Podcasts about vulnerabilities

Researchers detail a years-long Russian state-sponsored cyber espionage campaign. Israel's cyber chief warns against complacency. Vulnerabilities affect products from Fortinet and Hitachi Energy. Studies show AI models are rapidly improving at offensive cyber tasks. MITRE expands its D3FEND cybersecurity ontology to cover operational technology. Texas sues smart TV manufacturers, alleging illegal surveillance. A fraudulent gift card locks an Apple user out of their digital life. Our guest is Doron Davidson from CyberProof Israel discussing agentic SOCs and agentic transformation of an MDR. Fat racks crack the stacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by ⁠Doron Davidson⁠, GM at ⁠CyberProof⁠ Israel, MD Security Operations, discussing agentic SOC and agentic transformation of an MDR. If you'd like to learn more be sure to check out ⁠CyberProof⁠. Tune into the full conversation here. Selected Reading Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure (Live Threat Intelligence) IDF warns future cyberattacks may dwarf past threats (The Jerusalem Post) CISA reports active exploitation of critical Fortinet authentication bypass flaw (Beyond Machines) Hitachi Energy reports BlastRADIUS flaw in AFS, AFR and AFF Series product families (Beyond Machines) AI models are perfecting their hacking skills (Axios) AI Hackers Are Coming Dangerously Close to Beating Humans (WSJ) MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity (Mitre) Texas sues biggest TV makers, alleging smart TVs spy on users without consent (Ars Technica) Locked out: How a gift card purchase destroyed an Apple account (Apple Insider) Racks of AI chips are too damn heavy (The Verge) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode:More security vulnerabilities in RSC landAnthropic tries to garner more OSS goodwillAnd we do a wrap up of CSS in 2025Timestamps:2:29 - More vulnerabilities in RSCs6:36 - Anthropic donates MCP to the Agentic AI Foundation16:04 - CSS 2025 wrap up25:05 - Disney to allow characters on Sora29:42 - What's making us happyNews:Paige - Anthropic donates MCP to the Agentic AI FoundationJack - More vulnerabilities in RSCs discoveredTJ - CSS Wrapped 2025Lightning News: Disney will allow characters on Sora AI video generatorWhat Makes Us Happy this Week:Paige - Twinkly Christmas LightsJack - 3D printed underwear for the multiboard desk organizationTJ - MammothThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

Targeting Adversary Vulnerabilities and Future Fleet Architecture: Colleague Jerry Hendrix highlights the economic vulnerability of adversaries like China, who rely heavily on sea lanes for energy and resources, outlining a future fleet architecture targeting over 450 ships and emphasizing the critical role of unmanned surface vessels and an expanded logistics force to sustain global naval operations. 1940 IMPERIAL NAVY HQ

In recent months, Ireland's defense posture has come under renewed scrutiny, from concerns about our capacity to monitor our own airspace to wider questions about how prepared we are for emerging geopolitical threats. Anton takes a closer look at what Ireland's vulnerabilities actually are, why they matter, and what kind of response is realistically required. Joining Anton is Stephen Collins, columnist and former political editor of The Irish Times; Cathal Berry, former Independent TD and former Commandant in the Army Ranger Wing; and Raluca Saceanu, CEO of Smartech247.

12/12/25: MTA Pres Max Page & Berkshire Comm Coll Pres Ellen Kennedy: big threats to higher ed but reasons for optimism Free Press Co-Pres Craig Aaron: Trumps' EO prohibiting regul AI regulation, media mergers' threat to 1st Am. Holyoke Mayor Joshua Garcia: Trump's DOE killing Sublime Systems' low-carbon cement production facility. Political Gold w/ Josh Silver: Trump's vulnerabilities, SCOTUS to kill the Voting Rights Act? redistricting & 2026. Donnabelle Casis w/ poet Matt Dunovan & artist Ligia Bouton on Emily Dickinson & “A Something Overtakes the Mind.”

Patch Tuesday. Federal prosecutors charge a Houston man with smuggling Nvidia chips to China, a Ukrainian woman for targeting critical infrastructure, and an Atlanta activist for wiping his phone. The power sector sees cyber threats doubling. The new Spiderman phishing kit slings its way across the dark web. Our guest is Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites.” The Pentagon unveils a killer chatbot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dick O'Brien, Principal Intelligence Analyst from Symantec and Carbon Black Threat Hunter Team, is discussing “Unwanted Gifts: Major Campaign Lures Targets with Fake Party Invites." Selected Reading Microsoft Patches 57 Vulnerabilities, Three Zero-Days (SecurityWeek) Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data (SecurityWeek) Adobe Patches Nearly 140 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider (SecurityWeek) Fortinet Patches Critical Authentication Bypass Vulnerabilities (SecurityWeek) Smuggling Ring Charged as Trump Okays Nvidia Sales to China (Gov Infosecurity) Cybersecurity in power: supply chain most vulnerable, varying confidence in resilience (Power Technology) Spiderman Phishing Kit Targets European Banks with Real-Time Credential Theft (Hackread) Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks (Bank Infosecurity) Ukrainian hacker charged with helping Russian hacktivist groups (Bleeping Computer) Man Charged for Wiping Phone Before CBP Could Search It (404 Media) Pete Hegseth Says the Pentagon's New Chatbot Will Make America 'More Lethal' (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Amy Gaeta, a researcher at the Centre for Drones and Culture and the Leverhulme Centre for the Future of Intelligence, discusses the how drones both uphold and subvert traditional masculine norms and the implications of their use in various contexts, from hobbyist communities to pornography. The conversation explores the complexities of gender dynamics in technology and the potential for systemic change in societal perceptions.Edited by: Meibel Dabodabo

nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm Ghostframe Phishing Kit The Ghostframe phishing kit uses iFrames and random subdomains to evade detection https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit WatchGuard Advisory WatchGuard released an update for its Firebox appliance, fixing ten vulnerabilities. Five of these are rated as High. https://www.watchguard.com/wgrd-psirt/advisories

