Podcasts about vulnerabilities

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

The Debrief Report: Attempt to serve legal papers on UN Rapporteur Albanese exposes bureaucratic vulnerabilities in SA by Radio Islam

I know you're out there. The developer who watches their colleagues enthusiastically embrace Claude Code and Cursor, having AI write entire feature sets while you proudly type every semicolon by hand. The founder who sees AI-generated code as a ticking time bomb of bugs and security vulnerabilities. The software entrepreneur who believes that real code comes from human minds, not language models.This one's for you.This episode of The Bootstraped Founder is sponsored by Paddle.comYou'll find the Black Friday Guide here: https://www.paddle.com/learn/grow-beyond-black-fridayThe blog post: https://thebootstrappedfounder.com/ai-for-the-code-writing-purist-how-to-use-ai-without-surrendering-your-keyboard/The podcast episode:  https://tbf.fm/episodes/420-ai-for-the-code-writing-purist-how-to-use-ai-without-surrendering-your-keyboardCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

In this episode of the Unsecurity Podcast, hosted by Megan Larkins and Brad Nigh from FRSecure, we are joined by Pinky from the IR team to dive deep into the pressing cybersecurity challenges as the holiday season approaches.From early breaches to the increasing sophistication of AI in phishing attacks, discover how attackers are evolving their tactics. The trio discusses the impact of VPN vulnerabilities, the rise of AI-enabled chatbots in ransomware scenarios, and how businesses can prepare for the uptick in threats during this busy time of year.Whether you're an IT professional or just curious about cybersecurity, this episode is packed with valuable insights.Don't miss out!-- Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

402-521-3080In this conversation, Stephanie Olson and Rebecca Saunders explore the complexities and misconceptions surrounding human trafficking. They react to various media portrayals, debunk myths about age and vulnerability, and share cautionary tales for job seekers. The discussion emphasizes the importance of awareness, intuition, and understanding the realities of trafficking beyond sensationalized narratives.takeawaysHuman trafficking is often misunderstood and misrepresented in media.Grooming is a common tactic used by traffickers, rather than outright kidnapping.All age groups can be victims of trafficking, not just children.Vulnerable populations, including those with mental health issues, are at risk.Job seekers should be cautious of red flags during interviews.Intuition plays a crucial role in recognizing potentially dangerous situations.Misconceptions about trafficking can lead to fear and misinformation.Target and similar stores are often wrongly associated with trafficking incidents.Trafficking can occur without physical transportation of victims.It's important to define trafficking accurately to understand its implications.Sound Bites"Human trafficking is a business.""All ages are being trafficked.""Pay attention to your intuition."Chapters00:00 Introduction to Reaction Videos on Human Trafficking01:35 Debunking Myths About Human Trafficking in Public Spaces10:07 Understanding the Grooming Process in Trafficking12:29 The Reality of Kidnapping and Trafficking13:59 Exploring Trafficking of Older Adults15:38 Clarifying Misconceptions About Trafficking and Transportation20:15 Addressing Vulnerabilities and Misconceptions in Trafficking21:55 Understanding Trafficking Risks Across Age Groups28:10 The Complexity of Human Trafficking28:58 Job Seekers and Trafficking Awareness33:08 Red Flags in Job Interviews40:25 Final Thoughts on Safety and Vigilance42:18 R&R Outro.mp4Support the showEveryone has resilience, but what does that mean, and how do we use it in life and leadership? Join Stephanie Olson, an expert in resiliency and trauma, every week as she talks to other experts living lives of resilience. Stephanie also shares her own stories of addictions, disordered eating, domestic and sexual violence, abandonment, and trauma, and shares the everyday struggles and joys of everyday life. As a wife, mom, and CEO she gives commentaries and, sometimes, a few rants to shed light on what makes a person resilient. So, if you have experienced adversity in life in any way and want to learn how to better lead your family, your workplace, and, well, your life, this podcast is for you!https://setmefreeproject.net https://www.stephanieolson.com/

Cameron discusses the essential mindset and strategies for practice owners in the medical aesthetics field. He emphasizes the importance of maximizing time, intentional leadership, and the need for a disciplined morning routine. He also highlights the significance of working on the business rather than in it, understanding key performance indicators (KPIs), and the role of effective leadership in achieving success. The conversation concludes with a call to action for practice owners to embrace their entrepreneurial identity and focus on growth.Listen In!Thank you for listening to this episode of Medical Millionaire!Takeaways:Maximize your time to deliver value to clients.Mindset is crucial for success in practice ownership.Vulnerabilities should be viewed as opportunities for growth.Intentional leadership drives enterprise growth.Focus on signal, not noise, in business operations.Establish a disciplined morning routine for success.Work on your business, not just in it.Understand and track your KPIs for better decision-making.Leadership is a daily commitment, not just a title.Every successful entrepreneur has a coach or mentor.Unlock the Secrets to Success in Medical Aesthetics & Wellness with "Medical Millionaire"Welcome to "Medical Millionaire," the essential podcast for owners and entrepreneurs inMedspas, Plastic Surgery, Dermatology, Cosmetic Dental, and Elective Wellness Practices! Dive deep into marketing strategies, scaling your medical practice, attracting high-end clients, and staying ahead with the latest industry trends. Our episodes are packed with insights from industry leaders to boost revenue, enhance patient satisfaction, and master marketing techniques.Our Host, Cameron Hemphill, has been in Aesthetics for over 10 years and has supported over 1,000 Practices, including 2,300 providers. He has worked with some of the industry's most well-recognized brands, practice owners, and key opinion leaders.Tune in every week to transform your practice into a thriving, profitable venture with expert guidance on the following categories...-Marketing-CRM-Patient Bookings-Industry Trends Backed By Data-EMR's-Finance-Sales-Mindset-Workflow Automation-Technology-Tech Stack-Patient RetentionLearn how to take your Medical Aesthetics Practice from the following stages....-Startup-Growth-Optimize-Exit Inquire Here:http://get.growth99.com/mm/

