Daily Security Review

Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, invoice alerts, and even deceptive CAPTCHA prompts, these attackers are bypassing traditional email and web filters by operating under the guise of reputable platforms.We’ll dive into specific attack techniques, including multi-stage payload delivery using VBScript, clipboard hijacking with fake MP3 files, and the deployment of tools like NetBird and OpenSSH for persistent access. We’ll also explore the rise of Phishing-as-a-Service kits like Haozi that lower the barrier for launching these sophisticated campaigns. Finally, we cover key mitigation strategies—from detection platforms to user education—that organizations can adopt to stay ahead of these evolving threats.This episode is a must-listen for IT professionals, CISOs, and anyone tasked with defending against phishing and social engineering attacks in today’s high-trust, high-risk digital landscape.

In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune malware before deployment. Led by Dutch authorities and supported by agencies from the U.S., Germany, France, and others, this operation marks a major win in Operation Endgame—a sweeping initiative targeting malware infrastructure, ransomware syndicates, and initial access brokers.AVCheck enabled attackers to simulate antivirus scans and ensure their payloads were virtually undetectable, making it a cornerstone of the modern malware development cycle. Authorities seized domains, servers, and a rich database of user information, some of which links AVCheck directly to notorious ransomware groups. The same investigation also exposed ties between AVCheck and crypting services like Cryptor.biz and Crypt.guru, underscoring how deeply integrated these dark web services are.We also explore the implications of this crackdown: how disrupting enabler services like AVCheck may prevent future cyberattacks, why ransomware groups are now shifting tactics—including potentially more violent threats—and what comes next as cybercriminals adapt. From undercover ops to fake login traps and forensic analysis, this episode covers the full scope of the AVCheck takedown and its impact on global cybercrime.

ConnectWise has confirmed a cyberattack targeting ScreenConnect, its remote access solution used by thousands of Managed Service Providers (MSPs). The breach is reportedly tied to a sophisticated nation-state actor and linked to CVE-2025-3935, a critical ViewState code injection vulnerability that could allow Remote Code Execution (RCE).In this episode, we dissect what happened, why it matters, and what MSPs need to do right now. We cover the technical details behind CVE-2025-3935, including how attackers exploit machine keys to execute malicious payloads on vulnerable servers. You'll hear what ConnectWise has—and hasn't—shared publicly, why their communication is frustrating some users, and why many believe the impact might be broader than officially stated.We also examine the bigger picture: What does this mean for cybersecurity in the MSP ecosystem? How prepared are we for nation-state-level threats? And how can organizations improve patch management and incident response before the next zero-day is weaponized?Whether you're an MSP, a CISO, or an IT admin responsible for remote access tools, this is a breach you can’t afford to ignore. Tune in for expert analysis, community reactions, and actionable insights on securing your infrastructure.

In this episode, we dive into the graphical corruption saga triggered by Firefox version 139, released on May 27, 2025. Aimed at uncovering what went wrong, we review reports from across the web detailing how the update wreaked havoc for Windows users running NVIDIA graphics cards—particularly those with multi-monitor setups using mixed refresh rates.We discuss the symptoms users experienced: severe flickering, video playback issues, and flashing web pages that rendered the browser unusable for many. We explore the underlying technical culprit—Firefox’s use of Windows DirectComposition surfaces instead of swapchains—and how this specific implementation conflicted with certain NVIDIA driver configurations.You'll also hear how Mozilla responded, from recommending a manual workaround through about:config, to issuing a rapid emergency update (version 139.0.1) that restored a blocklist to prevent the artifacts. We reflect on how this incident highlights the fragile intersection of GPU drivers, OS-level composition tools, and browser rendering pipelines.If you're running a multi-monitor rig with NVIDIA GPUs—or just interested in how complex modern browser rendering really is—this episode breaks it all down and explains how Mozilla handled a potentially reputation-damaging bug with transparency and speed.

In this episode, we break down the recent $4 million seed funding round for Unbound, a startup tackling one of the biggest unsolved problems in enterprise AI: how to stop employees from leaking sensitive data through ungoverned use of Generative AI tools.Unbound’s AI Gateway aims to be the missing link between rapid AI adoption and responsible usage—offering real-time redaction of sensitive prompts, intelligent model routing, and deep usage analytics. With early adopters already preventing thousands of data leaks and cutting AI costs by up to 70%, investors are betting big on governance infrastructure as the next AI gold rush.We discuss why Unbound’s funding isn’t just another startup headline—it’s a signal that AI governance is no longer optional. As companies like Sony suffer from preventable data exposures and shadow AI runs rampant inside enterprises, this episode explores how and why AI Gateways are poised to become a foundational layer of enterprise architecture.

Microsoft is taking direct aim at one of the biggest pain points in the Windows ecosystem: update fragmentation. In this episode, we dive deep into the details of Microsoft’s newly announced Windows-native update orchestration platform, currently in private preview. We explore how this unified infrastructure aims to centralize updates for all apps, drivers, and core OS components under the familiar Windows Update umbrella—bringing it more in line with the seamless update experiences of Android and macOS.We’ll discuss the root of the fragmentation problem, how third-party apps currently operate in silos, and the operational headaches this causes for end-users and IT administrators alike. You'll learn how the new platform works, how developers can integrate with it using WinRT APIs and PowerShell, and what benefits it promises—from better reliability and performance optimization to unified logging and smarter scheduling. We also cover critical challenges ahead, including developer adoption, concerns over user control, potential security risks, and the implications of centralizing such a crucial system function.Plus, we touch on current tools like the PSWindowsUpdate PowerShell module and platforms like Action1 that are helping bridge the update management gap today—until Microsoft’s new platform becomes mainstream. Whether you're a sysadmin, a developer, or just someone tired of juggling app update popups, this episode breaks down what’s coming and why it matters.

Linux systems are under siege—particularly in the world of IoT and internet-exposed servers. In this episode, we dissect PumaBot, a new GoLang-based botnet that's turning Linux IoT devices into cryptomining workhorses. We’ll break down how attackers brute-force SSH credentials, install malware disguised as legitimate services, and use systemd for stealthy persistence.We dive deep into ATT&CK technique T1501, where systemd services like redis.service or mysqI.service are hijacked or maliciously created to ensure malware survives system reboots. You'll learn how adversaries leverage GoLang’s cross-platform strengths and embed rootkits like pam_unix.so to capture credentials, all while evading detection with environment fingerprinting.We also explore the broader implications: how cryptojacking continues to rise, what SSH brute-forcing says about current security hygiene, and why IoT devices remain a weak link in enterprise infrastructure. If you manage Linux systems or deploy connected devices, this episode is your tactical briefing on the latest threats—and what to look out for before your CPU cycles are stolen for someone else's crypto wallet.

