Daily Security Review

In this episode, we take a deep dive into the Qilin ransomware group — now regarded as the world’s leading ransomware-as-a-service (RaaS) operation — and explore how it’s reshaping the cybercrime landscape in 2025.

Qilin, also known as Agenda, burst onto the scene in 2022 with a Go-based ransomware. It has since evolved into a highly evasive Rust-based malware platform targeting both Windows and Linux environments, including critical VMware ESXi servers. The group uses aggressive double extortion tactics — encrypting data while also threatening public exposure of stolen information — with ransom demands ranging from $50,000 to $800,000.

But what truly sets Qilin apart is its transformation into a full-service cybercrime platform, offering affiliates advanced tooling, data storage, spam and DDoS services, and — most controversially — a “Call Lawyer” feature designed to pressure victims with legal consultation during ransom negotiations. While some experts dismiss this legal counsel angle as a mere recruitment stunt, it has proven effective in unnerving corporate victims, especially in sectors like healthcare, manufacturing, and energy.

In 2024 alone, Qilin has amassed over $50 million in ransom payments from more than 60 attacks, shifting its targeting to critical infrastructure and operational technology companies worldwide. The group's high-profile assaults — such as the $50 million ransom attack on Synnovis, a major UK healthcare provider — have caused severe disruptions, even impacting critical patient care.

We’ll unpack:

• Qilin’s evolution from a simple RaaS to a global cybercrime platform
• The unique legal pressure tactic and why it’s alarming defenders
• How Qilin’s affiliates, including groups like Scattered Spider, are exploiting the platform
• The malware’s sophisticated TTPs mapped to MITRE ATT&CK
• The shift toward targeting healthcare and critical OT systems
• Key defense and mitigation strategies organizations must adopt to combat this growing threat

If you want to understand how ransomware has morphed into a professionalized business model — and what comes next — don’t miss this episode.

In this episode, we dive deep into the story behind CVE-2025-27363, a critical zero-click vulnerability in the widely used FreeType font rendering library. Initially discovered by Facebook’s security team and patched by Google in May 2025, this flaw allowed attackers to execute arbitrary code on Android devices—without any user interaction—by exploiting how FreeType parsed certain font structures.

This seemingly obscure bug became a key attack vector for Paragon Solutions’ "Graphite" spyware, an Israeli-made surveillance tool capable of taking near-total control of compromised smartphones. Through forensic analysis, it was revealed that Paragon’s spyware leveraged CVE-2025-27363 to infect targets via WhatsApp: malicious PDF files sent through groups triggered the vulnerability, which then deployed Graphite and escaped Android’s sandbox protections. The spyware could then exfiltrate encrypted chats, enable microphones and cameras, and track real-time GPS—without the user’s knowledge.

Our discussion also explores:

• The technical nuances of the vulnerability—how a signed/unsigned integer mismatch led to a dangerous heap overflow.
• The patching timeline, and Google’s move toward replacing FreeType with the safer Rust-based Skrifa library.
• How governments in countries like Australia, Canada, Italy, and Israel are suspected of deploying this spyware.
• The role of The Citizen Lab in uncovering evidence of targeted attacks against journalists, activists, and civil society members—despite Paragon’s public claims of safeguarding human rights.
• Practical advice for detecting spyware infections and why hybrid detection strategies offer the best protection.

Finally, we examine the broader implications for software supply chains, surveillance ethics, and why even basic libraries like font parsers must be designed with security in mind. Tune in for an eye-opening look at how a small coding bug cascaded into a global espionage tool.

In this episode, we take a deep dive into the June 2025 cyberattack on Aflac, one of the latest strikes in a growing wave of sophisticated, AI-driven cyber campaigns targeting the insurance industry. On June 12, Aflac detected suspicious activity within its U.S. network—a breach attributed to a highly organized cybercrime group and part of a larger pattern of targeted attacks against financial and insurance providers.

Our discussion goes beyond Aflac’s rapid response to explore the broader cybersecurity landscape of 2024-2025: a time marked by an explosion in third-party supply chain vulnerabilities, the resurgence of ransomware, and the growing use of AI-powered phishing and polymorphic malware. We examine how ransomware payloads are evolving to evade detection, why SMBs and mid-market firms are increasingly in the crosshairs, and how credential theft and sophisticated phishing are driving the majority of breaches.

We also break down:

• How real-world cases like Marks & Spencer, Victoria’s Secret, and UNFI show the cascading impacts of third-party risks.
• The strategic importance of Zero Trust and proactive supply chain management.
• What companies can learn from the Aflac incident about preparing for coordinated industry-specific campaigns.
• Practical steps organizations can take today—layered defenses, threat monitoring, employee training, and incident response planning—to build resilience in this new threat environment.

If you want to understand the tactics modern attackers are using—and what your organization can do about it—don’t miss this episode.

