POPULARITY
Categories
How do you secure your organization's data to let AI technologies work safely? Richard chats with Martina Grom about her experiences helping sysadmins responsibly bring the power of Microsoft M365 Copilot into their organizations. Martina discusses setting up security and monitoring with tools like Microsoft Purview, enabling visibility into where copilots are working and who is using them. Once the measuring tools are in place, you can begin to establish limitations for the AI without compromising regular employee workflows. Check the show links for a list of great tools you can use to get M365 Copilot working for your organization safely!LinksGovernance Toolkit 365EU AI ActData, Privacy, and Security for Microsoft 365 CopilotTranslating with CopilotConfiguring SharePoint with Entra IDMicrosoft PurviewData Loss PreventionMicrosoft Purview Compliance ManagerData Security Posture Management for AISharePoint Advanced ManagementCopilot in Microsoft 365 Admin CentersRecorded July 16, 2025
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
Are you tapping the power of Microsoft Graph? Richard chats with Tony Redmond about his work teaching people to leverage Microsoft Graph and all the insights it can provide about their organization. Tony views Graph as one of the key skills a sysadmin needs to manage an M365 tenant, alongside Exchange Online, SharePoint, and Teams. Throw in some Entra ID skills with Graph and you're ready to take on the rest - and there's a lot! Tony is also responsible for the excellent Office 365 for IT Pros book, now in its 12th edition for 2026. These are the fundamentals that can help you embrace the Copilot future we're all facing - and there's a lot to learn!LinksGraph PowerShell SDKAzure AutomationOffice 365 for IT Pros 2026 EditionMaesterAgent Governance in M365Secure Future InitiativeLinkable Identifiers in Microsoft EntraRecorded July 24, 2025
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
The panel discusses Apple's AI talent losses amid a rumored shift to third-party models, Meta's aggressive recruitment, and speculation on Apple's long-term AI strategy. Chuck Joiner, David Ginsburg, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Guy Serle, Jim Rea, and Jeff Gamet cover Sonos appointing Tom Conrad as CEO, Google's new AI search experiment, a significant SharePoint security breach, and controversy over the women-only Tea app following a massive data exposure and class action lawsuit. http://traffic.libsyn.com/maclevelten/MV25213.mp3 Today's MacVoices is supported by CleanMyMac and the new Cloud Cleanup feature. Get Tidy Today! Try 7 days free and use the code MACVOICES20 for 20% off at clnmy.com/MACVOICES. Show Notes: Chapters: [0:00] Introduction and Apple AI researcher departure to Meta [2:28] Apple's AI strategy shift and market perception [5:08] Practical vs. flashy AI implementations at Apple [7:51] Perspectives on Meta's aggressive AI hiring [9:40] Interpreting Apple's AI direction and talent movement [12:15] Sonos appoints Tom Conrad as CEO [15:47] Google's new AI search product discussion [18:18] SharePoint hack impacts U.S. nuclear agency [19:23] The Tea app controversy and data exposure [27:50] Social shaming and safe spaces online [29:59] Closing remarks and support information Links: Apple just lost another AI researcher as it weighs shift to third-party models https://9to5mac.com/2025/07/29/apple-just-lost-another-ai-researcher-as-it-weighs-shift-to-third-party-models/ Sonos gets to keeps its CEO, as a treat https://www.engadget.com/big-tech/sonos-gets-to-keeps-its-ceo-as-a-treat-164559137.html Google Might Have Made an AI Search Product I Actually Like https://lifehacker.com/tech/google-ai-search-web-guide US nuclear weapons agency breached using Microsoft SharePoint hack https://www.engadget.com/cybersecurity/us-nuclear-weapons-agency-breached-using-microsoft-sharepoint-hack-120027770.html The Microsoft SharePoint breach was massive. The response has been minimal https://www.fastcompany.com/91373183/microsoft-sharepoint-breach-response-minimal Microsoft trials Copilot Mode in Edge https://www.engadget.com/ai/microsoft-trials-copilot-mode-in-edge-201851903.html The Viral 'Tea' App Just Had a Second Data Breach, and It's Even Worse https://lifehacker.com/tech/the-viral-tea-app-just-had-another-data-breach Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn, but prefers Bluesky. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Guy Serle, best known for being one of the co-hosts of the MyMac Podcast, sincerely apologizes for anything he has done or caused to have happened while in possession of dangerous podcasting equipment. He should know better but being a blonde from Florida means he's probably incapable of understanding the damage he has wrought. Guy is also the author of the novel, The Maltese Cube. You can follow his exploits on Twitter, catch him on Mac to the Future on Facebook, at @Macparrot@mastodon.social, and find everything at VertShark.com. Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
