POPULARITY
Podcast: Industrial Cybersecurity InsiderEpisode: Is AI Becoming Your Plant Floor's Biggest Vulnerability?Pub date: 2026-06-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino dig into the widening gap between IT and OT and why the plant floor keeps getting left behind. They break down what Dragos ' acquisition of Phosphorus signals for the future of IoT security in manufacturing, from cameras and label printers to X-ray inspection systems that ship with default passwords and almost never get patched. The conversation gets sharp on artificial intelligence: the same models helping plants work smarter are now lowering the barrier for attackers, putting Stuxnet-style capabilities into the hands of people who lack the resources and sophistication that nation states once needed. Craig and Dino expose the everyday habits that leave operations vulnerable, including system integrators plugging personal laptops straight into production networks, locked USB ports that solve only half the problem, and remote access so wide open that a single entry point can expose an entire plant. They argue that nobody truly owns OT cyber hygiene, that frameworks like IEC 62443 and the NIST 800 82 series get named in RFPs but rarely enforced, and that leaders keep tripping over dollars to pick up nickels by choosing the cheapest bid over real protection. It's a candid, experience-driven look at why industrial security moves so slowly and what plant leaders, engineers, and security teams can actually do about it.Chapters:(00:00:00) - AI Enters the OT Battlefield(00:01:30) - Why IoT Is Creeping Onto the Plant Floor(00:03:30) - Printers, Cameras, and the Default Passwords Nobody Owns(00:06:00) - Dragos, Phosphorus, and the Managed Services Question(00:08:00) - How AI Lowers the Bar for Attacking Control Systems(00:09:40) - Stuxnet Then vs. AI-Powered Attacks Now(00:12:00) - The Laptop in the Plant: Contractors, USBs, and Open Networks(00:16:00) - Frameworks on Paper vs. Reality (IEC 62443 & NIST 800-82)(00:19:00) - Tripping Over Dollars to Pick Up Nickels(00:24:00) - Short-Tenure CISOs and Why You Shouldn't Go It AloneLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 100: We cover AI eating reverse engineering, the death of the malware report, running local models on the DGX Spark, where Google DeepMind stands, and whether the frontier labs will stay in cybersecurity. Plus, more on Anthropic's Mythos rollout and the thinly sourced Anthropic-NSA reports, the Fast16 sabotage of physics calculations, what researchers choose not to publish, Microsoft's bad Black Hat email, and Costin's Friday UFO files. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - JAGS at InfoSecurity Europe 3:40 - Sponsor: TLPBLACK 5:54 - A roadmap for security after the AI revolution 11:01 - Stripe Atlas and how easy it is to start a company 15:00 - If anyone could reverse engineer anything for $5 19:49 - Layoffs at Google's Threat Intelligence Group 21:06 - The death of reading the report 27:53 - Pitting the AI models against each other 32:07 - Grok, local models, and the DGX Spark 39:27 - Where is Google DeepMind? 45:29 - Will the frontier labs stay in cybersecurity? 52:41 - Mythos, Project Glasswing, and the NSA deal 1:16:33 - FAST16, Stuxnet, and sabotaging Iran's bomb 1:57:52 - Microsoft, Black Hat, and the chilling effect 2:14:14 - Shout-outs, UFO files, and 100 episodes
Wir sprechen über aktuelle Technikthemen rund um Infrastruktur, Open Source und KI. Ein Schwerpunkt ist Sebastians stark automatisierte Kubernetes-Umgebung auf Talos Linux mit GitOps und KI-Agenten unter menschlicher Kontrolle. Außerdem diskutieren wir Plattformfragen, Sicherheits- und Lieferkettenthemen sowie verschiedene KI-Entwicklungen. Zum Schluss greifen wir noch einige kleinere Themen aus dem Entwickleralltag und Werkzeuge für lokale LLMs auf. Blast from the Past Kubernetes Cluster ist nun live! https://www.siderolabs.com/talos-linux https://github.com/kreativmonkey/homelab-gitops payphonetag Froscon Toter der Woche Aus für De-Mail – warum das @ das eingekringelte e besiegte wero Aus für Ubuntu Pastebin – Abschaltung Ende Juni 2026 feedburner Untoter der Woche Stuxnet's Older Brother Revealed After 21 Years (video) fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet AI der Woche Continue Y/N Torvalds nennt KI Bug Reports “reine Zeitverschwendung” … aber curl Entwickler “zeigt sich versöhnlich” https://hothardware.com/news/new-ai-cyber-worm-thinks-up-its-own-attacks-to-infect-computers Anthropic: Weltweite Pause bei KI-Entwicklung ‘sinnvoll’ Anthropic Bewertung 965 Millarden rsync drama rsync analyse Google Chrome silently installs a 4 GB AI model on your device EU AI Act: Transparenzpflichten ab August 2026 Jakob gewinnt Gemma4 12B Bonsai 4b News Backblaze has quietly stopped backing up your data Debian must ship reproducible packages Cloudflare kauft Vite: Open Source und herstellerneutral – mit Millionenfonds https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/ https://www.golem.de/news/nur-ein-client-noetig-http-2-bomb-legt-webserver-in-sekunden-lahm-2606-209396.html Blog Post Themen Was eigentlich wenn kein GitHub? Ghostty Is Leaving GitHub Codeberg Gitlab BitBucket (nein!) Hackergarten 3D-Druck der Woche Bambu Lab: I’m reposting your code & I dare you to sue me. (video) Bambu Lab 3D printers: Never again (video) baltobu Zauberstab zum Bezahlen Weltumwelttag “PET Recycling” Mimimi der Woche modules C++20 tooling Python click Nix & SELinux Nix: cross-compiling Updates sind scheiße! Brother Drucker mit neuem Zertifikat Cosmic Desktop Nix Logo Lesefoo I put a datacenter GPU into my PC searchcode.com's SQLite database is probably 6 terabytes bigger than yours How I run multiple $10K MRR companies on a $20/month tech stack Serving a Website on a Raspberry Pi Zero Running Entirely in RAM NixOS auf Flint 2 You don’t love systemd timers enough! Picks IPv8 is finaly here Internet Protocol Version 8 (IPv8) The Unsolved Mystery of Lorem Ipsum (video) ODROID H5 Mechanical Pencil Umweltkosten durch Vibe Coding: Tool berechnet CO₂-Ausstoß für Claude Code Artikel von Heise taken (again)
PEBCAK Podcast: Information Security News by Some All Around Good People
Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast Please share this podcast with someone you know! It helps us grow the podcast and we really appreciate it! Simple 6 signup link https://simple6.co/r/CFUR98 Microsoft releases a temporary mitigation script for "YellowKey," a BitLocker-bypassing Windows zero-day with no permanent fix yet https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/ Researchers uncover FAST16, a state-sponsored cyber-sabotage framework from 2005 that silently corrupted precision engineering calculations — predating Stuxnet by at least five years and linked to NSA tooling https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/ https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/ Riot Games clarifies its Vanguard anti-cheat doesn't brick PCs — it just renders $6,000 worth of DMA cheat hardware completely useless https://www.ign.com/articles/riot-games-says-it-would-not-and-cannot-use-vanguard-anti-cheat-to-brick-pcs-after-rumors-spread https://www.tweaktown.com/news/111774/valorants-vanguard-anti-cheat-now-destroys-dma-cheat-firmware/index.html https://x.com/dexerto/status/2057785616255860991 Apple is developing an "anti-snatch" feature that automatically locks an iPhone the moment sensors detect it's been ripped from a user's hand — and London thieves already prefer iPhones over Samsungs https://appleinsider.com/articles/26/05/27/rumored-anti-snatch-feature-will-automatically-lock-iphones-yanked-out-of-a-users-hand https://appleinsider.com/articles/25/11/18/london-thieves-snatching-iphones-but-dont-want-no-samsung Dad Joke of the Week (DJOW) Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Ben - https://www.linkedin.com/in/benjamincorll/
What can you learn from a Cybersecurity professional? $ BTC 73,686 Block Height 951,540 Today's guest on the show is Luke Dewolf, author of "Defending Bitcoin," who discusses cybersecurity challenges for critical infrastructure, including Bitcoin, drawing parallels between industrial control systems and the Bitcoin network. Key Topics: Luke's background in critical infrastructure and cybersecurity "Defending Bitcoin" book and its motivations Real-world examples of cyberattacks (Stuxnet, NotPetya/Maersk) Ransomware and Bitcoin's association with it Individual Bitcoin security best practices (hardware wallets, full nodes, social engineering awareness) The CIA triad (Confidentiality, Integrity, Availability) in cybersecurity and Bitcoin The "arbitrary data" debate, Ordinals, Runes, OpReturn, and BIP-110 Bitcoin's layered defenses: policy, miners, and consensus Soft forks versus hard forks The future of Bitcoin security, AI, and adoption challenges BTC Hell conference Connect with Luke and find out more about the book! https://defendingbitcoin.com/ https://bitcoininfinitystore.com/ X - @lukedewolf NOSTR - npub1fk8h6g8zhftw8c7pga2zjd84p2z949up5lc3qdchm9v4m0q7mwws7jcwld Check out my book ‘Choose Life' - https://bitcoinbook.shop/search?q=prince Pleb Service Announcements: Join 20 thousand Bitcoiners on @cluborange https://signup.cluborange.org/co/princey CONFERENCES: BTC PRAGUE - 11th - 13th June 2026 http://btcprg.me/BITTEN - Use code BITTEN for - 10% BTC HEL - 25th - 26th September 2026. - Helsinki https://btchel.com/ Use code BITTEN for - 10% My First Bitcoin. https://myfirstbitcoin.org/ Shills and Mench's: BITBOX - SELF CUSTODY YOUR BITCOIN - www.bitbox.swiss/bitten Use Code BITTEN THE MEETUP BREAKDWON - BITCOIN EVENTS UK - https://www.themeetupbreakdown.com/ SWAN BITCOIN - www.swan.com/bitten PLEBEIAN MARKET - BUY AND SELL STUFF FOR SATS; https://plebeian.market/ @PlebeianMarket ZAPRITE - https://zaprite.com/bitten - Invoicing and accounting for Bitcoiners - Save $40 SATSBACK - Shop online and earn back sats! https://satsback.com/register/5AxjyPRZV8PNJGlM ALL FURTHER LINKS HERE - FOR DISCOUNTS AND OFFERS - https://vida.page/princey - https://linktr.ee/princey21m