In May 2025, a ransomware attack forced Nucor — one of America’s largest steel producers — to halt its metal production operations. This wasn’t just a corporate IT incident: it disrupted a critical link in the nation’s industrial supply chain.

In this episode, we take an in-depth look at the Nucor attack: how cybercriminals targeted operational technology (OT) systems, why manufacturers like Nucor are becoming prime ransomware targets, and what this means for national security.

We analyze the escalating tactics of ransomware groups, including sophisticated loader chains, abuse of legitimate tools, and emerging delivery methods that can take down even hardened industrial environments. We also examine why the attack on Nucor marks a new chapter in the ransomware threat landscape — one where physical production and critical infrastructure are increasingly at risk.

Most importantly, we discuss how organizations can defend against these evolving threats: leveraging the NIST Cybersecurity Framework, adopting proactive detection and incident response strategies, and addressing growing vulnerabilities in the cyber supply chain.

If Nucor’s shutdown taught us anything, it’s that no manufacturer can afford to ignore the ransomware threat. Tune in to learn what your organization can do to prepare.

A staggering $225 million in illicit cryptocurrency was recently seized by U.S. authorities in what has become the largest digital asset recovery in Secret Service history. This episode unpacks the mechanics, methods, and forensics that made this possible—and how a sprawling network of scams, labor compounds, and fake identities in Southeast Asia unraveled under blockchain scrutiny.

We explore how cryptocurrency is being used in modern money laundering operations—from intermediary wallet “hops” and high-frequency rounded transactions, to tumblers like WasabiWallet and Tornado Cash, and privacy coins like Monero. You'll hear how these laundering methods are structured, and why they’re no longer enough to stay hidden.

We also break down how U.S. and international regulators are leveraging blockchain transparency, stablecoin issuer cooperation, and advanced forensic tools to trace and freeze funds. From court orders served via NFT, to mandatory injunctions forcing smart contract code edits, enforcement is evolving—and fast.

Finally, we discuss tax implications, cost basis methods, and upcoming IRS rules that will redefine crypto accounting in 2025. Whether you’re in compliance, enforcement, or just trying to understand how illicit actors move money through crypto, this episode offers a detailed look into the shifting balance of power between criminals and regulators in the digital asset space.

Ransomware groups are no longer just encrypting data — they're going straight for the backups. And if those backups aren’t properly protected, recovery becomes impossible, and ransom payouts more likely. In this episode, we dive deep into how threat actors are exploiting critical vulnerabilities in widely used backup systems, focusing on the recently disclosed CVEs affecting Veeam Backup & Replication.

We explore CVE-2025-23121, a critical remote code execution flaw already being weaponized in the wild, and CVE-2025-24287, a privilege escalation vulnerability that opens the door for deeper compromise. These aren't theoretical risks — these are the exact tactics used by ransomware groups like Cuba and FIN7 to dismantle organizations’ last lines of defense.

The discussion goes further into why backup hardening isn't optional anymore. We break down what it means to implement the 3-2-1-1-0 backup strategy effectively and why immutability, offsite storage, and automated testing are the bare minimum for survival. You’ll also hear hardening best practices — directly from real-world sysadmins — including isolating Veeam servers from the domain, restricting access with the principle of least privilege, and enforcing MFA.

But protection doesn’t end at backups. We unpack broader ransomware defense strategies: network segmentation, browser isolation, file integrity monitoring, and behavioral logging through SIEM and EDR platforms. Learn how honey files, malware detonation environments, and strict firewall rules are helping defenders detect and contain attacks before they spread.

This isn’t about theory. This is about what ransomware operators are doing right now — and what it takes to stop them.

If you’re running backups without verification, hosting Veeam on a multi-role domain-joined server, or delaying critical patches, this episode is your wake-up call. 

Ransomware just bankrupted a 100-year-old manufacturer—and the world should take notice.

In this episode, we dissect the cyberattack that brought down Fasana, a German paper napkin producer, and pushed it into insolvency. On May 19, 2025, employees arrived to find printers ejecting extortion notes. By the end of the week, systems were paralyzed, €250,000 in daily orders went unprocessed, and the company hemorrhaged €2 million in under 14 days. Fasana couldn’t pay salaries, couldn’t ship products, and now has just eight weeks to find a buyer or shut down for good.

We explore how this happened—and why it could happen to almost any manufacturing company operating today.

This isn’t just a story of one company—it’s a cautionary tale about the growing frequency and impact of ransomware, especially in industries where IT and OT environments are merging. From indirect attacks on connected IT systems to direct strikes against operational machinery, manufacturers are being hit hard. In 2023 alone, over 500 physical sites were disrupted by cyberattacks—more than half in manufacturing.

We examine how ransomware exploits vulnerable systems like ERP platforms, SCADA controls, and HMIs—and why systems without clear IT/OT segmentation are now high-risk. Then, we look at what Fasana lacked: a functioning Business Continuity Plan. No backup delivery system. No fast recovery options. No clear incident response framework.

