Daily Security Review

The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to China without ensuring equivalent protection standards. This landmark decision marks one of the largest fines under GDPR and places a spotlight on the persistent challenge of cross-border data transfers—particularly to jurisdictions like China with divergent national security and surveillance laws.In this episode, we break down the DPC’s findings, which include TikTok’s failure to verify that Chinese legal protections matched EU standards, inadequate assessments of Chinese laws, and a lack of transparency in its privacy policies. The fine also follows TikTok’s admission in 2025 that some EEA user data was in fact stored in China—contradicting earlier statements and raising the possibility of further regulatory action.We’ll also examine TikTok’s defense, including its multi-billion-euro "Project Clover" initiative, and its warnings about the ruling’s potential implications for all global businesses operating in the EU. From privacy law to data localization, this episode explores the evolving landscape of international data governance, what this decision means for GDPR enforcement in 2025, and why every global company should be paying attention.

In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development landscape. With $93 million raised in an oversubscribed Series B round and 30x ARR growth in just 18 months, Endor Labs is rapidly emerging as a market leader in securing AI-generated and open-source code.We dive into the platform’s unique approach—combining SCA, SAST, Secrets Detection, CI/CD, and Container Scanning with reachability analysis and AI-powered code review. These capabilities allow Endor Labs to cut through the noise of false positives and zero in on real, architectural risks—like unauthenticated admin endpoints introduced by AI-generated code.You'll also hear how Endor Labs enables developer-friendly workflows and integrates security into the development lifecycle—turning AppSec from a bottleneck into a catalyst. We discuss their evaluation framework for open-source dependencies, the growing risks of transitive vulnerabilities, and how AI Code Governance is essential for ensuring code reliability, quality, and security at scale.Whether you're a CISO, a DevSecOps leader, or a developer navigating the AI coding wave, this episode unpacks why the future of secure software starts with smarter tools, deeper insights, and platforms purpose-built for this new era.

In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute webshells after obtaining valid credentials. This flaw, rated 8.8 on the CVSS 3.1 scale, was exploited as a zero-day by a suspected nation-state actor in February 2025 to breach Commvault’s Azure cloud environment.We unpack how the attack unfolded, what made this vulnerability so dangerous, and why the breach didn’t impact customer backup data but still triggered major concern across the cybersecurity community. The discussion also covers how webshells work, why authenticated access was a key part of the exploit chain, and the steps Commvault took to contain and remediate the breach.You'll also learn what it means when CISA adds a CVE to its Known Exploited Vulnerabilities (KEV) catalog, and what agencies—and private enterprises—should do in response. We’ll explore Commvault’s guidance around patching, credential rotation, IP blocklists, and how Conditional Access Policies in Azure AD/Entra ID can mitigate similar attacks in the future.Finally, we’ll look at the broader implications of the incident, including the role of cybersecurity incident response planning (CSIRP) and the increasing use of zero-trust models to defend cloud workloads against sophisticated actors.

On April 25, 2025, Nova Scotia Power, the province’s primary electricity provider, confirmed what many suspected: a cyber incident involving unauthorized access had compromised customer data. But what looked at first like an isolated disruption is, in reality, a single node in a much broader—and much more dangerous—global pattern.In this episode, we dive deep into the Nova Scotia Power breach, exploring how attackers forced IT shutdowns, exposed personal customer data, and sparked a crisis of trust in utility providers. Was this ransomware, espionage, or reconnaissance? Why did it coincide with power instability in Spain and Portugal? And why did it happen just as the utility was seeking millions in cybersecurity funding?From Canada’s Atlantic coast to Denmark, Saudi Arabia, and the U.S., energy infrastructure is under relentless digital siege. We analyze the tactics of cybercrime groups, nation-state actors, and hacktivists who are exploiting the power sector’s deep reliance on remote access, cloud services, and third-party vendors.This is more than a tech story—it’s a national security issue. With quotes from cybersecurity experts and intelligence sources, we unravel the silent war happening behind the scenes. You’ll learn why utilities downplay these threats, how attacker motives are shifting, and why Nova Scotia may have been targeted not as a high-value asset, but as a low-friction testbed for future disruption.Because when the lights go out, the real danger might not be the darkness—it might be what we weren’t told.

In a rare move, SentinelOne has publicly confirmed that it is under persistent attack from nation-state threat actors and ransomware gangs. This episode breaks down their recent report detailing how these adversaries—some believed to be backed by China and North Korea—are targeting SentinelOne to gain insight into how thousands of environments are protected.We explore how these campaigns go beyond passive espionage. From elaborate social engineering to credential theft, adversaries are trying to infiltrate SentinelOne’s systems directly, including through fake job applications from North Korean IT operatives. We also discuss the implications of this disclosure: why SentinelOne chose to speak out, what it means for the rest of the cybersecurity industry, and what businesses should learn from this level of transparency.This is not just a story about cyberattacks—it’s about trust, vendor risk, and the growing reality that even the protectors need protecting.

In this episode, we unpack the evolving landscape of Product Lifecycle Management (PLM) and why it's become a strategic cornerstone in modern IT environments. From conception to retirement, managing a product’s lifecycle is now about more than just operations—it's about security, compliance, innovation, and cost.We explore the critical milestones of End-of-Life (EOL) and End-of-Support (EOS)—moments where products either stop receiving updates or lose all support, including vital security patches. These transition points can expose organizations to serious cybersecurity threats and operational failures if not proactively managed. But managing them isn't easy—information is often fragmented, inconsistently defined, and scattered across vendors.Enter OpenEoX, a groundbreaking initiative led by industry giants and government stakeholders, under the OASIS Open framework. OpenEoX aims to standardize how EOL/EOS data is defined, shared, and used—offering a blueprint to reduce tech debt, enhance risk visibility, and simplify lifecycle tracking across software, hardware, and even AI models.We also spotlight lifecycle intelligence tools like ScalePad Lifecycle Manager and the Qualys Tech Debt Report, which help MSPs and enterprise IT teams track asset health, identify security gaps, and make informed upgrade decisions.If you're in IT, cybersecurity, asset management, or product development, this conversation will change the way you look at product sunsets—and how to plan for them.