Host David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one. Biswas traces her path from political science and a help desk role at CP Rail to cybersecurity, inspired by the discovery of the Stuxnet malware and the global security community that formed around it. She discusses her experiences speaking at BSides Las Vegas, attending DEF CON, helping build a major Canadian bank's threat intelligence program, and recently earning her Certified Information Systems Security Professional (CISSP) designation. The conversation then shifts north. As Canada invests billions in Arctic defence, communications, transportation, and critical infrastructure, Biswas explains how every new connected system can create new cyber risks. The discussion covers threats to satellites, navigation systems used by ships and aircraft, undersea communications cables, government services, healthcare, energy systems, and the fragile supply chains that support northern communities. They also explore why collaboration with northern and Indigenous communities is essential, the importance of improving connectivity across the Arctic, and how Canada can work more closely with international partners to strengthen resilience in one of the world's most strategically important regions. Cheryl also shares advice for newcomers to cybersecurity and discusses the kind of strategic threat intelligence and research work she hopes to pursue in the future. Chapters 00:00 Weekend Show Kickoff 00:46 Cheryl's Cyber Origin Story 02:30 Stuxnet and Hacker Community 04:06 From BSides to DEF CON 05:10 Threat Intelligence Career Today 05:50 Arctic Sovereignty Meets Cyber 07:41 Canada's Arctic Reality Check 10:14 Why Cyber Matters Up North 12:07 Maritime and Navigation Risks 15:50 Undersea Cables and Fragile Supply 19:55 Solutions, Collaboration and Technology 24:22 Talk Feedback and How to Connect 25:42 Dream Role and Advice to Newcomers 29:16 Closing Reflections and Sendoff #Cybersecurity #ArcticSovereignty #Canada #CriticalInfrastructure #ThreatIntelligence #CISSP #CyberSecurityToday #DavidShipley #DEFCON #BSides #ArcticSecurity #NationalSecurity #CriticalInfrastructureProtection #ThreatIntel #CyberRisk
StuxNet is was a cyber attack on Iran nuclear program from Bush administration to Obamas administration That focused on destroying Irans nuclear program #donaldtrump #obam a
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: SentinelLabs researcher Gabriel Bernadett-Shapiro hops on the mic to unpack who gets to define what "security" even means in the age of AI, why venture capital keeps funding the wrong things, and how the frontier labs quietly ate everyone's coding harness. Plus, how AI actually contributed to cracking the FAST 16 research, overcoming the guardrails, and why your domain expertise is the only thing keeping you out of full-blown rabbit-hole psychosis. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Gabriel Bernadett-Shapiro. Timestamps: 0:00 Introductory banter 4:55 Gabe returns: how the models got scary-good at code 8:45 Bay Area short-termism and the "10x in 18 months" trap 11:35 VCs as tastemakers, and why that's broken 13:00 The unpaid-labor pipeline into the AI labs 18:00 The real misunderstanding about security's moat 20:18 Bug bounties: a net negative for the industry? 22:20 The great vuln fire sale — find 50,000, fix zero 27:28 Who will maintain vetted open-source libraries? 29:29 FAST 16: how AI actually broke the case open 35:05 The rabbit-holing machine and the path to "AI psychosis" 41:05 Stuxnet, Kim Zetter, and the story we'll never be told
Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can't be filled with sovereign capability. They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran's nuclear weapons program that included the infamous Stuxnet worm. This episode is also available on YouTube Show notes
Florida man uses his peg leg and songwriting abilities to help thousands of enslaved Americans escape to safety in the Everglades. On this episode, Josh Mills and Wayne McCarty discuss a mysterious seaweed used for ice cream, investigate Stuxnet and the hacking of Iranian nuclear facilities, meet with the CEO of their publishing company, and dissect the legend of Peg Leg Joe, the mysterious songwriter who helped lead Florida's rebellion against slavery. Headlines include: Scientists discover seaweed that could alter food additives forever. On mic: Josh Mills, Wayne McCarty, Emily Grabill, Luke West, Jesse Nieman Each week, the Florida Men on Florida Man podcast blends comedy with the fascinating legends, lore, and history of the wildest state in the Union: Florida. Learn more at www.fmofm.com Support the show at www.patreon.com/fmofmpodcast
In der neuen Folge von Breach FM übernehme ich ausnahmsweise das Microsoft-Bashing, weil Max diese Woche höflich darum gebeten hat.Es geht um Microsoft 365 Copilot Flex-Routing: Bei hoher Auslastung europäischer Rechenzentren kann die Inferenz, also die Verarbeitung von Prompts inklusive Kontext aus Mails, Teams-Chats und Dokumenten, in die USA, Kanada oder Australien ausgelagert werden. Microsoft nennt es ein Feature, ich nenne es ein Kapazitäts- oder Kostenproblem mit einem schönen Namen. Admins können Flex-Routing deaktivieren, aber bei neuen Tenants ist es standardmäßig aktiv. Schaut nach, ob das bei euch so ist.Dann bringt Max den OpenAI Cybersecurity Action Plan, veröffentlicht kurz vor dem 1. Mai. Angekündigt wird ChatGPT 5.5 Cybersecurity, ein Modell, das explizit auf Security-Anwendungsfälle ausgerichtet ist und breiter ausgerollt werden soll als Anthropics Claude Mythos. Der Plan liest sich teilweise wie eine direkte Antwort auf Project Glasswing: Demokratisierung von Cyber Defense statt selektiver Partner-Zugänge. Ob das Modell technisch mithalten kann, weiß niemand. Dass OpenAI gerade wieder sinnvollere Sachen produziert, lässt sich schwer leugnen.Dann ein Stück Cyber-Geschichte: SentinelOne-Forscher Vitaly Kamluk und Juan Andrés Guerrero-Saade haben fast16 auf der Black Hat Asia vorgestellt, ein mutmaßlich staatlich entwickeltes Sabotage-Framework aus dem Jahr 2005, das im Shadow-Brokers-Leak von 2016 unter dem Hinweis "nothing to see here, carry on" auftauchte. Fast16 ist damit fünf Jahre älter als Stuxnet und funktionierte grundlegend anders: statt zu zerstören, hat es winzige, systematische Fehler in Präzisionsberechnungen eingeführt. Zielplattformen waren Simulationssoftware wie LS-DYNA 970, PKPM und MOHID, mutmaßlich im Kontext iranischer Nuklearforschung. Ein Verifikationsmechanismus verhinderte dabei, dass unabhängige Berechnungen auf anderen Rechnern den Sabotage-Fehler aufdeckten.Zum Abschluss eine kurze Meldung von Max: Trellix hat einen unautorisierten Zugriff auf Teile seines Source-Code-Repositories bestätigt. Das Statement auf ihrer Website ist kaum länger als vier Sätze. Kein Nachweis für manipulierten Code, aber Trellix-Kunden sollten die Newslage im Auge behalten.Microsoft Copilot sendet mit Flex Routing Daten aus EU heraushttps://borncity.com/blog/2026/04/10/microsoft-copilot-sendet-mit-flex-routing-daten-aus-eu-heraus/OpenAI - Cybersecurity in the Intelligence Agehttps://openai.com/index/cybersecurity-in-the-intelligence-age/fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnethttps://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program—and Predates Stuxnethttps://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/Important Update From Trellixhttps://www.trellix.com/statement/
Podcast: Three Buddy Problem (LS 39 · TOP 2% what is this?)Episode: Cracking the Fast16 sabotage malware mysteryPub date: 2026-05-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology. Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - WIRED's Andy Greenberg joins the show 1:53 - How the FAST16 scoop landed in Andy's lap 6:45 - JAGS sat on this sample for 7 years 10:33 - How Costin and the Kaspersky team missed the sabotage routine 15:20 - The "holy moly" moment: what FAST16 actually does 18:26 - Territorial Dispute, Shadow Brokers, and the driver list 24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran 28:13 - No C&C, no victims: a worm built for air-gapped networks 34:45 - Was this part of a larger anti-Iran toolkit? 37:55 - Attribution: NSA, Israel, or someone else entirely? 51:39 - What was the actual sabotage? Unanswered questions 55:48 - "Spiritual warfare": the psychological angle and trust in computers 1:20:05 - Equities, going public, and the case for AI-powered reversing 1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone 1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and EkopartyLinks:Transcriptfast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before StuxnetFlame: A complex malware for targeted attacksTerritorial Dispute – NSA's perspective on APT landscapeNewly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program - and Predates StuxnetKim Zetter's Countdown to Zero DayAn Unprecedented Look at Stuxnet, the World's First Digital WeaponThe Flame: Questions and Answers (Kaspersky)SentinelLabs Andy Greenberg on XTLPBLACKAntiy Labs: “Psychological Warfare” to Show Off Cyber CapabilitiesWho's Really Spreading through the Bright Star?LABScon 2026 CFPEkoparty Miami 2026 (Agenda)PIVOTcon AgendaDecipher: Fast16, Stuxnet, and the History of Cyber EspionageThe podcast and artwork embedded on this page are from Security Conversations, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