Parce que… c'est l'épisode 0x647! Shameless plug 12 au 17 octobre 2025 - Objective by the sea v8 14 et 15 octobre 2025 - ATT&CKcon 6.0 14 et 15 octobre 2025 - Forum inCyber Canada Code rabais de 30% - CA25KDUX92 4 et 5 novembre 2025 - FAIRCON 2025 8 et 9 novembre 2025 - DEATHcon 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2026 Notes IA AI Agent Security: Whose Responsibility Is It? Hackers Can Bypass OpenAI Guardrails Framework Using a Simple Prompt Injection Technique AI makes phishing 4.5x more effective, Microsoft says How AI-powered ransomware could destroy your business Agentic AI's OODA Loop Problem ‘Sovereign AI' Has Become a New Front in the US-China Tech War Microsoft Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords Extortion and ransomware drive over half of cyberattacks Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication Microsoft: Exchange 2016 and 2019 have reached end of support Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature Edge - IE Microsoft restricts IE mode access in Edge after zero-day attacks Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users' Devices Défensif Identity Security: Your First and Last Line of Defense Banks need stricter controls to prevent romance fraud, says City regulator CVE, CVSS scores need overhauling, argues Codific CEO How to spot dark web threats on your network using NDR Ukraine takes steps to launch dedicated cyber force for offensive strikes How Microsoft is creating a security-first culture that lasts Root Cause Analysis? You're Doing It Wrong Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed Wireshark 4.6.0 Supports macOS pktap Metadata (PID, Process Name, etc.) Offensif F5 Why the F5 Hack Created an ‘Imminent Threat' for Thousands of Networks F5 says hackers stole undisclosed BIG-IP flaws, source code ‘Highly sophisticated' government goons hacked F5 Oracle Google, Mandiant expose malware and zero-day behind Oracle EBS extortion Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884 Fortigate FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process Satellite Unencrypted satellites expose global communications Researchers find a startlingly cheap way to steal your secrets from space Study reveals satellites comms spilling unencrypted data Axis Communications Vulnerability Exposes Azure Storage Account Credentials Android Pixnapping attack can capture app data like 2FA info Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware Cyberattackers Target LastPass, Top Password Managers Devs of VS Code extensions are leaking secrets en masse How Attackers Bypass Synced Passkeys RealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbacks New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability Les Uropes Europe's Digital Sovereignty Paradox - “Chat Control” update Britain issues first online safety fine to US website 4chan Cyber-attacks rise by 50% in past year, UK security agency says Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia Divers GrapheneOS is finally ready to break free from Pixels, and it may never look back [ProtonVPN Lied About Logging Blog](https://vp.net/l/en-US/blog/ProtonVPN-Lied-About-Logging) Adam Shostack : “Yay, more age verification law…” California enacts age verification, chatbot laws The Guardian view on the online scam industry: authorities must not forget that perpetrators are often victims too Insolite TikTok Videos Promoting Malware Installation Kevin Beaumont: “This whole thing with TLP RED …” - Cyberplace Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par Intrasecure inc

In this episode of Hashtag Trending, host Jim Love discusses several key topics. An $800 experiment reveals that many satellites over North America transmit unencrypted sensitive data, including phone calls and military communications. Starlink demonstrates its capability by achieving 10 gigabit speeds on a cruise ship while dealing with congestion issues. Microsoft is betting on a voice-first future for PCs with its new AI-driven features in Windows 11. Finally, the episode highlights the growing vulnerabilities of businesses as they become increasingly dependent on cloud services amidst internet outages. 00:00 Introduction and Headlines 00:27 Unencrypted Satellite Data Exposed 02:47 Starlink's Impressive Speeds and Challenges 05:46 Microsoft's Vision for AI-Powered PCs 08:41 The Risks of Cloud Dependency 10:55 Conclusion and Upcoming Topics

Send us a textWhile there are plenty to pick from, one of the biggest challenges for cybersecurity professionals in the industrial realm can be getting financial support. In manufacturing there are always a number of viable spending options, and working to make cybersecurity a priority can be tough, especially when enterprises are faced with initiatives seen as more fundamental to the core mission of getting finished product out the door.However, a couple of recent reports could help connect the dots between production and security, and the need to fund both.First, there's Adaptiva's State of Patch Management Report that found 75 percent of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher, and 65 percent have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities Catalog. So, hackers know about these weaknesses and they're taking advantage of them.And, according to Black Kite's 2025 Manufacturing Report, 51 percent of those surveyed indicate that patching has become a bigger challenge than intrusion detection, and more than 75 percent indicate that both IT and security must approve patches before deployment.Reading between the lines – patching takes too long and is too complicated, so the vulnerabilities persist and the hackers keep winning.Watch/listen as we discuss these and other topics with Chaz Spahn, the Director of Product Management at Adaptiva. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging vulnerabilities, and how to submit those bugs to open source projects responsibly. It's a very sane and realistic conversation about what AI tools can and can't do, and how humans should be interacting with these things. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-ai-joshua-rogers/

