Open standard for two-dimensional vector graphics
POPULARITY
Categories
The Roval saw the end of the Round of 12. SVG may have dominated but the biggest stories seem to be from the Playoff cutline and the possible race manipulation. We look into that and all of the latest news about horsepower increases, silly season updates, and the updates given for NASCORT and also from Steve O'Donnell. All of this heading into Sin City... Visit the Daily Downforce at dailydownforce.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
Google's new demand for developer registration could spell the end for open-source app stores, while Europe's controversial chat control vote threatens privacy for everyone—Steve and Leo break down what's at stake for devs and users alike. Qantas says no one can releak their stolen data. Brave's usage is up. But is it really 3 times faster. Next Tuesday the EU votes on "Chat Control". Microsoft formally launches a "Security Store". Outlook moves to block JavaScript in SVG's. A new release of Chrome. Gmail will no longer pull external email via POP. Googe Drive starts blocking ransomware encryptions. The UK issues another order to Apple. Researchers create a "Battering RAM" attack device. HackerOne's significant bug bounty payouts. The Imgur service goes dark across the UK. Guess why. The Netherlands plans to say NO to "Chat Control." Discord was breached and government IDs leaked. Salesforce says it's not another new breach. Signal introduces a new post-quantum ratchet. Your motherboard MIGHT support TPM 2.0. Google to force Android app devs to register and pay Show Notes - https://www.grc.com/sn/SN-1046-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now joindeleteme.com/twit promo code TWIT hoxhunt.com/securitynow bitwarden.com/twit veeam.com
Sports with Rod 10-6-2025 …Lots of Upsets in Week 5 …The Yankees got Hammered again …Holy Snappin' Turtle Teeth, SVG wins again
Handling frustrations better these days Bubba Wallace takes a swing at explaining why. Meanwhile Tyler Reddick and Austin Cindric are facing must win situation to make next round knowing road course ace SVG stands in the way. Plus, Joey Logano a fan of Charlotte's oval and Roval.
CISA issues an urgent warning about active exploitation of a critical vulnerability in the sudo utility. Broadcom patches two high-severity vulnerabilities in VMware NSX. South Korea raises its national cyber threat level after a datacenter fire. Formbricks patches a critical token validation flaw. Microsoft blocks a credential phishing campaign that made use of malicious SVG files. Landlords are accused of scraping sensitive payroll data. Cybercriminals lay the groundwork for large-scale FIFA fraud. Burnout takes a heavy toll on cybersecurity professionals. On our Threat Vector segment, host David Moulton is joined by Kyle Wilhoit talking about the evolution of hacker culture and cybersecurity. London police bag the biggest bitcoin bust. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this Threat Vector segment, host David Moulton is joined by Kyle Wilhoit of Unit 42 talking about the evolution of hacker culture and cybersecurity. You can listen to the full conversation here, and catch new episodes of Threat Vector each Thursday in your podcast app of choice. Selected Reading CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw (GB Hackers) Broadcom fixes high-severity VMware NSX bugs reported by NSA (Bleeping Computer) South Korea raises cyber threat level after huge data centre fire sparks hacking fears (The Guardian) JWT signature verification bypass enables account takeover in Formbricks (Beyond Machines) Microsoft Flags AI Phishing Attack Hiding in SVG Files (Hackread) Landlords Demand Tenants' Workplace Logins to Scrape Their Paystubs (404 Media) Playing Offside: How Threat Actors Are Warming Up for FIFA 2026 (Check Point Blog) Why burnout is a growing problem in cybersecurity (BBC) Chinese woman convicted after 'world's biggest' bitcoin seizure (BBC) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-516
Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-516
Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-516
Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-516