LayerX just raised another $11 million — and it’s not to build another antivirus. With $45 million in total funding, the company is betting that your browser is the most vulnerable—and most overlooked—part of your cybersecurity stack.In this episode, we explore how LayerX turns everyday browsers like Chrome and Firefox into intelligent defense agents using machine learning. Their extension monitors behavior in real time, blocks malicious extensions, prevents data leaks, and even neutralizes threats embedded in legitimate web pages. Unlike traditional security tools that miss browser-layer threats or slow users down, LayerX promises near-zero performance impact while handling risks from AI-powered phishing, SaaS misuse, and shadow IT.We dig into what makes their AI engine different, how they address growing SaaS vulnerabilities, and why securing the browser may be the key to surviving the next generation of cyberattacks.Is LayerX the new face of enterprise security? Or just the first wave in a browser-based security revolution? Tune in to find out.

In this episode, we dive into the story of Pistachio, the Norwegian cybersecurity startup that just raised $7 million in new funding—bringing its total to $10.5 million. Pistachio isn’t building another firewall or antivirus tool; it’s targeting the weakest link in most security systems: people.With AI-powered phishing attacks becoming increasingly personalized and harder to detect, Pistachio’s solution is to fight AI with AI. Their platform automates adaptive cybersecurity training and simulates attacks based on real-world tactics. By analyzing user behavior, Pistachio personalizes learning paths to teach employees how to spot scams embedded in emails, QR codes, fake browser windows, and even deepfake calls.Now used by over 600 companies across 16 countries, and running over 2 million simulations annually, Pistachio is scaling its mission to North America. We unpack how they’re using AI to deliver smarter security awareness training—and why investors are betting on them to outpace the rapidly evolving threat landscape.

In this episode, we dive deep into AirBorne — a critical set of vulnerabilities in Apple’s AirPlay protocol and SDK, recently uncovered by security researchers at Oligo. These flaws enable zero-click, wormable remote code execution (RCE) attacks across iPhones, Macs, Apple TVs, CarPlay systems, and millions of third-party devices. Even more alarming: attackers don’t need physical access or user interaction. Just a shared network.We break down how vulnerabilities like CVE-2025-24252 and CVE-2025-24132 open the door for malware to silently hop from one device to another, the risk of eavesdropping and data theft via CarPlay, and why third-party device patching could take years — if it happens at all.From local file reads to MITM attacks, join us as we explore how these AirPlay flaws became one of the most significant Apple security stories of the year, what Apple has done so far, and what users and enterprises must do to stay protected.

The bots have taken over—and they’re not just crawling your website. In this episode, we dig into the alarming reality that automated bots now generate over half of all internet traffic. Armed with artificial intelligence and cloaked in residential proxies, these bots are evolving beyond simple scripts into highly evasive, persistent threats targeting every industry.We break down the latest findings from Imperva, F5, Thales, and more to explore:The explosive growth of bot traffic—and why 37% of it is now malicious.How AI is enabling attackers to scale, adapt, and bypass traditional defenses.The rise of Bots-as-a-Service (BaaS) and residential proxy networks that make it easier than ever to launch credential stuffing, account takeovers, data scraping, and automated fraud.Why APIs are the new front line for bot attacks.Real-world impacts: From chargebacks and churn to brand damage and regulatory risks.What modern bot mitigation looks like—and why your legacy WAF won’t cut it.Whether you're in eCommerce, finance, government, or healthcare, this conversation will change how you think about traffic—and threat detection. Tune in to learn what your business must do to detect, adapt, and stay one step ahead in the escalating war against AI-powered bots.

In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as affecting fewer than 2,000 individuals, the breach has now ballooned to a confirmed 4 million affected people. We trace the timeline from the initial detection of suspicious network activity on February 28, 2024, to the eventual notification of millions of impacted individuals beginning in April 2025.Listeners will learn how sensitive information—names, addresses, birthdates, gender, and Social Security numbers—was exposed, and why this data combination poses a high risk of identity theft. We also unpack the reasons behind the prolonged disclosure process, VSI’s response efforts, the role of federal regulators, and the legal consequences now unfolding, including multiple class-action lawsuits.Was this a case of evolving forensic findings—or of organizational opacity? And what does this incident tell us about third-party HR data security standards in 2025? Join us for a detailed breakdown of one of the year's largest and most quietly escalated data breaches.

Three actively exploited vulnerabilities—CVE-2025-42599 (Qualitia Active! mail), CVE-2025-3928 (Commvault Web Server), and CVE-2025-1976 (Broadcom Brocade Fabric OS)—have been added to CISA’s KEV catalog. The Qualitia flaw is a remote stack-based buffer overflow (CVSS 9.8) allowing code execution without authentication. Commvault's vulnerability permits authenticated attackers to deploy web shells for persistent access (CVSS 8.8), while Broadcom's code injection flaw lets local admin users escalate to root (CVSS 8.4). All three are confirmed to be under active exploitation.CISA has issued remediation deadlines under BOD 22-01—May 17 for Qualitia and Commvault, and May 19 for Broadcom. Federal agencies must comply or disconnect affected assets. The KEV catalog’s inclusion signals reliable evidence of exploitation and elevates the urgency of patching beyond CVSS severity alone. Notably, Commvault's ecosystem also includes CVE-2025-34028, a separate unauthenticated path traversal vulnerability with PoC available, increasing its threat profile.Web shells—used in the Commvault attack vector—highlight a broader trend in persistent access techniques. These scripts give attackers command execution abilities post-compromise, enabling exfiltration, lateral movement, and integration into broader C2 infrastructures. Effective countermeasures include integrity monitoring, privilege restrictions, and layered network defenses.