Today, we're joined by Adam Markowitz, Co-Founder & CEO at Drata, the leader in AI-native trust management. We talk about:The good problems that come with hypergrowthThe most critical decision that drives successBeing intentional about culture The amplification effects of AI – and the risk that presentsFostering a culture to support the discomfort of rapid growth

AI-integrated tools, such as OpenAI's Atlas and Microsoft Teams, are introducing new trust and identity risks, particularly through vulnerabilities like prompt injections and guest access features. The Atlas browser, launched on October 21, 2025, has been identified as having security flaws that could allow attackers to inject harmful instructions. Similarly, Microsoft Teams has a vulnerability that permits attackers to bypass security protections when users join external tenants as guests. These developments highlight the fragility of AI integrations and the need for robust security measures in collaborative environments.The FBI has reported over $262 million in losses due to account takeover fraud schemes, with more than 5,100 complaints filed this year. Cybercriminals are employing social engineering tactics to gain unauthorized access to online banking and payroll accounts, often locking victims out by changing passwords. The FBI recommends that individuals monitor their financial accounts closely, use complex passwords, and enable multi-factor authentication to mitigate these risks. This trend underscores the importance of managing trust and identity in security practices, as attackers increasingly exploit human vulnerabilities rather than technical flaws.In the managed service provider (MSP) sector, a recent survey by OpenText Cybersecurity revealed that while 92% of MSPs are experiencing growth driven by interest in AI, fewer than half feel prepared to implement AI tools effectively. This marks a significant decline from the previous year's 90% readiness. Additionally, 71% of MSPs reported that their small and medium-sized business clients prefer bundled security solutions, indicating a shift towards integrated offerings that simplify decision-making for clients. The findings suggest that MSPs need to focus on data governance and readiness before deploying AI solutions.For MSPs and IT service leaders, the key takeaway is that modern security is increasingly about managing identity and data governance rather than merely adding more tools. As AI vulnerabilities and account takeover fraud become more prevalent, providers must prioritize establishing secure trust boundaries and effective data management practices. By doing so, MSPs can differentiate themselves in a competitive market, ensuring they are equipped to deliver secure AI solutions and meaningful automation to their clients. Three things to know today00:00 New AI, Collaboration, and Fraud Threats Underscore That Identity—not Infrastructure—is the Real Security Battleground05:15 Survey Shows MSPs Expanding Services Amid AI Interest, Yet True Opportunity Lies in Readiness and Governance07:45 New MSP Integrations, Funding, and AI Platforms Underscore the Shift Toward Identity and Data Governance as the True Control Plane This is the Business of Tech.     Supported by:  https://try.auvik.com/dave-switchhttps://scalepad.com/dave/

Episode SummaryAs AI systems become increasingly integrated into enterprise workflows, a new security frontier is emerging. In this episode of The Secure Developer, host Danny Allan speaks with Nicolas Dupont about the often-overlooked vulnerabilities hiding in vector databases and how they can be exploited to expose sensitive data.Show NotesAs organizations shift their focus from training massive models to deploying them for inference and ROI, they are increasingly centralizing proprietary data into vector databases to power RAG (Retrieval-Augmented Generation) and agentic workflows. However, these vector stores are frequently deployed with insufficient security measures, often relying on the dangerous misconception that vector embeddings are unintelligible one-way hashes.Nicolas Dupont explains that vector embeddings are simply dense representations of semantic meaning that can be inverted back to their original text or media formats relatively trivially. Because vector databases traditionally require plain text access to perform similarity searches efficiently, they often lack encryption-in-use, making them susceptible to data exfiltration and prompt injection attacks via context loading. This is particularly concerning when autonomous agents are over-provisioned with write access, potentially allowing malicious actors to poison the knowledge base or manipulate system prompts.The discussion highlights the need for a "secure by inception" approach, advocating for granular encryption that protects data even during processing without incurring massive performance penalties. Beyond security, this architectural rigor is essential for meeting privacy regulations like GDPR and HIPAA in regulated industries. The episode concludes with a look at the future of AI security, emphasizing that while AI can accelerate defense, attackers are simultaneously leveraging the same tools to create more sophisticated threats.LinksCyborgOWASP LLM Top 10Snyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss vulnerabilities in popular chat applications, particularly focusing on Line and WhatsApp. They explore the implications of these vulnerabilities for user privacy and security, emphasizing the importance of API security and rate limiting. The conversation then shifts to the integration of AI in the workplace, highlighting how companies are adapting to this technology and the challenges employees face in learning to use it effectively. Finally, they touch on the impact of AI on education and the need for responsible use of technology.----------------------------------------------------YouTube Video Link: https://youtu.be/zK3JKEcisfY----------------------------------------------------Documentation:https://www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionagehttps://www.bleepingcomputer.com/news/security/whatsapp-api-flaw-let-researchers-scrape-35-billion-accounts/https://www.wsj.com/tech/ai/ai-work-use-performance-reviews-1e8975df?mod=e2li----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Please enjoy this encore of T-Minus Deep Space. BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America's competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are ⁠Eric Conway,⁠ Vice President of Technology, and ⁠Joe Davis⁠, Cybersecurity Research Scientist  at ⁠Bigbear.ai.⁠  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on ⁠LinkedIn⁠ and ⁠Instagram⁠. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our ⁠media kit⁠. Contact us at ⁠space@n2k.com⁠ to request more info. Want to join us for an interview? Please send your pitch to ⁠space-editor@n2k.com⁠ and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