Kansas served up pure chaos and the Chain Gang brought the heat. Chase Elliott pulled a full Batman, storming from 10th to win in a green-white-checkered stunner, while Denny Hamlin and Bubba Wallace reenacted a dysfunctional family barbecue... complete with door-slamming, finger-flipping, and spilled milk.We break down whether Hamlin should've played team owner or lone wolf, why Bubba's “crowd-the-boss” strategy opened the door for Elliott's miracle win, and how Toyota managed to turn strength in numbers into a demolition derby.Plus: Zane Smith turned his car into a Matchbox stunt toy, SVG fought through penalties and bad luck to sneak into the top 10, and the gang drops their always-unfiltered race ratings (spoiler: even Willie got soft and went full 90%). If you like your race recaps with ribeye jokes, Batman analogies, and just the right amount of trash talk, this episode's your happy place
AJ Allmendinger joins Freddie Kraft, Tommy Baldwin, and Karsyn Elledge on this week's episode of Door Bumper Clear to debrief all things Kansas. The crew breaks down the last lap between Denny Hamlin and Bubba Wallace, Freddie gives his take on why he thinks Denny made the move, and how it's different from the situation last week with Ty Gibbs. Then, Tommy explains why Justin Allgaier and the 7 team need to “go for the kill” every week and not be complacent. And later, AJ previews the ROVAL and why SVG screwed over the Supercars community by making it look too easy. Plus, Reaction Theatre, #AskDBC, and more!This is the badge. You in or not? Dirty Mo merch, link belowhttps://shop.dirtymomedia.com/ Want more DBC? Check out and subscribe to the new DBC YouTube channel! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Denny Hamlin is back in the studio with co-host Jared Allen after a wild Kansas finish that has everyone buzzing. The guys dive into all the week's biggest storylines:3:30 Jusan Hamilton out at NASCAR5:30 Randall Burnett leaving RCR and Rodney Childers joining JRM8:15 TV ratings not looking good for NASCAR18:55 Can Outlawz upset Big Bois in Hoop Group22:40 Denny explains what happened on the final lap with him and Bubba Wallace42:40 Bubba gives Denny the middle finger50:00 Denny wanted the win for his pit crew56:15 Driving without power steering1:06:50 Zane Smith with a scary crash & SVG's impressive top-101:19:15 First pitch at Guardians game and OSU moves to 4-0 Real fans wear Dirty Mo. Hit the link and join the crew.
In Episode 254 of NasCardRadio, the guys break down everything happening in the NASCAR trading card hobby right now:
Tensions boiled over at New Hampshire as teammates went to war, Brad K. went full kamikaze, and Ryan Blaney quietly punched his ticket to the next round.In this episode, Hoppy, Willy T-Bone, and Checky rip into Ty Gibbs' boneheaded moves, dissect Brad's brain-fade divebomb, and debate whether Blaney's smooth run is the start of another Penske title march. From tent-camping drama at Loudon to SVG's underdog rise, we're serving hot takes, laughs, and just enough chaos to keep you hitting replay. Buckle up, it's a wild one.
Episode 78: Jess Dane, Corvette's Racing Program Manager. Jess is an absolute boss and she catches up with the lads for a raw and wide-ranging chat about life in motorsport on both sides of the world. Jess discusses openly her time at T8, the transition to America and her different roles within GM. She also opens up on dating SVG and breaking the news to her Father Roland Dane. Get yaself some AHU merch: https://apexhuntersunited.com/ Patreon: https://www.patreon.com/c/ApexHuntersUnited Discount code: AHU15 for 15% off at: https://www.eastcoastcarrentals.com.au/ http://www.lancastermotors.com.au/ https://www.tricoproducts.com.au/ https://www.shawandpartners.com.au/home Quad Lock: https://bit.ly/3QLeiV5 Z Motorsport Memorabilia: https://www.zmm.com.au/ #supercars #v8supercars #Corvette #nascar
Christopher Bell wins at Bristol, but Goodyear turns the race into a literal tire fire. We recap the chaos, break down who survived the Playoff cut, and dig into the latest NASCAR news. Plus – our Paint Scheme Preview and Picks for New Hampshire!The Rundown:- Bristol: Christopher Bell wins after wild final restart- JGR sweeps the first round of the Playoffs- Tire craziness: The race was literally a tire fire- Playoff drivers struggle again: half the field finishes outside the top-25- Four drivers eliminated: Bowman, Dillon, SVG, Berry (historic bad round)- Ratings: another dip for USA- NASCAR Playoff Analysis: Round of 12- NASCAR News:- IndyCar doubleheader with NASCAR in Phoenix- Champions' Tuesday Afternoon… on Roku?- Keselowski questions the playoff format- NASCAR 25 release date set- New Hampshire: Entry List, Paint Scheme Preview, and Picks!Find the latest episodes at InTheDraftShow.com, follow on Bluesky and Instagram @InTheDraftShow – and like the show on Facebook at facebook.com/InTheDraftShowThanks for listening!
