal urgent threats facing America — from Iranian sleeper cells to Chinese bio-warfare targeting our food supply. Discover the shocking realities of open borders, extremist enclaves, and how adversaries exploit our vulnerabilities. Gaffney shares insider details on coalitions fighting back and what every American must do to be prepared. Don't miss these eye-opening insights and practical tips to protect your family and nation.

This week on Blurry Hysteria, we dive into two stories that are equal parts science, sweat, and straight-up strange.First up: What if your next computer wasn't silicon but flesh? That's right—British scientists have created a "living" brain chip made of human neurons, and now you can rent it like it's a haunted Airbnb. Is it the future of computing or the first step toward Skynet with skin?Then, we travel from the uncanny valley to the swampy undercarriage of airport security. The TSA is sounding the alarm—literally—thanks to a little-known phenomenon known as “swamp crotch.” Turns out excessive groin sweat might be your ticket to a full pat-down. Moisture and metal detectors don't mix, folks.From meat-based microchips to moisture-based misfires, join us for a perfectly weird cocktail of cutting-edge tech and humid horror stories.Listen now before your pants set off national security protocols.Links & Resources

In back-to-back episodes, Tara covers the full fallout from Operation Midnight Hammer, the largest B-2 bomber mission in U.S. history targeting Iran's nuclear facilities. With unmatched coordination and zero U.S. casualties, the mission showcases American military dominance—but also exposes deep fractures at home. Tara explores how Democrat leaders, sheriffs, and media allies appear to side with Iran, even mourning the destruction of nuclear sites. She highlights growing fears of Iranian sleeper cells, border failures under Biden, and the bizarre way a pizza delivery app may have leaked signs of war before any official news broke. A powerful exposé on military strength, political betrayal, and what it takes to keep America safe.

National security concerns have been the invisible hand guiding governance throughout recorded history. In the 20th century, it was defined by a country versus country dynamic: whichever nation was the strongest and most strategic was also the safest. But today, our biggest national security threats don't come from opposing nations – they are “actorless threats” that emerge from the breakdown of the complex systems we all depend on – from the stability of our planetary systems to our intricately complex and fragile global supply chains. In this unprecedented landscape, what is required of us in order to keep our citizens safe?  In this episode, Nate is joined by Rod Schoonover, an expert at the intersection of Earth systems stress and national security, where they discuss the need for the evolution of national defense to address the systemic (and diffuse) threats of the 21st century. Rod emphasizes the need for a reformed security sector that addresses contemporary challenges, like global heating that leads to extreme climatic events, urging immediate action to mitigate risks and enhance stability. Importantly, they also delve into the need for political leadership to embrace complexity and local resilience when tackling these pressing issues. How do we unite against ‘actorless' threats, even when we don't have someone to blame for their damages? Where have leadership and governance already begun to adapt to address these existential concerns, and where are we seeing failures? Finally, how could incorporating more cooperative principles at every level of society transform our ability to bend – not break – under the weight of our human predicament?  (Conversation recorded on May 6th, 2025)   About Rod Schoonover: Rod Schoonover is the CEO and Founder of the Ecological Futures Group, Adjunct Professor at Georgetown University, Senior Associate Fellow at the Stockholm International Peace Research Institute (SIPRI), and Senior Associate at the Center for Strategic and International Studies.  Rod served a decade in the U.S. intelligence community as the Director of Environment and Natural Resources at the National Intelligence Council in the Office of the Director of National Intelligence and as Senior Scientist and Senior Analyst in the State Department's Bureau of Intelligence and Research. Before joining the government as a AAAS Diplomacy Fellow in 2009, Rod was a tenured Professor in the Department of Chemistry and Biochemistry at Cal Poly, San Luis Obispo. Dr. Schoonover earned his PhD in theoretical chemical physics at the University of Michigan, where he studied complex systems.   Show Notes and More Watch this video episode on YouTube   Want to learn the broad overview of The Great Simplification in 30 minutes? Watch our Animated Movie.   --- Support The Institute for the Study of Energy and Our Future Join our Substack newsletter Join our Discord channel and connect with other listeners