The panel discusses Apple's AI talent losses amid a rumored shift to third-party models, Meta's aggressive recruitment, and speculation on Apple's long-term AI strategy. Chuck Joiner, David Ginsburg, Marty Jencius, Brian Flanigan-Arthurs, Web Bixby, Guy Serle, Jim Rea, and Jeff Gamet cover Sonos appointing Tom Conrad as CEO, Google's new AI search experiment, a significant SharePoint security breach, and controversy over the women-only Tea app following a massive data exposure and class action lawsuit. Today's MacVoices is supported by CleanMyMac and the new Cloud Cleanup feature. Get Tidy Today! Try 7 days free and use the code MACVOICES20 for 20% off at clnmy.com/MACVOICES. Show Notes: Chapters: [0:00] Introduction and Apple AI researcher departure to Meta [2:28] Apple's AI strategy shift and market perception [5:08] Practical vs. flashy AI implementations at Apple [7:51] Perspectives on Meta's aggressive AI hiring [9:40] Interpreting Apple's AI direction and talent movement [12:15] Sonos appoints Tom Conrad as CEO [15:47] Google's new AI search product discussion [18:18] SharePoint hack impacts U.S. nuclear agency [19:23] The Tea app controversy and data exposure [27:50] Social shaming and safe spaces online [29:59] Closing remarks and support information Links: Apple just lost another AI researcher as it weighs shift to third-party models https://9to5mac.com/2025/07/29/apple-just-lost-another-ai-researcher-as-it-weighs-shift-to-third-party-models/ Sonos gets to keeps its CEO, as a treat https://www.engadget.com/big-tech/sonos-gets-to-keeps-its-ceo-as-a-treat-164559137.html Google Might Have Made an AI Search Product I Actually Like https://lifehacker.com/tech/google-ai-search-web-guide US nuclear weapons agency breached using Microsoft SharePoint hack https://www.engadget.com/cybersecurity/us-nuclear-weapons-agency-breached-using-microsoft-sharepoint-hack-120027770.html The Microsoft SharePoint breach was massive. The response has been minimal https://www.fastcompany.com/91373183/microsoft-sharepoint-breach-response-minimal Microsoft trials Copilot Mode in Edge https://www.engadget.com/ai/microsoft-trials-copilot-mode-in-edge-201851903.html The Viral 'Tea' App Just Had a Second Data Breach, and It's Even Worse https://lifehacker.com/tech/the-viral-tea-app-just-had-another-data-breach Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn, but prefers Bluesky. Brian Flanigan-Arthurs is an educator with a passion for providing results-driven, innovative learning strategies for all students, but particularly those who are at-risk. He is also a tech enthusiast who has a particular affinity for Apple since he first used the Apple IIGS as a student. You can contact Brian on twitter as @brian8944. He also recently opened a Mastodon account at @brian8944@mastodon.cloud. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Dr. Marty Jencius has been an Associate Professor of Counseling at Kent State University since 2000. He has over 120 publications in books, chapters, journal articles, and others, along with 200 podcasts related to counseling, counselor education, and faculty life. His technology interest led him to develop the counseling profession ‘firsts,' including listservs, a web-based peer-reviewed journal, The Journal of Technology in Counseling, teaching and conferencing in virtual worlds as the founder of Counselor Education in Second Life, and podcast founder/producer of CounselorAudioSource.net and ThePodTalk.net. Currently, he produces a podcast about counseling and life questions, the Circular Firing Squad, and digital video interviews with legacies capturing the history of the counseling field. This is also co-host of The Vision ProFiles podcast. Generally, Marty is chasing the newest tech trends, which explains his interest in A.I. for teaching, research, and productivity. Marty is an active presenter and past president of the NorthEast Ohio Apple Corp (NEOAC). Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Guy Serle, best known for being one of the co-hosts of the MyMac Podcast, sincerely apologizes for anything he has done or caused to have happened while in possession of dangerous podcasting equipment. He should know better but being a blonde from Florida means he's probably incapable of understanding the damage he has wrought. Guy is also the author of the novel, The Maltese Cube. You can follow his exploits on Twitter, catch him on Mac to the Future on Facebook, at @Macparrot@mastodon.social, and find everything at VertShark.com. Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