A wave of critical vulnerabilities in Planet Technology’s industrial switches and network management systems could let attackers hijack devices, steal data, and sabotage industrial networks—with no credentials required.In this urgent episode, we dissect:🔓 The 5 worst flaws (CVSS 9.3+)—from hard-coded database passwords to pre-auth command injection—discovered by Immersive Labs’ Kev Breen.🏭 Why factories and critical infrastructure are prime targets: These switches are widely used in manufacturing, energy, and OT environments.💻 How hackers exploit them:MongoDB exposed? Default creds (planet:123456) let attackers dump configs.Bypass auth entirely with a malformed URL parameter (/dispatcher.cgi?cmd=532&ip_URL=;).Intercept device communications due to hard-coded keys.🛡️ CISA’s emergency advisory (ICSA-25-114-06)—and why patching WGS, NMS, and UNI-NMS devices is non-negotiable.🔍 The researcher’s journey: How a home lab, firmware analysis, and a lucky accident uncovered these flaws.If your network relies on Planet Technology switches, this episode is a wake-up call. Tune in before attackers beat you to the patch.

A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required.In this urgent episode, we break down:💥 Why this flaw scores a perfect 10.0 CVSS—the highest severity rating possible.🔍 How hackers are exploiting it: From stealing data to uploading PHP web shells (like filemanager.php) for persistent access.🛠️ The root cause: A Yii framework regression (CVE-2024-58136) that lets attackers hijack servers via crafted __class payloads.🌍 Real-world attacks: Evidence of in-the-wild exploitation since February 2025, with 13,000+ vulnerable instances still exposed.⚡ The Metasploit factor: How a public exploit module is lowering the bar for cybercriminals.🔒 Patch or perish: Why updating to Craft CMS 3.9.15/4.14.15/5.6.17 and Yii 2.0.52+ is non-negotiable.Plus: Indicators of Compromise (IOCs) to check if you’ve been hit, and why "just patching" isn’t enough—malicious files persist even after updates.If you run Craft CMS, this episode is a must-listen. Tune in before your server becomes the next victim.

Recent research by HiddenLayer has uncovered a shocking new AI vulnerability—dubbed the "Policy Puppetry Attack"—that can bypass safety guardrails in all major LLMs, including ChatGPT, Gemini, Claude, and more.In this episode, we dive deep into:🔓 How a single, cleverly crafted prompt can trick AI into generating harmful content—from bomb-making guides to uranium enrichment.💻 The scary simplicity of system prompt extraction—how researchers (and hackers) can force AI to reveal its hidden instructions.🛡️ Why this flaw is "systemic" and nearly impossible to patch, exposing a fundamental weakness in how AI models are trained.⚖️ The ethical dilemma: Should AI be censored? Or is the real danger in what it can do, not just what it says?🔮 What this means for the future of AI security—and whether regulation can keep up with rapidly evolving threats.We’ll also explore slopsquatting, a new AI cyberattack where fake software libraries hallucinated by chatbots can lead users to malware.Is AI safety a lost cause? Or can developers outsmart the hackers? Tune in for a gripping discussion on the dark side of large language models.

In this episode, we break down the most urgent cybersecurity developments from late April 2025—including the Lazarus Group’s high-profile “Operation SyncHole” targeting South Korean industries. Discover how attackers are exploiting newly disclosed vulnerabilities faster than ever, with nearly 1 in 3 CVEs weaponized within 24 hours of publication.We dive deep into the Lazarus Group's tactics, including watering hole attacks, one-day and potential zero-day vulnerabilities in tools like Innorix Agent and Cross EX, and their deployment of advanced malware families like ThreatNeedle and AGAMEMNON.But that’s not all—we also cover:The evolution of phishing-as-a-service with generative AI (Darcula and Gamma AI),The increasing exploitation of browsers as attack surfaces,A Linux rootkit that avoids detection by bypassing system calls,Nation-state cyber activity from Russia, China, Iran, and North Korea,And the silent crisis looming over the CVE program’s future funding.Plus, we explore the growing importance of non-human identities (NHIs) in security strategies, and the ongoing risks in software supply chains—from malicious npm packages to cryptocurrency library compromises.If you're a cybersecurity professional or threat analyst, this is your essential 30-minute intel download.

In this episode, we dissect the real-world challenges of securing Microsoft 365 environments—especially for small and medium-sized businesses—amid rising threats and licensing limitations.From Reddit frustrations to official Microsoft documentation, we explore the harsh truth: many essential security features, like alerting on suspicious logins, require Azure AD Premium or Defender for Cloud Apps. Can SMBs still stay secure without these? We look at third-party workarounds and how far PowerShell and community tools like Admindroid can go.We also take a hard look at OAuth 2.0 phishing—a growing tactic used by Russian threat actors to hijack accounts via malicious app consent. Learn how attackers are bypassing traditional login alerts by quietly enrolling new devices, and how Microsoft recommends detecting these OAuth abuses through risky app investigation and alert configuration.Other key topics include:How to manage access from unmanaged devices using Conditional Access (and the licensing hurdles involved)Why Microsoft’s default alert policies fall short—and how to build custom ones for better protectionWhat "trusted device" really means in a Zero Trust world, and how attackers are exploiting that ambiguityA checklist of practical security recommendations specifically for Microsoft 365 Business usersWhether you’re an IT admin trying to protect your org with basic licenses, or a security lead facing OAuth phishing on the front lines, this episode offers concrete strategies, policy insights, and a dose of real talk.🎧 Tune in and learn how to secure Microsoft 365—even when your tools are limited and the threats are anything but.