JAGS joins Dennis Fisher to unpack the complex history of fast16, a highly targeted cyber espionage platform that goes back as far as 2005, many years before Stuxnet, and was deployed against targets in Iran. JAGS has been in the APT hunting game for a long time, and brings his historical perspective and context around the Shadow Brokers leak, Stuxnet ties, and how this discovery changes what we know about the use of these tools.LinksSentinelLabs report: https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/
(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology. Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - WIRED's Andy Greenberg joins the show 1:53 - How the FAST16 scoop landed in Andy's lap 6:45 - JAGS sat on this sample for 7 years 10:33 - How Costin and the Kaspersky team missed the sabotage routine 15:20 - The "holy moly" moment: what FAST16 actually does 18:26 - Territorial Dispute, Shadow Brokers, and the driver list 24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran 28:13 - No C&C, no victims: a worm built for air-gapped networks 34:45 - Was this part of a larger anti-Iran toolkit? 37:55 - Attribution: NSA, Israel, or someone else entirely? 51:39 - What was the actual sabotage? Unanswered questions 55:48 - "Spiritual warfare": the psychological angle and trust in computers 1:20:05 - Equities, going public, and the case for AI-powered reversing 1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone 1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty
Warren Buffett once said it's only when the tide goes out that you discover who's been swimming naked. This week, the tide went out on several fronts simultaneously, and what it revealed was uncomfortable, instructive, and in some cases, long overdue.France opened the week with a breach that should trouble every government running centralised identity infrastructure. Up to 19 million records tied to passports, ID cards, and driver's licenses are now circulating on criminal forums. What makes this worse than a typical data leak is the context: a similar dataset from the same agency surfaced in 2025. This wasn't a surprise attack on a hardened target. It was a recurring failure wearing the face of a solved problem.The Bitwarden supply chain story carried a similar energy. No vaults were cracked, no passwords were stolen, and most users never noticed a thing. But a malicious package briefly moved through npm as part of the Checkmarx campaign, targeting the developers who build the software everyone else depends on. The lesson isn't technical — it's structural. Your security posture now extends to every build pipeline, every dependency, and every automation script upstream of your product.Then came FAST16.SYS, and the week shifted into something darker. This rootkit, which appears to predate Stuxnet, didn't steal data or trigger alarms. It quietly altered precision calculations in memory while leaving every file on disk untouched. Systems looked healthy. Outputs looked reasonable. The only thing wrong was the answer. It is the most patient form of sabotage imaginable, and it reframes what advanced threats are actually capable of when detection, not damage, is the real objective.AI brought its own escalation this week. Researchers are now using AI systems to attack other AI systems at machine speed — probing, learning, and refining exploits far faster than any human team. At the same time, agent browsers like Interceptor are quietly repositioning the browser itself as an autonomous actor, raising legitimate questions about oversight when software is doing the clicking, typing, and deciding on your behalf.Anthropic's Mythos model access story tied several threads together neatly. Contractor credentials, open-source reconnaissance, and data exposed in a third-party breach combined to give a small group access to a restricted model. The intent was curiosity, not sabotage — but the mechanism was a textbook illustration of how third-party access chains create exposure that principal organisations rarely see coming.Apple closed out the privacy section with a rare win, patching a logging bug that had been silently retaining Signal message fragments for up to a month — long after deletion, long after the app was removed. The FBI had already used it in court. The patch is clean and the fix is automatic, but the episode is a pointed reminder that ephemeral and permanent are closer together than most people assume.The week closed on strategy. OpenAI and Microsoft have restructured their foundational partnership, removing exclusivity and capping revenue payments. The AI infrastructure layer is becoming contested ground, and this deal confirms that no single partnership, however dominant it once appeared, is permanent.This week's stories didn't shout. They accumulated. And that, more than anything, is the point.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
EP 289. Let's climb to the top of this week's stories:France's most trusted identity infrastructure has become its biggest liability, and nineteen million citizens are now paying the price.The real lesson from Bitwarden's close call isn't about passwords it's about how quietly an attack can move through the software you never see being built.A newly uncovered rootkit predating Stuxnet has rewritten what we thought we knew about state-level sabotage and its most dangerous feature was making everything look perfectly normal.The arms race in AI security has hit a new threshold machines are now the ones probing for weaknesses, and they don't need sleep to do it.The browser is no longer just a window to the web it's becoming an autonomous actor, and that changes everything about who's actually in control.A restricted AI model, a contractor's borrowed credentials, and a private Discord channel Anthropic's Mythos access story is a case study in how third-party trust becomes a front door.A logging bug quietly turned one of the world's most trusted encrypted messaging apps into an inadvertent evidence locker and it took an FBI courtroom testimony to bring it to light.OpenAI and Microsoft have redrawn the map of AI's most consequential partnership, and the shift from exclusivity to optionality signals a new phase in who controls the infrastructure layer.Tighten your shoelaces, and let's get to the bottom of this.Find this week's transcript here.
What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com
A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with David Shipley: • First known SMS blaster case in Canada uncovered in Toronto • Itron, a major utility technology supplier, discloses cyber intrusion • Researchers say a 2005 malware campaign predates Stuxnet • Venezuela energy sector attack reveals destructive "Lotus Wiper" malware • Why AI-powered attacks may change critical infrastructure risk forever If you care about cybersecurity, nation-state threats, infrastructure risk, and real-world attacks, this episode is essential listening. Hosted by David Shipley. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Chapters 00:00 Intro 00:36 Toronto SMS Cyber Weapon 05:12 Critical Infrastructure Supplier Hit 09:28 Stuxnet History Rewritten 14:32 Venezuela Energy Sector Attack 19:05 Final Thoughts #Cybersecurity #Stuxnet #CyberAttack #Toronto #CriticalInfrastructure #Hacking #Itron #CyberNews #DavidShipley
ADT says customer data stolen in cyberattack SMS blasting comes to Toronto Researchers find pre-Stuxnet malware targeting engineering software Get the show notes here: https://cisoseries.com/cybersecurity-news-adt-data-breach-toronto-sms-blasting-pre-stuxnet-malware-discovery/ Thanks to our episode sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as a result. Protect your brand and your bottom line with layered mobile app protection. Learn more at Guardsquare.com.
Referências do EpisódioWEBINAR TEMPEST: Superfície exposta, acesso concedido: como ativos esquecidos formam o caminho perfeito para o atacantefast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before StuxnetBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignCheckmarx Security Update: April 22UAT-4356's Targeting of Cisco Firepower DevicesGopherWhisper: A burrow full of malwareSnow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteRecrutaFraude: malware para Android foca em financiar veículos com dados de pessoas em busca de empregoRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
How close is Iran to a nuclear weapon—and why does this moment feel different? In this episode, we break down alarming claims about highly enriched uranium stockpiles, including analysis from Matthew Bunn and reporting highlighted on 60 Minutes. We also examine the long history of warnings from leaders like Benjamin Netanyahu, and why those predictions have repeatedly surfaced over decades. From cyber warfare like Stuxnet to targeted strikes and intelligence operations, the episode explores how Iran's nuclear progress may have been slowed—but never stopped. Featuring perspectives tied to both Donald Trump and Joe Biden administrations, this conversation tackles the core question: Is this just another warning—or the moment the timeline finally runs out?