Enjoying the content? Let us know your feedback!This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains.We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to completely poison an AI model. Then we'll discuss something that should make every security professional cringe - CISA just added a dozen vulnerabilities to their Known Exploited Vulnerabilities catalog, and half of them are over a decade old. And finally, we'll cover Salesforce's bold decision not to pay ransom to hackers who claim to have stolen data from dozens of major companies.- https://www.anthropic.com: Small Samples Poison- https://www.turing.ac.uk: LLMS May Be More Vulnerable Data Poisoning W Thought- https://www.theregister.com: Salesforce Refuses To Pay Ransomware- https://www.sans.org: CISA Adds 12 CVEs to KEV; Half are a Decade or More OldBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Join us for another episode of the Unsecurity Podcast as Megan, Brad, and Seth Bowling, lead researcher and developer at FRSecure, dive into the evolving landscape of cybersecurity for city and county governments.Seth shares how Mirrored Defense's innovative heat map visualizes the attack surface across the U.S. and presents surprising findings from their research. The trio discusses the challenges and vulnerabilities faced by local governments, the importance of proactive security measures, and how Project Broken Mirror aims to raise awareness by providing public service solutions.The crew also discusses Seth's efforts to kick-start FRSecure's vulnerability management and conditional access policy initiatives.Whether you're a cybersecurity professional or an interested citizen, this episode offers valuable insights into protecting our critical infrastructure.Don't miss out on this engaging discussion and find out how you can get involved!--Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Google DeepMind's AI agent finds and fixes vulnerabilities  California law lets consumers universally opt out of data sharing China-Nexus actors weaponize 'Nezha' open source tool Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

Podcast: Industrial Cybersecurity InsiderEpisode: Hidden Cybersecurity Vulnerabilities in Today's Data CentersPub date: 2025-10-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure. While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected. Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption. Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.Chapters:- 00:00:00 - Meet Scott Cargill of BW Design Group- 00:02:30 - Data centers expanding for AI- 00:04:40 - Critical BMS vulnerabilities being ignored- 00:07:40 - Alarming OT security reality- 00:09:40 - Why OT security remains deprioritized- 00:12:10 - IT-OT security convergence challenges persist- 00:16:35 - Manufacturing parallels to data centers- 00:20:10 - Security solutions evolution underway- 00:21:45 - Managed services necessity for OT- 00:24:42 - Thought leadership driving industry standardsLinks and Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityScott Cargill on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Life, Culture and Current Events from a Biblical Perspective with Neil Johnson.Your support sends the gospel to every corner of Australia through broadcast, online and print media: https://vision.org.au/donateSee omnystudio.com/listener for privacy information.

Join guest host Dr. Liz Specht for a conversation with Nicole Favreau Farhadi, Senior Research Biochemist at the Army Combat Capabilities Development Command's (DEVCOM) Soldier Center, Combat Feeding Division (CFD). This episode, the final installment of our five-part biomanufacturing series, explores food research within the Department of Defense and the intersection of food biomanufacturing innovation with warfighter readiness. The discussion highlights the Defense Department's responsibilities in combat feeding, logistical vulnerabilities in military food systems, the integration of new biotechnologies for food processing, and the optimization of combat rations for nutrient density, weight, and shelf life. Learn More: DEVCOM: https://sc.devcom.army.mil/who-we-are/ Joint Culinary Center of Excellence (JCCoE): https://quartermaster.army.mil/jccoe/jccoe_main.html Close Combat Assault Ration (CCAR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/Close-Combat-Assault-Ration/ Unitized Group Ration (UGR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/UGR-HS/ To receive updates about the conference please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up http://emergingtechnologiesinstitute.org https://www.facebook.com/EmergingTechETI https://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

Join guest host Dr. Liz Specht for a conversation with Nicole Favreau Farhadi, Senior Research Biochemist at the Army Combat Capabilities Development Command's (DEVCOM) Soldier Center, Combat Feeding Division (CFD). This episode, the final installment of our five-part biomanufacturing series, explores food research within the Department of Defense and the intersection of food biomanufacturing innovation with warfighter readiness. The discussion highlights the Defense Department's responsibilities in combat feeding, logistical vulnerabilities in military food systems, the integration of new biotechnologies for food processing, and the optimization of combat rations for nutrient density, weight, and shelf life.Learn More:DEVCOM: https://sc.devcom.army.mil/who-we-are/Joint Culinary Center of Excellence (JCCoE): https://quartermaster.army.mil/jccoe/jccoe_main.htmlClose Combat Assault Ration (CCAR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/Close-Combat-Assault-Ration/Unitized Group Ration (UGR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/UGR-HS/To receive updates about the conference please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up http://emergingtechnologiesinstitute.org https://www.facebook.com/EmergingTechETI https://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

The Cybersecurity and Infrastructure Security Agency is ordering federal civilian agencies to take immediate action against a widespread hacking campaign targeting Cisco firewalls. The emergency directive was issued last Thursday in response to zero day vulnerabilities that hackers have been exploiting for quite some time. Federal News Network's Anastasia. Obis is here with more details. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

This episode features Professor Annika Rudman and RWI Senior Researcher Alejandro Fuentes in a discussion on women's rights, gender inequality, and intersectional vulnerabilities. It is part of RWI's Regional Africa Programme and connects to our newly published book marking 20 years since the adoption of the Maputo Protocol. The publication explores what substantive transformative equality means in practice within African continental and regional human rights systems, addressing a wide range of issues including gender-based discrimination, abuse, exploitation, and violence.