China's Debt Dilemma and Keir Starmer's Political Trouble — Joseph Sternberg — Sternberg analyzes China'scritical economic vulnerabilities, noting that its $2.2 trillion in global lending—partly channeled through the Belt and Road Initiative—faces mounting pressure from defaults and political resistance to Chinese asset ownership. Domestically, China restricts capital inflows to manage inflation and stabilize exchange rates. Sternberg also examines UK politics, noting that Labour leader Keir Starmer faces mounting political difficulties ahead of a challenging budget that lacks an articulated economic growth strategy. 1700 WINDSOR CASTLE

PolicyTracker journalist Camilla Mina speaks to Logan Scott, independent consultant and expert in Position, Navigation and Timing about GNSS interferences and its current challenges. They discuss jamming and spoofing but also interferences from other services and ways to mitigate them.

- Interview with Patrick Byrne on Election Fraud and Bolshevik Revolution (0:00) - CloudFlare Internet Outage and Vulnerabilities (2:03) - Brighteon's AI Engine and Decentralization Efforts (4:39) - Comparison of AI Engines: Brighteon vs. Google and X (8:02) - Special Report: Brighteon AI Slays Google Gemini 3 and Grok 4.1 (12:03) - Epstein Files and Political Manipulation (25:33) - Jeffrey Epstein's Role and the Depopulation Agenda (29:26) - Patrick Byrne's Role in Exposing Election Fraud (44:51) - The Role of Smartmatic and Election Manipulation (55:29) - The Future of Election Integrity and Trump's Role (1:04:09) - Critique of President's Actions and Internal Obstacles (1:06:16) - Threats and Resistance Within the Administration (1:19:11) - Personal Support and Criticism of Trump (1:20:18) - The Enemy Within and Traitorous Actions (1:21:29) - Availability and Impact of the Documentary and Book (1:23:08) - Grand Jury Impaneled and Final Remarks (1:24:13) For more updates, visit: http://www.brighteon.com/channel/hrreport  NaturalNews videos would not be possible without you, as always we remain passionately dedicated to our mission of educating people all over the world on the subject of natural healing remedies and personal liberty (food freedom, medical freedom, the freedom of speech, etc.). Together, we're helping create a better world, with more honest food labeling, reduced chemical contamination, the avoidance of toxic heavy metals and vastly increased scientific transparency. ▶️ Every dollar you spend at the Health Ranger Store goes toward helping us achieve important science and content goals for humanity: https://www.healthrangerstore.com/ ▶️ Sign Up For Our Newsletter: https://www.naturalnews.com/Readerregistration.html ▶️ Brighteon: https://www.brighteon.com/channels/hrreport ▶️ Join Our Social Network: https://brighteon.social/@HealthRanger ▶️ Check In Stock Products at: https://PrepWithMike.com

- Trump's Actions and Their Impact on His Supporters (0:11) - Michael Yahn's Dark Outlook for America (0:57) - Positive Interviews and Upcoming Content (2:28) - Trump's Attacks on MAGA Leaders (4:29) - Reactions to Trump's Actions (9:40) - The Future of the US Empire (29:54) - Michael Yahn's Analysis of Trump's Actions (59:26) - The Role of Zionist Interests in Trump's Actions (1:12:40) - The Impact of Trump's Actions on Global Politics (1:16:18) - The Future of the US and Global Economy (1:16:36) - Trump Administration's Economic Data and Globalist Agenda (1:16:53) - Financial System's Vulnerabilities and Job Losses (1:23:49) - Impact of AI and Job Replacement on the Economy (1:26:01) - Geopolitical Tensions and Water Crises (1:27:39) - China's Influence and Depopulation Efforts (1:31:40) - NATO's Decline and Russia's Military Advancements (1:32:49) - Economic Collapse and Manufacturing Decline (1:41:07) - Thailand's Self-Destruction and Drug Legalization (1:45:05) - Bitcoin's Vulnerabilities and Gold's Importance (1:49:06) - Final Thoughts on Economic Collapse and Revolt (2:10:07) For more updates, visit: http://www.brighteon.com/channel/hrreport  NaturalNews videos would not be possible without you, as always we remain passionately dedicated to our mission of educating people all over the world on the subject of natural healing remedies and personal liberty (food freedom, medical freedom, the freedom of speech, etc.). Together, we're helping create a better world, with more honest food labeling, reduced chemical contamination, the avoidance of toxic heavy metals and vastly increased scientific transparency. ▶️ Every dollar you spend at the Health Ranger Store goes toward helping us achieve important science and content goals for humanity: https://www.healthrangerstore.com/ ▶️ Sign Up For Our Newsletter: https://www.naturalnews.com/Readerregistration.html ▶️ Brighteon: https://www.brighteon.com/channels/hrreport ▶️ Join Our Social Network: https://brighteon.social/@HealthRanger ▶️ Check In Stock Products at: https://PrepWithMike.com