You'll learn:

• Why even small manufacturers are now prime ransomware targets.
• What a robust Business Continuity Plan actually includes—from impact assessments to cloud and off-site backups, endpoint defense, and RPO/RTO strategies.
• Why regular testing, employee training, and disaster simulation drills are just as critical as having the right technology.
• The operational, legal, and reputational risks of sensitive data loss in manufacturing.
• How financial pressure compounds risk—and why companies already under strain are often one cyberattack away from collapse.

We also break down key defense strategies: network segmentation, encryption, EDR, multi-factor authentication, vendor access controls, and the emerging role of cyber insurance in helping companies weather these storms.

This episode is more than a post-mortem of a cyberattack. It’s a call to action for manufacturers: ransomware is escalating, and so must your resilience. Fasana didn’t have time to prepare—but you do.

In this episode, we break down the true scale and mechanics behind the largest credential leak ever recorded—over 16 billion login credentials, most of them exfiltrated by infostealer malware.

We dive into how this happened: from the malware-as-a-service (MaaS) model enabling even low-skill threat actors to deploy powerful stealers, to how credentials are harvested from infected systems, bundled into "logs", and sold on dark web marketplaces.

You'll learn about the rise of credential stuffing attacks that use these logs to hijack user accounts at scale, bypassing traditional defenses with distributed botnets and evasion tactics. We examine the ecosystem behind it all—how groups like Nova Sentinel operate, where data gets hosted, and how anti-analysis methods help them stay hidden.

We also detail the best current defenses—multi-factor authentication (MFA), fingerprint-based detection, rate-limited login systems, and how organizations should handle suspicious IPs and user agent anomalies. You'll hear mitigation tactics sourced from OWASP, CISA, and expert threat research from Gatewatcher, DataDome, and more.

This isn't just about malware. It's about how credential theft has become a billion-dollar economy—automated, distributed, and dangerously efficient.

A malware distribution network hiding in plain sight — on GitHub.

This episode unpacks the Stargazers Ghost Network, a massive Distribution-as-a-Service (DaaS) infrastructure run by a threat actor known as Stargazer Goblin. Using over 3,000 GitHub accounts, this operation pushes dangerous information-stealing malware disguised as legitimate game mods and cracked software, particularly targeting communities like Minecraft players.

At the center of the campaign are well-known infostealers such as Atlantida, Rhadamanthys, RisePro, Lumma, and RedLine. The delivery mechanism? Sophisticated Java-based loaders, GitHub phishing repositories, and links embedded across platforms like Twitch, TikTok, YouTube, and Discord.

Key insights we explore:

🎯 Targeted deception: Modded Minecraft downloads hiding Java loaders that drop multiple stealers
 💸 Financial motivation: An estimated $100,000 earned by Stargazer Goblin through stolen data
🧠 Social engineering: Repository stars, forks, and watchers used to appear trustworthy
🧪 Anti-analysis: Malware designed to evade detection with anti-VM and anti-sandbox techniques
🔐 Data exfiltration: Passwords, cookies, crypto wallets, VPN credentials, Discord tokens, and more
🌍 Attribution: Russian-language artifacts and UTC+3 activity suggest a Russian-based operator

We also explore how GitHub’s platform was exploited, the use of password-protected archives to bypass scans, and the tiered account structure that allows malicious repositories to reappear even after bans.

With GitHub being abused at this scale — and over 1,500 Minecraft users already infected — this case is a wake-up call for both platforms and end users. The combination of malware-as-a-service (MaaS) and DaaS delivery is lowering the bar for cybercriminals and increasing the risk for everyone online.

#StargazersGhost #GitHubMalware #Infostealers #StargazerGoblin #MinecraftMalware #RedLine #Rhadamanthys #LummaStealer #AtlantidaStealer #JavaMalware #MalwareCampaign #CybersecurityPodcast #DaaS #MaaS #InfoSec #GamingCyberThreats #DiscordMalware

Cybercriminals are increasingly turning GitHub into a malware distribution network. In this episode, we unpack two of the most alarming recent campaigns: Water Curse and Banana Squad — both targeting developers, red teams, and security professionals through poisoned open-source projects.

Water Curse, a financially motivated group, used at least 76 GitHub accounts to deliver multistage malware hidden inside project configuration files of tools like Sakura-RAT. These payloads deploy obfuscated VBS and PowerShell scripts, perform system reconnaissance, and disable recovery mechanisms like shadow copies. The malware, tracked as Backdoor.JS.DULLRAT.EF25, allows long-term remote access and data exfiltration via services like Telegram.

Banana Squad, meanwhile, deployed over 60 fake repositories containing trojanized Python scripts masked as ethical hacking tools. Using visual obfuscation tricks, they pushed malicious code off-screen in the GitHub UI to avoid detection — a tactic that worked until automated tools caught the behavior.