Estados Unidos lideram a guerra cibernética? - Sérgio Amadeu - Programa 20 Minutos
A version of this essay has been published by firstpost.com at https://www.firstpost.com/opinion/iran-war-no-winners-oil-de-dollarisation-global-impact-13992276.htmlWar is hell, we all know, and it's bad for everybody, but there is – usually – a winner. After more than three weeks of the Iran war, I am beginning to believe that there are no winners here, only losers. The principals are overextending themselves, and will suffer as a consequence. Innocent or not-so-innocent bystanders are suffering significant collateral damage.Some are getting hurt more than others, so it's mostly a question of degree: but the bottom line is that this is war that is just not good for anybody. As usual, Henry Kissinger had a useful aphorism: “It's a pity both sides can't lose”, quoth he. (Hat tip to reader Sudarshan M). Well, Henry, both sides are losing this one, so take heart: your wish has come true.Someone made the analogy of going to Family Court with a dispute: there are no winners, as the father, mother, and the children, will all suffer, whatever the outcome. It is best in that situation to listen to a counselor and solve your problems amicably. Similarly, it would be good to find a neutral intermediary to help iron out a ceasefire in this war, too.In a way, this war is the classic idea of irresistible force meeting an immovable object, thus leading to a stalemate, as Walter Russel Mead suggested in the Wall Street Journal.First, the toll on the belligerents, in alphabetical order:* Iran. It is creditable that Iran has held out against the might of the US war machine for three weeks and more. My belief is that they can keep it up for a while longer, because they have been preparing for this eventuality for some decades, ever since the 1979 crisis in which they held Americans hostage for 444 days. They are taking, and will take, horrendous losses, but it will be difficult to completely overthrow the Islamist regime. Among other things, Iran is a large country, about half the size of peninsular India.* The US attack on Kharg Island's military targets (but not its oil terminals) has shown that Iran's oil exports could be in jeopardy, pushing global prices up.* Just like their proxy Hamas, it appears Iran has built extensive tunnel complexes, veritable underground labyrinths, where they are hiding all sorts of things, including fast patrol boats. Their military assets are doubtless ensconced in these tunnels which makes them hard to locate and possibly quite mobile.* Israel. Iran's consistent rhetoric that Israel doesn't deserve to exist leads to fears that Iran's nuclear arsenal (if and when built) will be primarily aimed at Israel. This, and troubles with Iranian proxies such as Hezbollah and Hamas, have led to massive Israeli human intelligence penetration of Iran (as seen in the Stuxnet incident as well as the effective strikes on the Ayatollahs and Hamas, including the pager incident). But Israel is also believed to be taking heavy losses, which it can ill afford, although information has been tightly censored. There were apparently missile attacks near Israel's nuclear sites at Dimona as well.* The US. The original idea of a decapitation strike that would lead to a rapid regime change as the Iranian public rose up and anointed a new leadership (one more acceptable to the US), was questionable, as I pointed out fairly early. It appears that the CIA and US intelligence have just one playbook, which they used more or less successfully in Iraq, Libya, etc. But that was never going to work in Iran, and now the US is stuck with a tar-baby and may be quietly seeking de-escalation and an off-ramp.* Talk of a Marine Expeditionary Unit of 2500 American soldiers re-deployed from Japan means “boots on the ground” followed inevitably by that dreaded word, “body bags”. The troops will be meant to keep Hormuz open, or perhaps to capture Kharg Island. Whether they can achieve these is unclear right now.* However, overall it appears that the US' capacity to coerce other countries through economic means is declining, as suggested by the FT in “The era of US dominance in economic warfare is over” on March 17th.Now for the others in the firing line and in the periphery:* The GCC, consisting of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. They have taken the brunt of the Iranian drone and missile attacks, and their oil and gas exports, and economies, are affected by the closure of the Straits of Hormuz. But more alarmingly, their food and water supplies may also be affected, and they are, being desert nations, highly dependent on imported items via the blockaded Hormuz, and critically dependent on their desalination plants. Keeping the Straits of Hormuz open may be critical for them. They have been with human casualties, infrastructure damage, and reputational damage as well. In particular, Dubai, which has been a magnet for high-net-worth individuals, is affected.* Lebanon and Jordan. Lebanon was hit by Israeli fire, and Jordan by Iranian fire, although they are mostly bystanders. Israel has been responding to increased activity by Iranian proxy Hezbollah, and Iran has sent drones and missiles towards Jordan as part of general horizontal escalation.* Pakistan and Turkey. These are wild card nations in the conflict. So far they have not (yet) been affected badly, but they have to walk a tightrope. On the one hand, it is very likely that Pakistan has offered logistical and intelligence support to the US in its air attacks on Iran. On the other, as a fellow-Islamic nation, Iran has, under both the Shah and the mullahs, consistently supported Pakistan (especially against India).* Furthermore, if there is a ground assault on Iran, it will probably involve Balochis from Pakistan and Kurds from Turkey, both attempting to capture land in, respectively, the Sistan and Baluchistan Province, and the heavily Kurdish regions of Iran bordering Turkey.* Turkey, as a NATO member, is obligated to support the US, despite its Islamist leadership which is duty-bound to side with the fellow-Islamic Iranian regime. The traditional Sunni-Shia split, which has been exacerbated by Shia Iran attacking Sunni Gulf nations, sharpens the dilemma for both nations. (Meanwhile, Pakistanis slaughtered 400 Afghans by bombing a hospital, but they get a free pass from, e.g. the BBC.)* The United Nations. It has been rendered superfluous. Nobody even called for a Security Council meeting condemning the war. This is the latest in a long process wherein whatever the UN, or many other multilateral organizations do or say has become immaterial. The UN, hit by a budget crunch, might as well be shut down.* Europe and Britain. The EU and NATO have been noticeably absent in the discussions about the war. Of course, they are likely to be affected by the increase in hydrocarbon prices. In fact, their folly in shuttering their nuclear power plants in pursuit of vague ‘green' goals has put them at the mercy of Russian oil and gas. In particular, the virtual shutting out of Britain from the entire war is notable, considering that their Whitehall has long managed to treat the US Deep State as their vassals, ‘master-blaster' style.* Russia. Even though Russia has long been friendly with Iran, it has desisted from doing anything that could bring it into direct conflict with the US. Russia is probably supplying satellite and other reconnaissance data as well as spares for existing systems (such as the S-300 air defense batteries, Su-35 fighters) and possibly Iranian-designed Shahed drones as well. Interestingly enough, Russia may be the one possible winner in the war, considering its oil is now a coveted commodity, prices have soared, and there is less attention being paid to its Ukraine war. Europe, China and India are ever-more dependent on Russian oil, and the windfall profits may be sustainable. The US may even lift its sanctions and bring Russia back into the Western fold.* China. There are wins and losses for China, but in sum it may also be a bit of a winner.* The loss is in energy security: China has lost Venezuelan oil as well as access to Iranian oil, but they have overland pipelines from Russia, as well as access to Russian tankers at sea. Besides, they have a massive strategic petroleum reserve (1 billion barrels), so it should be manageable, for a while at least. Cuba, their reliable ally in the US' backyard, is now back to the wall with the US enforcing a blockade.* On the other hand, they have acquired a significant military edge: US munitions inventory has been getting depleted at a furious rate, so much so that if China were to attack Taiwan now, the US would be hard pressed to intervene. Even US THAAD (Theater High Altitude Air Defense) systems are being cannibalized: after four of their radars in the GCC were damaged, the US is forced to scavenge for them from their South Korean bases. Now comes news that China is massing both civilian ships and military aircraft near Taiwan, quite possibly a precursor to an actual invasion.* Unfortunately for China, their weapons systems don't seem to have performed very well in Iran, just as they didn't in Operation Sindoor. There are sarcastic posts on X, especially about their radar that looks like a big grille and is supposed to detect stealth aircraft, but didn't quite work.* China has also been on the horns of a dilemma, as it were: what would Xi do when Trump visits in April while in the midst of a war with one of China's principal allies? It would be “damned if you do, damned if you don't”. If China were to greet him warmly, it would send a negative message to Iran, as well as its other Belt and Road Initiative partners. If China were to treat Trump coldly, then trade wars will continue. Fortunately for Xi, Trump decided to delay his visit; perhaps he intends to continue the war well into April, or maybe he thought he'd be too much at physical risk. It's interesting to speculate on why Trump did this, but of course it may have been just whimsy.* India. This war is pretty much a disaster for India from every perspective. Being dependent on Persian Gulf oil and gas for everything from transportation to household cooking fuel to raw material for plastics to APIs for pharmaceuticals leaves India particularly exposed. There are other big vulnerabilities:* The $50 billion in remittances sent back yearly by 10 million Indians toiling away (often in very difficult circumstances) in that area, in addition to the personal hardships these migrants will face, including life and death situations.* Despite large increases in renewable energy, the major energy input, especially in transportation, continues to be imported oil and gas. Households have largely switched from wood-burning stoves to (admittedly much less polluting) bottled or piped gas. At the very time that electricity demand is peaking (e.g. AI data centers and railways), this disruption may have severe consequences.