On December 25, 2024, while most businesses were offline, a serious data breach struck LexisNexis Risk Solutions—exposing the personal data of over 360,000 individuals. The twist? The attack vector wasn’t a direct hack, but an indirect compromise through a third-party GitHub repository. Even more concerning, the breach went undetected until April 1, 2025.In this episode, we break down the timeline, scope, and implications of the LexisNexis incident. We examine how the company’s own privacy principles—centered on accountability, security, and privacy-by-design—stack up against what actually happened.We’ll also explore:The role of third-party platforms in modern breachesWhy detection delays remain a persistent issueHow this breach compares with past major incidents, like Equifax and YahooWhat this means for the future of privacy frameworks and enterprise security posturesAs data breaches become increasingly common and complex, this case raises critical questions: Are published privacy principles enough? And what can companies do to truly align policy with practice?🔐 Tune in to find out—and what enterprises must do to avoid being next.

On this episode, we dissect the ransomware attack that brought MathWorks—a cornerstone software provider for engineers, scientists, and educators—to a grinding halt. The attack, which began on May 18, 2025, and was officially confirmed on May 26, crippled a wide range of customer-facing and internal systems, from MATLAB Online and ThingSpeak to license distribution and downloads.We examine the timeline of the incident, MathWorks’ response, and what services remain down or degraded even as restoration efforts continue. With over 5 million users and customers across 100,000 organizations, the outage has triggered a wave of disruptions—especially for students relying on MATLAB Online during finals week.We also explore the silence from ransomware groups, speculate on whether a ransom was paid, and discuss why this significant attack has received surprisingly little media coverage. Is MathWorks buying time behind closed doors, or is this another sign of growing sophistication among ransomware gangs?Tune in for a comprehensive breakdown of the incident, the user impact, and the broader implications in today’s escalating ransomware threat landscape.

The cybersecurity market is booming, projected to triple in size from $215 billion in 2025 to $697 billion by 2035. This explosive growth is being fueled by rising cyber threats, the digital transformation of global businesses, and an urgent need for advanced security operations. One of the clearest signals of this momentum? Zscaler’s acquisition of Red Canary—a leading Managed Detection and Response (MDR) provider.In this episode, we unpack Zscaler’s strategic decision to acquire Red Canary and what it reveals about the evolving cybersecurity landscape. We explore how this move reflects a broader M&A trend in the sector, where large players are aggressively acquiring innovative startups to enhance their detection capabilities and talent pool. With access to 500 billion daily data transactions via Zscaler’s Zero Trust Exchange, Red Canary is poised to supercharge its threat detection accuracy and speed.We’ll break down how MDR differs from traditional MSSPs and EDR, why it's now considered a critical service for enterprises, and how AI-driven security operations are becoming the new normal. Plus, we dive into how Zscaler’s zero trust architecture is simplifying post-acquisition integration, allowing for faster value realization with less risk.Tune in for a deep-dive look at one of the most significant cybersecurity deals of 2025—and what it means for the future of AI, MDR, and the multi-billion-dollar battle to secure the digital world.

In this episode, we unpack a critical supply chain breach that’s rattled the cybersecurity world: the exploitation of multiple zero-day vulnerabilities in SimpleHelp Remote Support Software — most notably CVE-2024-57726, a privilege escalation flaw scored 9.9 by the NVD.Threat actors linked to the DragonForce ransomware operation and the Scattered Spider group are actively leveraging these vulnerabilities to infiltrate Managed Service Providers (MSPs), hijack their remote management infrastructure, and deploy ransomware to downstream clients. We break down how these bugs were chained to gain admin-level control, upload malicious files, steal data, and deliver double-extortion payloads.You'll hear how attackers turned SimpleHelp’s legitimate access capabilities into a mass distribution weapon — transforming a trusted MSP tool into a delivery vehicle for destruction. We also explore the role of Scattered Spider as an access broker and social engineering powerhouse, using SIM swapping, MFA fatigue, and cloud exploitation to support this campaign.We analyze real-world impact, including UK retail disruptions, and examine how delayed patching, inadequate segmentation, and poor monitoring allowed this breach to cascade across environments. Finally, we’ll share urgent mitigation steps for MSPs and enterprises using RMM software — before they become the next victim.🔒 Whether you’re in IT security, part of an MSP, or manage remote support software, this is one episode you can't afford to miss.

This episode dives deep into Operation RapTor, one of the largest international crackdowns on dark web crime to date. We analyze how coordinated law enforcement actions across ten countries led to the arrest of 270 individuals, the seizure of $200 million in currency and digital assets, and the dismantling of major darknet marketplaces including Incognito, Tor2Door, and Bohemia.We explore the persistence and evolution of dark web crime—how vendors are adapting by migrating to smaller, single-vendor shops, and why drug trafficking, particularly involving fentanyl, remains the dominant force in the underground digital economy. The discussion covers high-profile convictions tied to counterfeit Adderall and fentanyl-laced pills, the use of encrypted apps and cryptocurrency in laundering operations, and how criminals turn industrial pill presses into deadly enterprise tools.We also unpack the central role of cryptocurrency in enabling and concealing illicit transactions and the growing need for law enforcement expertise in digital asset tracing and seizure. Plus, we examine lesser-known areas like the counterfeit goods market on the dark web—from luxury watches to electronics—and how its makeup diverges significantly from traditional customs seizures.As global policing efforts intensify, what does the future hold for dark web marketplaces, and how can intelligence agencies, regulators, and tech experts stay ahead? Tune in as we dissect the trends, threats, and technological arms race shaping the next era of cybercrime enforcement.

In this episode, we take a deep dive into the recent Marlboro-Chesterfield Pathology (MCP) ransomware attack—one of the most significant healthcare breaches of 2025. On January 16th, MCP detected unauthorized activity on its internal systems. Just days later, the SAFEPAY ransomware group claimed responsibility, posting stolen data—over 30GB of sensitive information affecting 235,911 individuals—on the dark web.We examine what data was exposed, the organization’s response, and the broader implications for cybersecurity in the healthcare sector. From PII and PHI leakage to the potential legal fallout and reputational damage, this breach underscores persistent vulnerabilities in outdated infrastructure, third-party integrations, and underfunded security protocols.We also explore the critical role of the Cybersecurity and Infrastructure Security Agency (CISA), how organizations can adopt “secure by design” principles, and what proactive steps healthcare providers can take to protect their patients and operations. Was a ransom paid? What lessons can other providers learn from this breach? Tune in to find out.