Microsoft has acknowledged a serious issue affecting users of classic Outlook for Windows: CPU usage spikes up to 50% just from typing emails. First appearing in builds released since November 2024, this bug is now hitting users across several update channels—including Current, Monthly Enterprise, and Insider—leading to power drain, sluggish performance, and user frustration.In this episode, we unpack:What’s causing the CPU spike when typingWhy Microsoft’s workaround is a trade-off between stability and securityHow switching to the Semi-Annual Channel may helpThe long and growing list of classic Outlook bugs, from calendar sync errors to crashes and UI glitchesWhat this means for IT teams managing enterprise deploymentsWhether it’s finally time to move to the “New Outlook” or look at alternativesWe also explore Microsoft's update channels, why managing Outlook versions is so complex, and what this bug reveals about the future of the classic Outlook client.🔧 Fix pending. Workarounds available. But is this the tipping point?#Outlook #Microsoft365 #EmailClient #ITAdmin #SysAdmin #TechPodcast #ProductivityApps #InfoSec #PatchTuesday

A newly discovered Android spyware campaign is targeting Russian military personnel by weaponizing a popular mapping app. Disguised as a cracked version of Alpine Quest Pro, this trojanized app delivers Android.Spy.1292.origin—a powerful surveillance tool that steals data, tracks location in real-time, and downloads secondary payloads to extract confidential files from apps like Telegram and WhatsApp.In this episode, we break down:How the malware is distributed through Telegram and Russian app catalogsWhat makes this attack stealthy and effective (fully functional app + hidden spyware)The scope of data being exfiltrated, including location logs and secure messaging contentThe broader implications for mobile device security in military environmentsWhy cracked apps are an increasingly common cyber weapon in conflict zonesWe also look at past incidents targeting Ukrainian forces and explore what this reveals about evolving cyber espionage tactics on both sides of the war.This is a critical discussion for anyone interested in mobile security, military tech, and the intersection of modern warfare and cyber intelligence.#MobileSecurity #Spyware #AndroidMalware #MilitaryCybersecurity #CyberEspionage #AlpineQuest #AndroidSpyware #Infosec #OperationalSecurity #MDM #ThreatIntel #Podcast

Blue Shield of California has confirmed a data breach affecting 4.7 million members—caused not by hackers, but by a misconfigured Google Analytics setup. Sensitive health information was inadvertently exposed to Google’s ad platforms between April 2021 and January 2024. In this episode, we break down what went wrong, what data was leaked, and what this means for privacy, compliance, and trust in healthcare IT.We’ll also explore:How analytics tools can become security liabilitiesWhy this breach is especially concerning despite no SSNs or financial info being leakedWhat the lack of identity protection or individual notifications signals about corporate responseThe broader trend of targeted advertising risks tied to health dataThe regulatory and reputational fallout Blue Shield may face—especially after their previous ransomware-related incidentThis is a critical episode for anyone working in healthcare IT, compliance, or security.#DataPrivacy #HealthcareSecurity #BlueShieldBreach #GoogleAnalytics #HIPAA #CyberSecurity #HealthcareIT #InfoSec #TargetedAds #DataBreach #Podcast

Cybercrime in the U.S. has reached new, record-breaking heights.In this episode, we dive deep into the FBI's 2024 Internet Crime Complaint Center (IC3) report — a comprehensive look at the economic and human toll of cybercrime in America. With $16.6 billion in reported losses, a 33% increase year-over-year, and 859,532 complaints filed, the data paints a grim picture of just how widespread and costly online threats have become.We’ll unpack:Why fraud and ransomware continue to dominate the threat landscapeThe growing vulnerability of older Americans, who lost nearly $4.8 billion in 2024 aloneHow underreporting and imperfect tracking mean the real losses are likely much higherThe rise of impersonation scams, including fake FBI agents preying on previous victimsWhat this means for individuals, businesses, and national infrastructure moving forward🔐 Whether you're in cybersecurity, risk management, or just trying to stay informed — this is an episode you don't want to miss.🎧 Tune in now and find out what the numbers are really telling us.#Cybersecurity #FBIIC3 #CybercrimeStats #Ransomware #InfosecPodcast #DataBreach #CyberThreats #ElderFraud #FraudPrevention #FBIReport #Podcast2025 #CybercrimeCrisis

The FBI has issued a stark warning about a growing scam targeting individuals who’ve already been victimized. In this episode, we unpack how fraudsters are impersonating employees of the FBI's Internet Crime Complaint Center (IC3), promising to help victims recover lost funds — only to scam them again.We’ll break down:How the scam works and why it’s spreadingThe tactics scammers use to build trustReal examples, including fake IC3 directors and Telegram outreachWhat the FBI says they will never doPractical steps to avoid falling for “recovery scams”Whether you're in cybersecurity, law enforcement, or just trying to stay safe online, this episode is a must-listen.🔗 Report scams or get official info: ic3.gov#Cybersecurity #FBI #IC3Scam #ImpersonationFraud #ScamAwareness #RansomwareRecovery #SocialEngineering #Cybercrime #DigitalSafety #Podcast