* The feedstock for agriculture is increasingly petroleum-based, and disruptions in fertilizer availability may cause production costs to skyrocket. Increased transportation costs will make vegetables and grains more expensive for those states (such as Kerala) that depend on internal transfers from producing states. In the short run, some agricultural commodity prices have collapsed as their primary markets in the Persian Gulf are inaccessible due to the Hormuz blockade. Basmati rice prices are down by Rs 5-10/kg according to LiveMint.* Trade through Chabahar Port (where India's $120 million investment is at risk) to Central Asia bypassing Pakistan, will likely grind to a halt* The dramatic increase in the price of oil (from around $60 per barrel to $100-$120, and threatening to go higher) is a huge ‘tax' on India, and a transfer of wealth out of India, which may reduce GDP growth by as much as 1-2%, and push inflation up to 4-5% (according to the Economic Times).* The ‘Goldilocks moment' of low inflation and high growth is possibly over.* The one positive for India will be the increasing importance of the India-Middle East-Europe Economic Corridor (IMEC), which is basically the old Spice Route,, e.g. containers from Mundra and Vizhinjam to Dammam in Saudi Arabia or Jebel Ali in the UAE, then by rail to Haifa in Israel, and onwards to Piraeus in Greece by sea.* There is really no obvious benefit to India if the war continues, and therefore it is in India's interest to try to be an ‘honest broker' intermediary which has reasonably good relations with all the belligerents as well as the frontline GCC states. India could use its diplomatic goodwill to try to bring the war to a quick close, thus pursuing its own interests as well as something in the larger good of the global economy.There are a couple of other notable points in this war. One is from systems theory, and the other is from 18th century colonial British machinations in India; and finally a speculation about the future of the US economy and even the US nation.Distributed SystemsSystems theory suggests that distributed systems are far more resilient than centralized systems, because they may have redundant mechanisms that come into play when the primary mechanism is knocked out. Iran has anticipated decapitation strikes on its leadership, and the danger that signals intelligence from their foes may tap into all communications. Therefore, it appears they have created a system where 31 independent IRGC military commands have the autonomy to take local decisions without a go-ahead from a central authority.This means it will be relatively hard to quell all resistance, as some commands may fight on even if large parts of the country are conquered. It makes their actions also more unpredictable and potentially more dangerous.It is interesting to compare this to the sudden collapse of the Persian Sasanian Empire to invading Arab Muslim armies in the 7th century, when they were conquered in a space of no more than twenty years. Even though there were other factors like imperial exhaustion from constant wars and long supply chains for the Arab armies, the contrast with the Hindu resistance (of several hundred years in Sindh) suggests that the decentralized nature of the Hindu kingdoms played a significant role in their ability to fend off the Muslims for centuries.The Tipu SyndromeIn the late 18th century, imperial Brits pulled off a particularly clever ploy in southern India. Tipu Sultan, Muslim king of Mysore, invaded Malabar in a combination of religious jihad and economic loot. He was intent on both forced conversion and on the loot of Hindu temples in Malabar, which had grown rich from millennia of the trade in spices, especially black pepper. As Sanjeev Sanyal suggests, temples were banks and venture capitalists to trading guilds.Britain did conduct some desultory campaigns against Tipu, who was allied with the French, but did not accomplish much. In the end it was the desperate breaching of a natural dam on the Periyar by Travancore forces in 1790 that forced Tipu to retreat, as his artillery, munitions and supplies were flooded and swept away. Of course, then the British charged the entire cost of the 3rd Anglo-Mysore War to ‘ally' Travancore, bankrupting it.Next, the British attacked Tipu's headquarters, Srirangapatnam, killed him, and took all the loot. In other words, Tipu did all the dirty work in collecting the booty from the temples, and the British got it all in one stroke. And looked good, at least in their own propaganda, for killing a tyrant.A very similar thing happened in 1973. Arab oil states quadrupled oil prices (from $3/barrel to $12), imposing a massive strain on hapless developing countries such as India, leading to severe distress. Under the 1974 US-Saudi agreement, oil sales were to be only denominated in US dollars, thus leading to the ‘petrodollar' accumulation with OPEC. They recycled this money via buying US Treasury bonds, and especially via buying US arms, to the delight of the Military-Industrial Complex.Thus the net effect of the 1973 oil crisis was a large transfer of wealth from the developing countries to OPEC. The US economy did not suffer greatly (despite long lines at gas stations) and in fact US deficits were funded by petrodollars for the last several decades. This is why any move to de-dollarize oil sales is strongly resisted by the US.Summary: Oil and the petrodollarAt the end of the day, American wars always seem to go back to simple ideas: control of oil, and the prevention of de-dollarization. It makes sense: why not use economic and military heft in pursuit of the national interest? Those who go against this learn a big lesson, to their discomfiture: Saddam Hussein in Iraq wanted to trade oil in Euros, Muammar Gaddafi in Libya wanted to create a new pan-African currency in which to trade oil, Nicolas Maduro was trading in yuan and stablecoin, Ayatollah Ali Khameini has been selling in yuan mostly, and not at all in dollars. That meant they all had a Damocles' sword hanging over their heads.Putin and Xi are undesirables too, but then they have nuclear arsenals, which everybody has to respect.The dollar has been hegemonistic ever since Bretton Woods. Even allies learn to respect American sensitivity over the currency. The Japanese economy, once growing at a blistering pace, was ruined after the Plaza Accord of 1984, which set the yen-dollar exchange rate artificially high. Japan lost its mojo and is yet to recover, forty years later.Tailpiece: The end of many eras?Balaji Srinivasan, formerly a Silicon Valley VC, a thought leader and a supporter of ‘Network States' and crypto, posted this intriguing tweet on March 17th. I don't necessarily agree with his framework of (US) ups and downs (see diagram) or his assertions: he surely paints a grim picture for the US, including de-dollarization. He openly wonders if the US itself will survive in its present form.The AI-generated podcast courtesy notebookLM.google.com is at 3000 words, 18 March 2026 This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit rajeevsrinivasan.substack.com/subscribe
This is a free preview of a paid episode. To hear more, visit rajeevsrinivasan.substack.comWar is hell, we all know, and it's bad for everybody, but there is – usually – a winner. After more than two weeks of the Iran war, I am beginning to believe that there are no winners here, only losers. The principals are overextending themselves, and will suffer as a consequence. Innocent or not-so-innocent bystanders are suffering significant collateral damage.Some are getting hurt more than others, so it's mostly a question of degree: but the bottom line is that this is war that is just not good for anybody. As usual, Henry Kissinger had a useful aphorism: “It's a pity both sides can't lose”, quoth he. (Hat tip to reader Sudarshan M). Well, Henry, both sides are losing this one, so take heart: your wish has come true.Someone made the analogy of going to Family Court with a dispute: there are no winners, as the father, mother, and the children, will all suffer, whatever the outcome. It is best in that situation to listen to a counselor and solve your problems amicably. Similarly, it would be good to find a neutral intermediary to help iron out a ceasefire in this war, too.In a way, this war is the classic idea of irresistible force meeting an immovable object, thus leading to a stalemate, as Walter Russel Mead suggested in the Wall Street Journal.First, the toll on the belligerents, in alphabetical order:* Iran. It is creditable that Iran has held out against the might of the US war machine for two weeks and more. My belief is that they can keep it up for a while longer, because they have been preparing for this eventuality for some decades, ever since the 1979 crisis in which they held Americans hostage for 444 days. They are taking, and will take, horrendous losses, but it will be difficult to completely overthrow the Islamist regime. Among other things, Iran is a large country, about half the size of peninsular India.* The US attack on Kharg Island's military targets (but not its oil terminals) has shown that Iran's oil exports could be in jeopardy, pushing global prices up.* Just like their proxy Hamas, it appears Iran has built extensive tunnel complexes, veritable underground labyrinths, where they are hiding all sorts of things, including fast patrol boats. Their military assets are doubtless ensconced in these tunnels which makes them hard to locate and possibly quite mobile.* Israel. Iran's consistent rhetoric that Israel doesn't deserve to exist leads to fears that Iran's nuclear arsenal (if and when built) will be primarily aimed at Israel. This, and troubles with Iranian proxies such as Hezbollah and Hamas, have led to massive Israeli human intelligence penetration of Iran (as seen in the Stuxnet incident as well as the effective strikes on the Ayatollahs and Hamas, including the pager incident). But Israel is also believed to be taking heavy losses, which it can ill afford, although information has been tightly censored..* The US. The original idea of a decapitation strike that would lead to a rapid regime change as the Iranian public rose up and anointed a new leadership (one more acceptable to the US), was questionable, as I pointed out fairly early. It appears that the CIA and US intelligence have just one playbook, which they used more or less successfully in Iraq, Libya, etc. But that was never going to work in Iran, and now the US is stuck with a tar-baby and may be quietly seeking de-escalation and an off-ramp.* Talk of a Marine Expeditionary Unit of 2500 American soldiers re-deployed from Japan means “boots on the ground” followed inevitably by that dreaded word, “body bags”. The troops will be meant to keep Hormuz open, or perhaps to capture Kharg Island. Whether they can achieve these is unclear right now.* However, overall it appears that the US' capacity to coerce other countries through economic means is declining, as suggested by the FT in “The era of US dominance in economic warfare is over” on March 17th.