In this episode, we dive deep into the underground cybercrime ecosystem powering the surge of modern infostealers—Stealc, Vidar, and LummaC2. These malware strains aren't just code—they're full-service products sold as Malware-as-a-Service (MaaS), giving even low-skilled attackers access to powerful data theft tools.We break down how these stealers are delivered through clever deception tactics like ClickFix, which uses fake pop-ups on shady streaming sites to trick users into pasting malicious PowerShell commands. We also explore drive-by downloads masquerading as cracked software and how attackers abuse legitimate tools like mshta and PowerShell to silently deploy and persist infostealers on victim machines.From obfuscation techniques that thwart static analysis to the use of browser-based panels that manage infections and exfiltrated data, we reveal how these stealers target everything from browser credentials to cryptocurrency wallets and messaging apps. We’ll also unpack the advanced persistence methods and evasion techniques being deployed—including anti-VM checks, script encoding, and dynamic WinAPI loading.With new variants like Stealc V2 introducing MSI-based payloads, streamlined C2 communication, and multi-monitor screenshot capture, defenders face an increasingly complex landscape. We discuss how behavioral detection, threat intelligence, and advanced obfuscation detection techniques like Logistic Regression with Gradient Descent are becoming essential in combating these evolving threats.Tune in for a frontline briefing on how infostealers operate today—and what it will take to stop them.

In this episode, we dive deep into the growing tension between AI innovation and data privacy through the lens of a major controversy: Microsoft’s Windows 11 Recall feature. Designed to screenshot nearly everything a user does every few seconds, Recall creates a searchable visual archive of on-screen activity. But while Microsoft claims it enhances productivity, critics call it “spyware,” “creepy,” and a “privacy nightmare.”Leading the charge against Recall is Signal Messenger, which has deployed a DRM-based screen security fix to block Recall from capturing its app’s content—an unprecedented move in the realm of desktop applications. Signal’s action isn’t just a technical patch; it's a bold statement in the escalating debate about surveillance, user control, and the unchecked power of AI-enabled features.We explore how this confrontation underscores broader issues: AI’s ability to infer sensitive information from mundane data, the gaps in global data protection frameworks, and the urgent need for stronger developer tools and user-centric privacy controls. We also discuss the ethical and legal implications of AI systems that transform ephemeral user behavior into permanent, searchable records—often without full consent.This isn't just about one controversial feature—it's a microcosm of the privacy challenges we're all about to face. Whether you're a developer, privacy advocate, or just someone who values control over your digital life, this episode will change how you think about the systems you use every day.

In this episode, we break down the resurgence of the Bumblebee malware loader and its latest distribution method: blackhat SEO campaigns and trojanized software installers. By mimicking legitimate download pages through typosquatted domains and poisoning Bing search results, attackers are tricking IT professionals into unknowingly infecting their own networks.We explore how malware is being embedded into fake versions of tools like Milestone XProtect, RVTools, WinMTR, and Zenmap—critical software often run with administrative privileges. Once executed, these installers silently load Bumblebee, enabling attackers to deploy ransomware, infostealers, or Cobalt Strike payloads.You’ll also hear about:Why Bumblebee’s return fills the gap left by QBot’s takedownThe anatomy of the campaign’s DLL side-loading and use of legitimate Windows binariesReal-world indicators of compromise (IoCs) and typosquatted domains to watch out forHow a DDoS attack on the real RVTools website added to the confusionWhat security teams must do now to mitigate and respondIf your IT department uses any of the targeted tools, don’t miss this urgent discussion on one of the most deceptive malware delivery strategies we’ve seen this year.

In this episode, we dive into the evolving tactics of the Silent Ransom Group (SRG)—also known as Luna Moth—a cybercriminal outfit that has shifted from traditional phishing to a new, more deceptive strategy: impersonating IT support over the phone. Their latest victims? U.S. law firms, targeted for the sensitive data they hold and the large financial transactions they handle.We explore how SRG uses legitimate remote access tools like Zoho Assist and AnyDesk to silently exfiltrate data while avoiding antivirus detection. Once the data is stolen, the group threatens to publish it unless a ransom is paid—causing severe financial and reputational harm to their victims.This episode also covers critical defense strategies including the importance of cybersecurity awareness training, robust data backup plans, and the deployment of multifactor authentication (MFA)—with a special focus on Microsoft Entra MFA. We’ll break down how Conditional Access policies and modern authentication methods can prevent breaches, even when credentials are compromised.Whether you're in legal, IT, or risk management, this is a wake-up call you don’t want to miss. Learn how to detect the signs of SRG activity and protect your organization before the phone rings.

A growing cyber threat is targeting macOS users who rely on Ledger cold wallets to secure their cryptocurrency. In this episode, we dissect the anti-Ledger malware campaign—an increasingly sophisticated phishing operation that impersonates the trusted Ledger Live application to trick users into revealing their 24-word recovery phrases. Once entered, these phrases give attackers full access to empty the victims’ wallets.We examine how this threat evolved from simple data-stealing to focused seed phrase phishing. From the "Odyssey" stealer introduced by the threat actor Rodrigo to the infamous Atomic macOS Stealer (AMOS), this malware ecosystem now includes advanced evasion tactics, realistic UI clones, and deceptive error messages designed to lure users into handing over their credentials.We also discuss the techniques these malware variants use—such as fake DMG installers, malvertising, Terminal-based execution bypasses, and phishing overlays—and highlight how cybercriminals are exploiting trust in cold wallet systems to bypass traditional defenses. Plus, we spotlight emerging threats like "mentalpositive" and the dark web chatter about an evolving anti-Ledger market.Whether you're a crypto enthusiast or just concerned about digital hygiene, this episode offers critical insight and actionable advice to help you avoid becoming the next victim of this dangerous campaign.

