Podcasts about Zero Days

Modern cloud environments are evolving faster than traditional security models can keep up. In this episode, we sit down with Yarin Pinyan, VP Products at Upwind, to explore how real-time runtime visibility and behavioral baselining are reshaping how organizations detect and respond to threats, especially zero-day and supply chain attacks that emerge before signatures or CVEs exist. We'll also discuss how AI is enabling a new generation of cloud security, where detection, investigation, and response happen continuously and automatically. The conversation highlights how organizations can reduce risk, improve operational efficiency, and protect critical workloads in dynamic, cloud-native environments.AWS MP offering: https://aws.amazon.com/marketplace/pp/prodview-ff3am62vjukrw?sr=0-1&ref_=beagle&applicationId=AWSMPContessaWebsite: https://www.upwind.io/Customer success story: https://www.upwind.io/case-studiesAWS Hosts: Nolan Chen & Ashok MahajanEmail Your Feedback: rethinkpodcast@amazon.com

In der neuen Folge von Breach FM melde ich mich aus Helsinki, wo es derzeit nicht dunkel wird, Max Imbiel darf glücklicherweise wieder im Homeoffice sein. The Record from Recorded Future News berichtet, dass Shyam Sankar, CTO von Palantir und seit über 20 Jahren im Unternehmen, als führender Kandidat für die seit Januar 2025 vakante CISA-Direktorenstelle gilt. Das White House dementierte mit "at this time this is not accurate" – was kein Dementi ist. Relevant wird die Personalie vor allem im zeitlichen Zusammenhang mit der neuen KI-Executive-Order, die die CISA erstmals mit durchsetzungsfähigen Binding Operational Directives ausstattet. Von Cyber-Koordinator zur KI-Governance-Behörde – wir haben da kein gutes Bauchgefühl.Das Kernthema bringt Max: der Nightmare-Eclipse-Eklat bei Microsoft. Der Researcher hat zwischen April und Mitte Mai sechs Windows-Zero-Days veröffentlicht – BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma und MiniPlasma – alle ohne vorherige Koordination. Microsoft reagierte mit juristischen Drohungen, ruderte nach Community-Aufschrei zurück. Drei Exploits wurden aktiv ausgenutzt und ins KEV aufgenommen. Adam Shostack, Mitbegründer von Microsofts eigenem Threat-Modeling-Ansatz, kritisierte den Umgang offen. Der Kernvorwurf: Microsoft hält sich selbst nicht an seinen CVD-Prozess – Researcher spielen Bugs jetzt lieber untereinander weiter. Der Schaden trifft alle Nutzer.Dann der Meta-Instagram-"Hack": Angreifer nutzten den Meta-KI-Support-Chatbot, um einfach eine neue E-Mail-Adresse am Zielkonto zu hinterlegen – der Bot schickte den Reset-Code dorthin, ohne zu verifizieren. Mindestens 20.225 Konten betroffen, darunter der Obama-White-House-Account. Angriffsfenster: sieben Wochen. Moral: Schreibrechte gehören nicht in Chatbots im Authentifizierungsflow – und 2FA aktivieren.Shyam Sankar / CISA-Nominierung (The Record) https://therecord.media/trump-considers-palantir-exec-to-lead-cisaNightmare Eclipse: alle sechs Zero-Days im Überblick https://cipherssecurity.com/nightmare-eclipse-microsoft-windows-zero-day/Microsoft Statement zu CVD und Nightmare Eclipse https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/Meta Instagram Chatbot-Hack (404 Media) https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/Meta bestätigt 20.225 betroffene Konten https://this.weekinsecurity.com/meta-confirms-thousands-of-instagram-accounts-were-hacked-by-abusing-its-ai-chatbot/

Host Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure process, and backlash to Microsoft's initially threatening tone before it was partially walked back; the panel debates responsible disclosure, the need for researcher support/organization, transparency vs liability, and how vulnerability reporting is straining under volume. They then examine a White House AI executive order focused on voluntary measures and 30-day model access, criticizing the lack of basic safety and cybersecurity protections amid FOMO about losing to China and an AI investment bubble. The conversation covers AI-driven harms and studies on reduced brain activity and "cognitive surrender," while noting benefits when AI is used as a tutor. Shipley highlights Canada's Senate passing Bill C-8 on critical infrastructure cybersecurity, and the group urges outcome-focused security, architecture/risk prioritization, and critical thinking against AI-enabled social engineering. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. 00:00 Sponsor Message 00:24 Show Welcome Panel 01:17 Microsoft Zero Day Fallout 04:19 Researcher Backlash Drama 06:46 Unionizing Bug Hunters 13:10 Product Liability Debate 23:23 Regulation vs Transparency 26:00 AI Bubble Investor Risk 28:01 White House AI Order 32:24 Cybersecurity Gaps Telecom 33:19 Telecom Trust Breakdown 34:32 AI Harms and Exploitation 35:36 Studies on Cognitive Surrender 38:13 Markets Regulation and Politics 40:13 Canada Cyber Law Win 42:33 Adoption Hype and Subsidy Bubble 48:50 Patch Deluge and AppSec Strain 52:10 Defenses Beyond Patching 54:17 Outcomes Critical Thinking and CIA 01:01:49 Education Disruption and Closing 01:04:14 Sponsor Message Material Security

This week's Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.

In this episode of Phoenix Cast, hosts John and Kyle break down a packed week in cyber: the Canvas ed-tech breach by Shiny Hunters that hit 9,000 schools and 275 million records right at testing season (both of their kids' schools are scrambling to go non-digital), Firefox's eye-opening collaboration with Anthropic's Mythos model that surfaced 271 vulnerabilities in a single release for a fraction of the cost of a traditional bug bounty, and the Dirty Frag Linux kernel zero-day that escalates to root in seconds — but whose fix breaks IPsec VPNs and file sharing. They also dig into the new MAR ADMIN making AI training mandatory for every Marine, and John collects on Kyle's gaslighting from two episodes ago about model quality degradation (Anthropic basically said "whoops"). Stick around for John's hot take that ASIs — Authorized Service Interruptions — are officially dead in a world where chained vulnerabilities and 271 patches can drop in a single release.We'd love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links - Canvas Hack:Canvas Login Portals Hacked - ShinyHunters Extortion Campaign (BleepingComputer)https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/Hackers Deface School Login Pages After Claiming Another Instructure Hack (TechCrunch)https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/2026 Canvas Security Incident (Wikipedia)https://en.wikipedia.org/wiki/2026_Canvas_security_incidentLinks - Firefox Using Mythos:Claude Mythos Has Found 271 Zero-Days in Firefox (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.htmlThe Zero-Days Are Numbered (Mozilla Blog)https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/Behind the Scenes Hardening Firefox with Claude Mythos Preview (Mozilla Hacks)https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/Claude Mythos Finds 271 Firefox Flaws, Mozilla Believes It Shifts Security Toward Defenders (Help Net Security)https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/Mythos and Cybersecurity (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/mythos-and-cybersecurity.htmlLinks - Dirty Frag:New Linux ‘Dirty Frag' Zero-Day With PoC Exploit Gives Root Privileges (BleepingComputer)https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News)https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.htmlActive Attack: Dirty Frag Linux Vulnerability Expands Post-Compromise Risk (Microsoft Security Blog)https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/RHSB-2026-003 Networking Subsystem Privilege Escalation - Linux Kernel (Red Hat)https://access.redhat.com/security/vulnerabilities/RHSB-2026-003Dirty Frag PoC Exploit (V4bel/dirtyfrag GitHub)https://github.com/V4bel/dirtyfrag

Entrevista con Luis Alonso Talavera, CEO de Zerodays.

Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle.The big takeaway isn't that AI has magically replaced attackers, but that it's making certain workflows faster, more scalable, and more repeatable. More importantly, AI platforms, agent skills, integrations, and dependencies are now becoming targets themselves.Topics covered include:AI for vulnerability discovery and exploit development: Google's first confirmed case of a zero-day exploit developed entirely with AI, including intentional prompts like "You are currently a network security expert specializing in embedded devices"Claude skills weaponization: A distilled knowledge base of over 85,000 real-world vulnerability cases integrated into AI research workflowsAutomation and scaled research: APT45 sending thousands of repetitive prompts to recursively analyze CVEs and validate proof-of-concept exploitsAI-powered obfuscation techniques: Dynamic modification, evasive payload generation, and decoy logic using Gemini API for just-in-time VBScript obfuscationAutonomous attack orchestration: Moving beyond content generation into sophisticated malware command automation, including PromptSpy navigating Android UI for persistenceAI-enhanced reconnaissance: Generating detailed organizational hierarchies and third-party relationships for high-value targets in finance, security, and HR departmentsInformation operations and deepfakes: Taking legitimate journalist videos, editing in fabricated content, and adding AI-generated voiceoversAttacking AI dependencies: TeamPCP (UNC6780) targeting AI environments as initial access vectors, including March 2026 supply chain attacks on Trivy, Checkmarx, and LiteLLMThe Mini Shai-Hulud worm: May 2026 attacks targeting AI infrastructure and dependenciesDefensive fundamentals: Why inventory, zero trust principles, and behavioral monitoring matter more than everBrad and Spencer emphasize that while the threat landscape is evolving rapidly, doubling down on foundational security practices remains the most effective defense strategy.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

For an intelligence officer, a Zero Day is the ultimate skeleton key for gathering signals intelligence without leaving a footprint. We dive into the secret marketplace the tech world where these vulnerabilities are bought and sold by state actors to facilitate long-term surveillance. Discover the tradecraft behind maintaining access to "hard targets" before the defense even realizes the door is unlocked.

Investing and trading are often treated as opposing strategies, but the real advantage comes from knowing how to use both effectively. Long-term investing builds wealth through discipline and compounding, while trading can create short-term opportunities to enhance returns or manage risk. Lance Roberts & Jon Penn break down the key differences between investing and trading, when each approach makes sense, and how to structure a portfolio that incorporates both without letting emotion or overactivity take control. We discuss time horizons, risk management, position sizing, and how to avoid the common mistake of letting short-term trades derail long-term financial goals. Key topics include: 0:00 - INTRO 0:58 - Hormuz Headlines & Market Gyrations 5:16 - Market Volume Spreads & Correction Targets 10:11 - The Story of Cinco de Mayo & Taco Tuesday 13:34 - Trading vs Investing 14:45 - Proposed Ban on Prediction Markets in Texas 16:07 - Zero Days to Expiration: The Ultimate Gamble 18:06 - Psychological Effects of Prediction Markets - the tax on the poor 21:18 - Who's Making the Money? 22:54 - Warren Buffett's Pile of Cash 25:36 - We Want to Believe Fundamentals Matter 28:04 - What Are Your Top-five Stocks? 30:05 - Binary Outcomes - All or Nothing 31:42 - Markets are Expensive 33:31 - When Buy & Hold Fails 36:10 - Protect Capital - The Value of Time 39:02 - Sequence of Returns Risk 40:14 - What to do with Cash Hosted by RIA Advisors Chief Investment Strategist, Lance Roberts, CIO, w Senior Investment Advisor, Jonathan Penn, CFP Produced by Brent Clanton, Executive Producer ------- Do you enjoy our content? Rate us on Google: https://bit.ly/4b9JtEo ------- Watch Today's Full Video on our YouTube Channel: https://youtube.com/live/LGDW2OXJ6oo ------- Watch today's "Before the Bell" feature, "Cooling-Off Correction Ahead," here: https://youtu.be/LbNhP30VHio ------- Watch our previous show, "Summer Sell-Off Risk Rising," https://youtube.com/live/h2Bku-whRmY ------- * REGISTER for our next Candid Coffee, Saturday, May 16: "Financial Organization Made Simple:" https://streamyard.com/watch/SA6aj2aMdMhf -------- Resources Mentioned in Today's Show: "Hormuz: Why Markets Are Shrugging Off The Oil Shock" https://realinvestmentadvice.com/resources/blog/hormuz-why-markets-are-shrugging-off-the-oil-shock/ "The Dollar's Funeral Keeps Getting Rescheduled" https://realinvestmentadvice.com/resources/blog/the-dollars-funeral-keeps-getting-rescheduled/ ------- Download Lance's Latest e-book, "Laws of Money & Wealth:"https://realinvestmentadvice.com/ria-e-guide-library/ -------- SUBSCRIBE to The Real Investment Show here: http://www.youtube.com/c/TheRealInvestmentShow -------- Visit our Site: https://www.realinvestmentadvice.com Contact Us: 1-855-RIA-PLAN -------- Subscribe to SimpleVisor: https://www.simplevisor.com/register-new -------- Connect with us on social: https://twitter.com/RealInvAdvice https://twitter.com/LanceRoberts https://www.facebook.com/RealInvestmentAdvice/ https://www.linkedin.com/in/realinvestmentadvice/ #StockMarket #SP500 #MarketCorrection #InvestingStrategy #RiskManagement #Investing #Trading #PortfolioStrategy #RiskManagement #WealthBuilding

Investing and trading are often treated as opposing strategies, but the real advantage comes from knowing how to use both effectively. Long-term investing builds wealth through discipline and compounding, while trading can create short-term opportunities to enhance returns or manage risk. Lance Roberts & Jon Penn break down the key differences between investing and trading, when each approach makes sense, and how to structure a portfolio that incorporates both without letting emotion or overactivity take control. We discuss time horizons, risk management, position sizing, and how to avoid the common mistake of letting short-term trades derail long-term financial goals. Key topics include: 0:00 - INTRO 0:58 - Hormuz Headlines & Market Gyrations 5:16 - Market Volume Spreads & Correction Targets 10:11 - The Story of Cinco de Mayo & Taco Tuesday 13:34 - Trading vs Investing 14:45 - Proposed Ban on Prediction Markets in Texas 16:07 - Zero Days to Expiration: The Ultimate Gamble 18:06 - Psychological Effects of Prediction Markets - the tax on the poor 21:18 - Who's Making the Money? 22:54 - Warren Buffett's Pile of Cash 25:36 - We Want to Believe Fundamentals Matter 28:04 - What Are Your Top-five Stocks? 30:05 - Binary Outcomes - All or Nothing 31:42 - Markets are Expensive 33:31 - When Buy & Hold Fails 36:10 - Protect Capital - The Value of Time 39:02 - Sequence of Returns Risk 40:14 - What to do with Cash Hosted by RIA Advisors Chief Investment Strategist, Lance Roberts, CIO, w Senior Investment Advisor, Jonathan Penn, CFP Produced by Brent Clanton, Executive Producer ------- Do you enjoy our content? Rate us on Google: https://bit.ly/4b9JtEo ------- Watch Today's Full Video on our YouTube Channel: https://youtube.com/live/LGDW2OXJ6oo ------- Watch today's "Before the Bell" feature, "Cooling-Off Correction Ahead," here: https://youtu.be/LbNhP30VHio ------- Watch our previous show, "Summer Sell-Off Risk Rising," https://youtube.com/live/h2Bku-whRmY ------- * REGISTER for our next Candid Coffee, Saturday, May 16: "Financial Organization Made Simple:" https://streamyard.com/watch/SA6aj2aMdMhf -------- Resources Mentioned in Today's Show: "Hormuz: Why Markets Are Shrugging Off The Oil Shock" https://realinvestmentadvice.com/resources/blog/hormuz-why-markets-are-shrugging-off-the-oil-shock/ "The Dollar's Funeral Keeps Getting Rescheduled" https://realinvestmentadvice.com/resources/blog/the-dollars-funeral-keeps-getting-rescheduled/ ------- Download Lance's Latest e-book, "Laws of Money & Wealth:"https://realinvestmentadvice.com/ria-e-guide-library/ -------- SUBSCRIBE to The Real Investment Show here: http://www.youtube.com/c/TheRealInvestmentShow -------- Visit our Site: https://www.realinvestmentadvice.com Contact Us: 1-855-RIA-PLAN -------- Subscribe to SimpleVisor: https://www.simplevisor.com/register-new -------- Connect with us on social: https://twitter.com/RealInvAdvice https://twitter.com/LanceRoberts https://www.facebook.com/RealInvestmentAdvice/ https://www.linkedin.com/in/realinvestmentadvice/ #StockMarket #SP500 #MarketCorrection #InvestingStrategy #RiskManagement #Investing #Trading #PortfolioStrategy #RiskManagement #WealthBuilding