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

Former CIA officer Mike Baker joins Dr. Phil to expose China's long-game intelligence play from IP theft to border infiltration and land grabs near U.S. military sites.   Dr. Phil talks with Mike Baker, host of The President's Daily Brief Podcast, former CIA covert ops officer, and cofounder of Portman Square Group to dissect the threats shaping America's future security. From China's long-horizon intelligence strategy and relentless intellectual property theft, to suspicious border crossings, cyber probing of U.S. infrastructure, and farmland acquisitions near military bases—this conversation connects the dots on a silent war unfolding in plain sight. Baker reveals how these moves aren't isolated incidents, but part of a systemic campaign to weaken America's resilience. Dr. Phil pushes the discussion further: What are the psychological effects of living under constant, invisible threats? Are Americans prepared mentally and structurally for disruption on this scale? Thank you to our sponsors: Chapter: For free and unbiased Medicare help, dial 352-845-0659 or go to https://askchapter.org/PHIL    Disclaimer: Chapter and its affiliates are not connected with or endorsed by any government entity or the federal Medicare program. Chapter Advisory, LLC represents Medicare Advantage HMO, PPO, and PFFS organizations and stand alone prescription drug plans that have a Medicare contract. Enrollment depends on the plan's contract renewal. While we have a database of every Medicare plan nationwide and can help you to search among all plans, we have contracts with many but not all plans. As a result, we do not offer every plan available in your area. Currently we represent 50 organizations which offer 18,160 products nationwide. We search and recommend all plans, even those we don't directly offer. You can contact a licensed Chapter agent to find out the number of products available in your specific area. Please contact Medicare.gov, 1-800-Medicare, or your local State Health Insurance Program (SHIP) to get information on all of your options. Greenlight: Raise financially smart kids. Start your risk-free trial today! Visit https://Greenlight.com/phil 

I've spent years talking about endpoint security, yet printers rarely enter the conversation. Today, that blind spot takes center stage. I'm joined by Jim LaRoe, CEO of Symphion, to unpack why printers now represent one of the most exposed corners of the enterprise and what can be done about it. Jim's team protects fleets that range from a few hundred devices to tens of thousands, and the picture he paints is stark. In many organizations, printers make up 20 to 30 percent of endpoints, and almost all of them are left in a factory default state. That means open ports, default passwords, and little to no monitoring. Pair that with the sensitive data printers receive, process, and store, plus the privileged connections they hold to email and file servers, and you start to see why attackers love them. We trace Symphion's path from a configuration management roots story in 1999 to a pivot in 2015 when a major printer manufacturer invited the company behind the curtain. What they found was a parallel universe to mainstream IT. Brand silos, disparate operating systems, and a culture that treated printers as cost items rather than connected computers. Add in the human factor, where technicians reset devices to factory defaults after service as second nature, and you have a recipe for recurring vulnerabilities that never make it into a SOC dashboard. Jim explains how Symphion's Print Fleet Cybersecurity as a Service tackles this mess with cross-brand software, professional operations, and proven processes delivered for a simple per-device price. The model is designed to remove operational burden from IT teams. Automated daily monitoring detects drift, same-day remediation resets hardened controls, and comprehensive reporting supports regulatory needs in sectors like healthcare where compliance is non-negotiable. The goal is steady cyber hygiene for printers that mirrors what enterprises already expect for servers and PCs, without cobbling together multiple vendor tools, licenses, and extra headcount to operate them. We also talk about the hidden costs of DIY printer security. Licensing multiple management platforms for different brands, training staff who already have full plates, and outages caused by misconfigurations all add up. Jim shares real-world perspectives from organizations that tried to patch together a solution before calling in help. The pattern is familiar. Costs creep. Vulnerabilities reappear. Incidents push the topic onto the CISO's agenda. Symphion's pitch is straightforward. Treat print fleets like any other class of critical infrastructure in the enterprise, and measure outcomes in risk reduction, time saved, and fewer surprises. If you are commuting while listening and now hearing alarm bells, you are not alone. Think about the printers scattered across your offices and clinics. Consider the data that passes through them every day. Then picture an attacker who finds default credentials in minutes and uses a printer to move across your network.  Tune in for a fast, practical look at a risk hiding in plain sight, and learn how Symphion's Print Fleet Cybersecurity as a Service can help you close a gap that attackers know too well. ********* Visit the Sponsor of Tech Talks Network: Land your first job  in tech in 6 months as a Software QA Engineering Bootcamp with Careerist https://crst.co/OGCLA  

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management. Chapters00:00 Introduction and Guest Welcome00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast02:12 Meet Todd Beardsley: From Hacker to Security Research VP03:58 The Evolution of Vulnerabilities and Patching07:06 Understanding CVE Numbering and Exploitation14:01 The Role of Attribution in Cybersecurity16:48 Cyber Warfare and Global Threat Landscape20:18 The Rise of International Hacking22:01 Delegation of Duties in Offensive Warfare22:25 The Role of Companies in Cyber Defense23:00 Attack Vectors and Exploits24:25 Real-World Scenarios and Threats28:46 The Importance of Communication Skills for CISOs31:42 Ransomware: A Divisive Topic38:39 Actionable Steps for Security Executives