AI is accelerating software delivery, but it's also introducing new security risks that most developers and automation engineers never see coming. In this episode, we explore how AI-generated code can embed vulnerabilities by default, how "vibe coding" is reshaping developer workflows, and what teams must do to secure their pipelines before bad code reaches production. You'll learn how to prompt more securely, how guardrails can stop vulnerabilities at generation time, how to prioritize real risks instead of false positives, and how AI can be used to protect your applications just as effectively as attackers use it to exploit them. Whether you're using Cursor, Copilot, Playwright MCP, or any AI tool in your automation workflow, this conversation gives you a clear roadmap for staying ahead of AI-driven vulnerabilities — without slowing down delivery. Featuring Sarit Tager, VP of Product for Application Security at Palo Alto Networks, who reveals real-world insights on securing AI-generated code, understanding modern attack surfaces, and creating a future-proof DevSecOps strategy.

SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Through Multiple Scripts An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks https://isc.sans.edu/diary/32480 sudo-rs vulnerabilities Two vulnerabilities were patched in sudo-rs, the version of sudo written in Rust, showing that while Rust does have an advantage when it comes to memory safety, there are plenty of other vulnerabilities to worry about https://ubuntu.com/security/notices/USN-7867-1 https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw?ref=itsfoss.com SANS Holiday Hack Challenge https://sans.org/HolidayHack

  In this episode of Cybersecurity Today, host Jim Love dives into several shocking security lapses and emerging threats. Highlights include ransomware negotiators at Digital Mint accused of being behind attacks, a new AI vulnerability that exploits Windows' built-in stack, and a misuse of OpenAI's API for command and control in malware operations. Additionally, AMD confirms a flaw in its Zen 5 CPUs that could lead to predictable encryption keys, and the Louvre faces scrutiny after a major theft reveals poor password practices and maintenance failures. The episode underscores the importance of basic security measures like strong passwords and regular audits despite advanced technological systems in place. 00:00 Introduction and Sponsor Message 00:48 Ransomware Negotiators Turned Hackers 02:08 AI Stack Vulnerabilities in Windows 04:04 Backdoor Exploits OpenAI's API 05:24 AMD's Encryption Key Flaw 06:59 Louvre Heist and Security Lapses 08:24 Conclusion and Call to Action

Imagine stepping into a role and discovering your predecessor had been severely underreporting vulnerabilities, leaving your systems 300 days behind on patches. Join G Mark Hardy and Ross Young in this riveting episode of CISO Tradecraft as they unveil a startling real-world scenario and a proven strategy to revolutionize your patching process. Learn how to tackle the ever-growing number of vulnerabilities, leverage AI and automation, and instill a culture of accountability and gamification among your team. With expert insights and practical steps, this episode is a must-watch for every cybersecurity leader looking to stay ahead of threats and secure their organization's future.Big thanks to our sponsor, Forcepoint. Check out how they can help you shut down ShadowAI. https://www.forcepoint.com/resources/ebooks/shadow-ai-security-guide?utm_source=linkedin&sf_src_cmpid=701a600000exxd7AAA&utm_medium=display&utm_content=AW_NC_LinkedInAds_October25_ban&utm_campaign=LinkedInAds_October25Slides can be found here: https://www.linkedin.com/posts/mrrossyoung_patch-or-perish-activity-7389964440546471936--I_F?utm_source=share&utm_medium=member_desktop&rcm=ACoAABnnk5MBYbK8I-lYgI25f6ro7t6rOeP-OdsChapters00:00 Introduction: The CISO Challenge 00:31 The Importance of Data Security 01:05 Welcome to CISO Tradecraft 02:01 Ross Young's Patching Journey 03:34 The Growing Threat of Vulnerabilities 05:16 AI and Cybersecurity 07:34 Developing a Comprehensive Security Approach 10:51 Accountability and Metrics 15:30 Improving Vulnerability Management Processes 19:28 Advanced Tooling and Automation 23:16 Future Trends in Cybersecurity 27:06 Conclusion: Adapting to the Future

Bottom line is any person in your life will always treat you exactly how you've taught them to treat you and how you've allowed them to treat you! It doesn't matter who the individaul is, they will do to you what you allow them to get away with! You teach your significant other exactly how he or she can treat you because you show your vulnerabilities out of what you perceive is love, when it has nothing to do with love. A person who truly loves you should enhance your life, not use, abuse, or control you! Most people don't have a clue of what love is because they've never learned to love self first!Become a supporter of this podcast: https://www.spreaker.com/podcast/relationships-and-relatable-life-chronicles--4126439/support.