Computer und Kommunikation (komplette Sendung) - Deutschlandfunk
Kloiber, Manfred www.deutschlandfunk.de, Computer und Kommunikation
Welcome to episode 315 of The Cloud Pod, where the forecast is always cloudy! Your hosts, Justin and Matt, are here to bring you the latest in cloud and AI news, including news about AI from the White House, the newest hacker exploits, and news from CloudWatch, CrowdStrike, and GKE – plus so much more. Let's get into it! Titles we almost went with this week: SharePoint and Tell: Government Secrets at Risk Zero-Day Hero: How Hackers Found SharePoint’s Achilles’ Heel Amazon Q Gets an F in Security Class Spark Joy: GitHub’s Marie Kondo Approach to App Development No Code? No Problem! GitHub Lights a Spark Under App Creation GKE Turns 10: Still Not Old Enough to Deploy Itself A Decade of Containers: Pokémon GO Caught Them All Kubernetes Engine Hits Double Digits, Still Can’t Count Past 9 Pods Account Names: The Missing Link in AWS Cost Optimization Flash Gordon Saves Your VMs from the Azure-verse The Flash: Fastest VM Monitor in the Multiverse Ctrl+AI+Delete: Rebooting America’s Artificial Intelligence Strategy The AImerican Dream: White House Plots Path to Silicon Supremacy CrowdStrike’s Year of Living Resiliently Kernel Panic at the Disco: A Recovery Story The Search is Over (But Your Copilot License Isn’t) Ground Control to Major Tom: You’re Fired GPU Booking.com: Reserve Your Neural Network’s Next Vacation Calendar Man Strikes Again: This Time He’s Scheduling Your TPUs AirBnB for AI: Short-Term Rentals for Your Machine Learning Models Claude’s World Tour: Now Playing in Every Region Going Global: Claude Gets Its Passport Stamped on Vertex AI SQS Finally Learns to Share: No More Queue Hogging The Noisy Neighbor Gets Shushed: Amazon’s Fair Play for Queues CloudWatch Gets Its AI Degree in Observability Teaching Old Logs New Tricks: CloudWatch Goes GenAI The Agent Whisperer: CloudWatch’s New AI Monitoring Powers NotebookLM Gets Its PowerPoint License Slides, Camera, AI-ction: NotebookLM Goes Visual The SSL-ippery Slope: Azure’s Managed Certs Go Public or Go Home Breaking Bad Certificates: DigiCert’s New Rules Leave Some Apps High and Dry Firewall Rules: Now with a Rough Draft Feature Azure’s New Policy: Think Before You Deploy General News 00:50 Hackers exploiting a SharePoint zero-day are seen targeting government agencies | TechCrunch Microsoft SharePoint servers are being actively exploited through a zero-day vulnerability (CVE-2025-53770), with initial attacks primarily targeting government agencies, universities, and energy companies, according to security researchers. The vulnerability affects on-premises SharePoint installations only, not cloud versions, with researchers identifying 9,000-10,000 vulnerable instances accessible from the internet that require immediate patching or disconnection. Initial exploitation appears t
The riskiest move in cybersecurity? Playing it too safe. In this solo episode, Ron Eddings redefines the way we think about technical debt, risk, and missed opportunities, in security and in life. Ron reframes the debt vs. risk paradigm through the lens of the SharePoint breach, personal milestones, and co-founding Hacker Valley. With sharp insights, personal stories, and a call to action for every listener, he shows how curiosity and calculated risk are the true drivers of innovation. Impactful Moments 00:00 - Introduction 01:10 - Why debt vs. risk matters now 02:20 - What the SharePoint breach taught us 04:15 - Risk avoidance creates deeper debt 05:10 - Clear definitions: risk vs. debt 06:30 - Hidden costs of deferring decisions 08:15 - Leaving $200k salary to build Hacker Valley 10:00 - Long-term founder debt explained 11:08 - When comfort becomes dangerous 12:00 - Curiosity as a leadership skill 13:10 - What you're not seeing yet 14:30 - Final thought: reflect and reassess Links: Connect with our Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