Both groups are part of a broader trend: cybercriminals leveraging Malware-as-a-Service (MaaS) platforms to outsource infrastructure, scale their operations, and target critical parts of the software supply chain. Developers, security teams, and even gamers are now at risk — not through phishing emails, but by trusting what they download from legitimate platforms.

We also explore how MaaS lowers the technical barrier for attackers and discuss the critical need for secure software development, SBOM transparency, and active code validation.

This isn’t a theoretical threat. It’s a shift in the way malware is built, delivered, and scaled — and it’s already compromising environments in plain sight.

#GitHubMalware #WaterCurse #BananaSquad #SoftwareSupplyChain #MaaS #OpenSourceSecurity #PythonMalware #BackdoorJS #Cybersecurity #DeveloperSecurity #Infosec #VisualStudioMalware #TrojanizedCode #GitHubSecurity #CodeTrustCrisis

A single vendor was compromised — and suddenly, internal records from UBS, Pictet, Manor, and Implenia were leaked. The Chain IQ cyberattack is a textbook example of how fragile the digital supply chain has become.

This episode dissects the breach that exposed names, roles, phone numbers, even CEO contact details of over 137,000 UBS employees, and 230,000 lines of internal billing data from Pictet, including expenses ranging from hotel stays to pottery purchases. While client data remained untouched, the exposure of employee and operational data is alarming.

The attack was carried out by World Leaks — formerly known as Hunters International — a group known for data theft and public extortion, not encryption. Their tactics reflect the evolving nature of supply chain threats, where trust in vendors is weaponized and internal data becomes a high-value target.

We go beyond the breach and explore:

🔹 How 62% of supply chain attacks exploit trust in third-party providers
 🔹 Why 66% of suppliers don't even know how they were compromised
 🔹 The massive industry ripple effect, with Chain IQ’s clients including FedEx, IBM, Swiss Life, AXA, Swisscom, and KPMG
 🔹 What organizations should be doing now — from vendor due diligence and access minimization to continuous risk monitoring
 🔹 Why employee data security must be treated as business-critical

We also break down essential defense and recovery strategies — including zero trust access, contractual audit clauses, IAM, vulnerability patching, and a Plan-Do-Check-Act cycle for full-spectrum supply chain security.

The Chain IQ breach isn’t just a warning — it’s a case study in what happens when your cybersecurity depends on someone else's.

#ChainIQBreach #UBSLeak #SupplyChainAttack #PictetBreach #WorldLeaks #Cybersecurity #VendorRisk #DataLeak #ThirdPartySecurity #CyberAttack #EmployeeDataExposure #InfoSec #IncidentResponse #FinancialSectorSecurity #DigitalTrust

State and local governments are under cyber siege. In this episode, we break down how and why these public institutions have become top targets for attackers — and why the threats are getting worse.

Digitization is expanding public access to services, but it's also opening new doors for threat actors. Many local authorities still rely on legacy IT systems, outdated operating systems, and unsupported software — leaving them vulnerable to ransomware, phishing, impersonation, and supply chain exploits. The rise in attacks isn’t hypothetical: cyber data breaches in UK local councils have surged by nearly 400% in just three years.

We examine key reasons for the surge:
 🔸 Outdated infrastructure and tight budgets
 🔸 Rampant phishing and email impersonation
 🔸 Ransomware that paralyzes city services and steals citizen data
 🔸 Weak oversight of third-party vendors and digital service providers
 🔸 A lack of board-level responsibility and incident response planning

The consequences aren’t just operational. Citizens are losing jobs, facing housing instability, and experiencing long-term harm due to the exposure of sensitive personal data. In the case of Oxford City Council, 21 years of historical data were compromised — impacting both current and former council employees. Although no large-scale data extraction has been confirmed, investigations are ongoing.

Across the UK, councils have reported more than 12,700 breaches in three years, with over £260,000 paid in legal claims and compensation. High-profile incidents, such as the Capita breach and the Metropolitan Police supplier compromise, highlight a growing trend: third-party vendors are becoming major points of failure.

We also discuss the lack of proactive cybersecurity measures. Most public bodies don’t regularly assess supply chain risks or re-evaluate vendor contracts. In many cases, cybersecurity is still not a board-level priority, especially for smaller agencies operating with limited resources.

This episode explores what needs to change — from upgrading legacy systems to enforcing third-party risk management and creating a culture of privacy and accountability. Cybersecurity isn’t just a technical issue anymore. It’s public safety, trust, and governance at stake.

#CyberSecurity #DataBreach #PublicSectorSecurity #Ransomware #OxfordDataBreach #CapitaBreach #LocalGovernment #InfoSec #DigitalTrust #PrivacyMatters #CyberAttack #SupplyChainRisk

Two newly disclosed critical vulnerabilities—CVE-2025-5349 and CVE-2025-5777—have put Citrix NetScaler ADC and Gateway deployments at serious risk, exposing enterprise environments to potential data breaches and service disruptions. These flaws underscore the persistent challenges facing infrastructure teams, especially when balancing security patching with service availability.