In light of Kathryn Bigelow's new political thriller A House of Dynamite, this week's episode explores how Steven Spielberg's 1975 classic Jaws reveals the inherent weaknesses of democracy in times of crisis.We also discuss:A House of Dynamite (2025) d. Kathryn BigelowContact UsEmail: contact@jimmybernasconi.comInstagram: https://www.instagram.com/filmsfortoday/?hl=en

In this episode of 'Cybersecurity Today,' the panel, including Laura Payne from White TOK and David Shipley from Boer on Securities, reviews the major cybersecurity events of October. Key topics include DNS failures at AWS and Microsoft, the rise of AI and its associated security concerns, and several severe cloud and on-premises vulnerabilities in platforms like SharePoint and WSUS. The discussion highlights a surge in sophisticated phishing threats, the integration of AI in cyber attacks, and the critical importance of multifactor authentication. The panel also examines the implications of recent security breaches affecting critical infrastructure and the broader impact of cybersecurity on financial sectors. Ethical concerns about AI's use in creating inappropriate content and the urgent need for better regulatory frameworks for tech and cloud providers are underscored. The episode concludes with a humorous moment as Jim dons a gifted white TOK, bringing a smile to the discussion. 00:00 Introduction and Sponsor Message 00:18 Panel Introduction and AI Discussion 01:02 Cloud Outages and Their Impact 02:52 DNS and Internet Fragility 07:07 Botnets and Cybersecurity Threats 14:09 Industrial Control Systems Vulnerabilities 26:29 AI in Cybersecurity 35:37 Voice Deepfakes and Authentication Risks 38:32 Creative Scams and Real-Time Voice Translators 39:22 The Importance of Safe Words and Persistent Surveillance Issues 40:17 Hybrid Scams and Financial Crimes in Canada 41:44 Corporate Reputation and Financial Crimes Agency 42:41 Challenges with Digital Banking and Security 44:49 The Role of AI and Security in Financial Transactions 45:55 The Impact of Open Banking and Real-Time Payments 50:57 Email Filters and Cybersecurity Awareness 58:03 Microsoft's Security Challenges and Vulnerabilities 01:03:39 Legal Consequences for Cybercriminals 01:12:17 Final Thoughts and Acknowledgements

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

The Debrief Report: Attempt to serve legal papers on UN Rapporteur Albanese exposes bureaucratic vulnerabilities in SA by Radio Islam

I know you're out there. The developer who watches their colleagues enthusiastically embrace Claude Code and Cursor, having AI write entire feature sets while you proudly type every semicolon by hand. The founder who sees AI-generated code as a ticking time bomb of bugs and security vulnerabilities. The software entrepreneur who believes that real code comes from human minds, not language models.This one's for you.This episode of The Bootstraped Founder is sponsored by Paddle.comYou'll find the Black Friday Guide here: https://www.paddle.com/learn/grow-beyond-black-fridayThe blog post: https://thebootstrappedfounder.com/ai-for-the-code-writing-purist-how-to-use-ai-without-surrendering-your-keyboard/The podcast episode:  https://tbf.fm/episodes/420-ai-for-the-code-writing-purist-how-to-use-ai-without-surrendering-your-keyboardCheck out Podscan, the Podcast database that transcribes every podcast episode out there minutes after it gets released: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

In this episode of the Unsecurity Podcast, hosted by Megan Larkins and Brad Nigh from FRSecure, we are joined by Pinky from the IR team to dive deep into the pressing cybersecurity challenges as the holiday season approaches.From early breaches to the increasing sophistication of AI in phishing attacks, discover how attackers are evolving their tactics. The trio discusses the impact of VPN vulnerabilities, the rise of AI-enabled chatbots in ransomware scenarios, and how businesses can prepare for the uptick in threats during this busy time of year.Whether you're an IT professional or just curious about cybersecurity, this episode is packed with valuable insights.Don't miss out!-- Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

402-521-3080In this conversation, Stephanie Olson and Rebecca Saunders explore the complexities and misconceptions surrounding human trafficking. They react to various media portrayals, debunk myths about age and vulnerability, and share cautionary tales for job seekers. The discussion emphasizes the importance of awareness, intuition, and understanding the realities of trafficking beyond sensationalized narratives.takeawaysHuman trafficking is often misunderstood and misrepresented in media.Grooming is a common tactic used by traffickers, rather than outright kidnapping.All age groups can be victims of trafficking, not just children.Vulnerable populations, including those with mental health issues, are at risk.Job seekers should be cautious of red flags during interviews.Intuition plays a crucial role in recognizing potentially dangerous situations.Misconceptions about trafficking can lead to fear and misinformation.Target and similar stores are often wrongly associated with trafficking incidents.Trafficking can occur without physical transportation of victims.It's important to define trafficking accurately to understand its implications.Sound Bites"Human trafficking is a business.""All ages are being trafficked.""Pay attention to your intuition."Chapters00:00 Introduction to Reaction Videos on Human Trafficking01:35 Debunking Myths About Human Trafficking in Public Spaces10:07 Understanding the Grooming Process in Trafficking12:29 The Reality of Kidnapping and Trafficking13:59 Exploring Trafficking of Older Adults15:38 Clarifying Misconceptions About Trafficking and Transportation20:15 Addressing Vulnerabilities and Misconceptions in Trafficking21:55 Understanding Trafficking Risks Across Age Groups28:10 The Complexity of Human Trafficking28:58 Job Seekers and Trafficking Awareness33:08 Red Flags in Job Interviews40:25 Final Thoughts on Safety and Vigilance42:18 R&R Outro.mp4Support the showEveryone has resilience, but what does that mean, and how do we use it in life and leadership? Join Stephanie Olson, an expert in resiliency and trauma, every week as she talks to other experts living lives of resilience. Stephanie also shares her own stories of addictions, disordered eating, domestic and sexual violence, abandonment, and trauma, and shares the everyday struggles and joys of everyday life. As a wife, mom, and CEO she gives commentaries and, sometimes, a few rants to shed light on what makes a person resilient. So, if you have experienced adversity in life in any way and want to learn how to better lead your family, your workplace, and, well, your life, this podcast is for you!https://setmefreeproject.net https://www.stephanieolson.com/