In this episode, we break down the latest and most impactful phase of Operation Endgame, the international law enforcement campaign targeting the backbone of the ransomware ecosystem. Between May 19–22, authorities executed a sweeping takedown of 300 servers, neutralized 650 domains, and seized €3.5 million in cryptocurrency, adding to a total of €21.2 million seized over the course of the operation.We explore how this phase zeroed in on Malware-as-a-Service (MaaS) and loader operations — the essential tools used by ransomware groups to infiltrate victims. Key malware families including DanaBot, Qakbot, Trickbot, Bumblebee, Lactrodectus, and Warmcookie were directly targeted.This isn't just about servers and code — indictments were unsealed against 16 members of the DanaBot cybercrime gang, and the alleged leader of the Qakbot operation, responsible for compromising over 700,000 systems, has been charged. We also discuss the arrest of a crypter specialist for Conti and LockBit, illustrating the depth of the disruption.You’ll also hear how intelligence from previous takedowns, like Smokeloader, led to follow-up arrests — a sign that this multi-phase operation is not only reactive but deeply strategic. Operation Endgame is proving that even as cybercriminals adapt, global law enforcement can strike harder, smarter, and with precision.

In this episode, we dive into the alarming surge of infostealer malware campaigns leveraging social media platforms, particularly TikTok, as their distribution vector. Threat actors are exploiting trending content—especially around AI tools like Sora, ChatGPT, and Google Gemini AI, and popular software like CapCut and MidJourney—to bait unsuspecting users into executing malicious PowerShell commands or downloading disguised malware.We examine how the Malware-as-a-Service (MaaS) economy enables even low-skilled attackers to deploy highly evasive malware strains like Stealc, Vidar, Nova Stealer, and IceRAT, all armed with anti-analysis techniques, persistent backdoors, and data exfiltration modules that compromise everything from passwords to crypto wallets.From analyzing the technical behavior of commands like iwr | iex to unpacking how fake tutorials and software activators are being used as lures, this episode walks through real-world examples, user victim reports, and insights from Bitdefender, Tinexta Defence, and Quorum Cyber.We’ll also discuss:How malware uses scheduled tasks and PowerShell for persistenceThe exploitation of ClickFix and mshta for stealth executionWhat Indicators of Compromise (IOCs) to look forDefensive actions including endpoint monitoring, antivirus alerts, and system hardeningIf you're in cybersecurity, IT, or even just a curious end-user, this is a must-listen episode that connects social engineering, tech trends, and threat actor innovation into one dangerous new malware frontier.

In this episode, we dive into the ransomware attack that struck Kettering Health, a major healthcare provider, and the evolving tactics of the Interlock ransomware group behind it. Interlock, active since late 2024, has adopted advanced techniques including double extortion, credential theft, and PowerShell-based backdoors to compromise healthcare systems. The attack on Kettering Health disrupted services and underscored the vulnerability of healthcare data to cybercriminals with professional-level operations.We explore how ransomware groups like Interlock are no longer lone actors but sophisticated teams with their own reputations and operational playbooks. You'll hear about common infection vectors such as phishing, exposed RDP ports, and MSP compromise—and why healthcare data, ranging from patient records to proprietary research, is among the most valuable on the black market.This briefing also unpacks how healthcare providers can build layered defenses, including adoption of the NIST Cybersecurity Framework (CSF), segmented networks, offline backups, and least-privilege access. Finally, we discuss why authorities advise against paying ransoms, and how collaboration with CISA, MS-ISAC, and law enforcement is critical in recovery and prevention.Tune in for a direct, tactical analysis of what happened, how it happened, and what your organization can do to stay protected.

As digital deception evolves, so must our defenses. In this episode, we dive deep into the escalating battle for trust in our increasingly connected world. From nation-state-level authentication models to real-time behavioral biometrics on your mobile device, the tools to verify identity are becoming more sophisticated—and more essential—than ever.We unpack the concept of a Pervasive Trusted Ecosystem, where every layer—from user identity and hardware to operating systems and global trust services—is fortified to resist cyber threats. Learn how Secure Boot protocols, hardware-based roots of trust, and Risk-Based Authentication (RBA) are shaping the architecture of secure systems.But it’s not just about defense—it’s about deception too. The rise of deepfake technology, fueled by GANs and synthetic audio, is challenging the very idea of “seeing is believing.” We examine how these tools are being weaponized in fraud and misinformation campaigns—and what can be done to detect and stop them before trust collapses.From mobile continuous authentication using gait, touch, and typing patterns, to deepfake detection and public education, this episode offers a critical look at the tools, techniques, and trust models we need to secure our digital lives.🔐 This isn’t just cybersecurity. It’s a fight to preserve reality.

In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our electric grids, water supplies, and industrial automation—but thousands are reachable online, often unsecured.We explore how researchers are working to distinguish between real ICS devices and honeypots—decoys used to bait cyber attackers. You’ll learn about scanning tools like Shodan, techniques like lightweight fuzzing and TTL analysis, and how attackers and defenders are racing to outsmart each other.We’ll also unpack the latest data: over 119,000 potentially real ICS hosts exposed as of April 2024, and more than 39,000 suspected honeypots deployed globally. From protocol fingerprinting to cloud-hosted traps like GridPot, we explore what’s real, what’s fake, and why it matters for national infrastructure.If you're in cybersecurity, critical infrastructure, or just curious how close we are to a digital blackout, don’t miss this briefing.

In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product delivery delays. This episode explores how a ransomware incident brought one of Europe’s leading food manufacturers to a standstill, revealing how vulnerable the food industry is to modern cyber threats.We examine the critical infrastructure of the food supply chain and why operational technology (OT), programmable logic controllers (PLCs), and distribution systems are becoming prime targets. From the risks posed by third-party vendors to the dangers of shadow IT and outdated ICS environments, we analyze the multilayered vulnerabilities that cybercriminals are increasingly exploiting.We also discuss Germany’s cybersecurity challenges, the rising professionalization of cybercriminal groups, and how businesses in the food and beverage sector can bolster their defenses through OT-specific protections, Zero Trust security, and robust incident response plans. The Arla incident is not just a case study—it’s a warning for every company in critical manufacturing.

In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security Center APIs, this tool disables Windows Defender by impersonating a trusted antivirus and injecting its code into Microsoft-signed Task Manager. We explore how Defendnot bypasses Protected Process Light and security signatures, effectively neutering the built-in antivirus on Windows systems.The discussion broadens to cover the common antivirus and EDR detection mechanisms — including static analysis, AMSI, ETW, API hooking, IAT inspection, and behavioral monitoring — and the sophisticated techniques attackers now use to bypass them. From DLL injection and reflective loading to direct/indirect syscalls and anti-sandbox checks, we break down the tools and tactics adversaries use to slip past enterprise defenses.We also discuss the broader implications of tools like Defendnot: how trusted Windows infrastructure is being turned against itself, why these attacks are difficult to mitigate, and what the security community needs to consider moving forward. Whether you're a red teamer, blue teamer, or somewhere in between, this episode is your technical crash course on how modern endpoint protection is being circumvented — and what that means for defenders.