Cyberattacks are no longer rare shocks—they're a constant drumbeat in the background of our digital lives. In this episode, we take you on a deep dive into some of the most alarming recent data breaches, unpacking how they happened, what went wrong, and what you need to know to stay protected.We kick off with the Western Sydney University breach, where personal data of thousands of students ended up on the dark web, all because of a compromised sign-on system. Then we examine the Office of the Comptroller of the Currency, where attackers gained long-term access through a superuser email account—highlighting the dangers of unmonitored admin access.It doesn’t stop there. We explore how the Mirai botnet is still alive and kicking, turning everyday devices like DVRs into weapons, and how WK Kellogg Co was hit by the Klop ransomware gang using two zero-day vulnerabilities—flaws so new that no patch even existed yet.We also break down the terrifying evolution of ransomware with groups like Racedo and INC using double extortion tactics—not just encrypting your data but also threatening to leak it unless you pay up. Even institutions like the Texas State Bar weren’t spared, proving that no sector is safe.But it’s not all doom and gloom. This episode also focuses on solutions, highlighting how technology providers like StoneFly are stepping up with powerful tools to build digital resilience. From immutable backups and air-gapped storage to hyper-converged infrastructure (HCI) and delta-based snapshots, we show you what a modern, multi-layered defense really looks like.Whether you’re an IT pro, a small business owner, or just someone who cares about data privacy, this episode is packed with critical insights to help you understand, prepare, and protect against today’s cyber threats.🔐 It’s not about if an attack happens—it’s about how ready you are when it does.

In this deep-dive episode, we untangle some of today’s most critical cybersecurity threats—from GitHub’s complex quadruple supply chain attack to the rising concerns over Kubernetes vulnerabilities and serious flaws in Next.js. 🧠💻We kick things off with an inside look at StoneFly’s robust approach to data protection, from immutable air-gapped backups to ransomware-resistant infrastructure. Then, we unpack how a simple GitHub token compromise spiraled into a four-level attack chain targeting high-profile companies like Coinbase.🔐 Key Takeaways:What went wrong in the GitHub supply chain exploitThe anatomy of ransomware-resilient data infrastructureThe critical importance of immutable storage and commit hash pinningBreaking down Kubernetes’ “Ingress Nightmare” and its real-world exploitationWhy Next.js vulnerabilities could expose sensitive app dataWhether you're a developer, sysadmin, or cybersecurity enthusiast, this episode is a must-listen to stay ahead of the threat curve.

Is your web app truly secure? In this episode, we break down a critical NextJS vulnerability (CVE-2025-29927) that could allow attackers to bypass authentication and access sensitive data—impacting millions of websites. We explain what went wrong, what it means for your projects, and exactly how to fix it (even if you can’t upgrade yet).Then, we pivot to something equally vital: disaster recovery and data protection. Learn how StoneFly's cutting-edge solutions—like immutable snapshots, air-gapped backups, and real-time replication—can safeguard your data from ransomware and downtime in 2025.✅ Tune in to understand the threats—and the tools to defend against them. 🎯 Whether you're a developer, sysadmin, or tech leader, this is your security wake-up call.👉 Don’t wait for a breach—subscribe now and stay one step ahead of the next security risk. 💬 Got questions or tools you love? Drop us a comment or share the episode with your dev team!

From data breaches at major banks to ransomware crippling healthcare and tech companies, cyber threats are hitting harder than ever. In this episode, we break down the latest wave of attacks, the vulnerabilities being exploited, and what organizations can do to protect their data.Key Takeaways:🔹 Breaking down the latest cyberattacks – Who was hit and how it happened 🔹 Ransomware, supply chain breaches, and stolen credentials – The evolving threat landscape 🔹 Data protection strategies – Why backups, immutability, and air-gapping are critical 🔹 Third-party risk management – How vendors can be a hidden security weakness 🔹 Proactive security measures – Steps to safeguard your business before an attack🔊 Tune in now to stay ahead of cyber threats! 📢 How prepared are you for a cyberattack? Share your thoughts and join the conversation!

Cyber threats are inevitable, but a strong incident response plan can make all the difference. In this episode, we explore the essential steps for creating an effective incident response strategy, helping organizations detect, respond to, and recover from cyber incidents with minimal disruption.Key Takeaways:🔹 What is an Incident Response Plan? – Why every organization needs one 🔹 Key components of a strong strategy – From detection to recovery 🔹 Best practices for rapid response – Minimizing downtime and damage 🔹 Common pitfalls to avoid – Ensuring your plan is practical and effective 🔹 Real-world insights – How top organizations handle cyber incidents🔊 Tune in now to strengthen your cybersecurity defenses! 📢 Have experience with incident response? Share your insights and join the conversation!

The Department of Homeland Security (DHS) has abruptly shut down the Critical Infrastructure Partnership Advisory Council (CIPAC), the central hub for cybersecurity collaboration between the government and private sector. Why was it shut down? No one knows. What happens next? That’s the real concern.In this episode, we break down why CIPAC was crucial for national cybersecurity, the risks of losing a coordinated threat intelligence network, and what businesses must do to stay protected. Without CIPAC, the responsibility to secure critical infrastructure now falls even more on private companies. Cybersecurity firms, like StoneFly, are stepping up to fill the gap—helping businesses secure data, manage risk, and prepare for a world where government-backed coordination is no longer guaranteed.Join us as we discuss the hidden dangers of this shutdown, the potential for future government-private partnerships, and what organizations need to do right now to strengthen their security posture.🔒 Cyber threats aren’t slowing down. Can businesses keep up without CIPAC? Tune in to find out.