Agradece a este podcast tantas horas de entretenimiento y disfruta de episodios exclusivos como éste. ¡Apóyale en iVoox! Empezamos destapando cómo Irán pasó de víctima de Stuxnet a convertirse en una de las ciberpotencias más temibles del planeta, con hackers de élite, drones secuestrados y 35.000 ordenadores destruidos en una tarde. Después descubrimos que en Occidente ya existe un sistema de crédito social como el chino, solo que aquí es secreto: empresas que nunca has oído nombrar te asignan puntuaciones ocultas que deciden si alquilas un piso, si consigues un empleo o si te dejan devolver un producto. Luego buceamos en el documento desclasificado de la CIA de 1951 que las redes sociales han convertido en "la cura oculta del cáncer", separando la ciencia real de la conspiración viral. Y cerramos con un enigma mayúsculo: ¿hay un gigantesco objeto de origen no humano enterrado bajo un edificio en las afueras de Seúl? Las coordenadas son públicas, la estructura es visible en Google Maps y lo que aparece catalogado como "galería de arte" tiene 82 metros de diámetro junto a una instalación militar. Escucha el episodio completo en la app de iVoox, o descubre todo el catálogo de iVoox Originals
Irónicamente, el programa nuclear iraní no empezó con ayatolás, sino con el Sha y el visto bueno de Occidente. En este episodio reconstruimos su historia desde los cimientos: los tratados que firmó, las instalaciones que heredó, la red de Khan de las que consiguieron las centrifugadoras de enriquecimiento, y las minas de uranio que excavó en el desierto. Analizamos el Proyecto Amad, el virus Stuxnet, los asesinatos de sus científicos y el estado actual de Natanz, Fordow e Isfahán tras los bombardeos. Porque para entender por qué hoy arde Oriente Próximo, hay que saber primero cómo se forjó, pieza a pieza, el sueño nuclear de Persia. Te lo cuenta Dani CarAn. Casus Belli Podcast pertenece a 🏭 Factoría Casus Belli. Casus Belli Podcast forma parte de 📀 Ivoox Originals. 📚 Zeppelin Books (Digital) y 📚 DCA Editor (Físico) http://zeppelinbooks.com son sellos editoriales de la 🏭 Factoría Casus Belli. Estamos en: 🆕 WhatsApp https://bit.ly/CasusBelliWhatsApp 👉 X/Twitter https://twitter.com/CasusBelliPod 👉 Facebook https://www.facebook.com/CasusBelliPodcast 👉 Instagram estamos https://www.instagram.com/casusbellipodcast 👉 Telegram Canal https://t.me/casusbellipodcast 👉 Telegram Grupo de Chat https://t.me/casusbellipod 📺 YouTube https://bit.ly/casusbelliyoutube 👉 TikTok https://www.tiktok.com/@casusbelli10 👉 https://casusbelli.top 👨💻Nuestro chat del canal es https://t.me/casusbellipod ⚛️ El logotipo de Casus Belli Podcasdt y el resto de la Factoría Casus Belli están diseñados por Publicidad Fabián publicidadfabian@yahoo.es 🎭Las opiniones expresadas en este programa de pódcast, son de exclusiva responsabilidad de quienes las trasmiten. Que cada palo aguante su vela. 📧¿Quieres contarnos algo? También puedes escribirnos a casus.belli.pod@gmail.com ¿Quieres anunciarte en este podcast, patrocinar un episodio o una serie? Hazlo a través de 👉 https://www.advoices.com/casus-belli-podcast-historia Si te ha gustado, y crees que nos lo merecemos, nos sirve mucho que nos des un like, ya que nos da mucha visibilidad. Muchas gracias por escucharnos, y hasta la próxima. ¿Quieres anunciarte en este podcast? Hazlo con advoices.com/podcast/ivoox/391278 Escucha el episodio completo en la app de iVoox, o descubre todo el catálogo de iVoox Originals
Low Value Mail is a live call-in show discussing current events, politics, conspiracies and much more.Every Monday night at 7pm ETSupport The Show:
In this episode of Book Overflow, Carter and Nathan discuss Ken Thompson's essay Reflections on Trusting Trust and the short story Coding Machines by Lawrence Kesteloot!Big thanks to user 0b00101010 from the Book Overflow Discord for the recommendation! Join it here: https://discord.gg/ZwS2fqW7ZZ -- Want to talk with Carter or Nathan? Book a coaching session! ------------------------------------------------------------Carterhttps://www.joinleland.com/coach/carter-m-1Nathanhttps://www.joinleland.com/coach/nathan-t-2-- Books Mentioned in this Episode --Note: As an Amazon Associate, we earn from qualifying purchases.----------------------------------------------------------Reflections on Trusting Trust by Ken Thompsonhttps://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdfCoding Machines by Lawrence Kesteloothttps://www.teamten.com/lawrence/writings/coding-machines/---------------- 00:00 Intro 02:55 About the Authors and Essays 06:14 Initial Thoughts 11:03 The Trusting Trust Attack 22:39 Coding Machines 32:05 AI Trust and Dark Patterns 44:01 AI-Generated Code and the Future 54:52 Stuxnet and Unintended Consequences 1:02:43 Final ThoughtsSpotify: https://open.spotify.com/show/5kj6DLCEWR5nHShlSYJI5LApple Podcasts: https://podcasts.apple.com/us/podcast/book-overflow/id1745257325X: https://x.com/bookoverflowpodCarter on X: https://x.com/cartermorganNathan's Functionally Imperative: www.functionallyimperative.com----------------Book Overflow is a podcast for software engineers, by software engineers dedicated to improving our craft by reading the best technical books in the world. Join Carter Morgan and Nathan Toups as they read and discuss a new technical book each week!The full book schedule and links to every major podcast player can be found at https://www.bookoverflow.io
Are we sleepwalking into a security crisis that makes ransomware look quaint?Nuclear security expert Audrey Crowe joins the show to talk about the convergence of grey zone warfare, critical infrastructure, and nuclear security. This isn't your parents' Cold War nuclear threat, this is about adversaries who've figured out they don't need missiles when they can manipulate our infrastructure through cyber operations, disinformation, and coercion that lives in the murky space below armed conflict.While our adversaries operate in the grey zone with zero institutional friction, democratic nations tie themselves in bureaucratic knots. We demand attribution, legal frameworks, and perfect evidence before we can even acknowledge a threat. It's like showing up to a knife fight with a permission slip.Audrey walks us through how Stuxnet changed everything, why the nuclear sector spans energy, transportation, healthcare, and government regulation, and why she's on a mission to get nuclear industry stakeholders share more information with one another.We also get into the elephant in the room: Big Tech's sudden hunger for nuclear power to feed AI data centers. When profit-driven actors start controlling nuclear infrastructure, will safety remain sacred? Or will we sacrifice long-term security for short-term computational power?
Podcast: Cloud Security Podcast by Google (LS 36 · TOP 2.5% what is this?)Episode: EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?Pub date: 2026-01-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationGuest: Chris Sistrunk, Technical Leader, OT Consulting, Mandiant Topics: When we hear "attacks on Operational Technology (OT)" some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s. Is this space always so spectacular or are there less "kaboom" style attacks we are more concerned about in practice? Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to integrate cloud services for things like data analytics or remote monitoring? How is the shift to cloud connectivity - for things like data analytics, centralized management, and remote access - changing the security posture of these systems? What's a real-world example of a positive security outcome you've seen as a direct result of this cloud adoption? How do the Tactics, Techniques, and Procedures outlined in the MITRE ATT&CK for ICS framework change or evolve when attackers can leverage cloud-based reconnaissance and command-and-control infrastructure to target OT networks? Can you provide an example? OT environments are generating vast amounts of operational data. What is interesting for OT Detection and Response (D&R)? Resources: Video version Cybersecurity Forecast 2026 report by Google Complex, hybrid manufacturing needs strong security. Here's how CISOs can get it done blog "Security Guidance for Cloud-Enabled Hybrid Operational Technology Networks" paper by Google Cloud Office of the CISO DEF CON 23 - Chris Sistrunk - NSM 101 for ICS MITRE ATT&CK for ICS The podcast and artwork embedded on this page are from Anton Chuvakin, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Yeni Medya 451'in bu bölümünde Can Öz ve Ümit Alan, dijital casusluğun “telefonum beni mi dinliyor?” seviyesini çoktan geçtiğini, bugün cebimizdeki cihazların nasıl görünmez birer hedefe dönüştüğünü anlatıyor. Stuxnet'ten Pegasus'a, otel Wi-Fi'larından reklamlara kadar uzanan örneklerle; hiçbir şeye tıklamadan bile izlenmenin mümkün olduğu bu yeni dönemi, bunun insan psikolojisinde yarattığı etkiyi ve paranoyaya kapılmadan alınabilecek temel önlemleri birlikte masaya yatırıyorlar.
Yeni Medya 451'in bu bölümünde Can Öz ve Ümit Alan, dijital casusluğun “telefonum beni mi dinliyor?” seviyesini çoktan geçtiğini, bugün cebimizdeki cihazların nasıl görünmez birer hedefe dönüştüğünü anlatıyor. Stuxnet'ten Pegasus'a, otel Wi-Fi'larından reklamlara kadar uzanan örneklerle; hiçbir şeye tıklamadan bile izlenmenin mümkün olduğu bu yeni dönemi, bunun insan psikolojisinde yarattığı etkiyi ve paranoyaya kapılmadan alınabilecek temel önlemleri birlikte masaya yatırıyorlar.
Guest: Chris Sistrunk, Technical Leader, OT Consulting, Mandiant Topics: When we hear "attacks on Operational Technology (OT)" some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s. Is this space always so spectacular or are there less "kaboom" style attacks we are more concerned about in practice? Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to integrate cloud services for things like data analytics or remote monitoring? How is the shift to cloud connectivity - for things like data analytics, centralized management, and remote access - changing the security posture of these systems? What's a real-world example of a positive security outcome you've seen as a direct result of this cloud adoption? How do the Tactics, Techniques, and Procedures outlined in the MITRE ATT&CK for ICS framework change or evolve when attackers can leverage cloud-based reconnaissance and command-and-control infrastructure to target OT networks? Can you provide an example? OT environments are generating vast amounts of operational data. What is interesting for OT Detection and Response (D&R)? Resources: Video version Cybersecurity Forecast 2026 report by Google Complex, hybrid manufacturing needs strong security. Here's how CISOs can get it done blog "Security Guidance for Cloud-Enabled Hybrid Operational Technology Networks" paper by Google Cloud Office of the CISO DEF CON 23 - Chris Sistrunk - NSM 101 for ICS MITRE ATT&CK for ICS
(Presented by ThreatLocker (https://threatlocker.com/threebuddyproblem): Allow what you need. Block everything else by default, including ransomware and rogue code.) Three Buddy Problem - Episode 78: We close out the year with a no-budget, no-permission awards show, spotlighting the cybersecurity stories that actually mattered. Plus, a bizarre polygraph scandal at CISA, Chinese APT research dumps, ransomware pre-notification hiccups, foreign drone bans, and the growing gap between cyber theater and real operational value. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
Send us a textWe trace Jake's unlikely route from journalism to the White House, how DEF CON's Voting Village began, and why imposter syndrome can be a secret advantage when paired with relentless learning. Then we pull apart cyber strategy, Stuxnet's signal value, and a plan to choke fentanyl through targeted offensive operations against cartels' digital lifelines.• launching a policy career by building expert networks• founding the DEF CON Voting Village and publishing policy insights• managing imposter syndrome with trusted advisors and study• shifting from shields up to active defense in cyber• why Stuxnet's visibility served a political goal• using law enforcement cyber tactics beyond ransomware• how fentanyl economics and pill presses scaled harm• China's precursor role and Sinaloa's market pivot• Coast Guard and HSI authorities for upstream disruption• making fentanyl unprofitable through targeted cyber pressureFind Jake on LinkedIn: Jake BronnBook: Fentanyl, The Mass Poisoning Of America And The Cartel Behind ItSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.