Today's brief covers the published Presidential major disaster declaration for the Commonwealth of the Northern Mariana Islands following Super Typhoon Sinlaku, the FEMA Alaska recovery update on Typhoon Halong, and CISA's addition of two actively exploited vulnerabilities (ConnectWise ScreenConnect and Microsoft Windows Shell) to the Known Exploited Vulnerabilities catalog. Wildfire activity in southern Georgia and northern Florida continues to drive Southern Area resourcing at PL 4, and critical fire weather is in place across eastern New Mexico, far western Texas, and the southern High Plains. Tornado damage assessments continue in Tennessee and Illinois, Michigan expanded its flooding state of emergency to 41 counties, and a M4.4 earthquake near Alamo, Nevada produced felt reports into Las Vegas. EM Morning Brief is your concise daily update on national and state-by-state emergency management news. Produced by Sitch Radio, an EOC Voices podcast.Key Takeaways• CNMI major disaster declared: FEMA-4910-DR for Super Typhoon Sinlaku was published in the Federal Register yesterday; covers incident period April 11 to April 18, 2026.• CISA KEV update: Two actively exploited vulnerabilities added: ConnectWise ScreenConnect (CVE-2024-1708) and Microsoft Windows Shell spoofing (CVE-2026-32202). Federal remediation deadline May 12, 2026.• Southern wildfires: Brantley Highway 82 Fire in Georgia at 32 percent containment with 80 plus homes destroyed; Clinch and Echols fire at 23 percent containment over 50 plus square miles; Florida Gun Range and Sand Drain fires under continued USFS warning.• Critical fire weather: Red Flag and Critical Fire Weather conditions today for eastern New Mexico, far western Texas, southern High Plains, and portions of eastern Colorado.• Texas disaster declaration: Governor Abbott declared disaster for Lamar, Parker, and Wise counties; TDEM mobilized swiftwater rescue and debris teams; Mineral Wells continues recovery from Tuesday's EF3 tornado.• Michigan emergency expanded: Whitmer added Tuscola County and the Village of Holly to the existing flooding state of emergency; 41 counties and three municipalities now covered.SponsorsThe NIMS Store - https://thenimsstore.com/SourcesCISA• CISA KEV catalog (April 29, 2026), ConnectWise ScreenConnect and Windows flaws added: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?utm_source=em-morning-brief• Security Affairs, CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to KEV: https://securityaffairs.com/191442/security/u-s-cisa-adds-microsoft-windows-shell-and-connectwise-screenconnect-flaws-to-its-known-exploited-vulnerabilities-catalog.html?utm_source=em-morning-brief• Cybersecurity Dive, CISA adds Microsoft and ConnectWise vulnerabilities to active exploitation catalog: https://www.cybersecuritydive.com/news/cisa-microsoft-connectwise-kev-update/818817/?utm_source=em-morning-briefNIFC and InciWeb• NIFC IMSR (April 29, 2026, 0730 MDT), national fire situation report: https://www.nifc.gov/nicc-files/sitreprt.pdf?utm_source=em-morning-brief• InciWeb, Gun Range Fire (Florida), incident page: https://inciweb.wildfire.gov/incident-information/flfnf-gun-range?utm_source=em-morning-brief• InciWeb, Sand Drain Fire (Florida), incident page: https://inciweb.wildfire.gov/incident-information/flfnf-sand-drain?utm_source=em-morning-briefFEMA• Federal Register, Presidential major disaster declaration for CNMI (DR-4910), Super Typhoon Sinlaku, published April 29, 2026: https://www.federalregister.gov/documents/2026/04/29/2026-08343/presidential-declaration-of-a-major-disaster-for-the-commonwealth-of-the-northern-mariana-islands?utm_source=em-morning-brief• FEMA disaster page (DR-4910), Commonwealth of the Northern Mariana Islands: https://www.fema.gov/disaster/4910?utm_source=em-morning-brief• FEMA press release (April 29, 2026), Alaska Typhoon Halong recovery, FEMA Is Still Here so Stay in Touch: https://www.fema.gov/press-release/20260429/fema-still-here-so-stay-touch?utm_source=em-morning-brief• FEMA disaster page (DR-4893), Alaska severe storms, flooding, and Typhoon Halong remnants: https://www.fema.gov/disaster/4893?utm_source=em-morning-briefUSGS• USGS HVO volcano notice (April 29, 2026), Kilauea ADVISORY and Aviation Color Code YELLOW: https://volcanoes.usgs.gov/hans-public/notice/DOI-USGS-HVO-2026-04-29T14:07:09+00:00?utm_source=em-morning-brief• USGS Earthquake Hazards Program, M4.4 near Alamo, Nevada (April 29, 2026): https://earthquake.usgs.gov/earthquakes/map/?utm_source=em-morning-briefNOAA and NWS• NWS Storm Prediction Center, Day 1 Convective Outlook (April 29, 2026), severe weather guidance: https://www.spc.noaa.gov/products/outlook/day1otlk.html?utm_source=em-morning-brief• NWS Albuquerque, Red Flag Warning summary, fire weather alerts for New Mexico and adjacent areas: https://forecast.weather.gov/wwamap/wwatxtget.php?cwa=usa&wwa=Red+Flag+Warning&utm_source=em-morning-brief• NOAA WPC, Excessive rainfall outlook for central Texas, April 29 to May 1: https://www.noaa.gov/weather-prediction-center?utm_source=em-morning-briefTravel advisories• U.S. Department of State, Travel Advisories, active list with current levels: https://travel.state.gov/en/international-travel/travel-advisories.html?utm_source=em-morning-briefAlaska• FEMA, Typhoon Halong six-month recovery update, April 10, 2026 release: https://www.fema.gov/press-release/20260410/typhoon-halong-six-month-recovery-update?utm_source=em-morning-briefCalifornia• CAL FIRE incidents, current fire activity and evacuations: https://www.fire.ca.gov/incidents?utm_source=em-morning-briefColorado• 9News, Colorado doubles Red Flag Warnings days so far in 2026: https://www.9news.com/article/weather/weather-colorado/colorado-doubles-red-flag-warnings-days-2026/73-dddb29f1-4980-4343-8f2b-c51aa2789f8a?utm_source=em-morning-briefFlorida• WCJB, U.S. Forest Service issues warning for Gun Range, Sand Drain fires (April 29, 2026): https://www.wcjb.com/2026/04/29/us-forest-service-issues-warning-gun-range-sand-drain-fires/?utm_source=em-morning-briefGeorgia• Georgia Emergency Management and Homeland Security Agency, April 2026 Wildfires page: https://gema.georgia.gov/april-2026-wildfires?utm_source=em-morning-brief• News4JAX, Brantley County shifts to recovery, danger not over (April 29, 2026): https://www.news4jax.com/news/georgia/2026/04/29/the-latest-brantley-county-shifts-to-recovery-but-wildfire-danger-not-over-yet-officials-warn/?utm_source=em-morning-briefHawaii• USGS Kilauea volcano updates, current eruption status and forecast: https://www.usgs.gov/volcanoes/kilauea/volcano-updates?utm_source=em-morning-briefIllinois• KSDK, St. Louis meteorologists confirm three tornado touchdowns in Illinois: https://www.ksdk.com/article/weather/weather-impact/st-louis-tornadoes-confirmed-touchdown-monday-storms-missouri-april-28-2026/63-3e1403e0-0127-41f9-a6fd-33e6154bf3c9?utm_source=em-morning-briefKentucky• 14News, EF-0 tornado confirmed in Ohio County, Kentucky: https://www.14news.com/2026/04/29/ef-0-tornado-confirmed-by-weather-experts-ohio-county/?utm_source=em-morning-brief• NWS Louisville, another severe weather threat through tonight: https://www.weather.gov/lmk/Severe_Weather_Expected_Tonight?utm_source=em-morning-briefMichigan• State of Michigan, Executive Order 2026-10, declaration of state of emergency: https://www.michigan.gov/whitmer/news/state-orders-and-directives/2026/04/28/executive-order-no-2026-10-declaration-of-state-of-emergency?utm_source=em-morning-brief• State of Michigan press release, Whitmer expands previous state of emergency declaration: https://www.michigan.gov/whitmer/news/press-releases/2026/04/28/whitmer-further-expands-previous-state-of-emergency-declaration?utm_source=em-morning-briefMississippi• WTOK, City of Meridian issues a boil water notice (April 29, 2026): https://www.wtok.com/2026/04/29/city-meridian-issues-boil-water-notice/?utm_source=em-morning-brief• WDAM, Boil-water notice lifted in Taylorsville (April 29, 2026): https://www.wdam.com/2026/04/29/boil-water-notice-lifted-taylorsville/?utm_source=em-morning-brief• Action News 5, Severe storms pummel Mid-South including unconfirmed tornado: https://www.actionnews5.com/2026/04/29/severe-storms-pummel-mid-south-including-least-1-unconfirmed-tornado/?utm_source=em-morning-briefMissouri• Missourinet, Storms damage Central Missouri state prisons: https://www.missourinet.com/2026/04/27/storms-cause-damage-at-state-prisons-and-across-central-missouri/?utm_source=em-morning-brief• Springfield Citizen, Hail storm causes damage and 10,000 power outages in Springfield: https://sgfcitizen.org/weather/springfield-power-outages-hail-storm/?utm_source=em-morning-briefNevada• Fox Weather, Magnitude 4.4 latest in series of earthquakes to hit Nevada: https://www.foxweather.com/weather-news/magnitude-4-7-earthquake-shakes-las-vegas?utm_source=em-morning-briefNew Mexico• The Watchers, Critical fire weather conditions forecast across eastern New Mexico and western Texas: https://watchers.news/2026/04/28/critical-fire-weather-conditions-forecast-across-eastern-new-mexico-and-western-texas/?utm_source=em-morning-briefOklahoma• AccuWeather, EF4 tornado devastates Enid, Oklahoma: https://www.accuweather.com/en/severe-weather/ef4-tornado-devastates-enid-oklahoma-amid-thursdays-severe-weather/1885149?utm_source=em-morning-brief• News9, Cleanup efforts continue following EF-4 tornado in Enid: https://www.news9.com/oklahoma-city-news/cleanup-efforts-continue-following-ef-4-tornado-in-enid-dozens-of-volunteer-helping?utm_source=em-morning-briefPennsylvania• WCCS Radio, Tornado warning for Indiana County cancelled (April 29, 2026): https://www.wccsradio.com/2026/04/29/tornado-warning-for-indiana-county-cancelled/?utm_source=em-morning-briefTennessee• WSMV, EF1 tornado leaves swirl markings in field north of Nashville: https://www.wsmv.com/2026/04/29/ef1-tornado-leaves-swirl-markings-field-north-nashville-during-early-week-severe-storms/?utm_source=em-morning-brief• WSMV, Damaging microburst confirmed in Lawrence County: https://www.wsmv.com/2026/04/29/damaging-microburst-confirmed-lawrence-county-storms-early-tuesday/?utm_source=em-morning-briefTexas• Office of the Texas Governor, Governor Abbott issues disaster declaration for North Texas storms: https://gov.texas.gov/news/post/governor-abbott-issues-disaster-declaration-for-north-texas-storms?utm_source=em-morning-brief• TDEM press release, Governor Abbott issues disaster declaration for North Texas storms: https://www.tdem.texas.gov/press-release/4-28-26?utm_source=em-morning-brief• CNN, Tornado devastates Mineral Wells, Texas, on sixth straight day of severe storms: https://www.cnn.com/2026/04/28/weather/severe-storm-outbreak-tornadoes-hail-south-climate?utm_source=em-morning-briefNorthern Mariana Islands• FEMA disaster page (DR-4910), Commonwealth of the Northern Mariana Islands, Super Typhoon Sinlaku: https://www.fema.gov/disaster/4910?utm_source=em-morning-brief• Stars and Stripes, Many in Northern Marianas still without power nearly two weeks after super typhoon: https://www.stripes.com/theaters/asia_pacific/2026-04-27/super-typhoon-sinlaku-recovery-21499079.html?utm_source=em-morning-brief This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit emnetwork.substack.com/subscribe

In der neuen Folge von Breach FM dreht sich fast alles um eine Pressemitteilung, die genau während unserer letzten Aufnahme erschien.Anthropic hat Claude Mythos Preview vorgestellt: ein Frontier-Modell, das im Rahmen von Project Glasswing einem geschlossenen Kreis aus zwölf Partnern zugänglich gemacht wird, darunter AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia und Palo Alto Networks. Das Modell hat in der Preview bereits tausende Zero-Days in jedem großen Betriebssystem und Browser gefunden, autonom, ohne Human-in-the-Loop. Anthropic stellt 100 Millionen Dollar Usage Credits bereit.Meine These: Mythos löst derzeit weniger ein technisches als ein ökonomisches Problem. Es findet wahrscheinlich keine Schwachstellen, die ein Mensch nicht finden könnte, aber schneller, autonomer und in einem anderen Maßstab. Was mich mehr beschäftigt als die Zugangsdebatte: Die Verantwortung liegt bei den Herstellern, für sichere Software, ordentliche Patches und endlich echtes Hotpatching. Warum reden wir 2026 immer noch so wenig über Exploit-Schutz als Brücke bis zum nächsten Patch?Dazu der Mercor-Breach: Die KI-Datentraining-Plattform mit 10 Milliarden Dollar Bewertung, Kunde von Meta, OpenAI und Anthropic, wurde über den LiteLLM-Supply-Chain-Angriff getroffen. Lapsus$ beansprucht 4 Terabyte gestohlene Daten, darunter Trainingsdaten und proprietäre Methodiken. Meta hat die Zusammenarbeit pausiert.Zum Abschluss: Im Darknet sind Daten von über 100.000 deutschen Bankkunden aufgetaucht, IBANs und PII, ohne Passwörter, ohne Attribution, korreliert mit einem Anstieg an Fraud-Anfragen bei deutschen Finanzinstituten. Banken rufen nicht proaktiv an und bitten nie darum, Passwörter einzugeben oder Geld zu transferieren.Project Glasswing - Securing critical software for the AI erahttps://www.anthropic.com/glasswingMeta freezes AI data work after breach puts training secrets at riskhttps://thenextweb.com/news/meta-mercor-breach-ai-training-secrets-risk?utm_content=374987155&utm_medium=social&utm_source=linkedin&hss_channel=lis-Pk6K08-g_h

In dieser Folge sprechen wir über die wahren Kosten einer längeren Tour. Natürlich haben wir auch wie gewohnt ein paar Outdoor-News und Kommentare im Gepäck. Angefangen beim Equipment: Entweder ist man ein Beginner und braucht quasi eine Komplettausstattung, oder man hat bereits das meiste an Gear und möchte einfach ein paar Dinge verbessern bzw. upgraden und beim Gewicht downgraden. Das wäre schon einmal der Hauptanteil der Kosten, der aber je nach individueller Ausgangslage sehr variabel sein kann. Dann gibt es noch weitere Kostenstellen wie z. B. Hotels an Zero Days und natürlich die Verpflegung. Andere versteckte Kosten wären z. B. unbezahlter Urlaub.Wie sind eure Erfahrungen hierbei? Habt ihr Tipps zum Sparen? Schreibt es uns in die Kommentare!Links aus der Folge:POW R1-Riegel: https://amzn.to/4tF11ieSonnenblumenkerne: https://www.1001frucht.de/steirische-kuerbiskerne-aus-oesterreich-geroestet-und-gesalzen/1001N250KKG-250Wendy Outdoors: https://www.youtube.com/@wendyoutdoors2230Armed Angels Outwear: https://www.armedangels.com/pages/outerwear-kampagneDachzelt: https://ikamper.com/pages/skycamp-4-0Unsere Social Media Auftritte könnt ihr hier finden:YouTube: https://www.youtube.com/@RobertKlinkOTRoberts Instagram: https://www.instagram.com/robertklink.de/Sebastians Instagram: https://www.instagram.com/sebas_23

Got a question or comment? Message us here!Chrome just became the attack surface of the week.We're breaking down the latest zero-day exploits, what attackers are doing with them, and how SOC teams can respond before it turns into something bigger. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In der neuen Folge von Breach FM starten Max Imbiel und ich mit dem Nachklang zur Delve-Compliance-Affäre. Die Gründer haben sich per Videobotschaft zu Wort gemeldet und die Lage damit eher verschlechtert. Sie nennen den Vorfall eine koordinierte Diffamierung, bieten aber gleichzeitig Re-Audits und mehr manuelle Prüfprozesse an. Für eine reine Schmierkampagne eine aufwendige Reaktion. Y Combinator hat sich still von Delve getrennt, und Elizabeth Holmes bot den Gründern öffentlich Hilfe an.Dann zum nächsten Supply-Chain-Fall: Das NPM-Paket Axios – über 100 Millionen wöchentliche Downloads – wurde über einen gezielten Spearphishing-Angriff auf seinen Maintainer kompromittiert. Angreifer tarnten sich als legitimes Unternehmen, luden ihn zu einem gefälschten Teams-Call ein und installierten dabei Malware. Darüber kamen sie an seine NPM-Credentials und schleusten einen Payload in die nächste Version ein. Sarah Gooding beschreibt parallel, wie die Lazarus-Gruppe dieses Muster systematisch gegen hochwertige Open-Source-Maintainer im Node.js-Universum betreibt.Zur wöchentlichen Microsoft-Corner: ProPublica hat einen tiefen Artikel über die GCC High Government Cloud und ihre FedRAMP-Zulassung veröffentlicht. Das Fazit interner US-Regierungsprüfer: Die Bewertung basierte auf unvollständigen Informationen, weil Microsoft zentrale Sicherheitsfragen schlicht nicht beantworten konnte. Ein Auditor bezeichnete das System als "a pile of shit" – nicht mein Zitat. Passend dazu: Commander Reid Wiseman meldete während der Artemis-II-Mission, er habe zwei Outlook-Instanzen an Bord – und keine funktioniere.Zum Abschluss empfehle ich den Vortrag von Nicholas Carlini, Research Scientist bei Anthropic, auf der [un]prompted-Konferenz. Er zeigt, wie aktuelle LLMs autonom Zero-Days in produktivem Code finden – darunter eine SQL Injection in Ghost CMS nach 90 Minuten und ein Linux-Kernel-Bug, der seit 2003 unentdeckt war. Insgesamt hat das Frontier Red Team über 500 validierte High-Severity-Schwachstellen gefunden. Die Fähigkeiten verdoppeln sich laut Carlini etwa alle vier Monate. Den Vortrag verlinken wir – mit dem transparenten Hinweis, dass Carlini für Anthropic arbeitet.Delve sets the record straight on anonymous attackshttps://delve.co/blog/delve-sets-the-record-straight-on-anonymous-attacksFederal Cyber Experts Thought Microsoft's Cloud Was “a Pile of Shit.” They Approved It Anyway.How Axios was compromisedhttps://x.com/flaviocopes/status/2039973060158095827?s=46Nicholas Carlini - Black-hat LLMs | [un]prompted 2026https://www.youtube.com/watch?v=1sd26pWhfmgArtemis II crew experienced issues with Outlook this morninghttps://x.com/latestinspace/status/2039763355162812702?s=46

Bob got pranked AGAIN. Plus, Sarah's audio mistakes are rubbing off on her. Vinnie had a classic dad Easter.