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management. Chapters 00:00 Introduction and Guest Welcome 00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast 02:12 Meet Todd Beardsley: From Hacker to Security Research VP 03:58 The Evolution of Vulnerabilities and Patching 07:06 Understanding CVE Numbering and Exploitation 14:01 The Role of Attribution in Cybersecurity 16:48 Cyber Warfare and Global Threat Landscape 20:18 The Rise of International Hacking 22:01 Delegation of Duties in Offensive Warfare 22:25 The Role of Companies in Cyber Defense 23:00 Attack Vectors and Exploits 24:25 Real-World Scenarios and Threats 28:46 The Importance of Communication Skills for CISOs 31:42 Ransomware: A Divisive Topic 38:39 Actionable Steps for Security Executives 45:58 Conclusion and Final Thoughts

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management.  Chapters 00:00 Introduction and Guest Welcome 00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast 02:12 Meet Todd Beardsley: From Hacker to Security Research VP 03:58 The Evolution of Vulnerabilities and Patching 07:06 Understanding CVE Numbering and Exploitation 14:01 The Role of Attribution in Cybersecurity 16:48 Cyber Warfare and Global Threat Landscape 20:18 The Rise of International Hacking 22:01 Delegation of Duties in Offensive Warfare 22:25 The Role of Companies in Cyber Defense 23:00 Attack Vectors and Exploits 24:25 Real-World Scenarios and Threats 28:46 The Importance of Communication Skills for CISOs 31:42 Ransomware: A Divisive Topic 38:39 Actionable Steps for Security Executives 45:58 Conclusion and Final Thoughts

BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America's competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity Research Scientist  at Bigbear.ai.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AP Washington correspondent Sagar Meghani reports on this week's showdown between NATO jets and Russian drones over Poland.

"Revelation" is about exposing what's hidden: Vulnerabilities, Truths, and the role of hackers in revealing them.In this conversation, Casey John Ellis, founder of Bugcrowd, shares his journey from a curious child fascinated by technology to a pioneer in crowdsourced security. He discusses the evolution of bug bounty programs, the importance of community in cybersecurity, and the challenges of scaling a startup. Casey also emphasizes the need for good faith hackers, the role of AI in security, and the importance of mentorship in entrepreneurship. He reflects on the changing landscape of cybersecurity and the necessity for collaboration between generations in the field.00:00 - Introduction and Technical Challenges02:02 - Casey Ellis: A Journey into Hacking04:50 - Pioneering Crowdsourced Security with Bug Crowd07:36 - Building a Community of Hackers10:36 - Scaling Bug Crowd: Achievements and Growth13:35 - Unexpected Bug Bounty Submissions16:32 - Testing Infrastructure: Virtualization and Real-World Applications19:14 - Advocating for Good Faith Cybersecurity Research22:11 - Government Engagement and Cyber Policy25:03 - Adapting to the Current Threat Landscape26:41 - The Evolving Landscape of Cybersecurity29:58 - AI and Human Collaboration in Security34:22 - The Gray Areas of Cyber Ethics39:50 - Lessons in Entrepreneurship and Leadership44:17 - Generational Shifts in Cybersecurity Media46:40 - Finding Balance: Hobbies and Downtime48:24 - Imagining a Cybersecurity-Themed BarSYMLINKS[ Casey John Ellis Blog - https://cje.io ]The personal website of Casey John Ellis, featuring his writings and insights on cybersecurity, hacker rights, and vulnerability research.[ LinkedIn - https://www.linkedin.com/in/caseyjohnellis ]Casey's professional profile where he shares career updates and connects with the cybersecurity community.[ Bluesky - https://caseyjohnellis.bsky.social ]Casey's Bluesky account for sharing thoughts and engaging with the infosec community.[ Mastodon - https://infosec.exchange/@caseyjohnellis ]Casey's Mastodon profile on Infosec Exchange, where he posts updates and insights for the federated social community.[ X/Twitter - https://x.com/caseyjohnellis ]Casey's main microblogging profile where he actively shares cybersecurity insights and hacker advocacy.[ Linktree - https://linktr.ee/caseyjohnellis ]A hub linking to all of Casey's active social profiles and resources.[ BugCrowd - https://www.bugcrowd.com ]A leading crowdsourced security platform that connects organizations with a global hacker community to find and fix vulnerabilities.[ Disclose.io - https://disclose.io ]An open-source project standardizing best practices for vulnerability disclosure programs, enabling safe collaboration between researchers and organizations.

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

On the Maurin Academy's Political Philosophy podcast, Laurie is covering Jerzy Kosinski's Being There, a satirical novel about an image and wealth-obsessed American society bent on the mass narcissism of literally loving a politician. This is part 5 in the series. … More The Vulnerabilities of Democracy in the Age of Image