In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. The intelligent SaaS platform promises to replace outdated, reactive playbooks with automated, tailored response plans that span legal, security, IT, and executive teams. With participation from top cybersecurity VCs and the addition of industry giants Kevin Mandia and Nicole Perlroth to its board, BreachRx is pushing to make operational resilience the new standard.We unpack how BreachRx’s AI-powered platform addresses compliance with frameworks like NIST, SEC, and ISO 27001, protects CISOs from liability, and enables real-time cross-functional collaboration during high-pressure breach scenarios. The conversation also explores their go-to-market expansion, MSSP partnerships, and the role of communications in managing incidents effectively — not just technically, but reputationally.If you're tired of “stale paper plans” and want to understand the next generation of incident response, this episode is for you.

In this episode, we unpack the 2024 cybersecurity incident that rocked the debt collection and healthcare sectors: the massive data breach at Nationwide Recovery Services (NRS), a third-party collections agency and subsidiary of ACCSCIENT. Between July 5 and July 11, 2024, threat actors gained unauthorized access to NRS’s systems, exfiltrating sensitive personal and medical data belonging to individuals whose information was handled by NRS on behalf of healthcare providers and government entities.We'll break down what was exposed — including names, Social Security numbers, medical records, and financial account details — and discuss why this breach is considered particularly severe. With downstream vendors like Harbin Clinic, DRH Health, and the City of Chattanooga now notifying over 110,000 individuals (and counting), the scale of the breach is significant — and growing.Our discussion explores:Why NRS delayed notifying affected clients until February 2025 — 7 months after detection.The legal and contractual backlash, including Chattanooga’s canceled contract and threats of litigation.Regulatory obligations under HIPAA and GDPR, and how NRS may have fallen short.Lessons for healthcare providers and public entities in managing third-party risk.Steps individuals should take now if they were affected — and why identity protection services matter.We also analyze how the incident has intensified scrutiny of the debt collection industry’s data security posture and why vendor oversight must be a priority in any data-driven operation.Tune in for a comprehensive breakdown of a breach with far-reaching consequences — and what it signals for future legal and cybersecurity landscapes.

In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader component. This vulnerability allows attackers to leak cross-origin data, including sensitive query parameters and session information, via crafted HTML pages. Even more alarming: it's not limited to Chrome. Other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also at risk.We’ll explore the technical mechanism behind the flaw, how it abuses Link headers and referrer-policy directives, and why it's capable of bypassing same-origin protections, putting OAuth-based login flows and session security at risk. With confirmed active exploitation, CVE-2025-4664 has been added to CISA’s Known Exploited Vulnerabilities Catalog, triggering federal mandates to patch or discontinue use of vulnerable versions before June 5, 2025.Our discussion covers:How the vulnerability works and why it’s dangerousWhich browsers and versions are affectedThe urgency of applying the latest Chrome and Edge updatesSecurity best practices and monitoring recommendations for SOC teamsLessons this incident teaches about browser security architectureDon’t miss this essential security update—whether you're managing enterprise systems or browsing on your personal laptop, this vulnerability demands immediate attention.🎧 Tune in to learn how to stay protected.

In this episode, we dive deep into a newly disclosed healthcare data breach affecting over 483,000 patients of Catholic Health, stemming from a misconfigured Elasticsearch database maintained by third-party vendor Serviceaide.From September 19 to November 5, 2024, the database was inadvertently exposed to the public internet, putting highly sensitive information—including names, Social Security numbers, birthdates, medical record numbers, treatment and prescription details, insurance information, and even login credentials—at risk.Although Serviceaide reported no confirmed exfiltration, they admitted they cannot rule it out, raising alarms across the cybersecurity and healthcare communities. The exposed data’s scope and sensitivity make this breach especially dangerous, with potential long-term implications for identity theft and patient privacy.We’ll break down:The exact nature and cause of the exposureWhy third-party vendor risks continue to plague healthcare systemsWhat information was compromisedHow the breach compares to others in the industryWhat mitigation steps are being taken, including free credit monitoringThis incident is another stark reminder of the critical importance of vendor vetting, infrastructure configuration, and ongoing security monitoring—especially in sectors that handle life-altering data like healthcare.

In this episode, we take an in-depth look at the newly discovered CVE-2025-4664 vulnerability in Google Chrome’s Loader component. This high-severity security flaw is affecting not only Chrome but also other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi. The issue lies in insufficient policy enforcement within the browser’s Loader, enabling attackers to manipulate the referrer-policy and leak sensitive cross-origin data, potentially leading to full account takeovers.We discuss the technical details of the exploit, focusing on how attackers leverage the Link header to set the referrer-policy to unsafe-url, thus capturing full URLs with sensitive query parameters, such as OAuth tokens and session identifiers. These parameters, once intercepted, can give attackers unauthorized access to user accounts. The podcast also addresses the confirmed existence of active exploits "in the wild" and why immediate patching is crucial, particularly after Google’s emergency update for Chrome.With CVE-2025-4664 now included in CISA’s Known Exploited Vulnerabilities Catalog, the urgency of addressing this issue becomes even more pressing. We will also cover recommended mitigation strategies, including the need for secure HTTP headers, real-time traffic monitoring, and third-party resource audits to prevent exploitation attempts.Join us as we break down this critical vulnerability and provide actionable advice on how to stay secure in light of CVE-2025-4664.

In this episode, we dive deep into the recent wave of cyberattacks plaguing major UK retailers such as Marks & Spencer, Co-op, and Harrods, with a special focus on the threat group behind them: Scattered Spider (also known as UNC3944, Muddled Libra, and several other aliases). We'll explore how this loosely coordinated cybercriminal group has expanded its operations from targeting casinos to now focusing on the retail sector, including a growing presence in the US market.Scattered Spider’s unique blend of sophisticated social engineering tactics, including vishing, phishing, and MFA bypass strategies, has made them a formidable threat to retailers worldwide. Their use of the DragonForce ransomware—aimed at encrypting critical systems—has already disrupted operations, with significant impacts on M&S and Co-op, from stolen customer data to operational shutdowns.We'll also discuss the group's evolving tactics, such as rapid phishing domain rotation and "Rickrolling" as a means of evading detection, as well as their ability to operate even after arrests in late 2024.With retail under constant threat, we’ll highlight expert recommendations for bolstering defenses, from strengthening IT help desk protocols to improving MFA and phishing detection systems.Join us for a critical analysis of how Scattered Spider is reshaping the landscape of cybersecurity threats in retail and how organizations can take action to prevent falling victim to these increasingly sophisticated attacks.