1. Scrutiny of the "Tea" Dating AppThe women-focused dating app "Tea" faces backlash after two data breaches exposed 72,000 sensitive images and 1.1 million private messages. Though security upgrades were promised, past data remained exposed, and the app lacks end-to-end encryption. Additionally, anonymous features enabling posts about men have sparked defamation lawsuits. Critics argue Tea prioritized rapid growth over user safety, exemplifying the danger of neglecting cybersecurity in pursuit of scale.2. North Korean Remote Work InfiltrationCrowdStrike has flagged a 220% surge in North Korean IT operatives posing as remote workers—over 320 cases in the past year. These operatives use stolen/fake identities, aided by generative AI to craft résumés, deepfake interviews, and juggle multiple jobs. Their earnings fund Pyongyang's weapons programs. The tactic reveals the limits of traditional vetting and the need for advanced hiring security.3. Airportr's Data ExposureUK luggage service Airportr suffered a major security lapse exposing passport photos, boarding passes, and flight details—including those of diplomats. CyberX9 found it possible to reset accounts with just an email and no limits on login attempts. Attackers could gain admin access, reroute luggage, or cancel flights. Although patched, the incident underscores risks of convenience services with poor security hygiene.4. Risks of AI-Generated CodeVeracode's "2025 GenAI Code Security Report" found that nearly 45% of AI-generated code across 80 tasks had security flaws—many severe. This highlights the need for human oversight and thorough reviews. While AI speeds development, it also increases vulnerability if unchecked, making secure coding a human responsibility.5. Microsoft's SharePoint Hack ControversyChinese state hackers exploited flaws in SharePoint, breaching hundreds of U.S. entities. A key concern: China-based Microsoft engineers maintained the hacked software, potentially enabling earlier access. Microsoft also shared vulnerability data with Chinese firms through its MAPP program, while Chinese law requires such data be reported to the state. This raises alarms about outsourcing sensitive software to geopolitical rivals.6. Russian Embassy Surveillance AttackRussia's "Secret Blizzard" hackers used ISP-level surveillance to deliver fake Kaspersky updates to embassies. These updates installed malware and rogue certificates enabling adversary-in-the-middle attacks—allowing full decryption of traffic. The attack shows the threat of state-level manipulation of software updates and underscores the need for update authenticity verification.7. Signal's Threat to Exit AustraliaSignal may pull out of Australia if forced to weaken encryption. ASIO's push for access contradicts Signal's end-to-end encryption model, which can't accommodate backdoors without global compromise. This standoff underscores a broader debate: encryption must be secure for all or none. Signal's resistance reflects the rising tension between privacy advocates and governments demanding access.8. Los Alamos Turns to AILos Alamos National Laboratory has launched a National Security AI Office, signaling a pivot from nuclear to AI capabilities. With massive GPU infrastructure and university partnerships, the lab sees AI as the next frontier in scientific and national defense. This reflects a shift in global security dynamics—where large language models may be as strategically vital as missiles.
Watch on YouTube.In this August edition of the Microsoft Teams Show, hosts Kristian McCann and and Tom Arbuthnot dissect some of the biggest Teams stories from the past month with the panel – from meetings on the move to AI that can see your screen.Mercedes Enables Teams Video Calls While DrivingTeams meetings are now available on the go – but is this the future of mobile collaboration or a serious safety concern?Teams Search Gets SmarterSQL-style search is on its way – finally! But will it actually help users find what they need, or just add more complexity?Threaded Conversations: Teams Borrows from Slack (Again)Another Slack-like feature arrives – is this improving the experience or just Microsoft playing catch-up?SharePoint Servers Under AttackA major breach raises big questions for on-premises customers – and for Teams, which is tightly integrated with SharePoint.Copilot Vision AI Can Now See Your ScreenMicrosoft's AI assistant just got a new set of eyes – but is this a game-changer or a privacy nightmare in the making?Plus, we're joined by special guest Robbie Warwick, UCaaS & CCaaS Transformation Leader at Accenture Song, who shares insights from his 20-year career — including leading a massive Teams transformation at the UK Home Office.Hosted by the UC Today editorial team – tune in for the latest Microsoft Teams updates, expert takes, and real-world insights.Let us know in the comments which stood out to you the most!Thanks for watching, if you'd like more content like this, don't forget to SUBSCRIBE to our YouTube channel.You can also join in the conversation on our Twitter and LinkedIn pages.Join our new LinkedIn Community Group.