En el episodio de hoy:

Referências do EpisódioChrome Releases - Stable Channel Update for Desktop - Thursday, March 12, 2026Google fixes two new Chrome zero-days exploited in attacksApple issues emergency fixes for Coruna flaws in older iOS versionsVulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4465Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities“Handala Hack” – Unveiling Group's Modus OperandiMalware disguised as AI agentsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Chris and Hector break down a new US cyber strategy calling for a more aggressive posture against hackers, then dive into a bizarre case where a sophisticated iPhone exploit kit meant for espionage ended up powering crypto theft. They also revisit the arrest of a contractor's son accused of stealing $46 million in seized cryptocurrency and discuss how bragging on Discord brought the whole scheme crashing down. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Insider Threat: AI-equipped Employees - Gate 15 - 04 Mar 2026 • Communication and Collaboration Key Themes in GridEx VIII Lessons Learned Report • Health-ISAC Annual Report 2025 Shows Surge in Threat Intel and Tabletop Drills, Putting Resilience in Focus • The Gate 15 Special Edition: Iran, ISACs, & insomnia: What's happening, and not happening, in information sharing — Gate 15 | 06 Mar 2026• White House Unveils President Trump's Cyber Strategy for America — The White House | 06 Mar 2026o Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House o Ranking Member Thompson Statement on Trump's 3-Page Cyber Strategy — Democrats on the House Homeland Security Committee, 06 Mar 2026 • Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House | 06 Mar 2026Main Topics:Operation Epic Fury & Related: • White House blocks intelligence report warning of rising US homeland terror threat linked to Iran war • Iran may be activating sleeper cells in the United States, officials warn • Cyber threat bulletin: Iranian cyber threat response to US–Israel strikes February 2026, Canadian Centre for Cyber Security, 03 Mar 2026• Alert: NCSC advises UK organisations to take action following conflict in the Middle East, NCSC, 02 Mar 2026• U.S. threat intelligence units identify hacktivists as prime cyber vector in Iran conflict • Iran-linked hacktivists could target US state and local targets, experts warn • Trump Says ‘I Guess' Americans Should Worry About Iran Attacks Cyber Reports• NCC Group Annual Threat Monitor Review of 2025 NCC Group, 05 Mar 2026• Patch, track, repeat: The 2025 CVE retrospective — Cisco Talos, 05 Mar 2026• Look What You Made Us Patch: 2025 Zero-Days in Review Google Cloud Blog, 05 Mar 2026• Coalition report finds sharp rise in ransomware demands as most businesses refuse to pay — Reinsurance News | 07 Mar 2026• INC Ransom Affiliate Model Enabling Targeting of Critical Networks Australian Cyber Security Centre, 05 Mar 2026Quick Hits:• Top 10 artificial intelligence security actions: A primer Canadian Centre for Cyber Security, 05 Mar 2026• Artificial Intelligence and Machine Learning Supply Chain Risks and Mitigations Australian Signals Directorate, 04 Mar 2026• How AI Assistants Are Moving the Security Goalposts — Krebs on Security | 07 Mar 2026• Preparation hardening destructive attacks — Google Cloud Threat Intelligence | 08 Mar 2026• Tornadoes kill 6 people in Michigan and Oklahoma as powerful storms hit nation's midsection

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed.   Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today.   They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner All links and the video of this episode can be found on CISO Series.com  

Apple blocks ByteDance Chinese apps Google says 90 zero-days were exploited in attacks last year Iran intelligence backdoored U.S. bank, airport, software outfit networks  Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-blocks-bytedance-googles-90-zero-days-iran-backdoors-u-s-organizations/ Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training – no designers, no delays. Learn more at adaptivesecurity.com.  

Referências do EpisódioNew BoryptGrab Stealer Targets Windows Users via Deceptive GitHub PagesSeedworm: Iranian APT on Networks of U.S. Bank, Airport, Software CompanyUAT-9244 targets South American telecommunication providers with three new malware implantsAPT36: A Nightmare of VibewareLook What You Made Us Patch: 2025 Zero-Days in ReviewRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

A suspected U.S. exploit kit shows up in global iOS attacks. Facebook goes down briefly worldwide. A critical help-desk flaw enables remote code execution. Juniper PTX routers face a major bug. LastPass warns of phishing. Telegram becomes a cybercrime marketplace. Healthcare groups fight relaxed IT rules. A stolen Gemini API key runs up massive bills. CISA's CIO departs. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. The problem of posthumous profiles.  CyberWire Guest Today on our Industry Voices segment we are joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing how AI is reshaping social engineering. If you want to hear the full conversation, listen to it here. Selected Reading Possible U.S.-developed exploits linked to first known ‘mass' iOS attack (CyberScoop) Facebook accounts unavailable in worldwide outage (Bleeping Computer) Critical FreeScout Vulnerability Leads to Full Server Compromise (SecurityWeek) Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed (BankInfo Security) LastPass Warns of New Phishing Campaign (SecurityWeek) Telegram Increasingly Used to Sell Access, Malware and Stolen Logs Hackread) Groups Push Back on HHS' Proposed Health IT Rollbacks (BankInfo Security) Dev stunned by $82K Gemini API key bill after theft (The Register) CISA CIO Robert Costello exits agency (CyberScoop) Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows (Infosecurity Magazine) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft just dropped patches for SIX actively exploited zero-day vulnerabilities — and that's just the beginning. In this week's Hacking News, we break down the February 2026 Patch Tuesday emergency, North Korea's Lazarus Group poisoning npm and PyPI through fake job recruiters, nation-state hackers weaponizing Google's Gemini AI (including malware that writes its own payloads), a massive Dutch telecom breach affecting 6.2 million people, and a U.S. government contractor breach that ballooned from 4 million to potentially tens of millions affected. This is Exploit Brokers by Forgebound Research — cybersecurity news, threat intelligence, and insights. Whether you're a security analyst, developer, or just someone who wants to stay informed, this episode has something for you.