Podcast: Exploited: The Cyber Truth Episode: Smarter Vulnerability Management in OT Systems: Building ResiliencePub date: 2025-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAs OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc. Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders. Together, Ralph and Joe explore: Why most OT equipment remains insecure by design and why replacement will take decadesHow features, not bugs, often become the real attack vectorThe growing role of ransomware and IT-side weaknesses in OT compromisesPractical steps OT defenders can take today to incrementally improve resilienceThe value of class-level protections, better architectures, and secure development processes Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward the near east to the dark web souqs where the script kiddies feast the APTs left their humble abodes to get installed from rootkit payloads. They did the Mash They did the Malware Mash The Malware Mash It was an adware smash They did the Mash It caught on 'cause of Flash The Malware Mash They did the Malware Mash The botnets were having fun The DDoS had just begun The viruses hit the darknet, with ransomware yet to come. The keys were logging, phishing emails abound, Snowden on chains, backed by his Russian hounds. The Shadow Brokers were about to arrive with their vocal group, "The NotPetya Five." They did the Mash They played the Malware Mash The Malware Mash It was a botnet smash They did the Mash It caught on 'cause of Flash The Malware Mash They played the Malware Mash Somewhere in Moscow Vlad's voice did ring Seems he was troubled by just one thing. He opened a shell then shook his fist and said, "Whatever happened to my Turla Trojan twist." It's now the Mash It's now the Malware Mash The Malware Mash And it's a botnet smash It's now the Mash It caught on 'cause of Flash The Malware Mash It's now the Malware Mash Now everything's cool, Vlad's a part of the band And the Malware Mash is the hit of the land. For you, defenders, this mash was meant to when you get to my door, tell them Creeper sent you. Then you can Mash Then you can Malware Mash The Malware Mash And be a botnet smash It is the Mash Don't you dare download Flash The Malware Mash Just do the Malware Mash Learn more about your ad choices. Visit megaphone.fm/adchoices
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward the near east to the dark web souqs where the script kiddies feast the APTs left their humble abodes to get installed from rootkit payloads. They did the Mash They did the Malware Mash The Malware Mash It was an adware smash They did the Mash It caught on 'cause of Flash The Malware Mash They did the Malware Mash The botnets were having fun The DDoS had just begun The viruses hit the darknet, with ransomware yet to come. The keys were logging, phishing emails abound, Snowden on chains, backed by his Russian hounds. The Shadow Brokers were about to arrive with their vocal group, "The NotPetya Five." They did the Mash They played the Malware Mash The Malware Mash It was a botnet smash They did the Mash It caught on 'cause of Flash The Malware Mash They played the Malware Mash Somewhere in Moscow Vlad's voice did ring Seems he was troubled by just one thing. He opened a shell then shook his fist and said, "Whatever happened to my Turla Trojan twist." It's now the Mash It's now the Malware Mash The Malware Mash And it's a botnet smash It's now the Mash It caught on 'cause of Flash The Malware Mash It's now the Malware Mash Now everything's cool, Vlad's a part of the band And the Malware Mash is the hit of the land. For you, defenders, this mash was meant to when you get to my door, tell them Creeper sent you. Then you can Mash Then you can Malware Mash The Malware Mash And be a botnet smash It is the Mash Don't you dare download Flash The Malware Mash Just do the Malware Mash
professorjrod@gmail.comA tiny stick changed how we move information—and how attackers move too. We pull back the curtain on the USB flash drive's quiet takeover: why floppies and CD-Rs failed us, how flash memory and USB converged, and which teams across Singapore, Israel, and China raced to ship the first pocket drive that actually worked. From early 8 MB models that cost a small fortune to today's terabyte dual‑connector rockets, the arc is a crash course in convenience beating complexity.We go beyond the specs to the human story. The new sneaker net brought agility to classrooms, studios, and fieldwork long before cloud storage matured, and it still rules when bandwidth is scarce or privacy matters. But the same traits that made thumb drives beloved—small, portable, plug‑and‑play—made them dangerous. We unpack pivotal moments: Agent.BTZ breaching U.S. military networks, Stuxnet crossing air gaps to wreck centrifuges, a city's entire resident database riding unencrypted in a bag, a hotel compromised by parking‑lot bait, a campus locked by ransomware, and a firm undercut after careless copying. Each tale shows how curiosity, haste, and habit can turn a helpful tool into a vector for loss.We share the playbook that works: default to encryption (hardware or OS‑native), label and inventory every drive, whitelist trusted devices and block the rest, and train people to treat unknown USBs like untrusted code. We also map where flash still beats the cloud—air‑gapped labs, disaster zones, forensic chains, and anywhere “no third‑party server” is a requirement. If portability is power, prudence is the price. Listen to learn the origin myths, the price curves, the cultural shifts, and the simple habits that keep pocket power safe.Enjoyed the story and the takeaways? Follow, share with a friend who loves tech history, and leave a quick review telling us your USB rule number one.Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod
This week we talk about cyberespionage, China, and asymmetrical leverage.We also discuss political firings, hardware infiltration, and Five Eyes.Recommended Book: The Fourth Turning Is Here by Neil HoweTranscriptIn the year 2000, then-General Secretary of the Chinese Communist Party, Jiang Zemin (jong ZEM-in), approved a plan to develop so-called “cyber coercive capabilities”—the infrastructure for offensive hacking—partly as a consequence of aggressive actions by the US, which among other things had recently bombed the Chinese embassy in Belgrade as part of the NATO campaign in Yugoslavia.The US was a nuclear power with immense military capabilities that far outshone those of China, and the idea was that the Chinese government needed some kind of asymmetrical means of achieving leverage against the US and its allies to counter that. Personal tech and the internet were still relatively young in 2000—the first iPhone wouldn't be released for another seven years, for context—but there was enough going on in the cyber-intelligence world that it seemed like a good point of leverage to aim for.The early 2000s Chairman of the CCP, Hu Jintao, backed this ambition, citing the burgeoning threat of instability-inducing online variables, like those that sparked the color revolutions across Europe and Asia, and attack strategies similar to Israel's Stuxnet cyberattack on Iran as justification, though China's growing economic dependence on its technological know-how was also part of the equation; it could evolve its capacity in this space relatively quickly, and it had valuable stuff that was targetable by foreign cyberattacks, so it was probably a good idea to increase their defenses, while also increasing their ability to hit foreign targets in this way—that was the logic here.The next CCP Chairman, Xi Jinping, doubled-down on this effort, saying that in the cyber world, everyone else was using air strikes and China was still using swords and spears, so they needed to up their game substantially and rapidly.That ambition seems to have been realized: though China is still reportedly regularly infiltrated by foreign entities like the US's CIA, China's cybersecurity firms and state-affiliated hacker groups have become serious players on the international stage, pulling off incredibly complex hacks of foreign governments and infrastructure, including a campaign called Volt Typhoon, which seems to have started sometime in or before 2021, but which wasn't discovered by US entities until 2024. This campaign saw Chinese hackers infiltrating all sorts of US agencies and infrastructure, initially using malware, and then entwining themselves with the operating systems used by their targets, quietly syphoning off data, credentials, and other useful bits of information, slowly but surely becoming even more interwoven with the fabric of these systems, and doing so stealthily in order to remain undetected for years.This effort allowed hackers to glean information about the US's defenses in the continental US and in Guam, while also helping them breach public infrastructure, like Singapore's telecommunications company, Singtel. It's been suggested that, as with many Chinese cyberattacks, this incursion was a long-game play, meant to give the Chinese government the option of both using private data about private US citizens, soldiers, and people in government for manipulation or blackmail purposes, or to shut down important infrastructure, like communications channels or electrical grids, in the event of a future military conflict.What I'd like to talk about today is another, even bigger and reportedly more successful long-term hack by the Chinese government, and one that might be even more disruptive, should there ever be a military conflict between China and one of the impacted governments, or their allies.