Podcast: Industrial Cybersecurity InsiderEpisode: FBI Alerts, OT Vulnerabilities, and What Comes NextPub date: 2025-09-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino break down the FBI's latest cybersecurity advisory and what it means for industrial organizations. From Cisco hardware vulnerabilities on the plant floor to the widening gap between IT and OT security teams, they address the critical blind spots that attackers often exploit. They discuss why manufacturing has become ransomware's “cash register,” the importance of continuous monitoring and asset visibility, and why every organization must have an incident response plan in place before a crisis. This episode is packed with real-world insights and actionable strategies. It's a must-listen for CISOs, CIOs, OT engineers, and plant leaders safeguarding manufacturing and critical infrastructure.Chapters:00:00:52 - Welcome to Industrial Cybersecurity Insider Podcast00:01:21 - A New FBI Advisory on Nation-State OT Threats00:02:37 - Cisco Hardware on the Plant Floor Targeted in Advisory00:03:18 - The IT/OT Disconnect: OT Assets are Often Invisible to InfoSec Teams00:04:19 - The Awareness Gap: Critical Security Alerts Fail to Reach OT Operations00:04:54 - The OT Cybersecurity Skills Gap and Cultural Divide00:07:32 - Why All Manufacturing is Critical, Citing the JBS Breach00:08:37 - The Staggering Economic Cost of OT Breaches00:09:33 - The "Cash Register" Concept: Why Attackers Target Manufacturing00:10:29 - OT as the New Frontier for Attacks on Unpatched Systems00:11:28 - The "Disinterested Third Party": When OEMs See Security as the Client's Problem00:12:31 - The Foundational First Step: Gaining Asset Visibility & Continuous Monitoring00:13:53 - The Impracticality of Patching in OT Due to Downtime and Safety Risks00:15:25 - Academic vs. Practitioner: Why High-Level Advice Fails on the Plant Floor00:18:25 - The Minimum Requirement: A Practiced, OT-Inclusive Incident Response Plan00:18:58 - Why CISOs Must Build Relationships with Key OT Partners00:22:46 - Practice, Partner, and Protect NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Why are nearly all American homes built out of wood when most of the world uses brick, steel, or concrete? In Part I of our conversation Architect Jeana Ripple, author of The Type V City, explains how the U.S.'s reliance on light wood framing—known as Type V construction—became the national default. She breaks down the benefits (affordability, flexibility, sustainability) and the hidden risks (mold, storm damage, limited adaptability) that slowly shape the country's homes, neighborhoods, cities, and built environment. This conversation reveals how building codes and materials influence urban life far more than most of us realize.Jeana Ripple is the Chair of the Department of Architecture and the Vincent and Eleanor Shea Professor at the University of Virginia. A registered architect, she is principal and co-founder of the collaborative architecture firm, Mir Collective.LinksJeana Ripple - ⁠https://www.arch.virginia.edu/people/jeana-ripple⁠Mir Collective - ⁠https://mircollective.com/⁠Purchase the BookUT Press: The Type V City: Codifying Material Inequity in Urban America -  ⁠https://utpress.utexas.edu/9781477331620/⁠Amazon: The Type V City: Codifying Material Inequity in Urban America -  ⁠https://a.co/d/cUzKkyS⁠Subscribe to Most Podern on:Spotify - https://open.spotify.com/show/3zYvX2lRZOpHcZW41WGVrpApple Podcasts - https://podcasts.apple.com/us/podcast/most-podern-podcast/id1725756164Youtube - https://www.youtube.com/@MostPodernInstagram - https://www.instagram.com/most.podernLinkedIn - https://www.linkedin.com/company/most-podernKeywordsType V construction, The Type V City, Jeana Ripple, American housing, Wood frame construction, U.S. building codes, Urban design, Architecture podcast, Why U.S. houses are wood, Building codes explained, Wood vs concrete housing, Mass timber, Multifamily housing design, Housing crisis America, Home maintenance mold, Sustainable building materialsChapters00:00 Introduction to Type 5 Construction01:32 Understanding Type 5 and Its Global Context05:11 The Dominance of Type 5 in the U.S.07:58 The Evolution of Wood Frame Construction11:41 Maintenance and Vulnerabilities of Type 5 Buildings15:44 Consumer Awareness and Decision-Making19:10 The Role of Policy in Building Codes22:43 The Impact of Interest Groups on Building Regulations25:59 Future Directions for Type 5 Construction

In this week's Security Sprint, Dave and Andy covered the following topics:Main Topics:Annunciation Catholic Church Attack • Minneapolis Suspect Knew Her Target, but Motive Is a Mystery• Shooter who opened fire on Minneapolis Catholic school posted rambling videos• Robin Westman: Minneapolis gunman was son of church employee• Robin Westman posted a manifesto on YouTube prior to Annunciation Church shooting• Minneapolis school shooter wrote “I am terrorist” and “Kill yourself” in Russian on weapon magazines and listened to Russian rappers• Minneapolis Catholic Church shooter mocked Christ in video before attack• Minneapolis school shooter 'obsessed with idea of killing children', authorities say• Minnesota Mass Shooter Steeped in Far-Right Lore, White Nationalist Murderers• In Secret Diaries, the Church Shooter's Plans for Mass Murder• Minneapolis church shooting search warrants reveal new details and evidence• 'There is no message': The search for ideological motives in the Minneapolis shooting• Minneapolis Church Shooting: Understanding the Suspect's Video• More Of Minnesota Shooter's Writings Uncovered: ‘Gender And Weed F***ed Up My Head'• Classmates say Minnesota school shooter gave Nazi salutes and idolized school shootings back in middle schoolHoax Active Shooter Reports• More than a dozen universities have been targeted by false active shooter reports• This Is the Group That's Been Swatting US Universities• FBI urges students to be vigilant amid wave of swatting hoaxesAI & Cyber Threats • The Era of AI-Generated Ransomware Has Arrived• Researchers flag code that uses AI systems to carry out ransomware attacks & First known AI-powered ransomware uncovered by ESET Research • Anthropic: Detecting and countering misuse of AI: August 2025• A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four yearsCountering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System• FBI warns Chinese hacking campaign has expanded, reaching 80 countries• Allied spy agencies blame 3 Chinese tech companies for Salt Typhoon attacks• UK NCSC: UK and allies expose China-based technology companies for enabling global cyber campaign against critical networksQuick Hits:• Storm-0501's evolving techniques lead to cloud-based ransomware • Why Hypervisors Are the New-ish Ransomware Target• FBI Releases Use-of-Force Data Update• Denmark summons US envoy over report on covert American ‘influence operations' in Greenland• Falsos Amigos• Surge in coordinated scans targets Microsoft RDP auth servers• Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424• Citrix patches trio of NetScaler bugs – after attackers beat them to it• U.S., Japan, and ROK Join Mandiant to Counter North Korean IT Worker Threats• US sanctions fraud network used by North Korean ‘remote IT workers' to seek jobs and steal money• H1 2025 Malware and Vulnerability Trends • The FDA just overhauled its COVID vaccine guidance. Here's what it means for you• 25 August 2025 NCSC, AFOSI, ACIC, NCIS, DCSA, FBI, ED, NIST, NSF bulletin • DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says• Blistering Wyden letter seeks review of federal court cybersecurity, citing ‘incompetence,' ‘negligence'• Email Phishing Scams Increasingly Target Churches