Cameron discusses the essential mindset and strategies for practice owners in the medical aesthetics field. He emphasizes the importance of maximizing time, intentional leadership, and the need for a disciplined morning routine. He also highlights the significance of working on the business rather than in it, understanding key performance indicators (KPIs), and the role of effective leadership in achieving success. The conversation concludes with a call to action for practice owners to embrace their entrepreneurial identity and focus on growth.Listen In!Thank you for listening to this episode of Medical Millionaire!Takeaways:Maximize your time to deliver value to clients.Mindset is crucial for success in practice ownership.Vulnerabilities should be viewed as opportunities for growth.Intentional leadership drives enterprise growth.Focus on signal, not noise, in business operations.Establish a disciplined morning routine for success.Work on your business, not just in it.Understand and track your KPIs for better decision-making.Leadership is a daily commitment, not just a title.Every successful entrepreneur has a coach or mentor.Unlock the Secrets to Success in Medical Aesthetics & Wellness with "Medical Millionaire"Welcome to "Medical Millionaire," the essential podcast for owners and entrepreneurs inMedspas, Plastic Surgery, Dermatology, Cosmetic Dental, and Elective Wellness Practices! Dive deep into marketing strategies, scaling your medical practice, attracting high-end clients, and staying ahead with the latest industry trends. Our episodes are packed with insights from industry leaders to boost revenue, enhance patient satisfaction, and master marketing techniques.Our Host, Cameron Hemphill, has been in Aesthetics for over 10 years and has supported over 1,000 Practices, including 2,300 providers. He has worked with some of the industry's most well-recognized brands, practice owners, and key opinion leaders.Tune in every week to transform your practice into a thriving, profitable venture with expert guidance on the following categories...-Marketing-CRM-Patient Bookings-Industry Trends Backed By Data-EMR's-Finance-Sales-Mindset-Workflow Automation-Technology-Tech Stack-Patient RetentionLearn how to take your Medical Aesthetics Practice from the following stages....-Startup-Growth-Optimize-Exit Inquire Here:http://get.growth99.com/mm/

In this episode of Hashtag Trending, host Jim Love discusses several key topics. An $800 experiment reveals that many satellites over North America transmit unencrypted sensitive data, including phone calls and military communications. Starlink demonstrates its capability by achieving 10 gigabit speeds on a cruise ship while dealing with congestion issues. Microsoft is betting on a voice-first future for PCs with its new AI-driven features in Windows 11. Finally, the episode highlights the growing vulnerabilities of businesses as they become increasingly dependent on cloud services amidst internet outages. 00:00 Introduction and Headlines 00:27 Unencrypted Satellite Data Exposed 02:47 Starlink's Impressive Speeds and Challenges 05:46 Microsoft's Vision for AI-Powered PCs 08:41 The Risks of Cloud Dependency 10:55 Conclusion and Upcoming Topics

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging vulnerabilities, and how to submit those bugs to open source projects responsibly. It's a very sane and realistic conversation about what AI tools can and can't do, and how humans should be interacting with these things. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-10-ai-joshua-rogers/

Join us for another episode of the Unsecurity Podcast as Megan, Brad, and Seth Bowling, lead researcher and developer at FRSecure, dive into the evolving landscape of cybersecurity for city and county governments.Seth shares how Mirrored Defense's innovative heat map visualizes the attack surface across the U.S. and presents surprising findings from their research. The trio discusses the challenges and vulnerabilities faced by local governments, the importance of proactive security measures, and how Project Broken Mirror aims to raise awareness by providing public service solutions.The crew also discusses Seth's efforts to kick-start FRSecure's vulnerability management and conditional access policy initiatives.Whether you're a cybersecurity professional or an interested citizen, this episode offers valuable insights into protecting our critical infrastructure.Don't miss out on this engaging discussion and find out how you can get involved!--Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Google DeepMind's AI agent finds and fixes vulnerabilities  California law lets consumers universally opt out of data sharing China-Nexus actors weaponize 'Nezha' open source tool Huge thanks to our sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

Podcast: Industrial Cybersecurity InsiderEpisode: Hidden Cybersecurity Vulnerabilities in Today's Data CentersPub date: 2025-10-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure. While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected. Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption. Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.Chapters:- 00:00:00 - Meet Scott Cargill of BW Design Group- 00:02:30 - Data centers expanding for AI- 00:04:40 - Critical BMS vulnerabilities being ignored- 00:07:40 - Alarming OT security reality- 00:09:40 - Why OT security remains deprioritized- 00:12:10 - IT-OT security convergence challenges persist- 00:16:35 - Manufacturing parallels to data centers- 00:20:10 - Security solutions evolution underway- 00:21:45 - Managed services necessity for OT- 00:24:42 - Thought leadership driving industry standardsLinks and Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityScott Cargill on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Join guest host Dr. Liz Specht for a conversation with Nicole Favreau Farhadi, Senior Research Biochemist at the Army Combat Capabilities Development Command's (DEVCOM) Soldier Center, Combat Feeding Division (CFD). This episode, the final installment of our five-part biomanufacturing series, explores food research within the Department of Defense and the intersection of food biomanufacturing innovation with warfighter readiness. The discussion highlights the Defense Department's responsibilities in combat feeding, logistical vulnerabilities in military food systems, the integration of new biotechnologies for food processing, and the optimization of combat rations for nutrient density, weight, and shelf life. Learn More: DEVCOM: https://sc.devcom.army.mil/who-we-are/ Joint Culinary Center of Excellence (JCCoE): https://quartermaster.army.mil/jccoe/jccoe_main.html Close Combat Assault Ration (CCAR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/Close-Combat-Assault-Ration/ Unitized Group Ration (UGR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/UGR-HS/ To receive updates about the conference please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up http://emergingtechnologiesinstitute.org https://www.facebook.com/EmergingTechETI https://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