In a major move within the cybersecurity space, Proofpoint has announced the acquisition of Hornetsecurity for over $1 billion. This deal significantly strengthens Proofpoint’s foothold in Microsoft 365 security, while expanding its reach into the small and mid-sized business (SMB) market through Hornetsecurity’s extensive network of managed service providers (MSPs) in Europe. In today’s episode, we break down how this acquisition enhances Proofpoint’s portfolio of AI-powered security solutions, including Hornetsecurity’s flagship product, 365 Total Protection. We dive into the strategic impact on SMBs and MSPs, explore the growing need for human-centric security, and discuss how this acquisition sets Proofpoint up for dominance in the Microsoft 365 security space. Plus, we analyze the ongoing trend of consolidation in the cybersecurity industry and what it means for the future of cybersecurity innovation.

In this episode, we dive into the active exploitation of two critical zero-day vulnerabilities in SAP NetWeaver—CVE-2025-31324 and CVE-2025-42999. Threat actors have been leveraging these flaws since January 2025 to gain unauthenticated access, upload malicious web shells, and ultimately achieve remote code execution by chaining an insecure deserialization bug. With over 2,000 vulnerable SAP NetWeaver servers exposed online—including deployments at more than 20 Fortune 500 and Global 500 companies—the impact is massive.We break down how the attack chain works, the tools being deployed (like Brute Ratel), and what this says about modern supply chain security. We also examine the role of Chinese threat actor Chaya_004 and the response from the U.S. government, including CISA’s mandate for federal agencies to patch by May 20. Plus, we discuss SAP’s mitigation guidance and the broader implications of enterprise software zero-days in an increasingly hostile cyber threat landscape.Tune in to understand why this campaign could be one of the most consequential enterprise breaches of 2025—and what security teams must do now.

The recent ransomware attack on Marks & Spencer (M&S) is a sobering example of the evolving cyber threat landscape confronting the retail industry. In this episode, we unpack how one of the UK's most iconic retailers fell victim to a sophisticated cybercriminal group known as Scattered Spider. This group, recognized for its advanced social engineering tactics, reportedly infiltrated M&S systems, stole customer data, and encrypted critical VMware ESXi infrastructure—disrupting store operations, wiping out millions in online revenue, and shaking investor confidence.We dive deep into how threat actors like Scattered Spider gain initial access—leveraging phishing, SIM swapping, MFA fatigue, and vishing—to breach even mature IT environments. The attackers exploited Active Directory and targeted virtual infrastructure, maximizing both disruption and ransom leverage. We also explore the anatomy of modern ransomware campaigns and how social engineering remains the single most effective tool in a hacker’s playbook.Beyond the breach, we discuss why retail is now the fourth most targeted sector, what technical and organizational defenses could have prevented this, and the regulatory consequences businesses face after a data leak. From the need for modern Active Directory security to the importance of incident response and breach notification protocols, this episode offers a comprehensive analysis—and practical takeaways—for CISOs, IT leaders, and security professionals across all industries.

In this episode, we break down Apple’s massive May 2025 security update blitz—a sweeping patch release that spanned iOS, macOS, iPadOS, tvOS, visionOS, and watchOS. The urgency? Two zero-day vulnerabilities, CVE-2025-31200 (Core Audio) and CVE-2025-31201 (Core Media), were already under active exploitation in what experts are calling “extremely sophisticated, targeted attacks.”We’ll dig into the technical details of these zero-days, explore who might be behind the attacks, and explain how they allowed malicious audio and media files to potentially execute arbitrary code on unpatched Apple devices.Beyond the zero-days, Apple’s updates patched over 30 serious vulnerabilities affecting components such as WebKit, CoreGraphics, AirDrop, and the Kernel. We’ll also examine new revelations:A side-channel attack dubbed SysBumps that bypasses kernel-level protections on Apple Silicon MacsSecurity enhancements in the Notes app aimed at preventing unauthorized accessAnd the first-ever security update for Apple’s C1 modem—a possible sign of increasing focus on baseband-level threats.We also spotlight the researchers and red teams from around the world—including India, Korea, and China—whose findings were acknowledged in Apple’s advisories.If you're an Apple user, security analyst, or IT admin, this is a critical episode: we’ll tell you what’s been patched, what’s still concerning, and what you should do next.

In this episode, we unpack the groundbreaking $1.4 billion privacy settlement between Google and the state of Texas—now the largest of its kind in U.S. history. This isn't just about numbers; it's about how data privacy enforcement is shifting dramatically at the state level in the absence of federal legislation.We dive deep into the Texas Capture or Use of Biometric Identifier Act (CUBI), the cornerstone of this case, and explain how it mandates informed consent before companies can collect biometric data like voiceprints and facial geometry. You'll learn how Google’s alleged misuse of biometric data—combined with misleading claims about browser "incognito mode"—landed it in legal hot water.We also explore the growing global trend toward comprehensive data protection laws, including new regulations in India, Vietnam, and the Middle East, and how U.S. states are stepping in to fill the federal privacy gap. And if you've ever relied on "private browsing" for anonymity, think again—this episode reveals what incognito mode does and doesn’t protect you from.From biometric surveillance to browser misconceptions, we break down what this settlement means for consumers, companies, and the future of data governance—and why Texas has become the unlikely champion of digital privacy enforcement.

In April 2024, a sophisticated cyber espionage campaign orchestrated by the Türkiye-linked hacker group, Marbled Dust, began exploiting a previously unknown zero-day vulnerability in the Output Messenger platform—a self-hosted enterprise chat application. This vulnerability (CVE-2025-27920) resides in the Output Messenger Server Manager and allows attackers to upload malicious files, such as GoLang-based backdoors, facilitating extensive data exfiltration. The primary targets of this campaign are individuals and entities affiliated with the Kurdish military in Iraq, aligning with Marbled Dust's ongoing geopolitical focus.This podcast dives deep into the technical aspects of the attack, which begins with authenticated access to the vulnerable Output Messenger platform. Once inside, the threat actors exploit the directory traversal flaw to upload malicious scripts to the system’s startup folder, ensuring persistence through GoLang backdoors. We’ll explore how the group's new capabilities represent a shift in their technical prowess—signifying a departure from their prior reliance on known vulnerabilities and DNS manipulation to the use of a true zero-day exploit.We will also break down the security implications of such attacks, shedding light on the criticality of regular software patching, especially for enterprise applications that may not be as heavily scrutinized as other more popular platforms. The podcast will also cover Marbled Dust’s historical tactics, their continued evolution, and the need for enhanced security practices—especially in regions with high geopolitical stakes like the Middle East. How can organizations better secure their internal messaging systems and implement the necessary countermeasures? Tune in to get the full analysis and recommendations for defending against such sophisticated cyber espionage tactics.