I cover the announcement of Windows 11 25H2 entering preview, worrying details about Citrix Netscaler vulnerabilities, a company changing AI approach after public failures and much more! Reference Links: https://www.rorymon.com/blog/windows-11-25h2-now-in-preview-citrix-netscaler-vulnerabilities-disclosed-amazing-ai-stethoscope/

CannCon and Ashe in America welcome Phillip Davis, known online as @Mad_Liberals, for a deep-dive into election vulnerabilities exposed at DEFCON. Davis, a veteran software developer with decades in fingerprint identification systems, walks through how voting machines can be accessed and manipulated using readily available technician and poll worker cards. He explains the ease of altering ballots, prompts, and even candidate displays without leaving an audit trail, demonstrating how voters themselves can be unknowingly hacked. The conversation also unpacks the infamous Halderman Report, systemic security failures, and the lack of accountability in election administration. From Goodwill voting machines to encryption keys left in plain sight, Davis reveals how fragile U.S. election infrastructure really is, sparking a raw discussion on trust, oversight, and the future of voting.

Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889

Show NotesIn this episode of 'One in Ten,' host Teresa Huizar interviews Dr. Kimberly Mitchell from the University of New Hampshire's Crimes Against Children Research Center. The discussion centers on image-based sexual abuse (IBSA) and its unique, amplifying effects on victims. They delve into the disturbing prevalence of various forms of IBSA, including coercion and threatening behavior among youth. The conversation also explores the severe psychological impacts such as increased risk of suicide and non-suicidal self-injury among victims.  Additionally, Dr. Mitchell discusses the challenges and complexities of researching this rapidly evolving field amidst advances in digital and AI technology. Potential future research directions, including the role of social support and community engagement, are also highlighted.  Time Topic 00:00 Introduction to Image-Based Sexual Abuse 01:15 Defining Image-Based Sexual Abuse 02:53 Research Background and Technological Impact 05:07 Unique Harms of Image-Based Sexual Abuse 08:47 Study Design and Participant Demographics 11:05 Key Findings and Hypotheses 14:35 Diverse Experiences and Future Research 17:57 Prevalence and Prevention Challenges 23:35 Navigating Healthy Spaces and Influencer Strategies 24:37 Creative Approaches in Child Abuse Prevention 25:58 Global Perspectives on Youth Involvement 28:44 Vulnerabilities of Sexual Minority Youth Online 30:09 Social Support and Online Vulnerabilities 33:18 Non-Suicidal Self-Injury and Image-Based Sexual Abuse 38:24 Future Research Directions and Resiliency 39:52 Bystander Intervention and Positive Variance 41:00 Conclusion and Final Thoughts ResourcesImage-based sexual abuse profiles: Integrating mental health, adversities, and victimization to explore social contexts in a diverse group of young adults - ScienceDirectSupport the showDid you like this episode? Please leave us a review on Apple Podcasts.

Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/psw-889

Rob Allen joins us to discuss the importance of security research teams, and some cool stuff they've worked on. Then, in the Security News: Flipper Zero, unlocking cars: The saga continues The one where they stole the vulnerabilities ESP32 Bus Pirates AI will weaponize everything, maybe What are in-the-wild exploits? Docker and security boundaries, and other such lies AI-powered ransomeware BadCAM, BadUSB, and novel defenses 5G sniffers Jeff breaks down all the breach reports AI in your browser is a bad idea And How to rob a hotel - a nod to the way hacking used to be This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-889