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Stealing Machinekeys for fun and profit (or riding the SharePoint wave) Bojan explains in detail how .NET uses Machine Keys to protect the VIEWSTATE, and how to abuse the VIEWSTATE for code execution if the Machine Keys are lost. https://isc.sans.edu/diary/Stealing%20Machine%20Keys%20for%20fun%20and%20profit%20%28or%20riding%20the%20SharePoint%20wave%29/32174 Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives Perplexity will change its User Agent, or use different originating IP addresses, if it detects being blocked from scanning websites https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives/ Gen 7 SonicWall Firewalls SSLVPN Recent Threat Activity Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled. https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise of AI-powered bug hunting: Google's Project Zero and Deepmind team up to find and report 20 bugs to open source projects The XBOW AI bug hunting platform sees success on HackerOne Is an AI James Kettle on the horizon? There's also plenty of regular cybersecurity news to discuss: On-prem Sharepoint's codebase is maintained out of China… awkward! China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China? SonicWall advises customers to turn off their VPNs Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em. The Russian government pushes VK's Max messenger for everything This week's show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn't as scary as people make out, but if the update isn't on your radar now, time is running out. This episode is also available on Youtube. Show notes Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch Is XBOW's success the beginning of the end of human-led bug hunting? Not yet. | CyberScoop James Kettle on X: "There I am being careful to balance hyping my talk without going too far and then this gets published
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
EP 254. In this week's update:Despite back-to-back data breaches and legal blowback, women are still queuing up by the millions for Tea. This is one hot dating app that's apparently more viral than secure.North Korean IT operatives are clocking into remote jobs worldwide. Fueled by GenAI and fake identities in what CrowdStrike calls a daily cybersecurity crisis.A British luggage startup managed to lose more than just bags. Airportr briefly exposed diplomatic travel data and full backend access to anyone with a browser and curiosity.According to Veracode, nearly half of all AI-generated code is insecure. And that should leave you feeling insecure, especially if your code reviews have been neglectedMicrosoft confirmed Chinese engineers have long supported the same SharePoint software recently hacked by Beijing. The breach hit hundreds of U.S. institutions—including nuclear and homeland security.Russian state hackers tricked foreign embassies into installing fake updates from “Kaspersky.” The malware came with a rogue root certificate—and full surveillance capabilities.Signal's president warned it might pull out of Australia over demands to weaken encryption. The country's privacy pushback continues—and secure apps are packing their bags.Los Alamos is pouring resources into AI research—because in 2025, the most powerful weapon might be a large language model, rather than a missile.Finish that cuppa, we have a lot to cover!Find the full transcript to this podcast here.
A follow-up to the SharePoint server patch mess. How Russia arranges to spy on other country's local embassies. "Dropbox Passwords" manager app is ending in October. Signal will leave Australia rather than help spy. YouTube deploys viewing history age-estimation heuristics. Chrome adds clever lightweight extension signing to prevent abuse. A domain registrar is coming close to losing its rights. A TP-Link router that doesn't encrypt its configuration. What is "TruAge" and might it be useful for age verification. An update on "Artemis". With U.S.-China tensions on the rise, should Chinese security companies receive weeks of advance notice of forthcoming Microsoft flaw patches? Show Notes - https://www.grc.com/sn/SN-1037-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit bigid.com/securitynow joindeleteme.com/twit promo code TWIT Melissa.com/twit threatlocker.com for Security Now
This is episode 300 recorded on July 31st, 2025, where John & Jason talk the Microsoft Fabric July 2025 Feature Summary including tags in Fabric Domains, Fabric Data Agent integration with Microsoft Copilot Studio, enhancements to Activator, manual control of Auto-Refresh in pipelines, and CosmosDB in preview now in Fabric. For show notes please visit www.bifocal.show
The M365 Copilot Chat box is adding a tools button to make it easier to add and use a range of tools from Chat. Copilot-summarized emails are coming to Outlook for people without an M365 Copilot license. And soon orgs using Viva Amplify will be able to send any SharePoint news posts from their sites via Amplify channels — no need to create the content from an Amplify campaign team. What else will Daniel and Darrell discuss? – Support for different modes for desks – Viva Amplify: Distribute SharePoint news posts across channels – New Tools feature coming to the Microsoft Copilot Chat prompt box – Microsoft Outlook: Copilot chat now available to summarize emails for more users – Microsoft 365 Copilot: Enhanced presentation creation quality – Microsoft Outlook for Windows: Add attachments while offline Join Daniel Glenn and Darrell as a Service Webster as they cover the latest messages in the Microsoft 365 Message Center. Check out Darrell & Daniel's own YouTube channels at: Darrell - https://youtube.com/modernworkmentor Daniel - https://youtube.com/DanielGlenn
This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the […] The post Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis appeared first on Shared Security Podcast.