HP Wolf Security research shows attackers chaining living-off-the-land techniques to exploit detection weak spots HP Inc has issued its latest Threat Insights Report, revealing how age-old living-off-the-land (LOTL) and phishing techniques are evolving to bypass traditional detection-based security tools. LOTL techniques - where attackers use legitimate tools and features built into a computer to carry out their attacks - have long been a staple of the threat actor toolkit. However, HP Threat Researchers now warn that the growing use of multiple, often uncommon, binaries in a single campaign is making it even harder to distinguish malicious versus legitimate activity. The report provides an analysis of real-world cyberattacks, helping organisations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security1, notable campaigns identified by HP Threats Researchers include: · Fake Adobe Reader Invoice Signals New Wave of Ultra-Polished Social Engineering Lures: Attackers embedded a reverse shell - a script that grants attackers control over a victim's device. The script was embedded in a small SVG image, disguised as a very realistic Adobe Acrobat Reader file, complete with a fake loading bar - giving the illusion of an ongoing upload, increasing the chances victims will open it and trigger an infection chain. Attackers also geofenced the download to German-speaking regions to limit exposure, hinder automated analysis systems and delay detection. · Attackers Hiding Malware in Pixel Image Files: Attackers used Microsoft Compiled HTML Help files to hide malicious code within image pixels. The files, disguised as project documents, concealed an XWorm payload in the pixel data, which was then extracted and used to execute a multi-step infection chain involving multiple LOTL techniques. PowerShell was also used to run a CMD file that deleted evidence of files once they'd been downloaded and executed. · Resurgent Lumma Stealer Spreads via IMG Archives: Lumma Stealer was one of the most active malware families observed in Q2. Attackers distributed it through multiple channels, including IMG Archive attachments that use LOTL techniques to bypass security filters and exploit trusted systems. Despite a law enforcement crackdown in May 2025, campaigns continued in June and that the group is already registering more domains and building infrastructure. Alex Holland, Principal Threat Researcher, HP Security Lab, comments:?"Attackers aren't reinventing the wheel, but they are refining their techniques. Living-off-the-land, reverse shells, and phishing have been around for decades, but today's threat actors are sharpening these methods. We're seeing more chaining of living-off-the-land tools and use of less obvious file types, such as images, to evade detection. Take reverse shells as an example - you don't have to drop a fully-fledged RAT when a simple, lightweight script will achieve the same effect. It's simple, fast and often slips under the radar because it's so basic." These campaigns show how creative and adaptive threat actors have become. By hiding malicious code in images, abusing trusted system tools, and even tailoring attacks to specific regions, they're making it harder for traditional detection tools to spot threats. By isolating threats that have evaded detection tools on PCs - but still allowing malware to detonate safely inside secure containers - HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches. The report, which examines data from April-June 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as: · At least 13% of email threats ide...