In this episode, we dissect CVE-2025-47729, a critical vulnerability in TeleMessage, a message archiving app recently thrust into the spotlight due to its use by former National Security Advisor Mike Waltz. Following Waltz’s controversial tenure—marked by the "Signalgate" leak and the subsequent appearance of TeleMessage on his phone—researchers uncovered a major flaw: a lack of end-to-end encryption between the app and its archive server.Hackers have exploited this flaw in the wild, accessing unencrypted chat logs—including internal communications from Coinbase and a list of Customs and Border Protection employees. The breach has raised red flags at the federal level, with CISA adding CVE-2025-47729 to its Known Exploited Vulnerabilities (KEV) catalog, mandating urgent action from federal agencies.We explore:How TeleMessage works and why it was adopted in sensitive government contextsWhat independent code analysis revealed about its flawed encryption modelWhat was stolen—and what wasn’t—in the confirmed breachesSmarsh’s response and the suspension of TeleMessage servicesWhy CISA is effectively advising users to stop using the app altogetherWhether you’re in cybersecurity, compliance, or just concerned about how message archiving can become a liability, this episode lays out the facts—and the failures—behind the latest messaging app security scandal.

A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we break down how threat actors published malicious modules—sw-cur, sw-cur1, and aiide-cur—promising cheap access to Cursor's AI features. Once installed, these packages function as backdoors, stealing credentials, modifying critical application files like main.js, disabling updates, and granting persistent remote access.We’ll discuss how the attackers used social engineering tactics around “cost savings” to compromise trust, the technical breakdown of the malware’s behavior, and what this means for developers and enterprises relying on modern IDEs. With over 3,200 downloads before detection, this campaign represents a significant escalation in supply chain threats.Join us as we explore:The mechanics of the backdoor and how persistence was achievedThe risks of lateral movement in enterprise CI/CD environmentsWhat this attack says about the future of developer-focused malwareReal-world remediation steps and how to protect your development environmentsWhether you're a developer, CISO, or security researcher, this episode will give you a sharp look into a growing and deeply concerning attack vector.

In this episode, we break down the February 2025 data breach that hit Valsoft Corporation, operating under the name AllTrust, through its subsidiary Aspire USA. Over 160,000 individuals are potentially impacted, with exposed data including Social Security numbers, driver’s license information, and financial account details. We explore how the breach unfolded over a three-day window, the steps Aspire took to interrupt an in-progress data transfer, and how long it took to notify affected individuals.We'll also examine the legal implications now facing Valsoft, including multiple law firm investigations and the potential for class action lawsuits. Additionally, we cover what this breach reveals about current cybersecurity practices in companies handling PII and how consumers can protect themselves when their data is exposed. From SOC2 compliance claims to the offer of free credit monitoring, we question whether the company’s response was adequate—or merely reactive.Was this breach preventable? And what can other companies learn from Valsoft’s handling of it? Tune in for a hard look at one of 2025’s most notable PII exposure incidents.

In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery mechanism for a Remote Access Trojan (RAT). The attacker exploited the package’s deprecated but still-popular status, publishing malicious versions that never appeared in the GitHub repo.We discuss how the threat actor used obfuscated code, off-screen whitespace tricks, and a Windows-specific PATH hijack to hide their RAT, which established a command-and-control (C2) channel capable of remote shell access, file uploads, and command execution. You’ll also hear how this incident fits into broader trends of CI/CD pipeline poisoning and software supply chain attacks—and what developers, security teams, and enterprises should do to avoid being the next target.

A zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, became the center of a global cybersecurity storm when it was exploited in the wild before Microsoft patched it on April 8, 2025. In this episode, we take a deep dive into how this elevation of privilege exploit allowed attackers to gain SYSTEM-level access and deploy ransomware payloads—including the RansomEXX family—across industries and continents.We’ll break down the exploitation timeline, reveal how the PipeMagic backdoor was used as a launchpad, and analyze how attackers injected malicious payloads into Windows processes like winlogon.exe to dump credentials and maintain persistence. Our discussion also covers attribution insights, with Storm-2460 and actors associated with Play ransomware identified as users of this exploit, underscoring how the tool may have circulated in underground channels before the patch.With insights from Microsoft, Symantec, Kaspersky, and Arctic Wolf, this episode unpacks the technical mechanism, post-exploitation behavior, and defensive recommendations, including why some versions of Windows 11 were immune and what security teams should do to harden their environments moving forward. Whether you're in IT, finance, software, or retail—this episode has vital intel on defending against emerging threats in a rapidly evolving ransomware landscape.

In this episode, we dive deep into the legal, technical, and geopolitical implications of the U.S. court ruling in WhatsApp v. NSO Group—a landmark case in the global effort to hold spyware developers accountable. The conversation unpacks the court’s decision to award over $167 million in damages to WhatsApp for the unauthorized deployment of Pegasus spyware, highlighting violations of anti-hacking laws and terms of service.We explore how this ruling may impact the resilience of the commercial spyware industry, the potential chilling effect on investors, and the mounting legal pressures facing firms like NSO Group. We also examine the complexities of asserting jurisdiction in cross-border cyber cases, and why evidentiary sanctions—rather than clear precedents—still leave significant gaps in regulating spyware abuse.Beyond the courtroom, we discuss Pegasus's widespread reported use by state actors against journalists, activists, and political figures, and the serious human rights concerns this raises. The episode also connects the dots between spyware and the broader cybersecurity threat landscape, from ransomware to state-sponsored APT groups.Finally, we zoom in on the global regulatory response, spotlighting Indonesia’s newly enacted Personal Data Protection Law and how such frameworks are emerging worldwide to govern digital surveillance, data transfers, and privacy rights. This episode provides critical insight into how law, technology, and human rights intersect in the age of digital surveillance—and what’s next for global cybersecurity policy.