Neste episódio falamos sobre os principais temas de segurança digital e privacidade das últimas semanas, abordando assuntos que você precisa conhecer para entender o cenário atual da proteção de dados, segurança infantil online e inteligência artificial. Você vai descobrir como o Roblox e o Discord lidam com a verificação de idade e proteção de crianças na internet, incluindo os riscos de predadores digitais, mecanismos psicológicos de retenção e a ausência de controles parentais eficazes. Também abordamos o polêmico caso do Grok no X (antigo Twitter) gerando imagens de nudez de mulheres e menores de idade sem guardrails, e as medidas tomadas pela ANPD, Ministério Público Federal e Senacon contra a plataforma. Discutimos o acordo de adequação mútua entre Brasil e União Europeia em proteção de dados pessoais e o que isso representa para transferências internacionais de dados e oportunidades comerciais. Ainda comentamos a solicitação do FBI à Microsoft pelas chaves de criptografia BitLocker, a ação judicial contra a Meta por suposto acesso às mensagens criptografadas do WhatsApp, o fenômeno das personas digitais criadas por IA, como a “Aboriginal Steve Irwin”, e os deepfakes com celebridades. Por fim, apresentamos a WhisperSafe, novo patrocinador do podcast, um software de transcrição local com privacidade em foco, usando modelos Whisper da OpenAI sem envio de dados para a nuvem. Assine o podcast para não perder nenhum episódio, deixe sua avaliação nas plataformas e siga o Segurança Legal no Instagram, Mastodon, Blue Sky, YouTube e TikTok. Apoie o projeto independente em apoia.se/segurancalegal. Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana. Acesse WhisperSafe – Transcreva áudio e grave reuniões direto no seu computador, mesmo offline. Rápido, leve e pronto para usar com qualquer IA. Use o cupom SEGLEG50 para 50% de desconto na sua assinatura. ShowNotes Grupo 1 – Roblox, crianças e proteção digital em plataformas de jogos ‘Estou sendo atacado por crianças’, diz Felca após ser alvo de protesto no Roblox Opinião: feito para viciar, Roblox tem lógica de cassino e vira caça-níquel para crianças Palcos no Discord serão bloqueados para adolescentes e restritos para grupos da mesma idade Hackers expose age-verification software powering surveillance web ‘O que adolescentes fizeram com cão Orelha acontece todas as noites em muitas casas do Brasil, ao vivo no Discord’, alerta juíza Vanessa Cavalieri Internal chats show how social media companies discussed teen engagement Como vão funcionar as novas regras do Discord para verificar idade no app? Grupo 2 – Grok, conteúdo sexual gerado por IA e responsabilização do X/Musk ANPD, MPF e Senacon recomendam que X impeça geração e circulação de conteúdos sexualizados indevidos por meio do Grok ANPD, MPF e Senacon determinam que X implemente de forma imediata medidas para corrigir falhas no Grok Masterful gambit: Musk attempts to monetize Grok’s wave of sexual abuse imagery Joint statement on AI-generated imagery and the protection of privacy Grupo 3 – Adequação mútua Brasil-UE em proteção de dados e multas na UE Brasil e União Europeia reconhecem adequação mútua em matéria de proteção de dados pessoais Violation de données : sanction de 5 millions d'euros à l'encontre de FRANCE TRAVAIL Violation de données : sanction de 42 millions d'euros à l'encontre des sociétés FREE MOBILE et FREE Más sanciones y de mayor importe: La AEPD sube el nivel de multas en 2025 Grupo 4 – Vigilância, privacidade e Estado The Department of Homeland Security is demanding that Google turn over information about random critics Microsoft is giving the FBI BitLocker keys US authorities reportedly investigate claims that Meta can read encrypted WhatsApp messages Grupo 5 – IA generativa e identidade ‘It’s AI blackface’: social media account hailed as the Aboriginal Steve Irwin is an AI character created in New Zealan Imagem do Episódio – Children’s Games (Bruegel)  Transcrição do Episódio (00:00:08.000 –> 00:00:17.500) Bem-vindos e bem-vindas ao Café Segurança Legal, episódio 411, gravado em 24 de fevereiro de 2026. (00:00:17.500 –> 00:00:22.920) Eu sou Guilherme Goulart e junto com o Vinícius Serafim vamos trazer para vocês algumas notícias das últimas semanas. (00:00:22.920 –> 00:00:24.440) E aí, Vinícius, tudo bem? (00:00:24.440 –> 00:00:27.940) Olá, Guilherme, tudo bem? (00:00:24.440 –> 00:00:27.940) Olá aos nossos ouvintes. (00:00:28.180 –> 00:00:30.600) Você estava com saudade de gravar ou não? (00:00:30.600 –> 00:00:39.160) Cara, eu já estava até duvidando da minha capacidade de gravar de novo, porque a gente passou quase.. (00:00:30.600 –> 00:00:39.160) Vai fechar dois.. (00:00:39.160 –> 00:00:40.820) Um mês e pouco. (00:00:40.820 –> 00:00:45.280) O último foi ali em janeiro, não foi? (00:00:45.280 –> 00:00:46.720) Foi em janeiro que a gente gravou. (00:00:46.720 –> 00:00:51.000) Agora você me pegou, você me pegou no contrapé. (00:00:51.000 –> 00:00:57.820) Mas nós gravamos o episódio 410 da Retrospectiva, que se você não ouviu, está lá no dia 6 de janeiro. (00:00:58.180 –> 00:01:02.100) De 2026. (00:00:58.180 –> 00:01:02.100) Retrospectiva 2025. (00:01:03.780 –> 00:01:07.380) Bem, então, esse é o nosso momento de conversarmos sobre algumas notícias. (00:01:07.380 –> 00:01:10.240) Pegue o seu café e venha conosco para entrar em contato. (00:01:10.240 –> 00:01:18.760) Vocês já sabem, é lá no podcast.roba.segurançalegal.com, no Mastodon, no Instagram, no Blue Sky, no YouTube e no TikTok também. (00:01:18.760 –> 00:01:24.520) Você pode ver que tanto no TikTok quanto no YouTube você consegue ver também uns shorts lá que aparecem no Instagram também. (00:01:24.900 –> 00:01:30.420) A nossa campanha de financiamento coletivo, vocês já sabem, lá no apoia.se barra segurança legal. (00:01:30.420 –> 00:01:36.940) A gente sempre pede que você considere colaborar com esse projeto independente de proteção de conteúdo. (00:01:36.940 –> 00:01:41.960) E, Vinícius, temos uma novidade que é um novo patrocinador aqui no Segurança Legal. (00:01:42.500 –> 00:01:43.520) É isso aí, Guilherme. (00:01:43.520 –> 00:01:54.360) Tem a WhisperSafe, na verdade, o produto da WhisperSafe de uma startup que nós conhecemos, inclusive o dono da startup. (00:01:54.360 –> 00:02:04.360) É um software para transcrição de voz com um valor bastante acessível comparado com outros que tem no mercado. (00:02:05.420 –> 00:02:08.640) Ele faz transcrição tanto.. (00:02:08.640 –> 00:02:13.760) Eu tenho usado muito para fazer, para mandar comandos para IA. (00:02:13.760 –> 00:02:17.060) Eu fazia prompt tudo estruturadinho, digitando e tal. (00:02:17.060 –> 00:02:26.200) Agora, para programar, para criar scripts, criar alguns programas, para fazer alguns testes, eu tenho utilizado essencialmente ele para digitar. (00:02:26.200 –> 00:02:34.080) E tem uma funcionalidade muito interessante, que é a gravação e transcrição de reuniões, que eu também tenho utilizado. (00:02:35.220 –> 00:02:40.820) Independente do software que você utiliza, você abre ele, clica gravar a reunião, ele vai gravar todo o áudio da reunião. (00:02:40.820 –> 00:02:48.280) E depois que ele grava e você aperta lá o botãozinho para transcrever, ele te dá uma.. (00:02:48.280 –> 00:02:53.000) Ele tanto gera um arquivo com a transcrição bruta, se tu quiser usar com alguma IA, (00:02:53.000 –> 00:03:04.160) Como ele já deixa na área de transferência a tua transcrição com um prompt montado para te colar na IA que tu quer utilizar para fazer um resumo da tua reunião. (00:03:04.160 –> 00:03:07.500) Então, termina a reunião, cola na IA e pimba. (00:03:07.500 –> 00:03:16.880) O valor dele é um valor bastante acessível e, para os ouvintes do Segurança Legal, nós temos 20 cupons. (00:03:17.840 –> 00:03:28.700) O cupom é SEGLEG50, ele dá 50% de desconto vitalício, digamos assim. (00:03:28.700 –> 00:03:35.360) Você faz a assinatura, aplica o desconto, se fizer mensal ele vai aplicar a todos os pagamentos mensais (00:03:35.360 –> 00:03:40.080) E, se for anual, ele vai aplicar a todos os pagamentos anuais. (00:03:40.080 –> 00:03:44.540) Então, não é um desconto que vale só no primeiro ano ou só no primeiro pagamento. (00:03:44.540 –> 00:03:48.460) SEGLEG50 para os ouvintes do Segurança Legal. (00:03:49.080 –> 00:03:55.520) São 20 cupons, são 20 cupons que a gente tem aí, pelo menos para este episódio. (00:03:55.520 –> 00:04:01.320) E o mais importante, Vinícius, ele é um aplicativo que é construído com privacidade em foco. (00:04:01.320 –> 00:04:06.820) Ou seja, se você, os dados e toda a parte de transcrição, ela fica só na sua máquina, (00:04:06.820 –> 00:04:11.020) Não vai para a nuvem, a não ser que você queira depois usar isso no MyA e tal, (00:04:11.020 –> 00:04:14.580) Mas, assim, para assuntos mais críticos. (00:04:14.580 –> 00:04:18.560) Se você quiser ter lá para fazer uma ata depois, isso fica só na sua máquina. (00:04:18.560 –> 00:04:24.280) Ele faz, ele usa os modelos da Whisper, isso está lá na interface, está muito claro. (00:04:24.280 –> 00:04:31.040) Ele usa os modelos da, os modelos Whisper da OpenAI, que são modelos que rodam local na máquina. (00:04:31.040 –> 00:04:35.460) E o interessante é que tu não precisa nem ter uma placa de vídeo, não precisa ter GPU nem nada, (00:04:35.460 –> 00:04:39.280) Ele funciona muito bem, eu testei no meu notebook, não tem placa de vídeo dedicada. (00:04:40.700 –> 00:04:45.580) E funcionou muito bem, assim, ele é bastante rápido. (00:04:45.580 –> 00:04:52.320) E eu tenho feito os testes até para ver a questão de velocidade, já que tem os modelos disponíveis lá. (00:04:52.320 –> 00:04:55.000) Eu estava usando sempre o Turbo, assim, vou usar o melhor. (00:04:55.000 –> 00:05:00.500) Aí eu resolvi começar a usar o Medium e o Small lá dos modelos. (00:05:00.500 –> 00:05:04.580) E, cara, o Small, ele dá umas erradas, assim, sabe? (00:05:04.580 –> 00:05:06.260) Mas o Medium funciona muito bem. (00:05:06.260 –> 00:05:08.060) Tá bom. (00:05:08.840 –> 00:05:15.480) Então, basta você acessar o whispersafe.ai.ai, você vai ver lá todos os valores. (00:05:15.480 –> 00:05:19.920) Na hora do pagamento, pode usar o cupom SEGLEG50 e vamos lá. (00:05:19.920 –> 00:05:24.080) Bem-vindos, então, ao novo patrocinador do podcast Segurança Legal. (00:05:24.080 –> 00:05:30.480) Vamos para os temas, então, Vinícius, desses últimos dois meses, dá para se dizer aí. (00:05:30.480 –> 00:05:32.680) Hoje já estamos aí no dia 24 de fevereiro. (00:05:32.680 –> 00:05:44.260) Bastante coisa acontecendo, mas nós vamos, em vez de comentar propriamente as notícias, claro que nós vamos citá-las aqui, mas nós dividimos em alguns grupos. (00:05:44.340 –> 00:05:49.420) De temas que nos chamaram a atenção e que também foram temas importantes aí nas últimas semanas. (00:05:49.420 –> 00:05:53.860) O primeiro deles diz respeito à questão da proteção da criança na internet. (00:05:53.860 –> 00:05:56.400) Proteção digital, sobretudo em plataformas. (00:05:56.400 –> 00:06:00.200) Você que nos acompanha aqui sabe que a questão da proteção de criança é importante. (00:06:00.200 –> 00:06:04.860) A gente tem diversos, para esse podcast, a gente tem diversos episódios gravados sobre isso. (00:06:05.100 –> 00:06:11.420) Chegamos a comentar, inclusive, um episódio mais recente também sobre o ECA Digital, Vinícius, se você puder ver o número aí para nós. (00:06:11.420 –> 00:06:24.280) E, basicamente, o que nós estamos vendo mais recentemente é toda uma questão sobre como tornar essas plataformas, os problemas envolvendo plataformas utilizadas por crianças. (00:06:24.280 –> 00:06:33.320) E cada vez mais as crianças têm usado, seja o discórdio, mas aqui o foco dessas notícias é o Roblox. (00:06:33.320 –> 00:06:38.740) Então, se você tem filho, provavelmente já ouviu falar sobre Roblox, que é um jogo. (00:06:38.740 –> 00:06:44.020) Dá para dizer que é um jogo, mas que simula quase como um ambiente, assim. (00:06:38.740 –> 00:06:44.020) Virtual. (00:06:44.020 –> 00:06:47.600) Eu cheguei a jogar ele logo que ele apareceu. (00:06:47.600 –> 00:06:52.020) Assim, não tão logo, mas os colegas do meu filho começaram a jogar. (00:06:52.020 –> 00:06:54.900) Ai, meu filho veio com essa história do Roblox. (00:06:54.900 –> 00:06:57.140) E aí, disse, não, beleza, vamos ver. (00:06:57.140 –> 00:06:58.860) Aí eu entrei com ele. (00:06:59.320 –> 00:07:02.180) Cara, é um ambiente, é um ambiente virtual. (00:07:02.180 –> 00:07:08.400) Para mim, me lembrou muito aquele Second Life, tá ligado? (00:07:08.400 –> 00:07:09.320) Sim, Second Life. (00:07:09.320 –> 00:07:11.100) Me lembrou muito aquilo, então. (00:07:11.100 –> 00:07:15.880) E aí, dentro, tu tem espaços. (00:07:15.880 –> 00:07:19.980) Que tu acessa aplicações, jogos e tudo mais. (00:07:19.980 –> 00:07:22.560) Tu pode criar, inclusive, e tal. (00:07:22.700 –> 00:07:26.080) E aí, ele tem uma moeda interna no jogo, tá? (00:07:26.080 –> 00:07:28.080) Ele tem grana envolvida. (00:07:28.080 –> 00:07:36.080) E, cara, em cinco minutos de Fussaclo ali, eu larguei para o meu filho, ó, tem jogos melhores (00:07:36.080 –> 00:07:36.640) Para te jogar. (00:07:36.640 –> 00:07:39.060) Tu não vai jogar isso aqui. (00:07:39.060 –> 00:07:44.520) Justamente porque é um ambiente, eu percebi, o que eu percebi de cara, e se confirmou depois, (00:07:44.520 –> 00:07:47.180) Um ambiente muito descontrolado, entende? (00:07:47.680 –> 00:07:56.360) Um ambiente muito descontrolado, com muita, assim, nomes estranhos de personagens, todo (00:07:56.360 –> 00:08:03.060) Mundo pode se comunicar com todo mundo, então, é um negócio bem estranho. (00:08:03.060 –> 00:08:04.880) Pelo menos, era. (00:08:04.880 –> 00:08:06.060) A percepção. (00:08:06.060 –> 00:08:06.260) Não entrei mais para jogar. (00:08:06.260 –> 00:08:11.720) Mas aí, pelo que a gente vê agora nas reações e notícias e tudo mais, pelo visto, (00:08:11.720 –> 00:08:12.580) Continua estranho. (00:08:12.580 –> 00:08:13.620) Continua estranho. (00:08:13.620 –> 00:08:18.880) O, o, a grande questão aqui é que, por fora, e isso está acontecendo no mundo (00:08:18.880 –> 00:08:20.140) Inteiro, não é só no Brasil. (00:08:20.140 –> 00:08:23.820) No Brasil, por conta do ECA Digital, mas assim, começa.. (00:08:23.820 –> 00:08:24.660) Episódio 400, viu, Guilherme? (00:08:24.660 –> 00:08:25.940) Tá, legal. (00:08:25.940 –> 00:08:26.660) Episódio 400, isso é legal. (00:08:26.660 –> 00:08:32.380) É que começa a se ampliar toda a discussão de como você fazer a verificação de idade (00:08:32.380 –> 00:08:34.120) De pessoas nessas plataformas. (00:08:34.120 –> 00:08:41.000) Então, aqui a gente junta nesse mesmo pacote o Roblox e também o Discord. (00:08:41.360 –> 00:08:43.840) E aí, uma coisa muito interessante. (00:08:43.840 –> 00:08:48.460) Que gerou, assim, até um fenômeno social, me parece que relevante. (00:08:48.460 –> 00:08:52.160) Crianças começaram a protestar lá, porque as crianças seriam os beneficiários. (00:08:52.160 –> 00:08:56.820) Mas começaram a protestar por conta das novas medidas de verificação de idade. (00:08:56.820 –> 00:08:59.280) Aí, o Felca foi alvo de protesto e tal. (00:08:59.280 –> 00:09:05.920) E tem as crianças lá, simulando um protesto, segurando cartazes lá dentro do Roblox. (00:09:07.520 –> 00:09:11.380) Saíram também notícias dizendo, e aí, mais ou menos na tua percepção, Vinícius, (00:09:11.380 –> 00:09:16.720) De que o Roblox, como acontece com grandes plataformas, ele teria uma lógica de cassino, (00:09:16.720 –> 00:09:21.860) Ou seja, as crianças ficariam ali, utilizariam gatilhos psicológicos, (00:09:21.860 –> 00:09:26.860) Como já ocorre em redes sociais, para que as crianças ficassem mais tempo lá dentro. (00:09:26.860 –> 00:09:33.160) E aí, também começou a se ventilar de que predadores sexuais estariam dentro do Roblox, (00:09:33.160 –> 00:09:36.760) Se fazendo passar por crianças. (00:09:33.160 –> 00:09:36.760) Disfarçados aí. (00:09:36.760 –> 00:09:40.700) Nos Estados Unidos, isso é um problema bem sério lá, justamente com isso. (00:09:40.700 –> 00:09:52.020) E teve o CEO do Roblox, ele teve lá no episódio do The Hard Fork. (00:09:53.020 –> 00:09:59.060) Eu já vejo o número de episódios aqui, mas o nome do CEO é Dave Bazzucchi, tá? (00:09:59.060 –> 00:10:06.020) E, cara, o pessoal do The Hard Fork tentou, assim, impressionou, foi uma coisa que ficou até tenso, sabe? (00:10:06.020 –> 00:10:08.940) Não é normal, assim, tu ver esse episódio do The Hard Fork desse jeito. (00:10:08.940 –> 00:10:14.100) E o cara sempre saindo pela tangente, assim, e perguntas bem diretas. (00:10:14.460 –> 00:10:21.300) Em termos de controle de comunicação, a questão de deixar adultos falar com crianças, assim, várias coisas. (00:10:21.300 –> 00:10:23.420) E ele sempre dando evasiva. (00:10:23.420 –> 00:10:26.320) Ele não.. (00:10:23.420 –> 00:10:26.320) Assim, foi muito ruim, sabe? (00:10:26.320 –> 00:10:32.020) A impressão que tu tens é que o cara foi ali para tentar se justificar, (00:10:32.020 –> 00:10:35.280) Não aceitando os problemas que ele tem na plataforma. (00:10:35.280 –> 00:10:38.800) Isso o CEO da própria Roblox, sabe? (00:10:38.800 –> 00:10:40.320) Na própria empresa. (00:10:40.320 –> 00:10:50.300) Então, isso me deixou ainda mais convencido de que é uma empresa que não tem preocupação nenhuma (00:10:50.300 –> 00:10:54.240) Com essa questão de segurança de crianças e tudo mais, entende? (00:10:54.240 –> 00:10:55.540) É bem delicado. (00:10:55.540 –> 00:10:58.760) Se o pessoal já se preocupa com o Discord, o Roblox é muito pior. (00:10:58.760 –> 00:11:00.000) É muito pior. (00:11:00.000 –> 00:11:03.140) Em termos de possibilidades de comunicação. (00:11:03.140 –> 00:11:06.380) É uma reportagem aqui da Folha de São Paulo. (00:11:06.420 –> 00:11:10.920) Pelo Daniel Mariani, ele destaca justamente isso. (00:11:10.920 –> 00:11:13.660) Inclusive de monetização. (00:11:13.660 –> 00:11:18.120) Práticas predatórias em games e monetiza compulsão e frustrações. (00:11:18.120 –> 00:11:22.720) Explora mecanismos psicológicos como medo de ficar fora da plataforma. (00:11:22.720 –> 00:11:25.060) Ficar de fora e perda de noção de tempo. (00:11:25.060 –> 00:11:27.540) Então, ele conta uma historinha que ele sai com o filho e o filho diz (00:11:27.540 –> 00:11:31.600) Olha, nós temos que voltar até tal hora porque vai acontecer um evento lá no Roblox (00:11:31.600 –> 00:11:34.920) E eu preciso estar lá e enfim. (00:11:35.800 –> 00:11:42.840) E aí, a crítica toda é também de que haveria uma falta de vontade, digamos assim, (00:11:42.840 –> 00:11:46.920) Da empresa de adotar controles parentais e também a questão da verificação da idade. (00:11:46.920 –> 00:11:52.820) E a verificação da idade que começa agora também a ficar mais presente agora em março. (00:11:52.820 –> 