Join guest host Dr. Liz Specht for a conversation with Nicole Favreau Farhadi, Senior Research Biochemist at the Army Combat Capabilities Development Command's (DEVCOM) Soldier Center, Combat Feeding Division (CFD). This episode, the final installment of our five-part biomanufacturing series, explores food research within the Department of Defense and the intersection of food biomanufacturing innovation with warfighter readiness. The discussion highlights the Defense Department's responsibilities in combat feeding, logistical vulnerabilities in military food systems, the integration of new biotechnologies for food processing, and the optimization of combat rations for nutrient density, weight, and shelf life.Learn More:DEVCOM: https://sc.devcom.army.mil/who-we-are/Joint Culinary Center of Excellence (JCCoE): https://quartermaster.army.mil/jccoe/jccoe_main.htmlClose Combat Assault Ration (CCAR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/Close-Combat-Assault-Ration/Unitized Group Ration (UGR): https://www.dla.mil/Troop-Support/Subsistence/Operational-rations/UGR-HS/To receive updates about the conference please join our mailing list here: https://www.emergingtechnologiesinstitute.org/sign-up http://emergingtechnologiesinstitute.org https://www.facebook.com/EmergingTechETI https://www.linkedin.com/company/ndia-eti-emerging-technologies-institute https://www.twitter.com/EmergingTechETI

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

This episode features Professor Annika Rudman and RWI Senior Researcher Alejandro Fuentes in a discussion on women's rights, gender inequality, and intersectional vulnerabilities. It is part of RWI's Regional Africa Programme and connects to our newly published book marking 20 years since the adoption of the Maputo Protocol. The publication explores what substantive transformative equality means in practice within African continental and regional human rights systems, addressing a wide range of issues including gender-based discrimination, abuse, exploitation, and violence.

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

Former CIA officer Mike Baker joins Dr. Phil to expose China's long-game intelligence play from IP theft to border infiltration and land grabs near U.S. military sites.   Dr. Phil talks with Mike Baker, host of The President's Daily Brief Podcast, former CIA covert ops officer, and cofounder of Portman Square Group to dissect the threats shaping America's future security. From China's long-horizon intelligence strategy and relentless intellectual property theft, to suspicious border crossings, cyber probing of U.S. infrastructure, and farmland acquisitions near military bases—this conversation connects the dots on a silent war unfolding in plain sight. Baker reveals how these moves aren't isolated incidents, but part of a systemic campaign to weaken America's resilience. Dr. Phil pushes the discussion further: What are the psychological effects of living under constant, invisible threats? Are Americans prepared mentally and structurally for disruption on this scale? Thank you to our sponsors: Chapter: For free and unbiased Medicare help, dial 352-845-0659 or go to https://askchapter.org/PHIL    Disclaimer: Chapter and its affiliates are not connected with or endorsed by any government entity or the federal Medicare program. Chapter Advisory, LLC represents Medicare Advantage HMO, PPO, and PFFS organizations and stand alone prescription drug plans that have a Medicare contract. Enrollment depends on the plan's contract renewal. While we have a database of every Medicare plan nationwide and can help you to search among all plans, we have contracts with many but not all plans. As a result, we do not offer every plan available in your area. Currently we represent 50 organizations which offer 18,160 products nationwide. We search and recommend all plans, even those we don't directly offer. You can contact a licensed Chapter agent to find out the number of products available in your specific area. Please contact Medicare.gov, 1-800-Medicare, or your local State Health Insurance Program (SHIP) to get information on all of your options. Greenlight: Raise financially smart kids. Start your risk-free trial today! Visit https://Greenlight.com/phil 