We dive deep into:
 🔍 The technical mechanisms behind the NetScaler vulnerabilities and why they’re considered high risk
 ⚙️ The real-world difficulties of patching Citrix environments, including long installation times, session disruption concerns, and HA strategy failures
🛠️ Staged patching techniques, including gold image refresh for MCS, traffic redirection using VIP isolation, and Citrix’s official upgrade flow
🔒 A breakdown of the AAA (Authentication, Authorization, Accounting) model and its relevance for secure VPN access
🧠 Broader lessons from CWE-125 (Out-of-Bounds Read) and how SAST, SCA, and code reviews help developers catch software vulnerabilities before they reach production

This episode ties together software security principles with enterprise infrastructure reality, highlighting how missteps in either domain can leave organizations exposed. Whether you're managing Citrix infrastructure or building secure software, this conversation bridges the gap between theory and practice.

CVE-2025-1568, dubbed "GerriScary", has shaken the open-source ecosystem by exposing a fundamental weakness in Google’s Gerrit code review system—one that could have enabled attackers to infiltrate 18 of Google’s most widely used open-source projects, including Chromium, ChromiumOS, Dart, and Bazel.

This episode breaks down how the vulnerability was discovered by researchers at Tenable using a subtle but powerful HTTP status code fingerprinting technique. A simple 209 response exposed whether a user had the “addPatchSet” permission on a given project. That small indicator opened the door to a potentially massive software supply chain compromise, allowing malicious patchsets to be injected silently into production workflows.

We also explore the broader threat landscape with critical and actively exploited vulnerabilities, such as:

🔓 CVE-2023-0386 – A Linux kernel flaw exploited for root access
🧨 CVE-2025-23121 – Remote code execution on Veeam Backup Server
💣 CVE-2025-2783 – A Google Chrome zero-day used by the Trinper backdoor
📡 CVE-2023-33538 – Command injection in TP-Link routers, actively exploited
🔥 CVE-2024-1086 – Use-after-free in Linux netfilter, leading to system takeover

From hardcoded keys in enterprise tools to command injections in home routers, we highlight how poor development practices continue to fuel real-world threats.

But this isn't just about reacting to flaws. We dissect the NIST Secure Software Development Framework (SSDF), now more relevant than ever. You’ll learn how the SSDF’s four core areas—Prepare, Protect, Produce, and Respond—provide a practical roadmap to building secure software, preventing flaws like GerriScary, and rapidly responding when the next critical CVE emerges.

Whether you’re a software engineer, CISO, or security architect, this episode offers a grounded and urgent look at the real-world risks of unpatched systems, insecure third-party dependencies, and weak DevSecOps discipline—and how to fix them.

Cisco and Atlassian have both released urgent security advisories in response to newly discovered high-severity vulnerabilities—and the implications are serious.

Cisco’s firmware flaws impact Meraki MX and Z Series devices running AnyConnect VPN. A bug in the SSL VPN process allows authenticated attackers to crash the VPN server, causing repeated denial-of-service conditions. Cisco ClamAV also contains heap-based buffer overflow vulnerabilities that could crash antivirus defenses simply by scanning a malicious file. Proof-of-concept exploit code is already circulating—making exploitation only a matter of time.

Atlassian isn’t faring much better. Their June 2025 bulletin disclosed 13 high-severity vulnerabilities across Bamboo, Bitbucket, Confluence, Jira, Crowd, and Service Management. Many of these are rooted in third-party dependencies like Netty, Apache Tomcat, and Spring Framework. From improper authorization to remote code execution and denial of service, the risks span multiple vectors.

This episode breaks down:

🔧 Cisco CVEs (2025-20212, 2025-20271, 2025-20128, 2025-20234)
 🛑 How malformed VPN attributes trigger a system crash
 🧪 The risk of crashing ClamAV with OLE2 content
 📦 Atlassian’s dependency-driven vulnerabilities (CVE-2025-22228, CVE-2024-47561, CVE-2024-39338 and more)
 🔁 The challenges of managing firmware updates across Meraki networks
 💣 The broader danger of unpatched systems and third-party bloat
 📉 Real-world fallout: from Equifax to ProxyShell
 ☁️ Shared responsibility in cloud environments and how institutions often misinterpret it

If you're running Cisco hardware, using Atlassian platforms, or relying on open-source libraries, this episode shows why you must have a clear patching strategy, strong third-party oversight, and internal security validation—before attackers find the gaps for you.

A deep dive into one of the most aggressive ransomware groups operating today—Play—and their latest high-profile target: Krispy Kreme.