00:11:55.440) Tudo indica que vai acontecer também no Discord. (00:11:55.720 –> 00:11:57.760) Então, isso.. (00:11:57.760 –> 00:12:01.500) E também o Discord, Vinícius, se você quiser falar logo a seguir, (00:12:01.500 –> 00:12:07.160) Mas o Discord também aplicando novas formas de controle parental. (00:12:07.160 –> 00:12:11.440) Mas a grande discussão, e mais uma vez, isso está acontecendo no Brasil e no mundo, é (00:12:11.440 –> 00:12:17.200) Mas qual vai ser ou quais serão as medidas de controle de identidade. (00:12:18.080 –> 00:12:27.420) Então, se fala em biometria facial, se fala em envio de documentos e tal, e aí a grande preocupação que se coloca (00:12:27.420 –> 00:12:33.320) É no aumento das práticas de vigilância sobre como, que as empresas vão lidar com isso, (00:12:33.320 –> 00:12:39.040) Sobre o fato de a biometria facial ser um dado sensível, que poderia ser utilizado para outras sinalidades. (00:12:39.040 –> 00:12:47.020) Uma das notícias aqui mostra que o próprio Discord estava usando uma empresa lá, ou contratou uma empresa de verificação (00:12:47.020 –> 00:12:53.380) Que tinha conexões, que é a tal da persona lá, conexões no site deles, dizia mesmo (00:12:53.380 –> 00:12:55.840) This is a US government system. (00:12:55.840 –> 00:13:01.240) Mas aí que tá, Guilherme, assim, a gente tem um problema bem sério para resolver aí, tá? (00:13:01.240 –> 00:13:08.060) Porque ao mesmo tempo que se quer que as empresas consigam fazer a verificação de idade, (00:13:09.040 –> 00:13:11.160) E aí sim, é ok. (00:13:11.160 –> 00:13:12.660) O que que eu faço essa verificação de idade? (00:13:12.660 –> 00:13:17.000) O que que eu faço de um jeito que eu consiga ter um mínimo de confiança (00:13:17.000 –> 00:13:20.060) De que a criatura não tá mentindo pra mim, que o Zora não tá mentindo pra mim (00:13:20.060 –> 00:13:22.420) E tá entrando com menos de 13 ou coisa parecida? (00:13:22.420 –> 00:13:25.660) Então, eu preciso uma forma de verificar isso. (00:13:25.660 –> 00:13:28.400) Tu vai verificar como? (00:13:28.400 –> 00:13:30.080) Imagina a própria empresa. (00:13:30.080 –> 00:13:34.680) Ela vai usar reconhecimento facial para tentar identificar a idade? (00:13:34.680 –> 00:13:36.440) Ela vai pedir documentação? (00:13:38.360 –> 00:13:40.020) Não sei se isso é bom, se é ruim, entende? (00:13:40.020 –> 00:13:42.000) Eu só tô com o problema. (00:13:42.000 –> 00:13:46.220) Aí, o ideal, eu não gostaria de ficar dando minha identidade pra tudo quanto é empresa. (00:13:46.220 –> 00:13:50.460) Então, uma outra opção o governo tem as informações. (00:13:50.460 –> 00:13:54.360) Uma agência governamental tem as informações, as nossas informações. (00:13:54.360 –> 00:13:55.580) Sabe a idade que a gente tem. (00:13:55.580 –> 00:13:57.540) Tem toda a comprovação de quem a gente é. (00:13:58.220 –> 00:14:07.340) Será que não dá pra ter um protocolo que, de forma anônima, eu acesso um site e esse site (00:14:07.340 –> 00:14:15.160) Conversa com o site do governo e aí eu converso com o site do governo e digo, gera aí um token (00:14:15.160 –> 00:14:21.420) Pra mim, eu sou fulano, gera um token dizendo que eu tenho mais de 18 anos ou tem mais de 13 (00:14:21.420 –> 00:14:22.460) Ou coisa parecida. (00:14:22.460 –> 00:14:27.360) Parecido com o que a gente já faz no Alt pra fazer autenticação quando a gente usa o Google e tudo mais. (00:14:27.360 –> 00:14:31.720) Parecido com isso, mas em vez de dizer quem nós somos, ele diz que idade que a gente tem. (00:14:31.720 –> 00:14:32.860) Tá? (00:14:32.860 –> 00:14:36.000) Só que daí tu tem vários outros problemas. (00:14:36.000 –> 00:14:38.380) Ok, o site pode não saber quem tu é por ali. (00:14:38.380 –> 00:14:39.360) Não tem problema. (00:14:39.360 –> 00:14:41.460) E aí tem outro jeito de saber quem tu mas enfim. (00:14:41.460 –> 00:14:43.180) Até porque você vai ter um cadastro lá. (00:14:43.240 –> 00:14:43.960) Exato. (00:14:43.960 –> 00:14:51.560) Então assim, ok, ao mesmo tempo tu vai estar dizendo pro governo o que que tu tá acessando. (00:14:51.560 –> 00:14:57.260) Então se o governo começar a registrar lá na hora de consultar quem tá consultando o teu cadastro (00:14:57.260 –> 00:15:00.900) Ou pra quem tu tá se autenticando, ele sabe o que que tu tá acessando. (00:15:00.900 –> 00:15:06.060) E aí teve um problema recente, a gente chegou a comentar aqui, eu só não lembro se foi na (00:15:06.060 –> 00:15:10.120) Inglaterra especificamente ou foi na União Europeia, tá? (00:15:10.120 –> 00:15:11.900) E se eu não tô enganado, foi na Inglaterra, cara. (00:15:11.900 –> 00:15:19.940) Mas eles estavam com a demanda de, pra acessar site pornográfico, tu tem que dar a tua (00:15:19.940 –> 00:15:23.300) Identificação real, tá? (00:15:23.300 –> 00:15:28.080) Pra que o site tenha certeza de que tu é o maior de idade. (00:15:28.080 –> 00:15:36.360) E aí começou uma outra discussão da questão da privacidade das pessoas que acessam (00:15:36.360 –> 00:15:37.600) Esses sites e tudo mais. (00:15:38.100 –> 00:15:46.060) Então eu não vejo uma solução perfeita, assim, que empresa privada não guarde as informações (00:15:46.060 –> 00:15:48.760) Ou não tem um repositório de informações pra fazer isso. (00:15:48.760 –> 00:15:52.560) Tem uma solução que já é conhecida que é uma chamada, com a chamada Meu ID. (00:15:52.560 –> 00:15:59.420) Eu uso pra algumas plataformas de jogos, que a ideia é justamente essa, tu se autentica (00:15:59.420 –> 00:16:04.100) Com a plataforma, com a tua documentação, faz prova, faz o esquema da imagem e tudo mais. (00:16:04.100 –> 00:16:06.140) Aí tu usa ela pra se autenticar uma plataforma. (00:16:06.140 –> 00:16:11.660) Então, ou a gente vai ter que ter uma empresa como essa, ou vai ter que vincular com algum (00:16:11.660 –> 00:16:12.500) Órgão do governo. (00:16:12.500 –> 00:16:18.140) Eu não vejo uma saída diferente pro Discord, por exemplo. (00:16:18.140 –> 00:16:21.540) Eu não vejo uma saída diferente pro Facebook. (00:16:22.220 –> 00:16:27.240) Como é que eu vou autenticar, como é que eu vou saber que o usuário tem mais certa idade, (00:16:27.240 –> 00:16:37.040) Sem que eu possa ser enganado e sem pedir uma confirmação mais consistente, documental, (00:16:37.040 –> 00:16:43.280) Nem que seja interfaceada ou intermediada pelo governo ou por uma empresa privada, (00:16:44.460 –> 00:16:49.760) Que diga, não, Vinícius realmente tem mais de 13 anos. (00:16:49.760 –> 00:16:51.620) É um problema não. (00:16:51.620 –> 00:16:53.520) Eu não vejo uma solução fácil pra isso. (00:16:53.520 –> 00:16:55.720) É um problema de privacidade. (00:16:55.720 –> 00:17:01.940) Essa questão que eu comentei aqui desse persona que o Discord tava usando, (00:17:01.940 –> 00:17:05.660) A grande questão era que era um negócio quase como um data broker de verificação (00:17:05.660 –> 00:17:11.980) Que iria ser utilizado para fins de vigilância estatal. (00:17:11.980 –> 00:17:17.900) E aí o Discord, depois que isso vira notícia, eles voltam atrás. (00:17:17.900 –> 00:17:19.940) Eles dizem, nós não vamos mais usar isso. (00:17:19.940 –> 00:17:21.100) Ou seja, assim, tiram. (00:17:21.100 –> 00:17:23.000) O problema é um problema de privacidade. (00:17:23.000 –> 00:17:27.280) Você poderia, eu imagino, Vinícius, que se todo mundo tivesse, (00:17:27.280 –> 00:17:31.960) Levasse proteção de dados a sério, você poderia sim ter um protocolo (00:17:31.960 –> 00:17:36.560) Em que empresas e Estado poderiam fornecer um meio de autenticação (00:17:36.560 –> 00:17:39.540) Privacy-friendly. (00:17:39.540 –> 00:17:43.860) Ou seja, sem a coleta de informações sobre quem acessou o quê. (00:17:43.860 –> 00:17:48.360) Eles, ambos os lados, ou todos os lados, deveriam abrir mão disso. (00:17:48.360 –> 00:17:53.080) Mas nós sabemos que no estado atual de coisas, isso não vai acontecer. (00:17:53.080 –> 00:17:53.800) É o contrário. (00:17:53.800 –> 00:17:57.440) O que essa notícia mostra é que as empresas e governos estão, (00:17:58.560 –> 00:18:02.820) Frequentemente, caminhando para utilizar essa desculpa da verificação (00:18:02.820 –> 00:18:04.760) Para aumentar o monitoramento sobre as pessoas. (00:18:04.760 –> 00:18:06.620) E essa que me parece que é a preocupação. (00:18:06.620 –> 00:18:12.060) Enfim, nós vamos deixar, como sempre, todas as notícias lá no Show Notes. (00:18:12.060 –> 00:18:15.020) Tem outras coisas aqui, se você se interessa por essa questão. (00:18:15.020 –> 00:18:18.660) O papel do Discord em questão de agressão de animais, (00:18:18.660 –> 00:18:21.040) Que teve aí recentemente com o caso do Cão Orelha. (00:18:21.040 –> 00:18:25.860) E também sobre como empresas internamente discutiram e sabem. (00:18:25.860 –> 00:18:29.540) O próprio Instagram sabia como o próprio Instagram fazia mal para meninas (00:18:29.540 –> 00:18:30.680) E para adolescentes e tudo mais. (00:18:30.680 –> 00:18:32.440) Então, isso continua acontecendo. (00:18:32.440 –> 00:18:35.160) Documentos internos aí vazados. (00:18:35.160 –> 00:18:40.440) Como acontece, demonstram que eles sabem dos potenciais maléficos. (00:18:40.440 –> 00:18:46.680) Para adolescentes e continuam oferecendo as plataformas ou serviços (00:18:46.680 –> 00:18:49.700) Sem levar em consideração a proteção da criança e do adolescente. (00:18:49.700 –> 00:18:53.220) Então, fica nesse primeiro grupo aí, Vinícius. (00:18:54.120 –> 00:18:54.640) Perfeito. (00:18:54.640 –> 00:18:57.720) Segundo grupo, tem a ver também. (00:18:57.720 –> 00:19:00.300) Tem a ver com crianças e adolescentes, mas não somente. (00:19:00.300 –> 00:19:03.120) Mas tem a ver também com proteção de.. (00:19:03.120 –> 00:19:05.740) Sobretudo de mulheres na internet, da imagem de mulheres (00:19:05.740 –> 00:19:12.360) E sobre como a IA tem sido utilizada especificamente pelo X ou Twitter, Vinícius? (00:19:12.360 –> 00:19:15.660) Todo mundo que fala X logo depois tem que dizer o antigo Twitter. (00:19:15.660 –> 00:19:17.800) Mas todo mundo já sabe que o X é o antigo Twitter. (00:19:18.040 –> 00:19:20.500) Você fica meio com um vício ali. (00:19:20.500 –> 00:19:22.880) E aí, o que começou? (00:19:22.880 –> 00:19:24.060) O nome virou.. (00:19:24.060 –> 00:19:26.180) Parece que o nome virou o X antigo Twitter mesmo. (00:19:26.180 –> 00:19:27.440) Junto. (00:19:27.440 –> 00:19:28.400) Que nem a HBO. (00:19:28.400 –> 00:19:31.180) Viu a HBO Max, que era HBO. (00:19:31.180 –> 00:19:33.280) Aí depois virou a HBO Max. (00:19:33.280 –> 00:19:34.760) Aí depois foi Max. (00:19:34.760 –> 00:19:35.980) Aí tinha.. (00:19:35.980 –> 00:19:36.140) Gol. (00:19:36.140 –> 00:19:38.360) Aí voltaram com a HBO agora. (00:19:38.360 –> 00:19:40.940) Eu tenho a assinatura deles lá. (00:19:40.940 –> 00:19:41.360) Meu Deus. (00:19:41.360 –> 00:19:44.700) Eu nem sei mais o que eu tô assinando lá, porque eu não sei mais o nome desse. (00:19:44.700 –> 00:19:51.960) E aí a questão que, enfim, nesses últimos meses aí virou, uma notícia muito forte (00:19:51.960 –> 00:19:57.740) Foi que o pessoal pedia lá pro Grock no X pra que ele tirasse, deixasse mulheres nuas (00:19:57.740 –> 00:20:02.920) Ou tirasse a roupa de mulheres, inclusive de crianças. (00:20:03.660 –> 00:20:10.520) E naquela perspectiva, de que a ferramenta é neutra, a ferramenta só faz aquilo que (00:20:10.520 –> 00:20:16.440) O usuário pede pra ela fazer, a culpa não é nossa e tal, mas ao mesmo tempo a ferramenta (00:20:16.440 –> 00:20:22.400) Era programada sem guardrails ali pra despir pessoas. (00:20:22.400 –> 00:20:28.940) E se ela pode ser programada para despir pessoas, me parece que também é fácil colocar guardrails (00:20:28.940 –> 00:20:35.400) Aí pra impedir que ela dispa, dispa, despir, despir pessoas. (00:20:35.400 –> 00:20:37.920) Acho que eu nunca tinha usado o verbo despir dessa forma. (00:20:37.920 –> 00:20:39.840) Então, é.. (00:20:39.840 –> 00:20:41.080) E aí o que que aconteceu? (00:20:41.080 –> 00:20:43.860) Não sei se você quer fazer uma observação agora ou depois aqui, só pra.. (00:20:43.860 –> 00:20:45.080) Não, pode sim, pode sim, pode sim. (00:20:45.080 –> 00:20:46.580) Aí o que que aconteceu? (00:20:46.580 –> 00:20:52.860) Foi toda uma pressão em cima do X, Elon Musk chega e diz, não, olha, nós vamos, (00:20:52.860 –> 00:21:00.340) Então vamos ampliar os controles aqui, só vai poder despir pessoas quem tiver a conta (00:21:00.340 –> 00:21:01.920) Paga do X. (00:21:01.920 –> 00:21:09.820) E obviamente que daí a emenda saiu pior que o soneto e no Brasil também já vimos movimentações, (00:21:10.160 –> 00:21:17.560) De três entidades aqui, a NPD, Ministério Público Federal e Senacom, em primeiro lugar fizeram (00:21:17.560 –> 00:21:25.420) Uma recomendação lá em janeiro e agora mais recentemente, depois da resposta do X, esses (00:21:25.420 –> 00:21:32.400) Três órgãos entenderam que as medidas foram insuficientes e cada um deles, na medida das (00:21:32.400 –> 00:21:36.620) Suas competências, iniciou um processo pra determinar. (00:21:36.620 –> 00:21:42.500) Aí sim, antes tinham sugerido medidas, o X informou as medidas que foram tomadas, eles (00:21:42.500 –> 00:21:47.500) Entenderam que não foram suficientes e a partir de agora começaram, cada um na medida das (00:21:47.500 –> 00:21:53.000) Suas competências, procedimentos administrativos, seja a NPD, uma medida preventiva, o Ministério (00:21:53.000 –> 00:21:58.960) Público também, um procedimento interno e a Senacom também numa medida cautelar administrativa (00:21:58.960 –> 00:22:01.700) Determinando que eles imediatamente parem. (00:22:01.700 –> 00:22:08.720) E implementem soluções técnicas e administrativas pra impedir a geração de imagens de pessoas (00:22:08.720 –> 00:22:10.000) Nuas. (00:22:10.620 –> 00:22:16.580) E pra variar. (00:22:10.620 –> 00:22:16.580) Pra variar as maiores vítimas disso foram mulheres, tá? (00:22:16.580 –> 00:22:19.800) E inclusive menores de idade, tá? (00:22:19.800 –> 00:22:20.800) E adolescentes. (00:22:20.800 –> 00:22:25.920) Isso foi o que causou, claro que, mesmo que não tivesse menores de idade envolvidas, (00:22:25.920 –> 00:22:32.620) Isso já gerou bastante polêmica, mas com menores de idade é a coisa.. (00:22:33.300 –> 00:22:37.840) E aí uma coisa, Guilherme, só uma observação, a gente já fala há muitos anos aqui no Segurança (00:22:37.840 –> 00:22:42.880) Legal, há muito tempo, essa questão da super exposição das crianças na internet e muitas (00:22:42.880 –> 00:22:43.960) Vezes pelos próprios pais. (00:22:43.960 –> 00:22:48.920) Quando a gente falava assim, ó, não expõe, não fica botando foto, não sei o quê, tu não (00:22:48.920 –> 00:22:50.900) Sabe o que vai poder ser feito com isso amanhã. (00:22:52.040 –> 00:22:56.620) E eu lembro de estar falando e falando sobre isso em 2015, em escolas, fazer umas palestras (00:22:56.620 –> 00:22:59.020) Assim, falando pro pessoal exatamente nesses termos. (00:22:59.020 –> 00:23:07.800) E agora aqui estamos nós em 2026 com o X antigo Twitter, uma ferramenta de ar embutida (00:23:07.800 –> 00:23:13.940) Que, cara, tira a roupa de adolescente, menor de idade e tudo mais. (00:23:14.480 –> 00:23:19.600) E aí, e mesmo que você seja cuidadoso com a imagem dos filhos e tal, que é realmente (00:23:19.600 –> 00:23:20.500) A recomendação.. (00:23:20.500 –> 00:23:22.560) As escolas tinham foto, publicam, é um.. (00:23:22.560 –> 00:23:28.740) Exato, não, e ainda você tem pessoas públicas, que eventualmente, eventualmente não, (00:23:28.740 –> 00:23:34.940) Mas pessoas públicas que têm a sua imagem publicada em função da sua, da sua atividade, (00:23:34.940 –> 00:23:40.600) Sei lá, uma política, pessoas do ramo político, enfim, artistas e tudo mais, e ainda (00:23:40.600 –> 00:23:46.220) Assim não há, me parece, aliás, eu tenho certeza que não há um direito de pessoas (00:23:46.220 –> 00:23:53.460) Usarem IA pra macular a imagem de mulheres, inclusive teve notícias, pegaram lá uma (00:23:53.460 –> 00:23:58.420) Primeira ministra, não lembro exatamente de qual país, e aí começaram a fazer isso (00:23:58.420 –> 00:24:02.200) Com a imagem dela pra desqualificá-la, enfim. (00:24:02.200 –> 00:24:10.580) E aí acaba entrando, Vinícius, um pouco naquilo, eu vou puxar lá pro grupo 6, (00:24:10.580 –> 00:24:16.200) Mas tem um pouco a ver, o Vinícius me mandou esses dias uma notícia de um.. (00:24:16.200 –> 00:24:21.120) Seria um aborígine, da Nova Zelândia, que fazia vídeos.. (00:24:21.120 –> 00:24:21.760) O Steve Irving. (00:24:21.760 –> 00:24:23.340) Conta aí a história, conta aí a história. (00:24:23.340 –> 00:24:23.680) O Steve Irving. (00:24:23.680 –> 00:24:24.440) . (00:24:24.440 –> 00:24:26.260) É inacreditável. (00:24:26.260 –> 00:24:29.200) O Steve Irving, o Steve Irving é um.. (00:24:29.200 –> 00:24:37.740) Um aborígine, australiano, que faz vídeos.. (00:24:37.740 –> 00:24:38.240) Neo-zelandês. (00:24:38.240 –> 00:24:38.740) Neo-zelandês. (00:24:38.740 –> 00:24:39.380) Neo-zelandês. (00:24:39.380 –> 00:24:42.400) É Nova Zelândia, não misturar Nova Zelândia com a Austrália. (00:24:42.400 –> 00:24:43.140) Nada. (00:24:43.140 –> 00:24:49.400) Neo-zelandês, que faz vídeos, aqueles vídeos assim, meio de aventura, assim, de ver os bichos (00:24:49.400 –> 00:24:50.780) De perto e meio.. (00:24:50.780 –> 00:24:55.620) Encontra uma cobra e mexe na cobra e um escorpião e por aí vai. (00:24:55.700 –> 00:24:56.700) Esses vídeos assim, sabe? (00:24:56.700 –> 00:24:57.140) E mostrando.. (00:24:57.140 –> 00:25:00.160) Mas mostrando os animais lá da Nova Zelândia. (00:25:00.160 –> 00:25:01.120) Sim, exatamente. (00:25:01.120 –> 00:25:02.460) Fazendo um negócio.. (00:25:02.460 –> 00:25:04.060) Cara, um negócio muito bem feito. (00:25:04.060 –> 00:25:05.340) Um negócio muito bem feito. (00:25:05.340 –> 00:25:06.800) Tipo um National Geographic, assim. (00:25:06.800 –> 00:25:09.320) Tinha um outro cara, aquele cara que morreu.. (00:25:09.320 –> 00:25:13.500) Bem conhecido, ele morreu com ferrão de uma arraia. (00:25:13.500 –> 00:25:14.200) Uma arraia. (00:25:14.200 –> 00:25:15.560) No peito. (00:25:15.560 –> 00:25:18.040) Eu não lembro o nome dele, mas tudo bem. (00:25:18.040 –> 00:25:21.040) .. (00:25:21.040 –> 00:25:24.880) E esse personagem é uma vibe muito parecida, tá? (00:25:25.700 –> 00:25:30.620) Cara, um negócio com, assim, muita gente seguindo. (00:25:30.620 –> 00:25:37.660) Houve 90 mil pessoas no Instagram e aí começou a chamar muita atenção, muita atenção. (00:25:37.660 –> 00:25:42.600) E aí o cara que criou o personagem veio ao público e dizia, ó, esse cara não existe. (00:25:43.400 –> 00:25:47.980) O Steve Irving era o cara que morreu com ferrão de arraia. (00:25:49.420 –> 00:25:50.400) Sim, verdade. (00:25:50.400 –> 00:25:51.480) Na notícia, sim. (00:25:51.480 –> 00:25:53.080) Eu misturei aqui que ele chamou.. (00:25:53.080 –> 00:25:54.620) É o Aboriginal