EP 259.5The cybersecurity and technology threat landscape is accelerating in scale, sophistication, and impact. A convergence of AI-driven offensive capabilities, large-scale supply chain compromises, systemic insecurity in consumer devices, corporate data abuses, and state-level spyware deployment is reshaping digital risk. At the same time, new innovations—particularly in open-source, privacy-centric AI and smart home repurposing—highlight the dual-edged nature of technological progress.AI-Accelerated ExploitsAttackers now harness generative AI to automate exploit creation, compressing timelines from months to minutes. “Auto Exploit,” powered by Claude-sonnet-4.0, can produce functional PoC code for vulnerabilities in under 15 minutes at negligible cost, fundamentally shifting defensive priorities. The challenge is no longer whether a flaw is technically exploitable but how quickly exposure becomes weaponized.Massive Supply Chain AttacksSoftware ecosystems remain prime targets. A phishing campaign against a single npm maintainer led to malware injection into packages downloaded billions of times weekly, constituting the largest supply-chain attack to date. This demonstrates how a single compromised account can ripple globally across developers, enterprises, and end users.Weaponization of Benign FormatsAttackers increasingly exploit trusted file types. SVG-based phishing campaigns deliver malware through fake judicial portals, evading antivirus detection with obfuscation and dummy code. Over 500 samples were linked to one campaign, prompting Microsoft to disable inline SVG rendering in Outlook as a mitigation measure.Systemic Insecurity in IoTLow-cost consumer devices, particularly internet-connected surveillance cameras, ship with unpatchable flaws. Weak firmware, absent encryption, bypassable authentication, and plain-text data transmission expose users to surveillance rather than security. These systemic design failures create enduring vulnerabilities at scale.Corporate Breaches and Data AbuseThe Plex breach underscored the persistence of corporate data exposure, with compromised usernames and passwords requiring resets. Meanwhile, a federal jury fined Google $425.7M for secretly tracking 98M devices despite user privacy settings—reinforcing that legal and financial consequences for privacy violations are escalating, even if damages remain below consumer expectations.Government Spyware DeploymentCivil liberties are increasingly tested by state adoption of invasive surveillance tools. U.S. Immigration and Customs Enforcement resumed a $2M deal for Graphite spyware, capable of infiltrating encrypted apps and activating microphones. The contract proceeded after regulatory hurdles were bypassed through a U.S. acquisition of its Israeli parent company, raising alarms about due process, counterintelligence risks, and surveillance overreach.Emerging InnovationsNot all developments are regressive. Philips Hue's “MotionAware” demonstrates benign repurposing of smart home technology, transforming bulbs into RF-based motion sensors with AI-powered interpretation. Meanwhile, Switzerland's Apertus project launched an open-source LLM designed with transparency and privacy at its core—providing public access to weights, training data, and checkpoints, framing AI as digital infrastructure for the public good.The digital environment is marked by intensifying threats: faster, cheaper, and more pervasive attacks, systemic insecurity in consumer technologies, corporate and governmental encroachments on privacy, and the weaponization of formats once considered harmless. Yet, the emergence of open, privacy-first AI and the creative repurposing of consumer tech illustrate parallel efforts to realign innovation with security and transparency. The result is a complex, high-velocity ecosystem where defensive strategies must adapt as quickly as offensive capabilities evolve.Conclusion
EP 259 In this week's update:Affordable LookCam devices, marketed as home security solutions, harbor critical vulnerabilities that could allow strangers to access your private video feeds.VirusTotal uncovers a sophisticated phishing campaign using SVG files to disguise malware, targeting users with fake Colombian judicial portals.Plex alerts users to a data breach compromising emails, usernames, and hashed passwords, urging immediate password resets to secure accounts.Philips Hue's innovative MotionAware feature transforms smart bulbs into motion sensors, enhancing home automation with cutting-edge RF technology.A massive supply chain attack compromises npm packages, affecting billions of downloads through a phishing scheme targeting maintainers' accounts.Google faces a $425.7 million verdict for covertly tracking nearly 98 million smartphones, violating user privacy despite opt-out settings.Switzerland's Apertus, a fully open-source AI model, sets a new standard for privacy, offering transparency and compliance with stringent data laws.An AI-driven tool, Auto Exploit, revolutionizes cybersecurity by generating exploit code in under 15 minutes, reshaping defensive strategies.ICE's adoption of Paragon's Graphite spyware, capable of infiltrating encrypted apps, sparking concerns over privacy and surveillance in immigration enforcement.Look closely and perhaps you'll see it in the picture.