Over 517,000 individuals are now at risk after the Pennsylvania State Education Association (PSEA) suffered a massive data breach in July 2024—claimed by the Rhysida ransomware gang. Personal, financial, and health data, including Social Security numbers and payment details, were stolen, putting educators and union members at serious risk.In this episode, we break down: 🔹 How Rhysida ransomware infiltrated PSEA’s systems and their 20 BTC ransom demand 🔹 The type of stolen data and what it means for affected individuals 🔹 Why notification delays raise concerns about breach response practices 🔹 Rhysida’s attack history, including breaches of the British Library, Sony’s Insomniac Games, and major hospitals 🔹 What victims can do to protect themselves from identity theft and fraudThis breach isn’t just another cyberattack—it’s a wake-up call for unions, nonprofits, and education institutions to bolster their security against ransomware-as-a-service (RaaS) operations like Rhysida. Tune in to understand the full impact and what comes next.

For nearly a decade, a malware campaign dubbed DollyWay has silently compromised over 20,000 WordPress websites, evolving from a ransomware and banking trojan distributor to a sophisticated scam redirection network. Researchers at GoDaddy have now uncovered the full scale of this operation, which generates 10 million fraudulent ad impressions per month by redirecting site visitors to fake crypto, gambling, and dating scams.In this episode, we break down: 🔹 How DollyWay exploits WordPress plugin vulnerabilities to gain access 🔹 Its multi-stage redirection system that filters traffic and evades detection 🔹 Advanced persistence mechanisms, including hidden admin accounts and automatic re-infection 🔹 The monetization strategy through networks like VexTrio and LosPollos 🔹 Why removing DollyWay is extremely difficult—and what website owners can do to protect themselvesWith WordPress powering over 40% of the web, this campaign is a wake-up call for website administrators everywhere. Tune in as we dissect the inner workings of DollyWay and provide actionable security tips to keep your site safe.4o

A newly discovered critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC Baseboard Management Controller (BMC) software puts thousands of servers at risk—including those from HPE, Asus, and ASRockRack. This flaw allows remote attackers to bypass authentication and take full control of affected servers, enabling malware deployment, firmware tampering, indefinite reboot loops, and even physical damage through over-voltage attacks.In this episode, we break down: 🔹 How this vulnerability works and why it’s so dangerous 🔹 The widespread impact across cloud providers, data centers, and enterprises 🔹 Why exploits are “not challenging” to develop, even though none have been found in the wild—yet 🔹 Immediate actions IT teams should take, including patching, network isolation, and log monitoring 🔹 The broader supply chain risk posed by MegaRAC firmware and lessons from past vulnerabilitiesWith over 1,000 exposed servers already identified online, organizations must act fast. Tune in now to understand the risks and how to protect critical infrastructure before attackers strike! 🎙️💻

Microsoft’s latest Windows 10 and 11 updates (KB5053598 and KB5053606) have accidentally uninstalled Copilot, the AI assistant, from some users' systems—leaving many relieved rather than frustrated. In this episode, we break down Microsoft’s response, the temporary workaround, and what this says about the ongoing struggles of AI integration in Windows.We’ll discuss:How the Windows update mistakenly removed Copilot.Microsoft’s workaround and why the fix isn’t listed in the Windows release health dashboard yet.A look back at past Copilot-related update issues.User reactions—why so many are happy about Copilot’s unexpected removal.What this means for Microsoft’s AI strategy and Windows update reliability.Is this just another Microsoft patch blunder, or does it signal deeper issues with Copilot’s adoption? Tune in for expert insights! 🎙️💻

A new and incredibly deceptive phishing campaign is targeting Coinbase users—but this isn’t your typical scam. Instead of stealing your recovery phrase, attackers are handing you one—a pre-generated phrase they control—tricking users into creating wallets the hackers can drain instantly.Disguised as an official Coinbase email, the attack bypasses traditional security checks, using a convincing story about a court-mandated shift to self-custodial wallets. The emails, which originate from a compromised Akamai account via SendGrid, direct users to the legitimate Coinbase Wallet app but instruct them to import a recovery phrase that’s already compromised. The moment victims transfer funds, their assets are gone.We break down: 🔹 How this phishing campaign bypasses SPF, DKIM, and DMARC to land in inboxes. 🔹 Why this "reverse phishing" technique is a dangerous evolution in crypto scams. 🔹 The role of social engineering and trust manipulation in making this attack successful. 🔹 Coinbase’s response and why you should never use a recovery phrase given to you—ever. 🔹 Practical steps to identify and avoid crypto phishing scams before it’s too late.🚨 Whether you're a casual investor or a seasoned crypto trader, this new breed of phishing attack is a wake-up call. Tune in now to learn how to protect your assets and stay ahead of cybercriminals! #CryptoSecurity #PhishingScam #CoinbaseHack

Black Basta, one of the most notorious ransomware gangs, has taken brute-force attacks to the next level with BRUTED—an automated framework designed to breach VPNs, firewalls, and remote access tools. In this episode, we break down how BRUTED works, its key targets—including Cisco AnyConnect, Fortinet SSL VPN, and Palo Alto GlobalProtect—and why this tool is a game-changer for ransomware operations.Leaked internal chat logs reveal how Black Basta uses BRUTED to automate credential-stuffing attacks, making it easier to infiltrate corporate networks and scale ransomware campaigns. We’ll discuss the techniques this tool employs, how it evades detection, and what security teams can do to defend against it.With ransomware gangs evolving their tactics, organizations need to harden their defenses now more than ever. We’ll cover practical security measures—like multi-factor authentication, rate limiting, and threat intelligence monitoring—to keep your edge devices secure from brute-force attacks.Tune in to learn why BRUTED is a serious cybersecurity threat and what steps your organization must take to stay ahead.