AI tools are generating more code than ever — but who’s reviewing it? In this episode, we spotlight CodeAnt AI, the fast-growing platform built to solve the growing code review bottleneck created by AI-assisted development.You’ll learn how CodeAnt AI:Cuts review time and post-deployment bugs by over 50%Uses a proprietary language-agnostic AST engine to analyze 30+ programming languagesPowers one-click security and quality fixes for Fortune 1000 dev teamsOffers on-prem deployment for security-sensitive organizationsSecured $2M in funding and a $20M valuation with backing from Y Combinator and othersWe also break down the core components of software code quality—readability, maintainability, reliability, efficiency, and security—and how AI is changing how enterprises scale development.If you're serious about faster, more secure code delivery, this episode is a must-listen.

A newly disclosed zero-day vulnerability, CVE-2025-3248, is being actively exploited in the wild—and it's targeting Langflow, a popular open-source framework for building AI-powered applications. In this episode, we unpack how a missing authentication check in the /api/v1/validate/code endpoint allowed remote attackers to run arbitrary code on unpatched servers. With a critical CVSS score of 9.8 and confirmation from CISA's Known Exploited Vulnerabilities Catalog, this flaw has serious implications for organizations using versions prior to 1.3.0.We explore the technical mechanics behind the exploit—including abuse of Python decorators and default arguments—and highlight evidence of real-world attacks detected by honeypots and TOR-sourced payloads. Whether you're running Langflow or managing open-source AI tools, this is a wake-up call for patching, hardening, and reassessing how you expose development platforms to the internet.Stay ahead of the threat. Tune in now to learn what went wrong, what’s being done, and what you can do to protect your infrastructure.

In this episode, we break down the active exploitation of CVE-2024-7399, a critical path traversal and arbitrary file upload vulnerability in Samsung MagicINFO 9 Server. Despite a patch released in August 2024 (version 21.1050 and later), many systems remain exposed — and threat actors are taking full advantage.We explore how attackers are exploiting this flaw to gain system-level access, upload malicious .jsp files, and deploy Mirai botnet variants. You'll hear insights from key cybersecurity sources including Arctic Wolf, The Hacker News, and the Internet Storm Center, who confirm widespread targeting of unpatched MagicINFO servers.Listeners will learn about:How the vulnerability works and why it’s dangerousThe tactics used to upload and execute botnet scriptsThe real-world impact of compromised digital signage networksWhy patching, access controls, and secure file handling are critical for IoT and CMS systemsWhether you're an infosec pro, IT admin, or digital signage operator, this episode delivers everything you need to know about CVE-2024-7399, its implications, and how to stay protected in an increasingly botnet-riddled world.

A critical zero-day vulnerability — CVE-2025-31324 — is shaking the enterprise tech world. In this episode, we dive deep into the alarming exploit targeting SAP NetWeaver Java systems, specifically the Visual Composer component, now under active attack.This vulnerability enables unauthorized file uploads, which attackers are using to deploy webshells, cryptominers (like XMRig), and potential infostealers. Threat actors are already exploiting this flaw in the wild, as confirmed by leading cybersecurity firms and SAP itself.You’ll hear:How attackers are weaponizing CVE-2025-31324 for remote code executionReal-world attack activity detected as early as April 26, 2025Tools and indicators of compromise (IOCs) released by SAP, Onapsis, Mandiant, Pathlock, and WithSecureWhat defenders need to do right now to patch or mitigateWhy experts expect a second wave of attacks, as exploit code circulates publiclyWe also cover:The CVSS 10.0 criticality score and what it meansHow attackers are using Living Off the Land (LOL) techniques, such as certutil, for lateral movementSAP’s emergency patch (Note #3594142) and temporary mitigation strategiesIf your organization uses SAP, this is must-listen content. Even if it doesn’t, this episode is a masterclass in how fast zero-days go from discovery to weaponization — and how defenders can keep up.🔐 Patching isn't optional anymore — it's urgent.

In this episode, we break down the anatomy of some of the most critical vulnerabilities threatening enterprise systems in 2025 — and the real-world attacks already exploiting them. We explore how seemingly small issues like path traversal can escalate into full remote code execution (RCE), and how threat actors are chaining vulnerabilities to bypass authentication and compromise systems.We’ll examine CVE-2025-34028 in Commvault Command Center and CVE-2025-32432 in Craft CMS, both added to CISA’s Known Exploited Vulnerabilities (KEV) catalog after confirmed in-the-wild exploitation. You'll hear how attackers are abusing unfiltered file paths, uploading malicious files, and exploiting image processing features to take control of servers — all without authentication.We also talk about the architectural reasons why arbitrary code execution (ACE) is so dangerous, how the Von Neumann model enables this class of exploits, and why input validation and patching are non-negotiable. This is a must-listen if you’re responsible for patching, monitoring, or securing web apps and core business platforms.✅ Topics Covered:ACE vs. RCE: What’s the difference and why it mattersHow path traversal works and how it’s exploitedBreakdown of recent Craft CMS and Commvault vulnerabilitiesWhy chained exploits are increasing in real-world attacksCISA’s KEV catalog and what it means for your patching prioritiesMitigation steps that actually work — from WAF rules to file-integrity monitoring

In this episode, we dive deep into the massive data breach at Kelly Benefits, a payroll and benefits administrator that exposed the sensitive personal data of over 413,000 individuals. We break down what happened, what data was compromised, and how the breach escalated from 32,000 initially impacted people to hundreds of thousands across the country.We also explore the broader implications of the breach: the rising threat to payroll and HR systems, the legal aftermath including class-action lawsuits, and what organizations must do to protect employee data. Drawing from official guidance by the U.S. Department of Labor, we outline 12 essential cybersecurity best practices—covering everything from risk assessments and third-party audits to multi-factor authentication and encryption protocols.Finally, we talk directly to individuals who may be affected, highlighting steps recommended by Experian for dealing with Social Security number theft, including credit freezes, fraud alerts, and identity protection tips.Whether you’re a business leader, IT professional, or concerned employee, this episode unpacks how preventable this breach was—and how your organization can avoid being next.

In this episode, we unpack the rising tensions surrounding the Cybersecurity and Infrastructure Security Agency (CISA) as it faces proposed budget cuts, looming layoffs, and growing criticism over alleged mission overreach. While CISA continues to champion its role in defending national infrastructure and guiding cyber resilience, reports of domestic speech monitoring—particularly around elections and COVID-19—have ignited political backlash and civil liberties concerns. We explore the facts behind the funding crisis, examine the claims of censorship, and consider what’s at stake for U.S. cyber defense as trust in the agency erodes. Is CISA evolving beyond its mandate, or being strategically undermined? Tune in for a deep dive into one of the most polarizing issues in national cybersecurity today.