NASCAR took on Gateway this weekend, and it was more of the same for Connor Zilisch who took down a huge dub to seal the regular season title on Saturday night! Amidst some playoff hiccups on Sunday from Josh Berry, some of the Hendrick stable and SVG, it was Denny Hamlin who emerged victorious gaining his 59th win in the Cup Series, and Toyota's 200th!Silly season continues, with some rumors cementing Reddick's interest in potentially moving ship, HFT confirms a move to Chevy and the resigning of their drivers for next season, and Sammy Smith pens a deal with JRM for next season. All of that AND MORE, on the Fake Racers Podcast.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf
New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
It's a milestone 250th episode of NasCardRadio! Val and PSA Hall of Famer Logan recap a wild weekend in racing with first cards of the winners and highest finishing rookies in each series. Also breaking down new trading card releases (including Select and Turn Four), all while dissecting surprising market sales and legendary pulls. The hobby talk doesn't stop there: from “pack pinchers” and premium Turn Four boxes, to jaw-dropping Ka-Varoom case hits, a “This or That” showdown between Jeff Gordon and Benny Parsons cut autos, and this week's King's Court featuring legends, 1/1 Panini Instants, and gold rookie grails from Hailie Deegan, SVG, and Zilisch. Whether you're a diehard race fan or a collector chasing the next big rookie, this episode has it all. It's fast-paced, collector-focused, and always unpredictable: tune in for the deals, debates, and drama behind the cards that define the track!
SVG is really good at Road Courses. In case you didn't know already. We discuss his dominance at The Glen, along with the increasingly interesting playoff picture. Plus - the latest NASCAR News, and our Paint Scheme Preview and Picks for Richmond!The Rundown:- Watkings Glen: SVG is just toying with everyone now- Glen Ratings: not that great- NASCAR Playoff Picture: who is in a must-win situation?- NASCAR News:- Connor Zilisch craziness- All-Star Race at...Dover? What is happening here?- Driver and Sponsor News- Richmond! Our Paint Scheme Preview and PicksFind the latest episodes at InTheDraftShow.com, follow on Bluesky and Instagram @InTheDraftShow – and like the show on Facebook at facebook.com/InTheDraftShowThanks for listening!
On this week's episode of Rubbin' is Racing, Spider, Large, and Moonhead recap the weekend of racing at Watkins Glen capped off with SVG's commanding victory, talk some tire with NASCAR headlines, and preview the upcoming race schedule in the capital of the Old Dominion.
In this episode we recap NASCARs weekend at Watkins Glen. SVG dominating in the Cup Series again, Connor Zilisch's eventful Xfinity win and tumble heard round the world, news of Dover moving to the All Star Race and North Wilkesboro getting a points race and much more
Corey and Skip rate SVG's burnout, Corey is pulling double duty this weekend racing the modifieds and trucks and they preview the different strategies needed to win the Cup race.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
We recap The Watkins Glen International road course action where Shane Van Gisbergen wins...again! 4th win this season for SVG. Connor Zillisch breaks his collar bone celebrating his 6th XFinity Series Win this season at the Glen, Rowdy Dragon has your Fantasy NASCAR picks for Richmond Raceway. Hosted by Kerry Murphey and Toby Christie
Much of the discourse this week has been around road courses, and what the future may hold for them after the Next Gen's racing and also SVG's utter dismantling of the field. Visit the Daily Downforce at dailydownforce.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Watkins Glen road course weekend has come and gone for all three NASCAR series. We talk about the Truck Series action from the weekend and some of the driver changes in the Truck Series at this point in the season. The Xfinity race from The Glen was a wild one with a giant wreck with less than ten to go. Zilisch gets the win and breaks a collar bone in the celebration. SVG once again dominated and got his fourth win of the season and fourth win in a row on road courses. We look ahead to the Cookout 400 and make some picks for the Saturday night race from Virginia. IndyCar was in Portland and Alex Palou secured the Championship with two more races to go in the season. Thanks for tuning in!