SummaryIn this conversation, cybersecurity expert Christian Espinosa shares his journey from military service to entrepreneurship, emphasizing the importance of emotional intelligence and effective communication in the tech industry. He discusses the vulnerabilities in medical devices, the significance of hiring for cultural fit, and the steps to improve leadership skills. The discussion also covers the concepts of monotasking versus multitasking, empathy in leadership, and the need for continuous improvement in personal and professional development.TakeawaysChristian emphasizes the importance of communication in cybersecurity.Niche focus can lead to increased success in business.Hiring for cultural fit is crucial for team dynamics.Emotional intelligence is often lacking in highly intelligent individuals.The meaning of communication is determined by the response you receive.Monotasking is more effective than multitasking for productivity.Empathy in leadership helps bridge gaps between team members.Continuous improvement is essential for personal growth.Establishing core values can guide hiring and team behavior.Collaboration is key to overcoming intellectual bullying in teams.Chapters00:00 Introduction to Christian Espinosa01:42 Christian's Journey in Cybersecurity05:26 Entrepreneurship and the Military Background09:05 Niche Focus in Cybersecurity10:29 Vulnerabilities in Medical Devices14:39 Hiring for Culture and Core Values19:00 The Smartest Person in the Room21:10 Seven Steps to Improve Emotional Intelligence34:18 Monotasking vs. Multitasking37:15 Empathy and Kaizen in Leadership39:43 Building Effective Teams44:27 Conclusion and RecommendationsCredits:Hosted by Ryan Roghaar and Michael SmithProduced by Ryan RoghaarTheme music: "Perfect Day" by OPM  The Eggs Podcast Spotify playlist:bit.ly/eggstunesThe Plugs:The Show: eggscast.com@eggshow on twitter and instagramOn iTunes: itun.es/i6dX3pCOnStitcher: bit.ly/eggs_on_stitcherAlso available on Google Play Music!Mike "DJ Ontic": Shows and info: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠djontic.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@djontic on twitterRyan Roghaar:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠rogha.ar

In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts

Two sophisticated ransomware groups, Akira and Lynx, are increasingly targeting managed service providers (MSPs) and small businesses by exploiting stolen credentials and vulnerabilities. Together, they have compromised over 365 organizations, with Akira targeting major firms like Hitachi Vantara and Lynx focusing on critical infrastructure, including a CBS affiliate in Chattanooga, Tennessee. Both groups utilize double extortion tactics, combining file encryption with data theft to pressure victims into paying ransoms. This shift in tactics highlights the evolving threat landscape for MSPs and small businesses.In response to the growing cybersecurity threats, the U.S. Cybersecurity and Infrastructure Security Agency has released Thorium, an open-source platform designed for malware and forensic analysis. Thorium can automate tasks and process over 10 million files per hour, empowering IT professionals without in-house malware analysis capabilities to conduct effective preliminary analyses. This tool aims to enhance cybersecurity operations and better manage risks associated with complex malware threats.Additionally, SonicWall has issued a warning to its customers to disable SSL Virtual Private Network (VPN) services due to active ransomware attacks targeting its systems. Meanwhile, Google's AI-powered bug hunter, Big Sleep, has identified 20 security vulnerabilities in popular open-source software, raising concerns about the reliability of AI-generated bug reports. A newly discovered prompt injection vulnerability in Google's Gemini AI chatbot poses serious security risks, enabling attackers to craft convincing phishing campaigns without relying on links or attachments.The podcast also discusses the alarming rise in cybersecurity incidents, particularly social engineering attacks, which have tripled in the first half of 2025. A report from Level Blue indicates that social engineering now accounts for 39% of initial access incidents, with fake CAPTCHA schemes rising dramatically. Furthermore, the report highlights the risks associated with unauthorized AI tool usage, revealing that 97% of organizations lack adequate access controls, exposing sensitive data to potential threats. This underscores the need for organizations to strengthen their defenses and educate users on emerging threats. Four things to know today00:00 Attackers Up Their Game: Ransomware Hits MSPs, SonicWall Vulnerable, and Google's AI Found Exploitable05:53 Social Engineering Surges as Shadow AI Breaches Drive Up Cyber Costs and Risk Exposure08:35 Neglected Tech, Rising Risk: Email and Printers Still Expose Businesses to Modern Threats11:04 From Ransomware to Retirements: Vendor Shifts Reveal Risks and Realignment in the IT Channel This is the Business of Tech.     Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://getflexpoint.com/msp-radio/ Tell us about a newsletter! https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft's new NLWeb protocol. Vulnerabilities in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia's CSO denies the need for backdoors or kill switches in the company's GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy's Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it's a special “Women on the Street” segment with Halcyon's Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what's happening on the ground and what's top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw  (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids' sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Brave randomizes its fingerprints. The next Brave will block Microsoft Recall by default. Clorox sues its IT provider for $380 million in damages. 6-month Win10 ESU offers are beginning to appear. Warfare has significantly become cyber. Allianz Life loses control of 125 million customers' data. The CIA's Acquisition Research Center website was hacked. The Pentagon says the SharePoint RCE didn't get them. A look at a DPRK "laptop farm" to impersonate Americans. FIDO's passkey was NOT bypassed by a MITM after all. Is our data safe anywhere? The UK is trying to back-pedal out of the Apple ADP mess. Meanwhile, the EU resumes its push for "Chat Control". Microsoft fumbled the patch of a powerful Pwn2Own exploit Show Notes - https://www.grc.com/sn/SN-1036-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT threatlocker.com for Security Now bitwarden.com/twit uscloud.com

Bypassing all passkey protections. The ransomware attacks just keep on coming. Cloudflare capitulates to the MPA and starts blocking. The need for online age verification is exploding. Microsoft really wants Exchange Servers to subscribe. Russia (further) clamps down on Internet usage. The global trend toward more Internet restrictions. China can inspect locked Android phones. Use a burner. Web shells are the new buffer overflow. An age verification protocol sketch. What Cloudflare did to create an outage of 1.1.1.1 Show Notes - https://www.grc.com/sn/SN-1035-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security 1password.com/securitynow go.acronis.com/twit