I've spent years talking about endpoint security, yet printers rarely enter the conversation. Today, that blind spot takes center stage. I'm joined by Jim LaRoe, CEO of Symphion, to unpack why printers now represent one of the most exposed corners of the enterprise and what can be done about it. Jim's team protects fleets that range from a few hundred devices to tens of thousands, and the picture he paints is stark. In many organizations, printers make up 20 to 30 percent of endpoints, and almost all of them are left in a factory default state. That means open ports, default passwords, and little to no monitoring. Pair that with the sensitive data printers receive, process, and store, plus the privileged connections they hold to email and file servers, and you start to see why attackers love them. We trace Symphion's path from a configuration management roots story in 1999 to a pivot in 2015 when a major printer manufacturer invited the company behind the curtain. What they found was a parallel universe to mainstream IT. Brand silos, disparate operating systems, and a culture that treated printers as cost items rather than connected computers. Add in the human factor, where technicians reset devices to factory defaults after service as second nature, and you have a recipe for recurring vulnerabilities that never make it into a SOC dashboard. Jim explains how Symphion's Print Fleet Cybersecurity as a Service tackles this mess with cross-brand software, professional operations, and proven processes delivered for a simple per-device price. The model is designed to remove operational burden from IT teams. Automated daily monitoring detects drift, same-day remediation resets hardened controls, and comprehensive reporting supports regulatory needs in sectors like healthcare where compliance is non-negotiable. The goal is steady cyber hygiene for printers that mirrors what enterprises already expect for servers and PCs, without cobbling together multiple vendor tools, licenses, and extra headcount to operate them. We also talk about the hidden costs of DIY printer security. Licensing multiple management platforms for different brands, training staff who already have full plates, and outages caused by misconfigurations all add up. Jim shares real-world perspectives from organizations that tried to patch together a solution before calling in help. The pattern is familiar. Costs creep. Vulnerabilities reappear. Incidents push the topic onto the CISO's agenda. Symphion's pitch is straightforward. Treat print fleets like any other class of critical infrastructure in the enterprise, and measure outcomes in risk reduction, time saved, and fewer surprises. If you are commuting while listening and now hearing alarm bells, you are not alone. Think about the printers scattered across your offices and clinics. Consider the data that passes through them every day. Then picture an attacker who finds default credentials in minutes and uses a printer to move across your network.  Tune in for a fast, practical look at a risk hiding in plain sight, and learn how Symphion's Print Fleet Cybersecurity as a Service can help you close a gap that attackers know too well. ********* Visit the Sponsor of Tech Talks Network: Land your first job  in tech in 6 months as a Software QA Engineering Bootcamp with Careerist https://crst.co/OGCLA  

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management. Chapters00:00 Introduction and Guest Welcome00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast02:12 Meet Todd Beardsley: From Hacker to Security Research VP03:58 The Evolution of Vulnerabilities and Patching07:06 Understanding CVE Numbering and Exploitation14:01 The Role of Attribution in Cybersecurity16:48 Cyber Warfare and Global Threat Landscape20:18 The Rise of International Hacking22:01 Delegation of Duties in Offensive Warfare22:25 The Role of Companies in Cyber Defense23:00 Attack Vectors and Exploits24:25 Real-World Scenarios and Threats28:46 The Importance of Communication Skills for CISOs31:42 Ransomware: A Divisive Topic38:39 Actionable Steps for Security Executives

BigBear.ai is at the forefront of innovation for national security, and is committed to supporting the critical infrastructure driving America's competitive edge. The company deploys cutting-edge Al, machine learning, and computer vision solutions to defend critical operations and win with decision advantage. Our guests are Eric Conway, Vice President of Technology, and Joe Davis, Cybersecurity Research Scientist  at Bigbear.ai.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

"Revelation" is about exposing what's hidden: Vulnerabilities, Truths, and the role of hackers in revealing them.In this conversation, Casey John Ellis, founder of Bugcrowd, shares his journey from a curious child fascinated by technology to a pioneer in crowdsourced security. He discusses the evolution of bug bounty programs, the importance of community in cybersecurity, and the challenges of scaling a startup. Casey also emphasizes the need for good faith hackers, the role of AI in security, and the importance of mentorship in entrepreneurship. He reflects on the changing landscape of cybersecurity and the necessity for collaboration between generations in the field.00:00 - Introduction and Technical Challenges02:02 - Casey Ellis: A Journey into Hacking04:50 - Pioneering Crowdsourced Security with Bug Crowd07:36 - Building a Community of Hackers10:36 - Scaling Bug Crowd: Achievements and Growth13:35 - Unexpected Bug Bounty Submissions16:32 - Testing Infrastructure: Virtualization and Real-World Applications19:14 - Advocating for Good Faith Cybersecurity Research22:11 - Government Engagement and Cyber Policy25:03 - Adapting to the Current Threat Landscape26:41 - The Evolving Landscape of Cybersecurity29:58 - AI and Human Collaboration in Security34:22 - The Gray Areas of Cyber Ethics39:50 - Lessons in Entrepreneurship and Leadership44:17 - Generational Shifts in Cybersecurity Media46:40 - Finding Balance: Hobbies and Downtime48:24 - Imagining a Cybersecurity-Themed BarSYMLINKS[ Casey John Ellis Blog - https://cje.io ]The personal website of Casey John Ellis, featuring his writings and insights on cybersecurity, hacker rights, and vulnerability research.[ LinkedIn - https://www.linkedin.com/in/caseyjohnellis ]Casey's professional profile where he shares career updates and connects with the cybersecurity community.[ Bluesky - https://caseyjohnellis.bsky.social ]Casey's Bluesky account for sharing thoughts and engaging with the infosec community.[ Mastodon - https://infosec.exchange/@caseyjohnellis ]Casey's Mastodon profile on Infosec Exchange, where he posts updates and insights for the federated social community.[ X/Twitter - https://x.com/caseyjohnellis ]Casey's main microblogging profile where he actively shares cybersecurity insights and hacker advocacy.[ Linktree - https://linktr.ee/caseyjohnellis ]A hub linking to all of Casey's active social profiles and resources.[ BugCrowd - https://www.bugcrowd.com ]A leading crowdsourced security platform that connects organizations with a global hacker community to find and fix vulnerabilities.[ Disclose.io - https://disclose.io ]An open-source project standardizing best practices for vulnerability disclosure programs, enabling safe collaboration between researchers and organizations.

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less