A recent report from SailPoint reveals a significant contradiction in the IT sector: while 96% of IT professionals view artificial intelligence agents as a security risk, an overwhelming 98% still plan to expand their use within organizations over the next year. The study highlights that although 84% of respondents currently utilize AI agents, only 44% have established governance policies for their behavior. This lack of oversight is concerning, especially as 80% of respondents reported that these agents have acted in unexpected and potentially harmful ways. The need for stringent governance and security protocols for AI agents is becoming increasingly urgent.In the realm of cloud computing, dissatisfaction is on the rise among organizations, with Gartner estimating that up to 25% may face significant disappointment due to unexpected costs and management complexities. Many organizations lack coherent cloud strategies, leading to issues like vendor lock-in. A notable example is 37Signals, which faced a $3.2 million bill for cloud services, prompting a migration back to on-premises infrastructure. As organizations adopt multi-cloud strategies, Gartner warns that more than half may not achieve their expected outcomes, further complicating the landscape.The podcast also discusses a new Texas law requiring Apple and Google to verify the ages of users accessing their app stores, a move that shifts the liability of age enforcement onto these tech giants. This trend reflects a broader governmental push to redefine digital intermediaries as compliance gatekeepers, which could lead to increased regulatory burdens for tech companies. As data sovereignty becomes a priority, organizations are urged to adapt their strategies to align with new privacy and age verification mandates.Lastly, the episode touches on intriguing revelations, such as the CIA's covert use of a Star Wars fan site for secure communications and the persistence of outdated operating systems like Windows XP in various sectors. These stories underscore the complexities of digital infrastructure and the importance of understanding data privacy implications. As reliance on voice-activated technologies grows, the need for IT providers to educate clients about data retention and privacy policies becomes critical, especially in a landscape where everyday devices can act as silent data hoarders. Four things to know today 00:00 IT Leaders Expand AI Agent Use Despite Governance Gaps and Cloud Disillusionment06:08 Dell Surges on AI Server Demand While HP Struggles With Tariffs and Consumer Weakness09:17 Texas Law Forces Apple and Google to Enforce Age Verification, Marking Shift in Platform Liability10:50 CIA Spy Site, Smart Speaker Surveillance, and Legacy Software Reveal Overlooked Digital Threat Surfaces Supported by:  https://afi.ai/office-365-backup/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Tom and co-host Producer Drew take listeners deep into the high-stakes world of global economics, trade wars, and political theater with none other than special guest Donald Trump. As President Trump celebrates the announcement of a new, potentially game-changing trade deal with the UK, Tom and Drew rigorously break down what it really means for American exports, tariffs, and the unfolding chess match with China. The conversation doesn't pull punches, exploring not only the economic realities facing the US but also the psychological strategies behind deal-making on the world stage. Tom and Drew offer behind-the-scenes analysis of political spin, the art of negotiation, and the critical importance of international alliances in the context of escalating trade tensions. Get ready for an unvarnished exploration of geopolitics, leadership styles, and the strategies shaping the future of American business and security. SHOWNOTES00:00 – Trump's Announcement: US-UK Trade Deal Overview01:05 – Tariff Breakdown: Who Really Won?02:07 – Negotiation Psychology & Political Theater03:52 – The UK's Perspective and Global Positioning05:24 – Isolating China: The Bigger Strategic Game07:02 – Building Alliances: The Path to Outmaneuvering China09:02 – Switzerland Talks: US and China Meet, But Will Anything Change?10:13 – Economic Resilience: Comparing US and Chinese “Dry Powder”12:54 – Trade War Tactics: Currency Manipulation and Industrial Policy14:29 – Why US-China Competition is More Than Just Math16:28 – Critical Supply Chains: Chips, Drones, and Strategic Independence18:37 – Measuring Success: When Will We Know If These Deals Pay Off?20:47 – Partisan Spin and the Reality of Global Power Plays21:25 – Political Theater: Inside Congressional Testimonies and Bureaucracy23:23 – The Doge Debate: Audits, Efficiency, and Tech's Role in Government27:11 – Security Risks or Political Kabuki? The Doge Employees Controversy29:33 – Why Government Efficiency Matters & What's At Stake33:02 – Can Tech-Led Solutions Fix America's Fiscal Future? CHECK OUT OUR SPONSORS ButcherBox: Ready to level up your meals? Go to ⁠https://ButcherBox.com/impact⁠ to get $20 off your first box and FREE bacon for life with the Bilyeu Box! Vital Proteins: Get 20% off by going to ⁠https://www.vitalproteins.com⁠ and entering promo code IMPACT at check out Netsuite: Download the CFO's Guide to AI and Machine Learning at ⁠https://NetSuite.com/THEORY⁠ iTrust Capital: Use code IMPACTGO when you sign up and fund your account to get a $100 bonus at ⁠https://www.itrustcapital.com/tombilyeu⁠  Mint Mobile: If you like your money, Mint Mobile is for you. Shop plans at ⁠https://mintmobile.com/impact.⁠  DISCLAIMER: Upfront payment of $45 for 3-month 5 gigabyte plan required (equivalent to $15/mo.). New customer offer for first 3 months only, then full-price plan options available. Taxes & fees extra. See MINT MOBILE for details. What's up, everybody? It's Tom Bilyeu here: If you want my help... STARTING a business:⁠ join me here at ZERO TO FOUNDER⁠ SCALING a business:⁠ see if you qualify here.⁠ Get my battle-tested strategies and insights delivered weekly to your inbox:⁠ sign up here.⁠ ********************************************************************** If you're serious about leveling up your life, I urge you to check out my new podcast,⁠ Tom Bilyeu's Mindset Playbook⁠ —a goldmine of my most impactful episodes on mindset, business, and health. Trust me, your future self will thank you. ********************************************************************** LISTEN TO IMPACT THEORY AD FREE + BONUS EPISODES on APPLE PODCASTS:⁠ apple.co/impacttheory⁠ ********************************************************************** FOLLOW TOM: Instagram:⁠ https://www.instagram.com/tombilyeu/⁠ Tik Tok:⁠ https://www.tiktok.com/@tombilyeu?lang=en⁠ Twitter:⁠ https://twitter.com/tombilyeu⁠ YouTube:⁠ https://www.youtube.com/@TomBilyeu Learn more about your ad choices. Visit megaphone.fm/adchoices