Dale Earnhardt Jr. is fresh off a weekend in New York, and he's back on Dirty Air with TJ Majors to unpack all the chaos from Watkins Glen. They're hitting every big headline, including:• Is it time to kill overtime finishes in Trucks & Xfinity?• Connor Zilisch vs. SVG — who was in the right?• Austin Hill comes back and makes noise• Brad Keselowski's not happy with Carson Hocevar• Why Chris Gabehart might be Ty Gibbs' secret weapon• Does the NASCAR Cup Series really need fewer road courses?• Plus — race winner Shane van Gisbergen calls in to give his side of the wreck and what's next for him in NASCAR And in this week's Ask Jr.:• Dale's got a CARS Tour race coming up this weekend• How he'd handle the Richmond/Kyle Busch deal differently• The brand-new Buster book And for more content check out our YouTube page: https://www.youtube.com/@DirtyMoMediaDirty Mo Media is launching a new e-commerce merch line! They've got some awesome Dale Jr. Download merch on the site. Visit shop.dirtymomedia.com to check out all the new stuffFanDuel: Must be 21+ and present in select states (for Kansas, in affiliation with Kansas Star Casino) or 18+ and present in D.C. First online real money wager only. $5 first deposit required. Bonus issued as nonwithdrawable bonus bets which expire 7 days after receipt. Restrictions apply. See terms at sportsbook.fanduel.com. Gambling Problem? Call 1-800-GAMBLER or visit FanDuel.com/RG. Call 1-888-789-7777 or visit ccpg.org/chat in Connecticut, or visit mdgamblinghelp.org in Maryland. Hope is here. Visit GamblingHelpLineMA.org or call (800) 327-5050 for 24/7 support in Massachusetts or call 1-877-8HOPE-NY or text HOPENY in New York.Consumer Cellular: New customers get a $5 credit on first five monthly invoices. Visit ConsumerCellular.com/DJD for details.
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone and their dog seems to have a shell in US Federal Court information systems Google pays $250k for a Chrome sandbox escape Attackers use javascript in adult SVG files to … farm facebook likes?! SonicWall says users aren't getting hacked with an 0day… this time. This week's episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. This episode is also available on Youtube. Show notes CISA, Microsoft issue alerts on ‘high-severity' Exchange vulnerability | The Record from Recorded Future News Advanced Active Directory to Entra ID lateral movement techniques Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications Cartels may be able to target witnesses after major court hack Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks' | The Record from Recorded Future News Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive Buttercup is now open-source! HTTP/1.1 must die: the desync endgame US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News Adult sites are stashing exploit code inside racy .svg files - Ars Technica Google pays 250k for Chromium sandbox escape SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News Hackers Hijacked Google's Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED Malware in Open VSX: These Vibes Are Off How attackers are using Active Directory Federation Services to phish with legit office.com links Introducing our guide to phishing detection evasion techniques The State of Attack Path Management
RFK Racing crew chief and veteran of the industry Derrick Finley joins Davey Segal (2:40) to discuss working with Ryan Preece, why the Northeast racer stands out as one of the best Finley has ever worked with, the current push for the playoffs and battling a teammate for a postseason spot and how it is racing against and working for your boss in Brad Keselowski. Finley dives into his upbringing in New Mexico, the racing scene out West, playing football at UNM, why he chose mechanical engineering and motorsports after college, working for Dale Earnhardt Inc. fresh out of school (and some stories to boot), the mentorship he received from Travis Carter, getting the call to crew chief in Cup for the first time in 2003, stops at multiple organizations along the way, what brought him over to RFK Racing and why he got back atop the pit box for 2025 despite not really wanting to. Plus, the intricacies of working on a Gen 7 car in today's NASCAR, whether they're trying to win or point their way into the playoffs, the story behind his famous skull flame pants, his taste in rap music, interesting animal analogies and more. Davey also recaps another dominant road course performance from SVG and looks ahead to Richmond.