Operating since 2022, the Play ransomware group has become notorious for its double extortion model, where sensitive data is exfiltrated before systems are encrypted. Victims are pressured not just by digital ransom notes but also through direct phone calls to company lines, creating a highly aggressive and disruptive extortion cycle. Play has targeted over 900 entities globally, from government institutions to media outlets and, most recently, the food industry.

In November 2024, Krispy Kreme was forced to shut down online ordering in parts of the U.S. after detecting unauthorized access to its systems. The Play group claimed responsibility. Stolen data reportedly included names, Social Security numbers, banking credentials, biometrics, and even military IDs—a scale and sensitivity that elevates this attack far beyond typical retail breaches.

We break down:
 📛 The origins and global targeting footprint of Play ransomware
 📤 Their TTPs: dynamic compilation, intermittent encryption, WinRAR compression, and data exfiltration via WinSCP
 ☎️ Their use of direct communication, including threatening phone calls to corporate numbers
 🧠 Their links to Russian-affiliated cyber actors and similarities to other ransomware variants like Hive and Nokoyawa
🧬 The specific operational and reputational damage inflicted on Krispy Kreme
💥 The unique risks of biometric data exposure in ransomware cases
🛡️ Critical cybersecurity recommendations from CISA, including segmentation, offline backups, EDR, and least-privilege access
🧪 How businesses—regardless of industry—must rethink cybersecurity resilience in the face of industrialized extortion models

Whether you're in tech, retail, or public infrastructure, this is a wake-up call: ransomware doesn’t discriminate by sector—it hunts for scale, pressure points, and poor preparation.

#Ransomware #PlayRansomware #KrispyKremeHack #CyberSecurity #DoubleExtortion #DataBreach #InfoSec #CISA #HunterInternational #BiometricDataBreach #RetailSecurity #PodcastCybersecurity #CyberAttack #RansomwareTTPs #MITREATTACK

In this episode, we unpack the dramatic takedown of Archetyp Market, a darknet marketplace that dominated the online drug trade since its launch in May 2020. With over €250 million ($290 million) in drug transactions, more than 600,000 users, and 17,000 listings, Archetyp wasn’t just another darknet forum—it was the largest dedicated drug market on the Tor network by 2024.

The operation that brought it down, Operation Deep Sentinel, was a five-nation law enforcement effort led by Germany’s BKA, coordinated by Europol and Eurojust, and supported by the United States. Between June 11–13, 2025, authorities arrested the alleged German administrator in Barcelona, one moderator, and six top vendors. They also seized €7.8 million in assets, including crypto wallets, luxury vehicles, and the market’s backend infrastructure hosted in the Netherlands. This was the culmination of years of cyber-forensics, financial tracing, and cross-border intelligence work.

But the story doesn’t stop with the arrests. We explore the deeper implications: how digital drug markets continue to evolve, why users easily migrate after shutdowns, and how operations like this shape law enforcement’s long-term cybercrime strategy. We’ll also touch on the philosophical roots of Archetyp’s founder—who modeled the site after Silk Road, with the aim of supporting drug liberalization in Europe—and why this ideological undertone didn't stop the authorities from dismantling the platform piece by piece.

Tune in as we analyze the fall of Archetyp, the future of darknet markets, and the growing role of international cybersecurity cooperation in this high-stakes game of cat and mouse.

In this episode, we break down one of 2025’s most significant healthcare cybersecurity incidents: the ransomware attack on Ocuco, a global eyecare software provider. On April 1st, 2025, threat actors from the KillSec ransomware group exploited CVE-2024-41197 — a critical authentication bypass in Ocuco’s INVCLIENT.EXE — to gain Administrator-level access and exfiltrate over 340GB of sensitive data, including patient names, SSNs, driver’s license numbers, and financial records.

KillSec, a group known for combining ransomware with ideological messaging, claimed responsibility via their dark web leak site. Despite positioning themselves as hacktivists, their modus operandi follows a double extortion model, typical of financially motivated groups. Their tactics reflect a larger 2024–2025 trend: politically charged language masking ransom demands.

We dive into the technical details of CVE-2024-41197, a zero-day (or possibly N-day) vulnerability with a CVSS score of 9.8 that allowed unauthenticated remote code execution. Ocuco learned of the breach the same day KillSec publicized it, and the company later reported the incident to the U.S. HHS and Ireland’s DPC under GDPR obligations.

This episode also connects the dots across broader healthcare cybersecurity trends. With 458 ransomware attacks tracked in healthcare in 2024, and groups like LockBit 3.0, RansomHub, and BianLian still active, this incident reflects the sector's growing exposure to zero-day exploits, supply chain flaws, and AI-augmented social engineering.

We end with a focused discussion on prevention: how organizations can strengthen software supply chain defenses, implement DevSecOps practices, and prepare breach response plans that comply with GDPR and HIPAA alike.