When the boys are left alone.. they come up with great ideas. New models for whisky that also work for Microsoft 365? Why not!
Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China's sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China's “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire. Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps. Cast: Dakota Cary (https://www.linkedin.com/in/dakotacary/), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
Send us a textWe explore how cybercriminals fell victim to their own security mistakes and examine major attacks targeting corporate SharePoint environments. Privacy legislation advances with new protections for children and groundbreaking AI accountability measures in Minnesota.• Cybercrime forum exposes member data through database misconfiguration• SharePoint under active attack with remote code execution vulnerabilities • California passes enhanced children's privacy legislation requiring stricter parental consent• Minnesota Consumer Privacy Act launches July 31st with human review rights for AI decisions• Problem Lounge studio expansion announcement with new podcast launches• Trust and anonymity requirements in criminal digital ecosystems• Corporate IT challenges with ubiquitous software vulnerabilities• Growing complexity of state-by-state privacy compliance requirements Support the show
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A critical new SharePoint vulnerability is under mass exploitation, with attackers targeting on-premises SharePoint Server deployments to exfiltrate sensitive data, including authentication tokens.And then directly related to the first story, Microsoft has now confirmed that at least three China-linked threat actors—Linen Typhoon, Violet Typhoon, and Storm-2603—were actively exploiting CVE-2025-49706 and CVE-2025-49704 a day before the company issued patches on July 8.The UK government announced on July 22, 2025, that it plans to make ransomware payments illegal for public sector bodies and operators of critical national infrastructure (CNI).In-browser cryptocurrency mining, often called crypto jacking, originally gained notoriety in 2017 when Coinhive introduced JavaScript-based mining for Monero.
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers struggle to get patches for VMWare hypervisor escapes Aeroflot gets hacked by the Cyber Partisans, disrupting flights This week's episode is sponsored by Push Security. Satisfied Push customer Daniel Cuthbert from Santander Bank joins on their behalf. He explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future. This episode is also available on Youtube. Show notes Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News What we know about the Microsoft SharePoint attacks | Cybersecurity Dive An important update (and apology) on our PoisonSeed blog Tea User Files Class Action After Women's Safety App Exposes Data A Second Tea Breach Reveals Users' DMs About Abortions and Cheating Top Lawyer for National Security Agency Is Fired From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944 VMware prevents some perpetual license holders from downloading patches Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop Outage was result of cyberattack, Post Luxembourg says Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive Cisco network access security platform vulnerabilities under active exploitation | CyberScoop Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Parasitic SharePoint Exploits We are seeing attacks against SharePoint itself and attempts to exploit backdoors left behind by attackers. https://isc.sans.edu/diary/Parasitic%20Sharepoint%20Exploits/32148 Cisco ISE Vulnerability Exploited A recently patched vulnerability in Cisco ISE is now being exploited. The Zero Day Initiative has released a blog detailing the exploit chain to obtain code execution as an unauthenticated user. https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability MyAsus Vulnerablity The MyAsus tool does not store its access tokens correctly, potentially providing an attacker with access to sensitive functions https://www.asus.com/content/security-advisory/
AI looks unstoppable… until you hand it a hundred pages of meeting notes. Rob and Justin dig into why context windows and token limits quietly run the show. That “million-token” brag from Google? More like weighing the Titanic in bananas. From Shakespeare to SharePoint, this episode shows why AI remembers the Roman Empire better than your company history—and why that's not a bad thing. Rob also introduces Griff, a digital colleague that fires off P3-flavored ideas like it's had three espressos. It's practical AI that's actually fun to use. Hit play to find out where AI is brilliant, where it falls flat, and how to make it work for you without the hype. Also on this episode: Million Token Context Windows? Myth Busted—Limits & Fixes