We're done with the road course races for a couple months and it feels good. In this week's episode we're talking about another short flat track on the schedule that had one of its dates stripped away and is anxious for the spotlight: Richmond Raceway! We recap Watkins Glen and the SVG dominance yet again. Then we talk about the Richmond comps and the best data sets to handicap the race. Finally, we get into building the betting card for this week with the outrights, Top 10s and Head to Head Matchups!
Kyle Robert and Brian Twining get you set for the Cook Out 400 as NASCAR gets ready for the penultimate race of the regular season.Kyle and Brian run through the Cook Out 400 betting board to see if there is any value prior to practice and qualifying. The guys run through Caesars, Fanduel and BetMGM! They look at outrights, placings and head to head matchups for Pocono. But first they recap the week that was from Watkins Glen. They talk another SVG ass kicking, lack of passing and what to do with road courses in general. Plus they recap the betting card and DraftKings lineups.As a reminder, use code AOP25 for a 100% match deposit up to $100. While you are there make sure you join the COMPLETELY FREE listeners league!https://t.co/EXWgnKQpzsSubscribe to the Green White Checkered our FREE newsletter on Substack for more picks and bets every race day.https://aoppodcast.substack.com/Make sure you tune into The Draft every Wednesday from our friends Win the Race. Make sure to subscribe to their YouTube channel while you are there.https://www.youtube.com/@WINTHERACEP100:00 Intro01:30 What do we do with road courses?10:40 Watkins Glen DFS and Betting Recap19:07 Cook Out 400 Outright Odds and Targets34:40 Cook Out 400 Placings and Matchups44:56 Cook Out 400 Betting Card Recap
Denny Hamlin and Jared Allen are back after another dominant win by Shane Van Gisbergen3:00 The Next Gen car is reaching hate levels of the Car of Tomorrow9:40 What it will take for SVG to lose on a road/street course?16:25 Who can challenge SVG in the future?23:30 Can SVG make it out of the first round of the Playoffs?28:00 Who is to blame for Denny and Kyle Busch making contact?29:15 More drama with Carson Hocevar35:15 Connor Zilisch's scary fall in Victory Lane42:15 SVG to blame for him wrecking in the Xfinity race47:00 Austin Hill causes a massive crash one week after being suspended Dirty Mo Media has a new e-commerce merch line! They've got some awesome Actions Detrimental merch on the site. Visit shop.dirtymomedia.com to check out all the new stuff.For more Actions Detrimental content: https://www.youtube.com/@ActionsDetrimental FanDuel Disclaimer: Must be 21+ and present in select states (for Kansas, in affiliation with Kansas Star Casino) or 18+ and present in D.C. First online real money wager only. $5 first deposit required. Bonus issued as nonwithdrawable bonus bets which expire 7 days after receipt. Restrictions apply. See terms at sportsbook.fanduel.com. Gambling Problem? Call 1-800-GAMBLER or visit FanDuel.com/RG. Call 1-888-789-7777 or visit ccpg.org/chat in Connecticut, or visit mdgamblinghelp.org in Maryland. Hope is here. Visit GamblingHelpLineMA.org or call (800) 327-5050 for 24/7 support in Massachusetts, or call 1-877-8HOPE-NY or text HOPENY in New York.