In this episode, we dive deep into the current state of cybersecurity in healthcare, where the growing sophistication of cyber threats has led to increasingly devastating breaches. We begin with a close look at the rise of Ransomware-as-a-Service (RaaS), focusing on DragonForce, a ransomware group that has transitioned from politically motivated attacks to financially-driven extortion campaigns. With their dual-extortion tactics, DragonForce is not just locking data but threatening to release stolen information, significantly amplifying the risk to healthcare organizations.

The conversation then shifts to the real-world impact of cybercrime on healthcare. Data breaches do more than cause financial losses—they erode patient trust, which is crucial for effective healthcare delivery. Patients often experience fear and anxiety after their personal information is exposed, which can lead to a reluctance to share vital health details, ultimately impacting patient outcomes.

We’ll also explore critical preventive measures and response strategies that healthcare organizations must adopt to safeguard sensitive data. From multi-layered phishing prevention tactics to robust incident response plans, these best practices are essential for maintaining the integrity and confidentiality of patient information. Finally, we discuss the importance of rebuilding trust in the wake of a breach, with practical recommendations for transparent breach reporting and fostering a culture of cybersecurity awareness.

Tune in for expert insights on how healthcare can defend against these persistent threats and recover swiftly when the inevitable happens.

In this episode, we break down the seismic implications of Google’s proposed $32 billion acquisition of Wiz, the world’s largest cybersecurity unicorn—and why this isn’t just another tech deal.

At the core is the U.S. Department of Justice's antitrust investigation, triggered by concerns that the deal could tighten Google’s grip on a critical sector: multi-cloud cybersecurity. With Wiz already serving 40% of the Fortune 100 and boasting $500M in ARR, the acquisition could position Google as a dominant force in cloud-native application protection—potentially squeezing competitors and reshaping the market.

We examine what’s driving this mega-deal, from Google’s desire to compete with Microsoft Defender for Cloud, to its push for a unified security stack that spans AWS, Azure, and Oracle Cloud. We also look at the staggering $3.2B breakup fee—10% of the deal value—which suggests that both companies anticipated regulatory roadblocks.

This isn’t happening in a vacuum. We contextualize the deal within broader M&A trends in 2025, including evolving deal structures, regional regulatory crackdowns in Europe and China, and a shifting landscape under the Trump administration in North America. Plus, we explore the booming cloud security market, projected to hit $270B by 2035, and what the DOJ’s actions could mean for future cloud M&A.

Finally, we explore counterpoints from the UK's Cloud Services Market Report, which suggests that the cloud landscape remains competitive globally, with price wars, strong buyer power, and plenty of innovation. So is the DOJ overreacting—or is Google really aiming to own the future of cybersecurity?

📌 Topics covered:
 🧠 Why Wiz became the crown jewel of cloud security
 💰 The motivations behind Google’s biggest acquisition ever
 ⚖️ The DOJ’s case and the growing wave of antitrust scrutiny
 🌍 Regional M&A shifts in the US, Europe, and China
 📉 Price wars, competition, and market structure in cloud services
 🛡️ The future of multi-cloud security, and who really controls it

In this critical episode, we dive into the alarming exploitation of CVE-2024-57727, a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software actively leveraged by ransomware operators since early 2025. This isn't just a theoretical risk—it's already being used to compromise utility billing providers and downstream MSP customers through double extortion tactics.

We examine how the trusted capabilities of RMM tools—remote control, patching, and backup—are being weaponized in Living Off the Land (LOTL) attacks, allowing adversaries to maintain persistence, evade detection, and move laterally across networks with ease. With input from CISA, NSA, FBI, MS-ISAC, and INCD, we explore why RMM platforms like SimpleHelp have become high-value targets and what this means for IT, OT, and ICS environments.

The discussion covers:
 🛠️ What makes RMM software such a potent attack vector
 ⚠️ The details and real-world impact of CVE-2024-57727
 🔐 CISA’s recommended mitigations—from network segmentation to MFA, application controls, and zero-trust policies
 📉 Supply chain risk: How MSP compromise can cascade across client networks
 🧰 Detection techniques and critical indicators of compromise for SimpleHelp instances
 🛡️ Why developers, MSPs, and SaaS providers must adopt security-by-design, auditable logging, and privilege minimization

This episode is a must-listen for IT admins, MSPs, SOC teams, software vendors, and cybersecurity professionals tasked with protecting remote infrastructure. If your organization uses or builds RMM software—don’t miss this briefing.

In this episode, we dissect UNK_SneakyStrike—a major account takeover campaign targeting Microsoft Entra ID users with precision and scale. Tracked by Proofpoint, this campaign began in December 2024 and has since escalated, leveraging TeamFiltration, a legitimate penetration testing tool, to enumerate users and launch password spraying attacks that have compromised over 80,000 accounts across 100+ cloud tenants.

We explore how attackers are weaponizing red team tools, abusing Microsoft Teams and OneDrive APIs, and even exploiting refresh tokens for persistent access—turning standard identity infrastructure into their playground. With origins traced to AWS infrastructure in the U.S., Ireland, and the UK, the campaign represents a dangerous convergence of identity-based threats, cloud misconfigurations, and cross-cloud attack surfaces.