OpenAI prepares to launch GPT-5 in August Trump's AI Action Plan Is a Crusade Against 'Bias'—and Regulation UN tech chief pleads for global AI regulatory cooperation Trump, who promised to save TikTok, threatens to shut down TikTok Google AI Mode has 100M users, 2.5 Pro & Deep Search rolls out FDA's New Drug Approval AI Is Generating Fake Studies: Report Tesla is set to face off with the California DMV over claims it exaggerated Autopilot's and FSD's capabilities and misled consumers, in a five-day Oakland trial Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day A look at Tea, a woman-only safety app with 4M users that lets users anonymously assign red or green flags to local men, as it goes viral with 900K new signups People in the UK now have to take an age verification selfie to watch porn online Intel is laying off tens of thousands and cancelling factories AMD CEO Sees Chips From TSMC's US Plant Costing 5%-20% More Spotify Publishes AI-Generated Songs From Dead Artists Without Permission DJI couldn't confirm or deny it disguised this drone to evade a US ban FCC approves Skydance-Paramount merger Gwyneth Paltrow is the new face of a kiss-cam tech scandal Julian LeFay, 'Father of The Elder Scrolls,' Has Died Aged 59 Tom Lehrer, Musical Satirist With a Dark Streak, Dies at 97 Host: Leo Laporte Guests: Molly White, Janko Roettgers, and Jacob Ward Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: smarty.com/twit zscaler.com/security expressvpn.com/twit uscloud.com spaceship.com/twit
Burnie and Ashley discuss Fantastic Four [no spoilers], box office analysis rules, Gwyneth Paltrow to the rescue, Astronmer's PSA, saving your job during a coporate PR crisis, the Tea hack, Norman Reedus as a workaround, Sharepoint's woes, and giving our past selves all the latest entertainment news.
Take a Network Break! In our Red Alert section we note that memory safety bugs bug Firefox and Thunderbird, and on-prem SharePoint instances are under attack. In tech news, Fortinet adds support for Post Quantum Cryptography in FortiOS, Cato Networks integrates Azure Virtual WANs to its SASE offering, and we weigh the pros and cons... Read more »
OpenAI prepares to launch GPT-5 in August Trump's AI Action Plan Is a Crusade Against 'Bias'—and Regulation UN tech chief pleads for global AI regulatory cooperation Trump, who promised to save TikTok, threatens to shut down TikTok Google AI Mode has 100M users, 2.5 Pro & Deep Search rolls out FDA's New Drug Approval AI Is Generating Fake Studies: Report Tesla is set to face off with the California DMV over claims it exaggerated Autopilot's and FSD's capabilities and misled consumers, in a five-day Oakland trial Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day A look at Tea, a woman-only safety app with 4M users that lets users anonymously assign red or green flags to local men, as it goes viral with 900K new signups People in the UK now have to take an age verification selfie to watch porn online Intel is laying off tens of thousands and cancelling factories AMD CEO Sees Chips From TSMC's US Plant Costing 5%-20% More Spotify Publishes AI-Generated Songs From Dead Artists Without Permission DJI couldn't confirm or deny it disguised this drone to evade a US ban FCC approves Skydance-Paramount merger Gwyneth Paltrow is the new face of a kiss-cam tech scandal Julian LeFay, 'Father of The Elder Scrolls,' Has Died Aged 59 Tom Lehrer, Musical Satirist With a Dark Streak, Dies at 97 Host: Leo Laporte Guests: Molly White, Janko Roettgers, and Jacob Ward Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: smarty.com/twit zscaler.com/security expressvpn.com/twit uscloud.com spaceship.com/twit
OpenAI prepares to launch GPT-5 in August Trump's AI Action Plan Is a Crusade Against 'Bias'—and Regulation UN tech chief pleads for global AI regulatory cooperation Trump, who promised to save TikTok, threatens to shut down TikTok Google AI Mode has 100M users, 2.5 Pro & Deep Search rolls out FDA's New Drug Approval AI Is Generating Fake Studies: Report Tesla is set to face off with the California DMV over claims it exaggerated Autopilot's and FSD's capabilities and misled consumers, in a five-day Oakland trial Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day A look at Tea, a woman-only safety app with 4M users that lets users anonymously assign red or green flags to local men, as it goes viral with 900K new signups People in the UK now have to take an age verification selfie to watch porn online Intel is laying off tens of thousands and cancelling factories AMD CEO Sees Chips From TSMC's US Plant Costing 5%-20% More Spotify Publishes AI-Generated Songs From Dead Artists Without Permission DJI couldn't confirm or deny it disguised this drone to evade a US ban FCC approves Skydance-Paramount merger Gwyneth Paltrow is the new face of a kiss-cam tech scandal Julian LeFay, 'Father of The Elder Scrolls,' Has Died Aged 59 Tom Lehrer, Musical Satirist With a Dark Streak, Dies at 97 Host: Leo Laporte Guests: Molly White, Janko Roettgers, and Jacob Ward Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: smarty.com/twit zscaler.com/security expressvpn.com/twit uscloud.com spaceship.com/twit