Corey and Skip discuss some breaking news involving Corey's truck ride, the weekend at Watkins Glen with Xfinity crashes, SVG's dominant Cup victory and some woes on pit road (and one Skip had at pit practice). Katherine Legge joins virtually to discuss her motorsports career, her transition to stock car racing with Live Fast Motorsports, and how she persevered as a woman in motorsports. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Austin Green joins Davey Segal (7:00) to discuss how things are going in the midst of his partial Xfinity Series season with Jordan Anderson Racing. Gearing up for another road course in Watkins Glen, they discuss why the road course moniker may be an inaccurate one given his background, how difficult it is getting used to heavier stock cars, switching between a Trans-Am, ARCA and Xfinity vehicle, his racing background and how big winning recently on the Charlotte oval in ARCA Menards Series competition was. Plus, Green details how his father David and uncles Mark and Jeff have helped him navigate his NASCAR journey, the influence they've had on his career thus far, helping Jordan Anderson Racing grow thanks to his road racing skills, avoiding the chaos during races, what his short and long term plans look like and more. Davey also recaps William Byron's win at Iowa, looks ahead to what might be another SVG dominant performance at The Glen and Papa Segal pays homage to a legendary finish and road racer.
SVG joins Stacking Pennies in the Noncents Garage! First, Corey & Ryan recap an eventful race in Iowa where Daytona 500 winner William Bryon picked up his second win of the season.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
We recap Bubba Wallace's major upset win at The Brickyard 400 at Indianapolis Motor Speedway, Austin Hill suspended, Fox Sports buys 1/3 of Penske Entertainment, SVG wins oval...against children (mostly) plus a brief (very) Iowa Preview, and Rowdy Dragon has your Fantasy NASCAR Picks for Iowa Speedway. Hosted by Kerry Murphey and Toby Christie
Corey and Skip grade SVG's burnout in Sonoma, talk about the uniqueness of Dover, and make their predictions for this weekend's matchups for the In-Season Challenge. Who will advance to the finals in Indy?See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Michael McDowell joins Freddie Kraft, Tommy Baldwin, and Karsyn Elledge for another episode of Door Bumper Clear. The crew recaps a dominating day at Sonoma for Shane Van Gisbergen, Freddie and Bubba's great points day, and the scuffle between pit crews. The DBC crew debates if Shane Van Gisbergen is the greatest Road Course racer of all time, how far he will go in the Playoffs, and Ram's proposed reality show to find driver talent. Plus another great reaction theatre, #ASKDBC, and more! Want more DBC? Check out and subscribe to the new DBC YouTube channel!
Denny Hamlin and co-host Jared Allen are back from Sonoma, where Shane van Gisbergen delivered another dominant performance. 1:40 SVG's win was more dominant than his Chicago win, and why he's so much better than everyone else13:00 Denny has a surprise for Jared14:15 23XI and Front Row file an injunction and restraining order against NASCAR21:30 Lack of rear grip caused lots of problems25:25 Brad Keselowski's pit crew not happy with Ty Gibbs32:00 Did NASCAR screw up not throwing a red flag?38:00 Ty Dillon pulls off another upset in the Bracket Challenge43:00 Denny will be broadcasting the Xfinity race at Dover48:00 Denny is getting really good at fishing, and Travis lost his chair Dirty Mo Media is launching a new e-commerce merch line! They've got some awesome Actions Detrimental merch on the site. Visit shop.dirtymomedia.com to check out all the new stuff.For more Actions Detrimental content: https://www.youtube.com/@ActionsDetrimental FanDuel Disclaimer: Must be 21+ and present in select states (for Kansas, in affiliation with Kansas Star Casino) or 18+ and present in D.C. First online real money wager only. $5 first deposit required. Bonus issued as nonwithdrawable bonus bets which expire 7 days after receipt. Restrictions apply. See terms at sportsbook.fanduel.com. Gambling Problem? Call 1-800-GAMBLER or visit FanDuel.com/RG. Call 1-888-789-7777 or visit ccpg.org/chat in Connecticut, or visit mdgamblinghelp.org in Maryland. Hope is here. Visit GamblingHelpLineMA.org or call (800) 327-5050 for 24/7 support in Massachusetts, or call 1-877-8HOPE-NY or text HOPENY in New York.