Steve Irving. (00:25:54.620 –> 00:25:56.860) É o Steve Irving aborigine. (00:25:56.860 –> 00:25:57.340) Exatamente. (00:25:57.340 –> 00:25:59.780) O Steve Irving é o cara real que morreu. (00:25:59.780 –> 00:26:00.720) Isso, isso. (00:26:00.720 –> 00:26:01.220) Isso. (00:26:01.220 –> 00:26:03.380) E o nome do cara que.. (00:26:03.380 –> 00:26:06.220) Essa persona digital criada. (00:26:07.620 –> 00:26:09.340) Quem criou foi o.. (00:26:09.340 –> 00:26:10.400) Quem criou foi o.. (00:26:10.400 –> 00:26:13.720) O Keegan, John Manson, o cara que fez a.. (00:26:13.720 –> 00:26:15.140) Que criou o personagem. (00:26:15.140 –> 00:26:17.260) Cara, eu não tenho o nome do personagem aqui. (00:26:17.260 –> 00:26:20.040) Seria o Bush Legend. (00:26:20.040 –> 00:26:20.480) Mas.. (00:26:20.480 –> 00:26:21.320) Bush Legend. (00:26:21.320 –> 00:26:22.260) Esse é o canal. (00:26:22.260 –> 00:26:23.760) Esse é o canal, Bush Legend. (00:26:23.760 –> 00:26:24.520) O Bush Legend. (00:26:24.520 –> 00:26:25.260) A conta aqui, ó. (00:26:25.260 –> 00:26:26.260) Tá separado aqui. (00:26:26.260 –> 00:26:27.280) Bush Legend, a conta. (00:26:27.780 –> 00:26:30.500) Mas o interessante é que não é a conta em si, tá? (00:26:30.500 –> 00:26:33.260) Quem quiser olhar o Bush Legend lá, deve estar no ar ainda esse negócio. (00:26:33.260 –> 00:26:35.240) O interessante não é a conta em si. (00:26:35.240 –> 00:26:41.400) O interessante é que é uma coisa que tu assiste e, cara, tu não se dá a conta que (00:26:41.400 –> 00:26:42.360) Não é real. (00:26:42.360 –> 00:26:47.360) Talvez ali num vídeo ou outro tu possa até perceber, tá? (00:26:47.360 –> 00:26:50.880) Mas a maioria das pessoas não vai perceber. (00:26:50.880 –> 00:26:51.920) Não vai se dar conta, não vai se dar conta. (00:26:51.920 –> 00:26:53.560) Então, assim.. (00:26:53.560 –> 00:27:01.540) E recentemente teve um vídeo também, eu vi essa semana, ou semana passada, um vídeo (00:27:01.540 –> 00:27:06.360) Em que tava o Brad Pitt lutando com o Tom Cruise, tá? (00:27:06.360 –> 00:27:10.320) E eles discutindo os Epstein Files na luta. (00:27:10.320 –> 00:27:20.040) Eu mostrei pra minha esposa o vídeo e disse assim, olha só o trailer de um filme que eles (00:27:20.040 –> 00:27:20.940) Estão lançando e tal. (00:27:21.420 –> 00:27:24.060) Aí a gente começou a ver o vídeo, eu já tinha visto, ela começou a ver o vídeo, (00:27:24.060 –> 00:27:29.440) Assim, tá, mas aí eles falando e tal, e eles se batendo e não paravam de se bater (00:27:29.440 –> 00:27:31.840) E conversar, assim, mas que cena mais. (00:27:31.840 –> 00:27:33.080) Sem propósito. (00:27:33.480 –> 00:27:34.820) Uma coisa meio.. (00:27:34.820 –> 00:27:37.000) Mas ao mesmo tempo ela achou que fosse verdade. (00:27:37.000 –> 00:27:38.060) Aham. (00:27:38.060 –> 00:27:43.120) Ela achou que fosse verdade, porque os personagens, ali o Tom Cruise e o Brad Pitt, tá certinho (00:27:43.120 –> 00:27:43.500) Ali, cara. (00:27:43.500 –> 00:27:44.900) Claro que fica.. (00:27:44.900 –> 00:27:48.780) Depois eles começam a zoar, começam a mudar demais, assim, começam a botar uns personagens (00:27:48.780 –> 00:27:49.800) Meio estranhos no negócio. (00:27:50.560 –> 00:27:51.240) Mas é.. (00:27:51.240 –> 00:27:51.800) E há, cara. (00:27:51.800 –> 00:27:53.660) E aí isso gera tanto.. (00:27:53.660 –> 00:27:54.580) Não só uma preocupação. (00:27:54.580 –> 00:27:56.300) Agora nós estamos vando pra ano de eleição. (00:27:56.300 –> 00:27:57.360) Vamos ver o que vai acontecer. (00:27:57.360 –> 00:28:07.520) Mas não só gera essa possível confusão com quem assiste, pra quem assiste, mas também (00:28:07.520 –> 00:28:13.300) Tá gerando uma boa discussão lá nos Estados Unidos com relação, lá nos sindicatos dos (00:28:13.300 –> 00:28:16.380) Artistas e tudo mais. (00:28:16.380 –> 00:28:23.620) Porque, cara, se tu não quiser usar a imagem de alguém, que obviamente tu vai ter que pagar (00:28:23.620 –> 00:28:28.240) Pra usar a imagem do Tom Cruise, ninguém discute que mesmo que seja autorizado pelo Tom Cruise (00:28:28.240 –> 00:28:33.160) Tu vai ter que pagar o Tom Cruise pelo uso da imagem dele, mas que tu possa começar a criar (00:28:33.160 –> 00:28:37.600) Personagens completamente fictícios, ou pessoas. (00:28:37.600 –> 00:28:44.560) Atores fictícios, pra.. (00:28:37.600 –> 00:28:44.560) Pra atuarem num filme, atuarem numa série. (00:28:45.560 –> 00:28:48.320) E aí tu não precisar mais. (00:28:48.320 –> 00:28:53.580) Talvez tu possa substituir até o roteirista na brincadeira, mas tu não precisar mais (00:28:53.580 –> 00:28:55.500) De atores humanos pra atuar. (00:28:55.500 –> 00:28:57.120) Então.. (00:28:57.120 –> 00:29:01.940) Tem uma discussão bem interessante em cima disso, sabe? (00:29:01.940 –> 00:29:07.680) A questão do emprego dos artistas e da questão do conteúdo que tu entrega. (00:29:07.680 –> 00:29:09.200) Pras pessoas. (00:29:09.200 –> 00:29:11.120) Tu vai assistir um filme.. (00:29:11.120 –> 00:29:14.480) Assim, tu topa assistir um filme muito bom feito por Iá? (00:29:14.480 –> 00:29:16.560) Cara.. (00:29:16.560 –> 00:29:21.280) Eu acho que tem um elemento ético, inclusive se fala isso lá numa das notícias. (00:29:21.800 –> 00:29:27.300) Que é um preceito de trans.. (00:29:21.800 –> 00:29:27.300) Um preceito ético de transparência no uso de Iá. (00:29:27.300 –> 00:29:32.160) Então, quando a gente fala em princípios de governança de Iá, a transparência, ela (00:29:32.160 –> 00:29:36.060) Se desdobra em várias.. (00:29:32.160 –> 00:29:36.060) Várias situações. (00:29:36.060 –> 00:29:40.680) E uma das situações que a transparência se desdobra, enquanto princípio que deve reger (00:29:40.680 –> 00:29:45.320) O uso da Iá, isso eu tô falando porque é princípio já adotado na União Europeia (00:29:45.320 –> 00:29:46.940) E tudo mais, é.. (00:29:46.940 –> 00:29:51.140) . (00:29:46.940 –> 00:29:51.140) Você tem que saber que aquele conteúdo é gerado por Iá. (00:29:51.140 –> 00:29:52.800) E a grande.. (00:29:52.800 –> 00:29:54.320) E por que que isso virou notícia? (00:29:54.320 –> 00:29:55.540) Na verdade, são duas coisas. (00:29:55.540 –> 00:30:00.500) Isso virou notícia porque não se deram.. (00:29:55.540 –> 00:30:00.500) Ninguém se deu conta. (00:30:00.500 –> 00:30:05.540) Porque se diz, você mostra pra pessoa, se você olhar num vídeo e prestar atenção, (00:30:05.540 –> 00:30:06.760) Você vai descobrir que é. (00:30:06.760 –> 00:30:10.420) A questão é que hoje, até a gente comentava isso antes. (00:30:10.420 –> 00:30:17.520) Nós, eu e você e quem nos escuta, nós já estamos consumindo conteúdos gerados por (00:30:17.520 –> 00:30:18.440) Iá sem se dar conta. (00:30:18.440 –> 00:30:18.840) Por quê? (00:30:18.840 –> 00:30:23.400) Porque a lógica de consumir conteúdo em rede social não é você ficar prestando atenção (00:30:23.400 –> 00:30:28.980) Nos detalhes, a lógica é que você vai passando rapidamente sobre certos conteúdos. (00:30:28.980 –> 00:30:32.780) E você fica vendo muitos, aquela história do feed infinito que a gente já falou. (00:30:32.780 –> 00:30:38.080) Que é uma das maldições das redes sociais e o que aprisiona as pessoas lá dentro é (00:30:38.080 –> 00:30:38.860) O feed infinito. (00:30:38.860 –> 00:30:39.900) E vamos lá. (00:30:39.900 –> 00:30:42.620) O teu espírito crítico ali fica bem rebaixado. (00:30:42.840 –> 00:30:45.960) Claro que quando a gente olha o vídeo depois sabendo o que bom, tudo bem. (00:30:45.960 –> 00:30:51.860) Ontem mesmo eu tava na academia e fica uma TV ligada lá e tava passando uma propaganda (00:30:51.860 –> 00:30:53.300) Do Liquida Porto Alegre. (00:30:53.300 –> 00:30:57.000) É tipo uma liquidação de verão que eles fazem aqui na cidade. (00:30:57.800 –> 00:31:05.020) E, cara, cinco segundos da coisa já deu pra ver que era tudo gerado por Iá, cara. (00:31:05.020 –> 00:31:09.860) Toda uma propaganda gerada por Iá, até porque no final tinha uma senhora bem idosa correndo (00:31:09.860 –> 00:31:15.540) Junto com um monte de pessoas que ela não teria como uma senhora. (00:31:15.540 –> 00:31:19.400) Enfim, até teria, mas chamou a atenção o fato de ser uma senhora bem idosa correndo (00:31:19.400 –> 00:31:21.000) Loucamente na cidade, assim, sabe? (00:31:21.640 –> 00:31:25.980) Não que não seja possível, não que não seja possível. (00:31:25.980 –> 00:31:29.660) Não, não que não seja possível, mas, assim, aquilo já disparou, não, como assim. (00:31:29.660 –> 00:31:35.940) Então, você tem um elemento ético muito, isso tá acontecendo, a propaganda, eu acredito, (00:31:35.940 –> 00:31:39.720) Que o CONAR, enfim, a regulamentação da propaganda tem que deixar isso claro. (00:31:39.720 –> 00:31:45.220) Olha, você está assistindo uma reportagem, uma propaganda feita por Iá, assim como você (00:31:45.220 –> 00:31:49.340) Quando você tá consumindo um produto no supermercado, diz se aquilo ali tem transgênico (00:31:49.340 –> 00:31:51.900) Ou não, ou o que consta. (00:31:51.900 –> 00:31:52.140) Excesso de sal. (00:31:52.140 –> 00:31:53.980) Excesso de sal, por que não? (00:31:53.980 –> 00:31:58.020) Porque a gente sabe que isso é bem brain rotizável. (00:31:58.020 –> 00:31:58.900) Aham. (00:31:58.900 –> 00:32:01.200) Brain rotizável, você não inventei agora, Vinícius. (00:32:01.200 –> 00:32:02.880) É um bom verbo. (00:32:02.880 –> 00:32:04.220) Brain rotizável. (00:32:04.220 –> 00:32:13.740) Vinícius, Brasil, você já deve ter ouvido falar disso, mas Brasil e União Europeia, (00:32:13.740 –> 00:32:17.320) Consolidaram lá o seu acordo de adequação mútua. (00:32:17.320 –> 00:32:23.180) Então, basicamente, agora, no final de janeiro, foi anunciado esse reconhecimento recíproco (00:32:23.180 –> 00:32:25.560) De adequação dos regimes de proteção de dados. (00:32:25.560 –> 00:32:31.800) E tem-se pintado isso como um marco histórico, porque, além desse franco reconhecimento, (00:32:31.800 –> 00:32:35.060) A ideia é que se abra, principalmente para o Brasil. (00:32:35.440 –> 00:32:42.000) Mas a ideia é que o Brasil poderia se beneficiar com base nesse acordo de adequação, (00:32:42.000 –> 00:32:47.660) Prestando serviços, para toda a União Europeia. (00:32:47.660 –> 00:32:53.020) Então, isso poderia ampliar o uso de data centers para IA e também o uso de próprio serviço, (00:32:53.020 –> 00:32:56.040) Porque uma vez que você tem esse reconhecimento, você não precisa, (00:32:57.180 –> 00:33:00.580) Digamos assim, quando você for fazer a transferência internacional de dados, (00:33:00.580 –> 00:33:03.140) Que é uma das situações lá em que você faz de um lado para o outro, (00:33:03.140 –> 00:33:05.800) Esse reconhecimento implica na possibilidade automática, (00:33:05.800 –> 00:33:08.880) Sem, por exemplo, você pedir, precisar pedir consentimento, (00:33:08.880 –> 00:33:12.820) Ou fazer avisos adicionais, ou reconhecimentos das autoridades. (00:33:12.820 –> 00:33:18.980) Então, abre-se, de fato, um espaço comercial também, (00:33:19.040 –> 00:33:22.300) Não seja de fluxos, de fluxo seguro de dados, enfim. (00:33:22.300 –> 00:33:24.600) Qual a questão? (00:33:24.600 –> 00:33:31.800) A questão é que, quando a gente faz uma comparação em como a União Europeia tem aplicado sanções (00:33:31.800 –> 00:33:35.620) E como o Brasil tem aplicado sanções, mesmo diante desse reconhecimento, (00:33:35.620 –> 00:33:39.620) Nós notamos que há uma distância, porque no Brasil ainda há, (00:33:39.620 –> 00:33:43.980) E aqui eu falo como titular de dados pessoais, (00:33:44.360 –> 00:33:49.580) Ainda há um certo, é um certo, como é que eu vou dizer, (00:33:49.580 –> 00:33:54.640) Atraso, talvez, na aplicação de sanções em situações muito complexas. (00:33:54.640 –> 00:33:57.340) Apenas para vocês terem uma ideia de alguns números, (00:33:57.340 –> 00:34:00.120) Na França, por exemplo, agora é janeiro, fevereiro, (00:34:00.120 –> 00:34:06.280) Você teve a France Travel, foi multada em 5 milhões de euros, (00:34:06.280 –> 00:34:09.920) A Free Mobile, 42 milhões de euros, (00:34:10.920 –> 00:34:14.820) É dividido aqui em Free Mobile e Free, não sei o que é. (00:34:14.820 –> 00:34:19.140) Então, você teve aí todas essas situações somente, (00:34:19.140 –> 00:34:22.120) Ou seja, multas milionárias na França, (00:34:22.120 –> 00:34:27.400) Somente por situações de vazamentos que se confirmou que ocorreram (00:34:27.400 –> 00:34:30.300) Por causa de insuficiência de medidas de segurança (00:34:30.300 –> 00:34:32.560) Adotadas por essas organizações. (00:34:32.560 –> 00:34:34.060) Isso na França. (00:34:34.060 –> 00:34:36.940) Na Espanha, que é uma autoridade pequena, (00:34:36.940 –> 00:34:40.180) Tem, se não me engano, menos funcionários do que, (00:34:40.180 –> 00:34:43.540) Até fiz esses dias um apanhado de número de funcionários e tal, (00:34:43.540 –> 00:34:45.960) Mas acho que tem menos funcionários do que a nossa NPD, (00:34:45.960 –> 00:34:53.040) Eles terminaram 2025 com 394 procedimentos sancionadores (00:34:53.040 –> 00:34:57.040) E com multas que somadas deram 40 milhões de euros. (00:34:57.040 –> 00:35:00.040) Então, acho que para consolidar, de fato, (00:35:00.040 –> 00:35:03.700) Urge que nós tenhamos um aprimoramento, (00:35:03.700 –> 00:35:05.480) E eu não falo nem somente em multas, (00:35:05.480 –> 00:35:08.720) Eu falo em sanções, impedir certos tratamentos, (00:35:08.720 –> 00:35:14.400) Caminhar justamente para a implementação de medidas de segurança, (00:35:14.400 –> 00:35:16.680) Resolver a questão das farmácias, (00:35:16.680 –> 00:35:20.380) Resolver a questão que a gente já falou aqui no nosso podcast (00:35:20.380 –> 00:35:26.980) Sobre a farra das biometrias faciais em academias, (00:35:26.980 –> 00:35:29.580) Em condomínios. (00:35:29.580 –> 00:35:32.780) Então, acho que a gente comemora, de fato, (00:35:32.780 –> 00:35:36.060) Mas há um caminho ainda a ser perseguido, me parece, (00:35:36.060 –> 00:35:40.100) Posso estar errado, enfim, mas me parece que há um caminho ainda a ser percorrido. (00:35:40.100 –> 00:35:42.580) Isso, obviamente, é uma via de duas mãos. (00:35:42.580 –> 00:35:45.340) Então, a gente tem uma equivalência. (00:35:45.340 –> 00:35:46.080) Isso. (00:35:46.080 –> 00:35:48.500) Então, uma coisa que muda, então, por exemplo, (00:35:48.500 –> 00:35:51.660) Se você quiser usar algum data center na Europa, (00:35:51.660 –> 00:35:53.620) Na União Europeia, para fazer mais ou menos de dados (00:35:53.620 –> 00:35:57.820) E cidadãos brasileiros, em princípio, ok. (00:35:57.820 –> 00:35:59.860) Isso. (00:35:59.860 –> 00:36:02.260) Quando você tem na União Europeia, (00:36:02.260 –> 00:36:04.040) Nos países que fazem parte da União Europeia, (00:36:04.040 –> 00:36:06.980) Não é na Europa, porque você tem países que.. (00:36:06.980 –> 00:36:08.340) Sim, eu falei, União Europeia, não é Europeia. (00:36:08.340 –> 00:36:10.960) Tu tem Inglaterra que não faz mais parte da União Europeia. (00:36:10.960 –> 00:36:12.060) Inglaterra não é mais. (00:36:12.060 –> 00:36:14.520) Aí o pessoal lá da Inglaterra, (00:36:14.520 –> 00:36:15.720) Quando entra na União Europeia, (00:36:15.720 –> 00:36:18.300) Eles ficam na fila não dos residentes da União Europeia, (00:36:18.300 –> 00:36:20.040) Eles têm que enfrentar a fila de todo mundo, (00:36:20.040 –> 00:36:21.800) Mas Suíça também não é. (00:36:21.960 –> 00:36:22.660) É engraçado. (00:36:22.660 –> 00:36:24.420) A Suíça também não é. (00:36:24.420 –> 00:36:25.960) Embora a Suíça tenha, (00:36:25.960 –> 00:36:30.200) Seja conhecida justamente por hospedar sistemas, (00:36:30.200 –> 00:36:32.080) The Privacy Friendly, de segurança, (00:36:32.080 –> 00:36:34.180) Mais VPNs que ficam lá na Suíça, (00:36:34.180 –> 00:36:36.520) Se vendem, mas não faz parte da Suíça. (00:36:36.520 –> 00:36:38.740) A Suíça acho que faz parte do espaço Schengen, (00:36:38.740 –> 00:36:39.340) Se não me engano, (00:36:39.340 –> 00:36:42.320) Que permite que você entre, (00:36:42.320 –> 00:36:44.640) Sem a necessidade de passar por fronteiras, (00:36:44.640 –> 00:36:46.120) Tem o tráfego livre, (00:36:46.120 –> 00:36:47.180) Mas acho que não faz, (00:36:47.180 –> 00:36:49.740) Mas não faz da União Europeia. (00:36:51.160 –> 00:36:52.620) Bom, Vinícius, (00:36:52.620 –> 00:36:54.680) Seguindo aqui, (00:36:54.680 –> 00:36:59.520) Nós temos também toda a questão da vigilância, (00:36:59.520 –> 00:37:02.240) Lá no Grupo 5, (00:37:02.240 –> 00:37:04.420) De vigilância e privacidade, (00:37:04.420 –> 00:37:05.220) Que nós vimos, (00:37:05.220 –> 00:37:07.680) Que me chamou bastante atenção, (00:37:07.680 –> 00:37:09.320) Chamou bastante atenção, (00:37:09.320 –> 00:37:13.660) Que foi o FBI solicitando a Microsoft (00:37:13.660 –> 00:37:17.460) A entrega de chaves BitLocker. (00:37:17.460 –> 00:37:20.720) E a gente estava conversando sobre isso antes, (00:37:20.720 –> 00:37:23.100) Não é obrigatório, (00:37:23.100 –> 00:37:26.540) Que você salve a chave do BitLocker na Microsoft. (00:37:26.540 –> 00:37:26.940) Não. (00:37:26.940 –> 00:37:27.900) Você pode salvar. (00:37:27.900 –> 00:37:29.380) Pode não estar em outro lugar. (00:37:30.520 –> 00:37:33.140) O que chama atenção aqui é a possibilidade, (00:37:33.140 –> 00:37:33.740) E vejam, (00:37:33.740 –> 00:37:35.360) Assim, (00:37:35.360 –> 00:37:36.800) O FBI e a polícia, (00:37:36.800 –> 00:37:39.040) Eu tenho absoluta certeza (00:37:39.040 –> 00:37:44.300) Que todos esses órgãos de investigação, (00:37:44.300 –> 00:37:45.220) De persecução penal, (00:37:45.220 –> 00:37:46.440) Tem o direito de, (00:37:46.440 –> 00:37:47.820) Eventualmente, (00:37:47.820 –> 00:37:50.180) Por uma ordem judicial fundamentada, (00:37:50.180 –> 00:37:52.420) Pedir acesso a nuvens, (00:37:52.420 –> 00:37:54.300) Como é o que está acontecendo agora. (00:37:54.560 –> 00:37:56.020) Os grandes escândalos aí, (00:37:56.020 –> 00:37:56.820) Banco Master, (00:37:57.240 –> 00:37:57.620) Mas, assim, (00:37:57.620 –> 00:38:01.300) Grandes escândalos e de crimes e tal, (00:38:01.300 –> 00:38:04.420) O pessoal acaba acessando nuvem de gente (00:38:04.420 –> 00:38:06.180) Que deixa o WhatsApp fazendo, (00:38:06.180 –> 00:38:07.480) Não se fala muito, (00:38:07.480 –> 00:38:10.940) Mas que deixa o WhatsApp fazendo backup lá no Google, (00:38:10.940 –> 00:38:11.940) Acessa o Google, (00:38:11.940 –> 00:38:14.000) Recupera o backup e vê tudo que o cara fez, (00:38:14.000 –> 00:38:14.720) Quem conversou, (00:38:14.720 –> 00:38:16.020) E arquivos e tudo mais. (00:38:16.020 –> 00:38:18.580) Mas o que chama atenção (00:38:18.580 –> 00:38:22.160) Sobretudo como os Estados Unidos agora estão se posicionando, (00:38:22.160 –> 00:38:23.440) Nessa parte de vigilância, (00:38:23.440 –> 00:38:25.520) Já vem se posicionando ao longo dos últimos anos, (00:38:25.520 –> 00:38:27.260) De repente, (00:38:27.260 –> 00:38:30.500) O FBI pegar a tua chave do BitLocker (0