In this episode, we unpack a major supply chain attack that compromised the widely used GitHub Action ‘tj-actions/changed-files’, affecting over 23,000 repositories. Attackers injected malicious code that exposed CI/CD secrets in build logs, creating a potential goldmine for further attacks.We’ll break down: 🔹 How the attack happened – The use of a compromised GitHub Personal Access Token (PAT). 🔹 The impact – CI/CD secrets dumped in plaintext inside workflow logs. 🔹 Why this attack is different – No data exfiltration, just public exposure. 🔹 GitHub’s response – The compromised code was removed, and a CVE was assigned. 🔹 Lessons for DevOps teams – Best practices to secure CI/CD pipelines.This attack underscores the growing threat of supply chain vulnerabilities in software development. We'll explore what went wrong, how you can protect your repositories, and why pinning dependencies to commit hashes is critical.If your organization uses GitHub Actions, this is a wake-up call. Don’t miss this deep dive into one of the biggest CI/CD security threats of 2025.

In this episode of The Deep Dive, we explore the ongoing tension between development and security teams in cloud environments. While developers prioritize speed and agility, security teams focus on risk mitigation—leading to friction that can hinder innovation. We discuss how platform teams act as a bridge, aligning both sides to create a secure yet efficient workflow. With insights from industry studies and solutions from Stonefly.com, we uncover strategies to foster collaboration, integrate security from the start, and build a strong foundation for cloud success. Tune in to learn how organizations can balance speed and security without compromise.

Ever wondered what lies beneath the surface of the internet? 🤔 In this deep dive, we uncover the mysteries of the Dark Web—a hidden part of the internet that isn't accessible through regular search engines. But what exactly is the Dark Web, and how does it work? Is it really as dangerous as it seems, or is there more to the story?🚀 In this video, we’ll explore: ✅ What the Dark Web is and how it differs from the Deep Web 🌊 ✅ How people access it using tools like Tor 🕵️‍♂️ ✅ The legal and illegal activities happening there ⚖️ ✅ Common myths and misconceptions 🚨 ✅ How to protect yourself from cybersecurity risks 🔐The Dark Web is often portrayed as a shadowy underworld full of hackers and criminals, but there's a lot more to it than meets the eye. From privacy-focused browsing to black markets, we'll break it all down so you can stay informed and safe online.💬 What are your thoughts on the Dark Web? Have you ever explored it? Drop a comment below! ⬇️🔥 Don’t forget to: 👍 Like this video if you found it interesting 🔔 Subscribe for more deep dives into tech, cybersecurity, and digital mysteries 📢 Share this video with friends who might find this topic intriguing!#DarkWeb #CyberSecurity #DeepWeb #Hacking #InternetMysteries #OnlinePrivacy

Ever wondered how sensitive credentials—like API keys, passwords, and certificates—end up scattered across your systems? 🤔 This hidden cybersecurity risk, known as secret sprawl, makes organizations an easy target for cybercriminals. 🚨In this episode, we uncover: ✅ The root causes of secret sprawl 🔍 ✅ Why traditional security methods aren’t enough ❌ ✅ How attackers exploit exposed secrets 🎭 ✅ A proven 5-step remediation plan to secure your data 🛡️🔹 Plus, we’ll explore StoneFly’s proactive approach to secrets management, from automated discovery to securing your infrastructure.🚀 Don’t leave your organization vulnerable—watch now and take control of your cybersecurity! 🔑

Did you know your phone is constantly mapping Wi-Fi hotspots around you—even when you're not using GPS? In this deep dive, we uncover the unsettling world of Wi-Fi positioning systems, how they track your movements, and the serious privacy risks involved. From global router databases to potential surveillance threats, we explore the implications of this hidden technology. Plus, we share practical steps to protect your privacy, including router settings that can help you opt out. Tune in to stay informed and secure your data in an increasingly connected world!

In this episode, we dive into a crucial topic—data security for government agencies. With evolving cyber threats, traditional security measures no longer cut it. We explore the rise of Zero Trust Security, its impact, and how organizations like StoneFly provide encryption, granular access controls, and backup solutions to safeguard critical data. Plus, we discuss why cybersecurity isn’t just for agencies—it’s for everyone. Tune in to learn how to protect sensitive information in an increasingly digital world.

panese telecommunications giant NTT Communications Corporation (NTT Com) has disclosed a data breach affecting information from nearly 18,000 corporate clients. The breach was identified on February 5, 2025, when suspicious activity was detected in the company's internal Order Information Distribution System. Immediate measures were taken to restrict access to the compromised system. However, on February 15, further unauthorized access was discovered on another device, which was subsequently isolated. The compromised data includes contract numbers, customer names, contact persons' names, telephone numbers, email addresses, physical addresses, and details related to service usage. Notably, information pertaining to individual customers was not affected, as the breach involved only corporate clients. NTT Com has stated that, as of now, there is no evidence of the stolen information being misused. The company is in the process of notifying all affected customers and has committed to enhancing its security measures and monitoring systems to prevent future incidents.

A massive malvertising campaign has compromised one million devices worldwide, using malicious ads on illegal streaming websites to distribute malware. Dubbed Storm-0408, this cybercrime operation leveraged GitHub, Dropbox, and Discord to host payloads, deploying information stealers like Lumma and Doenerium alongside remote access trojans (RATs) like NetSupport. By exploiting Living-off-the-Land techniques, attackers evaded detection, modified security settings, and stole system credentials with precision.In this episode, we uncover the full attack chain—from deceptive online ads to multi-stage malware infections. We’ll explore Microsoft’s response, the critical security flaws exploited, and what organizations can do to protect against these evolving threats. Tune in to learn how cybercriminals weaponize everyday platforms, and why endpoint detection, multi-factor authentication (MFA), and browser security are more essential than ever.