The White House unveils its plan for global AI dominance. Microsoft warns that recent SharePoint server exploitation may extend to ransomware. A phishing campaign targeting the U.S. Department of Education's grants portal. The FBI issues a warning about “The Com” cybercriminal group. SonicWall urges users to patch a critical vulnerability. A new supply chain attack has compromised several popular NPM packages. Joe Carrigan, co-host of the Hacking Humans podcast, joins to discuss how scammers are exploiting misconfigured point-of-sale terminals. Japanese police release a free decryption tool for Phobos ransomware. AI takes the wheel and drives right off a cliff. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joe Carrigan, co-host of the Hacking Humans podcast, joins to discuss how scammers are exploiting misconfigured point-of-sale terminals, highlighting severe vulnerabilities that small businesses often overlook. If you want to hear more from Joe, head over to the Hacking Humans page. Selected Reading From Tech Podcasts to Policy: Trump's New AI Plan Leans Heavily on Silicon Valley Industry Ideas (SecurityWeek) Hackers hit more than 400 organizations in Microsoft SharePoint hacks (Axios) Microsoft says some SharePoint server hackers now using ransomware (Reuters) Hackers Clone U.S. Department of Education's Grant Site in Credential Theft Campaign (TechNadu) Copilot Vision on Windows 11 sends data to Microsoft servers (The Register) FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting (The Record) SonicWall urges admins to patch critical RCE flaw in SMA 100 devices (Bleeping Computer) High-Value NPM Developers Compromised in New Phishing Campaign (SecurityWeek) Free decryptor for victims of Phobos ransomware released (Fortra) 'I destroyed months of your work in seconds' says AI coding tool after deleting a dev's entire database during a code freeze: 'I panicked instead of thinking' (PC Gamer) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Today's Headlines: House Speaker Mike Johnson ended the congressional session early to block a vote on releasing Jeffrey Epstein case files, just as the House Oversight Committee moved to subpoena Ghislaine Maxwell. Trump's deputy AG (and personal lawyer) is set to visit Maxwell in prison, while Trump dismissed it all as a “witch hunt.” During an Oval Office sit-in with Philippine President Marcos Jr., Trump called for Barack Obama to be charged with treason over the Russia investigation—prompting a rare rebuke from Obama's office. Trump also claimed he'll receive $20 million in ad commitments from Skydance Media—soon to merge with Paramount—on top of a recent $16 million settlement, prompting Senator Warren to consider an investigation. Meanwhile, Microsoft warned of a major China-linked cyberattack on SharePoint, impacting nearly 100 institutions. Abroad, 28 countries condemned Israel's aid blockade in Gaza after 80 Palestinians were killed near an aid drop, and U.S.-Israel-Syria talks are expected amid Israeli strikes on Damascus. Trump also announced a new trade deal with Japan involving “reciprocal tariffs” and a vague $550 billion investment. Finally, the U.S. Olympic Committee banned trans women from competing in women's sports, following a Trump executive order. Resources/Articles mentioned in this episode: Axios: House bails early for its August recess amid Epstein files uproar WaPo: Justice Dept. seeks meeting with Ghislaine Maxwell amid Epstein outrage AP News: Trump rehashes Russia investigation grievances after intelligence report WSJ: Trump Expects $20 Million More in Ad Dollars From ‘60 Minutes' Settlement Axios: Microsoft hack risk spreads as cybercriminals and nation-states pile in ABC News: 28 countries sign statement calling for end of war in Gaza Axios: Scoop: U.S. to mediate Israel-Syria meeting Thursday to avoid new crises WSJ: Trump Says U.S. and Japan Reach Trade Deal Axios: U.S. Olympic committee bans trans women from competing in women's sports Morning Announcements is produced by Sami Sage and edited by Grace Hernandez-Johnson Learn more about your ad choices. Visit megaphone.fm/adchoices