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.) Three Buddy Problem - Episode 86: We dig into GitLab's explosive look at North Korea's “Contagious Interview” APT operation, the scale of fake IT worker infiltration, and what it means for companies chasing cheap talent. Plus, a fresh batch of already-exploited Ivanti and Dell zero-days, the return of Apple's shutdown logs, and thoughts on addictive AI coding agents affecting human purpose. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

This week was a cornucopia of zero days. We talk about the six (!) actively exploited vulnerabilities that Microsoft patched this week in its February update (2:46), then we discuss the one that Apple fixed in iOS 26.3, a vulnerability that has been used in what the company calls an "extremely sophisticated attack" against a few individuals (7:24). That's a clear indication that the vulnerability has likely been used in operations involving commercial spyware vendors. Finally, we give a little love to the long lost TV show CSI: Cyber, which starred James Van Der Beek, and the cameo that two famous hackers had on one episode (12:40). The old Threatpost CSI: Cyber running chat discussionSupport the show

The sea of green has finally evaporated. On this episode, the All-Star Panel breaks down a brutal day of red on the screen as the S&P 500 flirts with its yearly open. From the sudden VIX pop to the "0DTE-ification" of single stocks, we're breaking down all the action from the pits to the screen. The Trading Block: Market Bloodletting: The S&P, Dow, and NASDAQ are all in the red. Is this a "Buy The Dip" opportunity or the start of a volatility regime shift? VIX Hits 20: Analyzing the spike in volatility and the VIX Decomposition—is the whole surface lifting, or are we just sliding down the skew? 0DTE Dominance: New data reveals that 50% of Tesla's (TSLA) volume is now Zero Days to Expiration. We discuss the impact of daily expirations on single-stock liquidity. Big Tech Carnage: Breaking down the moves in Apple (AAPL), Microsoft (MSFT), and Nvidia (NVDA). The Odd Block: Dollar General (DG): Unusual call activity in the "stealth banger" of the year. AES Corp (AES): Why traders are flocking to utility options amidst the AI power demand surge. Around the Block: Earnings Intel: Pricing the moves for Coinbase (COIN) and Rivian (RIVN). Volatility Death Match 2.0: A preview of the upcoming battle between The Flowmaster Henry Schwartz and Scott Nations. Contact the Panel: "Uncle" Mike Tosaw: St. Charles Wealth Management The "Flowmaster" Henry Schwartz: Cboe Options Institute Mark "The Voice of Options" Longo: The Options Insider

The sea of green has finally evaporated. On this episode, the All-Star Panel breaks down a brutal day of red on the screen as the S&P 500 flirts with its yearly open. From the sudden VIX pop to the "0DTE-ification" of single stocks, we're breaking down all the action from the pits to the screen. The Trading Block: Market Bloodletting: The S&P, Dow, and NASDAQ are all in the red. Is this a "Buy The Dip" opportunity or the start of a volatility regime shift? VIX Hits 20: Analyzing the spike in volatility and the VIX Decomposition—is the whole surface lifting, or are we just sliding down the skew? 0DTE Dominance: New data reveals that 50% of Tesla's (TSLA) volume is now Zero Days to Expiration. We discuss the impact of daily expirations on single-stock liquidity. Big Tech Carnage: Breaking down the moves in Apple (AAPL), Microsoft (MSFT), and Nvidia (NVDA). The Odd Block: Dollar General (DG): Unusual call activity in the "stealth banger" of the year. AES Corp (AES): Why traders are flocking to utility options amidst the AI power demand surge. Around the Block: Earnings Intel: Pricing the moves for Coinbase (COIN) and Rivian (RIVN). Volatility Death Match 2.0: A preview of the upcoming battle between The Flowmaster Henry Schwartz and Scott Nations. Contact the Panel: "Uncle" Mike Tosaw: St. Charles Wealth Management The "Flowmaster" Henry Schwartz: Cboe Options Institute Mark "The Voice of Options" Longo: The Options Insider

You started strong this year. Focused. Engaged. Tracking numbers. Then life happened. A tech quit. Cash got tight. You missed one meeting… then another. Now you're waiting for the “right time” to jump back in. That's the Zero Day Trap. In this episode of Just ONE Thing, Rick explains why shop owners don't fail because they stop — they struggle because they think they have to restart perfectly. That belief is killing momentum in auto repair shops everywhere. You'll learn how to stop restarting, use the Miss-Resume-Repeat framework, and eliminate zero days — even when your shop feels chaotic.

OpenAI's twin initiatives to monetize ChatGPT's free tier through ads and launch the Frontier enterprise agent platform represent a shift in the AI provider's business model, with substantial implications for compliance and operational governance. Free and low-cost ChatGPT users will now see sponsored links unless they opt to reduce daily usage; only customers paying $20 or more per month retain an ad-free experience. OpenAI is concurrently marketing Frontier to enterprise clients such as HP, Intuit, and Uber, offering AI agent orchestration and deploying a team of consultants to support custom AI applications. The company projects enterprise revenue will constitute 50% of its income by year-end, up from 40% the prior month.Operating in both the consumer funnel and the enterprise layer, OpenAI combines top-of-funnel data monetization with vertical integration of services. The ad-supported free tier raises compliance concerns, as user interactions become subject to additional data collection and monetization. For organizations, this means enforcement decisions around whether and how employees may use free AI tools in regulated or sensitive environments. The more consequential development, however, is the introduction of enterprise agent orchestration through Frontier, where questions persist regarding liability, governance, production stability, and how organizations are protected from errors committed by autonomous agents.Related market movements include Anthropic's release of Claude Opus 4.6—which enables multi-agent collaboration with context windows up to 1 million tokens—and Microsoft's planned shift for Windows to a signed-by-default trust model. Anthropic's enhancements to agent functionality remain constrained by key gaps, such as conflict arbitration mechanisms, rollback procedures, and documented cost models, and the expanded context remains limited to beta testers. Microsoft's strategy to enforce signed apps by default mirrors iOS's approach to application trust, but its operational viability depends on how override mechanisms are managed by both users and IT administrators. Additional developments in backup, asset management, and AI governance (as seen with NinjaOne, JumpCloud, and Zoom) reflect a general trend towards increased integration and platform consolidation, though with ongoing gaps in security and compliance as AI adoption accelerates.The practical takeaway for MSPs and IT service leaders is the need to re-evaluate policies around free AI tool usage, invest in governance and auditability for enterprise AI, and prepare operational systems for stricter software trust and exception management requirements. Structural changes in software security and AI orchestration are transferring costs and risks from incident response to ongoing policy enforcement and exception handling. Those offering AI services should prioritize model-agnostic governance and avoid reliance on a single vendor's automation layer, as vertical integration by platform providers is reducing the defensibility of narrow service offerings.Four things to know today:00:00 OpenAI Adds Ads to Free ChatGPT; Launches Frontier Platform for Enterprise Agents04:07 Anthropic Ships Opus 4.6 Agent Teams; Model Found 500 Zero-Days in Testing06:43 Microsoft Announces Signed-App-Only Mode for Windows 11; Phased Rollout Planned10:19 NinjaOne Adds Asset Management; Zoom Launches AI Workspace Tool; JumpCloud Opens VC ArmThis is the Business of Tech.   Supported by:  CometBackup IT Service Provider University

(Presented by Thinkst Canary: Most Companies find out way too late that they've been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching 'em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.) Three Buddy Problem - Episode 84: We process the cybersecurity fallout from the latest Epstein document dump, focusing on why redactions fail in the AI era and how quickly modern tools can unravel them. The conversation moves from sloppy redaction practices and exploit mythology to harder questions about ethics, accountability, and silence within the infosec community. Plus, inside the Notepad++ supply-chain compromise attributed to a known Chinese APT, Microsoft's security executive changes, Anthropic's AI-driven vulnerability discovery, China-linked network implants, and Lockdown Mode thwarting FBI investigators. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Adobe.Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using ExpressAdobe Express AI Assistant. Valid through April 1st, 2026Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!====== Resources ======Cloudflare Zero-dayhttps://fearsoff.org/research/cloudflare-acmeTurning List-Unsubscribe into an SSRF/XSS Gadgethttps://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/Breaking Multi-Tenant Isolation in Heroku Postgreshttps://allistair.sh/blog/breaking-heroku-postgres/Parse and Parse: MIME Validation Bypass to XSS via Parser Differentialhttps://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differentialClaude Magic String Denial of Servicehttps://x.com/Frichette_n/status/2013988503336415522From WebView to Remote Code Injectionhttps://djini.ai/from-webview-to-remote-code-injection/DOM XSS Is Not Dead: The Rise of Polyglot Payloadshttps://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/====== Timestamps ======(00:00:00) Introduction(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection

(Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.) Three Buddy Problem - Episode 82: We parse news that China-linked VoidLink is a malware framework created entirely by AI and the collapsing line between elite APT operations and everyday threat actors. Plus, a new Sean Heelan essay on low-cost exploit generation and why “AI guardrails” are mostly a comforting myth; AI slop overwhelming bug bounty programs; CISA's new Brickstorm YARA rules; and fresh research on a wiper-malware found in Russian attacks against Poland's electricity sector. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Today, Neil dives into the topic of New Year's resolutions and the common pitfalls that accompany them. He notes that while many people set ambitious goals at the start of the year, the majority will abandon them by February. Neil encourages listeners to embrace failure as a natural part of the journey toward self-improvement, advocating for a mindset that views setbacks as opportunities to learn and grow. He introduces the concept of 'new day ones', highlighting that every day presents a fresh opportunity to start anew, rather than waiting for the next January 1st. KEY TAKEAWAYS It's normal to fail when trying to achieve significant changes in life. Instead of viewing failure as an endpoint, see it as a learning opportunity and a chance to try again. Unlike New Year's resolutions, which are limited to once a year, every day can be a new "day one." If you stumble, you can start fresh the next day without waiting for a specific date. Using a habit tracker can help identify patterns of success and failure. Recording daily activities with checkboxes allows for reflection on what went wrong and encourages accountability. A "zero day" (a day when you don't meet your goals) serves as a reminder of unmet standards, while a successful day (marked with an "X") reinforces positive behaviour and achievement. Regardless of how many days you've been working on your goals, it's important to keep pushing forward. Celebrate your progress and maintain momentum, whether you're on day one or day 157. BEST MOMENTS "The problem, of course, is that New Year's resolutions only come around once a year. And those resolutions are often trying to fix long-term problems with a moment's decision." "If you, like me, track your habits, you can spot the patterns which lead to failure and to success." "Zero days suck. The good news is that the day after a zero day is a new day one." "New Year's Day is a completely made-up thing, based on the assumptions of someone else, long ago in history." "If today is your new day one, I salute you too. Get going, keep going. Kick ass and keep score!" VALUABLE RESOURCES www.Neilcowmeadow.com info@neilcowmeadow.com HOST BIO Neil Cowmeadow is a maverick peripatetic guitar teacher from Telford with over 19 years' experience in the business of helping people. Learn how to start, grow and love your business with Neil's invaluable advice and tips without the buzzwords and BS! This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk/

What if we told you that CES did not feature any new GPUs?  But it did feature more frames!  MSI with LIGHTNING and GPU safeguard, Phison's new controller, and that wily AMD with new Ryzen 7 9850X3D (and confirmed Ryzen 9 9950X3D2) - whee!  Remember the Reboot computer generated cartoon?  Remember D-Link Routers and Zero Days?  Remember Intel?  It's all here! That and everything old is new again with Old GPUs and CPUs coming back .. because RAM.Thanks again to our sponsor with CopilotMoney!  Get on your single pane of financial glass and bring order to your money and spending - it's even actually fun to save again.  Get the web version and use our code for 26% off at http://try.copilot.money/pcperTimestamps:0:00 Intro00:56 Patreon01:37 Food with Josh04:10 AMD announces Ryzen 7 9850X3D05:41 AMD sort of confirmed the 9950X3D207:00 NVIDIA DLSS 4.509:34 Intel was at CES12:50 MSI LIGHTNING returns14:54 MSI also launching GPU Safeguard Plus PSUs19:44 WD_Black is now Sandisk Optimus GX Pro21:54 Phison has the most efficient SSD controller26:11 ASUS ROG RGB Stripe OLED28:44 First computer-animated TV show restored33:29 Podcast sponsor - Copilot Money34:57 (In)Security Corner44:32 Gaming Quick Hits1:06:31 Picks of the Week1:24:08 Outro ★ Support this podcast on Patreon ★

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines about eight Chrome zero days aren't just noise—they're a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You'll get a focused checklist that's quick to run and easy to defend to leadership.From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship.Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm.If you're preparing for the CISSP or leading an engineering team, you'll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

(Presented by Material Security (https://material.security): We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.) Three Buddy Problem - Episode 73: The buddies react to Google's release of Gemini 3 and its early performance, new Chrome interface changes landing on users' machines, and major highlights from CYBERWARCON. We revisit the long-running debate over APT naming conventions, examine Amazon's latest threat-intel reporting on Iranian activity, and walk through the Cloudflare outage that briefly knocked chunks of the internet offline. Plus, new APT reports from ESET, Positive Technologies, and SecurityScorecard, and China's CN-CERT (now validated claim) that the U.S. government seized billions in Bitcoin tied to the Lubian mining-pool hack. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   https://www.youtube.com/shorts/RibEPALlVE4   Microsoft Edge gets scam detection https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-scareware-sensor-for-faster-scam-detection/  https://torontosun.com/uncategorized/ontario-couple-gives-up-more-than-1m-to-online-scammers-despite-bank-warning   Cybersecurity employees worked for ransomware group https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-indicted-for-blackcat-ransomware-attacks/   L3 Harris Trenchant executive stole zero days https://x.com/jsrailton/status/1985494477033656371?s=46  https://techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/   Line waiting as a service https://www.taskrabbit.com/services/shopping-delivery/waiting-in-line   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco's 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide. Plus, Cisco's controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China's long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

In Today's WINNING Word of The Day, Coach JC shares with you the importance of NO ZERO DAYS! Coach JC | Life Coach | Motivation | Personal Development| Business| Win All Day | Entrepreneur | Author | Speaker COACH JC IS THE FOUNDER OF THE WIN ALL DAY MOVEMENT. A performance company that has become recognized for Building WINNERS & WINNING Teams through Personal Development to achieve Peak Performance! We Do This Through... Coaching, Consulting, Training & Curriculum We Specialize In... Human Performance, Personal Development, Leadership, Mental Performance & Personal Branding. We Serve... Corporations and Organizations Athletes and Athletic Teams First Responding Agencies Entrepreneurs Coach JC is recognized as a passionate coach and advisor to high performers (CEO's, Business Owners, Pastors, Pro Athletes, and First Responders) when it comes to living a life of purpose, leading with passion and WINNING in life! It didn't start there... After throwing away his college basketball career, ending up over $400k in debt, suicidal, in the fight of his life, in a custody battle to see his daughter and be a dad coach JC was able to create a new story for his life.   He now has empowered thousands of people to WIN in life through his 6 books, professional speaking, podcasts, coaching, social media, and the WIN ALL DAY movement. As an entrepreneur Coach JC has launched 5 companies and a non-profit within the personal development and business arena all based around his PERSONAL BRAND and serving others. He has been recognized as a 30 under 30, 40 under 40, The Best of The Best, and The Young Entrepreneur of the year.  Coach JC believes every person deserves the opportunity to WIN in life and through his WIN ALL DAY Playbook and Academy Coach JC and his team help high performers build purpose driven, passion filled lives and highly profitable personal brands. In the WIN ALL DAY Podcast Coach JC drops a daily WINNING Word of The Day (Mon-Fri) and once a month interviews a guest that is representing what WINNING looks like! The podcast will inspire you, motivate you, encourage you, empower you and most importantly coach you to WIN ALL DAY - to live a life of passion, fueled by purpose! Have a question you'd like Coach JC to answer on a future WIN ALL DAY episode? Submit it as a message on our social media accounts:   https://www.instagram.com/thecoachjc/ https://www.facebook.com/WINALLDAYWITHCOACHJC   Subscribe to the WIN ALL DAY podcast and leave a review for a chance to win some FREE WIN ALL DAY merchandise or even a coaching session with Coach JC each month.   Be sure to join Coach JC's VIP email list, download our free resources and learn more about WIN ALL DAY and Coach JC at  www.CoachJC.com    Learn more about what we do at www.WINALLDAY.co If you're ready to personally develop, become your best, and get certified to serve others while building a powerful personal brand business... Then it's time to become a WIN ALL DAY Certified Coach. Master the mindset. Live the mission. Monetize your message. We equip and certify WINNERS just like you to take your story, your purpose and your passion and give it back to the world as a coach and get paid to do it! So if you're ready to go from being a winner… to a certified WINNING WIN ALL DAY COACH… Head over to www.WinAllDayCertified.com  right now and apply. Your next level is waiting. Let's build YOU, your brand, your business, and your legacy.

The day has arrived. Are you fully husked?

The day has arrived. Are you fully husked?

Chris and Hector break down a Russian-linked zero-day exploit targeting WinRAR users, why stolen browser cookies bypass MFA, the economic motives behind security features (or lack thereof), and Hector's nostalgic farewell to AOL dial-up. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

#295th for 31st of July, 2025 or 3311! (33-Oh-Leven, not Oh-Eleven, OH-Leven)http://loosescrewsed.comJoin us on discord! And check out the merch store! PROMO CODEShttps://discord.gg/3Vfap47ReaSupport us on Patreon: https://www.patreon.com/LooseScrewsEDSquad Update: It's been one week since anyone said on this weekly podcast that the BGS is broken. The BD Front started another control war BD+49 3937 - we're up 3-0 on Day 4, hopefully victorious by the time you listen7 Andromedae is in BoomWar in Juan we're ignoring against our friends UtlagarnirOperation Kegstand - We're still pushing FZ Andromedae into boom, by delivering high demand items (silver from V640 Cassiopeia is easiest), then megaship scenarios will be triggered**Pax Screwiana Update** - 23,644,105,873 Citizen Shareholders, 267 Star Systems, 73 Vested Star Systems, 199 Stations, 332 Settlements, 93 Instalations, 1 MegashipPowerPlay Update: - Cycle 40Soontil Relics are back on! (Boom + Civil Liberty)1t trading is dumbQuick UpdateKruger 5's Power Rankings - https://k5elite.com/ Niceygy's Power Points - https://elite.niceygy.net/powerpointsFind out more in the LSN-powerplay-hub forum channel.Galnet Update: https://community.elitedangerous.com/None - CG is still onDev News: The Type 11 Prospector - announced on FU Discussion:Panther Clipper Mk 2: Pay 2 Win?The Type 11 ProspectorDoes mining need a dedicated ship?Community Corner:The Buckyball Racing Club presents: The 3311 Drakhyr Rallyupvote this and add your voice. It's like 40 weeks in. That's at least 40 weeks late on the fix. The issue has expired and been reposted more than once. Make them pay attention. https://issues.frontierstore.net/issue-detail/70594Wrap Up: http://loosescrewsed.comJoin us on discord! And check out the merch store! PROMO CODEShttps://discord.gg/3Vfap47ReaSupport us on Patreon: https://www.patreon.com/LooseScrewsED

This week, Nathan and B.R discuss the latest 'Sig-cident' involving an Sig P320 / M18 handgun, with this particular uncommanded discharge resulting in the death of a U.S. Airman station in Wyoming. The lads talk bluntly about the on-going lack of accountability from Sig in regards to these incidents and scapegoating via blaming the holster or user. Also discussed: The 'Tim-cident', AKA, Tim Kennedy publicly apologizing for lying about receiving the Bronze Star for Valor and the years of inflating his service record publicly and to his own profit and the implications of this and how American hero worship continues to create those who tell exaggerated and embellished tales of war for their own gain.On a more casual note, B.R celebrates carving out two acres for himself and achieving a small slice of the 'American dream' in Appalachia, and Nathan attempts to explain Death Stranding and Kojima to B.R. All that, and much more!All information discussed is open source and available to anyone with an internet connection, documents can be found below for reference and independent assessment.Any legal action pursued due to this episode will be met with more memes. :)SIG INTEL REPORT:⁠https://docs.google.com/document/d/1Ozkb5vouKqtVeHxGBtRJ5z9BVlHMF6k4Uf3gsnLe9Zc/edit?invite=CPu87poP&tab=t.hdaevbdop0sf⁠SIG P320 US I.C.E. Report:⁠https://drive.google.com/file/d/1TayAopJKjz_vspCPnAAuZ_vx5s75T8Vn/view⁠Quality and Safety Problems with the Beretta M9 Handgun:⁠https://www.gao.gov/products/t-nsiad-88-46⁠US Army M17/M18 Modular Handgun Systems Report:⁠https://www.dote.osd.mil/Portals/97/pub/reports/FY2017/army/2017mhs.pdf⁠Washington Criminal Justice Center Report:⁠https://cjtc.app.box.com/s/xt4cmgmo3ass0bqcwzwf75hk8279c1a1⁠Indian Manufacturing Company at SHOT Show Brandon mentions: ⁠https://www.indo-mim.com⁠Check out the guys that put together the SIG report:Brandon -⁠ https://www.instagram.com/bsel107/⁠⁠Drew - ⁠https://www.instagram.com/dfz_engineering/⁠Follow the lads on IG:     ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Nathan / Main Page: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.instagram.com/cbrnart/?hl=en⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠B.R: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.instagram.com/br.the.anarch⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Lucas: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.instagram.com/heartl1ne/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Three Buddy Problem - Episode 55: A SharePoint zero-day exploit chain from Pwn2Own Berlin becomes a full-blown security crisis with Chinese nation-state actors exploiting vulnerabilities that Microsoft struggled to patch properly, leading to trivial bypasses and a cascade of new CVEs. The timeline is messy, the patches are faulty, and ransomware groups are lining up to join the party. We also revisit the ProPublica bombshell about Microsoft's "digital escorts" and U.S. government data exposure to Chinese adversaries and the company's "oops, we will stop" response. Plus, trusting Google's Big Sleep AI claims and a cautionary tale about AI agents gone rogue that wiped out a production database. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

On today's show we talked about workplace accidents.  We also got an update from the Blubber Burn food craving and we found out that Portland legend and longtime news anchor Jeff Gianola will be in studio on Monday!

Ep. 198 is the second episode of our brand-new “Best of…” series. Anderson McKean of Page & Palette Bookstore joined me for the Best of Thrillers, with her all-time TOP TEN favorite thriller novels…and, a couple buzzy thrillers that didn't work for her.⁠ Also, Anderson talks about how she started reading thrillers, the wide variety available in the genre, and books from her list that would be perfect for those new to the genre! This post contains affiliate links through which I make a small commission when you make a purchase (at no cost to you!). CLICK HERE for the full episode Show Notes on the blog. Highlights What draws her to the thriller genre. From domestic to psychological thrillers, Anderson talks about the variety of the genre. Her favorite sub-genres and what doesn't work for her. Anderson picks a few books from her list that would be good starter books for those new to the genre. Anderson's All-Time Top Ten Thrillers [10:33] Gone Girl by Gillian Flynn (2012) | Amazon | Bookshop.org  [12:44] Room by Emma Donoghue (2010) | Amazon | Bookshop.org [16:57] It Girl by Ruth Ware (2022) | Amazon | Bookshop.org  [20:41] A Rip Through Time by Kelley Armstrong (2022) | Amazon | Bookshop.org  [24:16] Everyone Here Is Lying by Shari Lapena (2023) | Amazon | Bookshop.org  [27:43] The Good Sister by Sally Hepworth (2020) | Amazon | Bookshop.org  [31:38] Wrong Place Wrong Time by Gillian McAllister (2022) | Amazon | Bookshop.org   [34:17] Red Queen by Juan Gómez-Jurado (2018) | Amazon | Bookshop.org   [37:48] When the Stars Go Dark by Paula McLain (2021) | Amazon | Bookshop.org  [41:12] These Silent Woods by Kimi Cunningham Grant (2021) | Amazon | Bookshop.org  [45:37] High-Profile Thrillers That Did Not She Didn't Love [48:35]  The House Across the Lake by Riley Sager (2022) | Amazon | Bookshop.org  [48:41] None of This Is True by Lisa Jewell (2023) | Amazon | Bookshop.org  [49:01] Other Books Mentioned The Plot by Jean Hanff Korelitz (2021) [13:23] The Girl on the Train by Paula Hawkins (2015) [16:06] The Blue Hour by Paula Hawkins (2024) [16:13] Where the Crawdads Sing by Delia Owens (2021) [16:38] The Woman in Cabin 10 by Ruth Ware (2016) [20:58] I Have Some Questions for You by Rebecca Makkai (2023) [21:50] Zero Days by Ruth Ware (2023) [23:05] Vantage Point by Sara Sligar (2025) [23:11] One Perfect Couple by Ruth Ware (2024) [23:54] The Time Traveler's Wife by Audrey Niffenegger (2003) [24:51] Death at a Highland Wedding by Kelley Armstrong (2025) [27:35] What Have You Done by Shari Lepena (2024) [30:09] The Couple Next Door by Shari Lepena (2016) [30:24] Someone We Know by Shari Lepena (2019) [30:31] Strange Sally Diamond by Liz Nugent (2023) [32:23] The Mother-In-Law by Sally Hepworth (2019) [33:26] The Soulmate by Sally Hepworth (2022) [33:50] The Darling Girls by Sally Hepworth (2023) [33:53] Just Another Missing Person by Gillian McAllister (2023) [36:36] The Girl with the Dragon Tattoo by Stieg Larsson (2005) [38:04] The Bourne Identity by Robert Ludlum (1980) [39:24] In Light of All Darkness by Kim Cross (2023) [42:25] The Death of Us by Abigail Dean (2025) [44:17] Our Endless Numbered Days by Claire Fuller (2015) [47:20] The Nature of Disappearing by Kimi Cunningham Grant (2024) [48:11] The Fury by Alex Michaelides (2024) [49:47] The Silent Patient by Alex Michaelides (2019) [49:53]