A cybercrime operation involving the theft and resale of $635,000 worth of concert tickets—primarily for Taylor Swift’s Eras Tour—has been uncovered. New York prosecutors revealed that two employees of a third-party StubHub contractor exploited a vulnerability in the ticketing system, intercepting over 350 ticket orders. By redirecting digital ticket links to themselves and their co-conspirators, the perpetrators resold them for massive profits.In this episode, we break down the details of the scam, the role of insider threats in cybercrime, and how businesses can protect their platforms from similar exploits. We’ll also explore the legal consequences the accused face, what this means for online ticketing security, and the broader implications for consumer protection in high-demand event sales. Tune in as we dissect this sophisticated scheme and what it teaches us about digital security, fraud prevention, and the risks lurking in today’s online marketplaces.

In this episode, we take an in-depth look at Silk Typhoon, the Chinese state-sponsored cyber espionage group that’s radically shifting its tactics. Moving away from direct breaches, Silk Typhoon is now targeting IT supply chains—exploiting remote management tools, identity systems, and cloud services to infiltrate organizations more stealthily and at scale.We explore how the group leverages stolen API keys, compromised credentials, and zero-day vulnerabilities to access downstream customer networks, and how their use of techniques like social engineering via Microsoft Teams further amplifies their threat. Learn about the construction of their covert networks using compromised devices, and how these sophisticated methods mark a significant evolution in cyber-espionage strategies.Our discussion highlights Microsoft’s warnings about these emerging tactics and examines the broader implications for industries such as healthcare, defense, and government. We also share actionable insights on bolstering IT supply chain security—from enforcing strong authentication measures and patching vulnerabilities promptly, to enhancing network monitoring and incident response.Tune in to understand how Silk Typhoon’s new approach is redefining the cybersecurity landscape and why proactive defense is more critical than ever.

In this episode, we dive into Rayhunter—an open source tool from the EFF designed to detect Stingray devices (cell-site simulators) that compromise your mobile privacy. We break down how Rayhunter leverages an affordable Orbic RC400L mobile hotspot to intercept and analyze control traffic between your device and cell towers, alerting you to suspicious activities like forced 2G downgrades or unusual IMSI requests.Explore the cutting-edge technology behind Rayhunter, its potential to empower users against covert surveillance, and the critical legal and safety considerations you need to know before deploying it. Whether you’re a tech enthusiast or a privacy advocate, this episode unpacks the promise and challenges of using open source tools to safeguard your digital life. Tune in for a deep dive into the future of mobile security!

The ransomware landscape is shifting, and Black Basta and Cactus are at the center of it. In this episode, we break down the connections between these two ransomware gangs, their shared tactics, and the use of BackConnect malware for stealthy post-exploitation access.We explore how both groups use social engineering via Microsoft Teams—posing as IT help desk personnel—to trick employees into granting them remote access through Windows Quick Assist. With Black Basta reportedly fading and its leak site offline, is Cactus simply a rebranded version of the notorious gang? Or is there a deeper overlap in their membership?We also discuss the role of BackConnect malware in obfuscating attacker movements, how ransomware gangs evolve after law enforcement crackdowns, and why businesses need to rethink their security strategies.Key Takeaways:🔹 How ransomware gangs like Black Basta and Cactus use social engineering to breach corporate networks🔹 The role of BackConnect malware in maintaining stealth and persistence🔹 The possible decline of Black Basta and whether its members have migrated to Cactus🔹 Why ransomware groups rebrand and shift tactics after crackdowns🔹 Actionable security measures to protect against evolving ransomware threatsCyber threats are evolving—stay ahead of them. Tune in now!

Cyberattacks are increasingly targeting OnlyFans users through sophisticated phishing schemes. These attacks leverage fake Cloudflare CAPTCHAs to trick users into running malicious scripts that install malware, such as remote access trojans and keyloggers, and they distribute malware through deceptive links. These links often masquerade as legitimate login pages or special offers, leading to the download of malware-laden files and installation of remote-control software. Defensive strategies include careful URL verification, avoiding suspicious script execution, enabling multi-factor authentication, and maintaining updated security software. Enterprises are urged to prioritize proactive security measures and employee training to protect against these evolving threats. Staying informed about the latest threats, like those detailed in cybersecurity newsletters, is vital for maintaining a strong security posture.

In a shocking move, Microsoft has banned the popular Material Theme – Free and Material Theme Icons – Free extensions from the Visual Studio Marketplace, removing them from millions of VSCode instances after cybersecurity researchers discovered potentially malicious code. With nearly 9 million downloads, these extensions were a staple for developers—until now.What went wrong? In this episode, we break down:✅ The Supply Chain Risk – How an outdated Sanity.io dependency may have been compromised.✅ Suspicious Code & Obfuscation – Why security researchers flagged the extensions and what was found.✅ Microsoft’s Response – The swift removal of the extensions, the ban on the developer, and upcoming disclosures.✅ Developer’s Defense – The claims of misunderstanding and Microsoft’s alleged lack of communication.✅ Lessons for Developers – How to detect security threats in VSCode extensions and safeguard your workflow.With concerns over supply chain attacks growing, this case raises critical questions about extension security, dependency management, and how much control Microsoft should have over third-party tools. Tune in as we dissect the facts and explore what this means for developers worldwide.