—Salt Typhoon is the name that's been given to a so-called '“advanced persistent threat actor,” which is a formal way of saying hacker or hacker group, by Microsoft, which plays a big role in the cybersecurity world, especially at this scale, a scale involving not just independent hackers, but government-level cyberespionage groups.This group is generally understood to be run out of the Chinese Ministry of State Security, or MSS, and though it's not usually possible to say something like that for certain, hence the “generally understood” component of that statement, often everyone kind of knows who's doing what, but it's imprudent to say so with 100% certainty, as cyberespionage, like many other sorts of spy stuff, is meant to be a gray area where governments can knock each other around without leading to a shooting war. If anyone were to say with absolute certainty, yes, China is hacking us, and it's definitely the government, and they're doing a really good job of it, stealing all our stuff and putting us at risk, that would either require the targeted government to launch some sort of counterstrike against China, or would leave that targeted government looking weak, and thus prone to more such incursions and attacks, alongside any loss of face they might suffer.So there's a lot of hand-waving and alluding in this sphere of diplomacy and security, but it's basically understood that Salt Typhoon is run by China, and it's thought that they've been operating since at least 2020.Their prime function seems to be stealing as much classified data as they can from governments around the world, and scooping up all sorts of intellectual property from corporations, too.China's notorious for collecting this kind of IP and then giving it to Chinese companies, which have become really good at using such IP, copying it, making it cheaper, and sometimes improving upon it in other ways, as well. This government-corporation collaboration model is fundamental to the operation of China's economy, and the dynamic between its government, it's military, its intelligence services, and its companies, all of which work together in various ways.It's estimated that Salt Typhoon has infiltrated more than 200 targets in more than 80 countries, and alongside corporate entities like AT&T and Verizon, they also managed to scoop up private text messages from Kamala Harris' and Donald Trump's presidential campaigns in 2024, using hacks against phone services to do so.Three main Chinese tech companies allegedly helped Salt Typhoon infiltrate foreign telecommunications companies and internet service providers, alongside hotel, transportation, and other sorts of entities, which allowed them to not just grab text messages, but also track people, keeping tabs on their movements, which again, might be helpful in future blackmail or even assassination operations.Those three companies seem to be real-deal, actual companies, not just fronts for Chinese intelligence, but the government was able to use them, and the services and products they provide, to sneak malicious code into all kinds of vital infrastructure and all sorts of foreign corporations and agencies—which seems to support concerns from several years ago about dealing with Chinese tech companies like Huawei; some governments decided not to work with them, especially in building-out their 5G communications infrastructure, due to the possibility that the Chinese government might use these ostensibly private companies as a means of getting espionage software or devices into these communications channels or energy grids. The low prices Huawei offered just wasn't worth the risk.The US government announced back in 2024 that Salt Typhoon had infiltrated a bunch of US telecommunications companies and broadband networks, and that routers manufactured by Cisco were also compromised by this group. The group was also able to get into ISP services that US law enforcement and intelligence services use to conduct court-authorized wiretaps; so they weren't just spying on individuals, they were also spying on other government's spies and those they were spying on.Despite all these pretty alarming findings, in the midst of the investigation into these hacks, the second US Trump administration fired the government's Cyber Safety Review Board, which was thus unable to complete its investigation into Salt Typhoon's intrusion.The FBI has since issued a large bounty for information about those involved in Salt Typhoon, but that only addresses the issue indirectly, and there's still a lot we don't know about this group, the extent of their hacking, and where else they might still be embedded, in part because the administration fired those looking into it, reportedly because the administration didn't like this group also looking into Moscow's alleged interference in the 2016 presidential election, and Salt Typhoon's potential interference with the 2024 presidential election, both of which Trump won.The US government has denied these firings are in any way political, saying they intend to focus on cyber offense rather than defense, and pointing out that the current approach to investigating these sorts of things was imperfect; which is something that most outside organizations would agree on.That said, there are concerns that these firings, and other actions against the US's cyberthreat defensive capabilities, are revenge moves against people and groups that have said the 2020 presidential election, which Trump lost to Joe Biden, was the most secure and best-run election in US history; which flies in the face of Trump's preferred narrative that he won in 2020—something he's fond of repeating, though without evidence, and with a vast body of evidence against his claim.The US has also begun pulling away from long-time allies that it has previously collaborated with in the cyberespionage and cyberdefense sphere, including its Five Eyes partners, the UK, Canada, Australia, and New Zealand.Since Tulsi Gabbard was installed as the Director of National Intelligence by Trump's new administration, US intelligence services have been instructed to withhold information about negotiations with Russia and Ukraine from these allies; something that's worrying intelligence experts, partly because this move seems to mostly favor Russia, and partly because it represents one more wall, of many, that the administration seems to be erecting between the US and these allies. Gabbard herself is also said to be incredibly pro-Russian, so while that may not be influencing this decision, it's easy to understand why many allies and analysts are concerned that her loyalties might be divided in this matter.So what we have is a situation in which political considerations and concerns, alongside divided priorities and loyalties within several governments, but the US in particular right now, might be changing the layout of, and perhaps even weakening, cybersecurity and cyberespionage services at the very moment these services might be most necessary, because a foreign government has managed to install itself in all kinds of agencies, infrastructure, and corporations.That presence could allow China to milk these entities for information and stolen intellectual property, but it could also put the Chinese government in a very favorable position, should some kind of conflict break out, including but not limited to an invasion of Taiwan; if the US's electrical grids or telecommunications services go down, or the country's military is unable to coordinate with itself, or with its allies in the Pacific, at the moment China invades, there's a non-zero chance that would impact the success of that invasion in China's favor.Again, this is a pretty shadowy playing field even at the best of times, but right now there seems to be a lot happening in the cyberespionage space, and many of the foundations that were in place until just recently, are also being shaken, shattered, or replaced, which makes this an even more tumultuous, uncertain moment, with heightened risks for everybody, though maybe the opposite for those attacking these now more-vulnerable bits of infrastructure and vital entities.Show Noteshttps://www.nbcnews.com/tech/security/china-used-three-private-companies-hack-global-telecoms-us-says-rcna227543https://media.defense.gov/2025/Aug/22/2003786665/-1/-1/0/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDFhttps://www.nytimes.com/2025/04/05/us/politics/trump-loomer-haugh-cyberattacks-elections.htmlhttps://www.france24.com/en/americas/20250826-has-the-us-shut-its-five-eyes-allies-out-of-intelligence-on-ukraine-russia-peace-talkshttps://www.axios.com/2025/09/04/china-salt-typhoon-fbi-advisory-us-datahttps://www.wsj.com/politics/national-security/chinese-spies-hit-more-than-80-countries-in-salt-typhoon-breach-fbi-reveals-59b2108fhttp://axios.com/2025/08/02/china-usa-cyberattacks-microsoft-sharepointhttps://www.axios.com/2024/12/03/salt-typhoon-china-phone-hackshttps://www.nytimes.com/2025/09/04/world/asia/china-hack-salt-typhoon.htmlhttps://www.euronews.com/2025/09/04/trump-and-jd-vance-among-targets-of-major-chinese-cyberattack-investigators-sayhttps://www.congress.gov/crs-product/IF12798https://www.fcc.gov/document/implications-salt-typhoon-attack-and-fcc-responsehttps://en.wikipedia.org/wiki/Salt_Typhoonhttps://en.wikipedia.org/wiki/2024_global_telecommunications_hackhttps://en.wikipedia.org/wiki/Chinese_interference_in_the_2024_United_States_electionshttps://www.theregister.com/2025/08/28/how_does_china_keep_stealing/https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4287371/nsa-and-others-provide-guidance-to-counter-china-state-sponsored-actors-targeti/https://chooser.crossref.org/?doi=10.2307%2Fjj.16040335https://en.wikipedia.org/wiki/Cyberwarfare_and_Chinahttps://en.wikipedia.org/wiki/Volt_Typhoon This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe
Send us a textSergey Novikov shares his fascinating journey from early days at Kaspersky Lab through his evolution as a malware analyst and cybersecurity expert, offering unique insights into the changing threat landscape and ethical considerations of security research.• Started at Kaspersky in 2002 when it was a small startup with fewer than 100 employees• Applied mathematics background led to research correlating human epidemic models with computer virus propagation• Worked as a "woodpecker" malware analyst detecting threats 24/7• Became part of Kaspersky's elite Global Research and Analysis Team (GREAT)• Team took pride in identifying APTs regardless of national origin to protect customers worldwide• Described security researchers as "paleontologists" uncovering complex digital threats• Participated in analysis of sophisticated threats like Stuxnet requiring specialized knowledge• Left Kaspersky in 2022 after Russia-Ukraine conflict began• Transitioned to pharmaceutical industry cybersecurity before joining CyberProof• Observes modern threats have blurred lines between nation-state actors, cybercriminals and hacktivists• Believes cybersecurity professionals must maintain perpetual learning mindset• Recommends self-learning and hands-on experience for aspiring security researchers• Notes AI is enabling more agile, automated attacks rather than quantum computing threatsConnect with Sergey on LinkedIn or visit cyberproof.com to learn more about their security services and research blog.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people into pasting commands into Windows Veeam “patches” its backup software RCE like it's 2002 … by breaking the public PoC This week's episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they're destined for the woodchipper. This episode is also available on Youtube. Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran's jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran's Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers' malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users' Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin' Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
Three Buddy Problem - Episode 51: Former Immunity/Trail of Bits researcher Hamid Kashfi joins the buddies for a fast-moving tour of cyber activities in the Israel-Iran war. The crew unpacks who 'Predatory Sparrow' is, why Sepah Bank and the Nobitex crypto exchange were hit, and what a $90 million cryptocurrency burn really means. Plus, radar-blinding cyberattacks that paved the way for Israel's air raid, the human cost of sudden ATM outages and unpaid salaries, and the puzzling “Code Breakers” data leak that preceded it all. Hamid shares on-the-ground context, the buddies debate whether cyber operations can sway a shooting war, and everyone tries to gauge Iran's true offensive muscle under sanctions. Cast: Hamid Kashfi (https://twitter.com/hkashfi), Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).