Join us as we walk through:
 🔹 The operational characteristics and attack patterns of UNK_SneakyStrike
 🔹 Why password spraying remains effective—and undetected—in the cloud
 🔹 How Microsoft Entra’s gaps, like token handling and user enumeration exposure, played a role
 🔹 Real-world risks: unauthorized access, lateral movement, and long-term persistence
 🔹 The importance of multi-factor authentication, Zero Trust, real-time threat intelligence from AWS's MadPot and Mithra, and security hygiene
 🔹 Concrete mitigation strategies to reduce exposure to identity-focused attacks

This is a must-listen for IT admins, CISOs, cloud security professionals, and anyone responsible for protecting digital identities in Microsoft and hybrid cloud environments.

In this episode, we dive deep into one of the most critical attack techniques in modern cyber warfare: privilege escalation—and how it recently hit center stage with three high-severity vulnerabilities discovered in Tenable’s Nessus Agent for Windows.

We break down CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, which, when exploited, allow a non-administrative user to gain SYSTEM-level access, execute arbitrary code, delete critical files, or overwrite system content. These vulnerabilities, patched in version 10.8.5 of Nessus Agent, represent a textbook example of how privilege escalation paves the way for arbitrary code execution (ACE) and potential ransomware deployment.

In the second half of the episode, we unpack:
 🛠️ What privilege escalation is, including vertical and horizontal types
 📊 Real-world exploitation paths on Windows systems
 🔐 Why tools like BloodHound, winPEAS, and PowerUp are favorites among threat actors
 📉 The security impact of misconfigured services, overprivileged accounts, and weak registry settings
 ✅ And most importantly: what your organization can do to detect, prevent, and mitigate privilege escalation attacks before they spiral out of control

With privilege escalation playing a central role in everything from data breaches to ransomware infections, this episode is a must-listen for IT admins, security professionals, and anyone responsible for hardening their organization’s defenses.

🔄 Don't forget to patch your Nessus Agents, enforce least privilege, and audit your environments regularly.

A major cyberattack has rocked Canada's second-largest airline, WestJet—crippling internal systems and prompting warnings for customers to monitor their accounts and change passwords. But this is more than just a corporate incident. It’s the latest sign of a broader, escalating crisis in aviation cybersecurity.

In this episode, we examine the WestJet breach in the context of a rapidly evolving threat landscape. With airlines facing more than 1,000 cyberattacks each month, we unpack the critical vulnerabilities putting passenger safety, operational continuity, and public trust at risk. From DDoS attacks grounding flights at LOT Polish Airlines to phishing campaigns linked to the MH370 tragedy, history shows the aviation sector is an attractive and dangerous target.

We dive into the technical and organizational weak points—unpatched systems, insecure networks, and undertrained personnel—that attackers continue to exploit. And we explore the international standards and frameworks designed to fight back: ISO 27001, ISO 22301, ISO 27032, and the NIST Cybersecurity Framework.

Most importantly, we discuss how airlines and airports can move from reactive measures to proactive security—layered defenses, real-time detection, and rapid incident response. Whether you're in cybersecurity, aviation, or simply a frequent flyer, this episode breaks down why the WestJet incident is a loud alarm the entire industry must heed.

🔐 Key Talking Points:

• What we know about the June 2025 WestJet cyberattack
• Aviation’s unique cybersecurity vulnerabilities
• Lessons from past incidents (LOT, Malaysia Airlines, etc.)
• How global frameworks like ISO and NIST can strengthen defenses
• Why personnel training is just as critical as technical tools

In this episode, we dig into a disturbing yet underreported national security threat: the exploitation of internet-connected surveillance cameras—especially those manufactured in the People’s Republic of China—as a cyber weapon against U.S. critical infrastructure. Drawing from recent DHS intelligence briefings and independent cybersecurity analyses, we uncover how these seemingly benign devices are being used by PRC state-sponsored actors for espionage, system disruption, and even real-time support for physical attacks.

We break down how default settings, weak passwords, firmware neglect, and open internet access leave tens of thousands of cameras vulnerable. We explore the scale of exposure—over 14,000 vulnerable devices in the U.S. alone—and how this exposure extends across vital sectors including energy, utilities, transportation, and tech. We also discuss the alarming potential for compromised cameras to feed attackers sensitive system information, map out network layouts, and manipulate operational technologies.

Finally, we go beyond the headlines to talk mitigation: What can organizations do right now? What responsibilities do vendors and policymakers have in tightening security standards? And how do we balance real cybersecurity needs with the practical realities of widespread camera deployment? Whether you're in IT, government, or just concerned about digital privacy, this episode will open your eyes to what your cameras might be seeing—and who else might be watching.

In this episode, we dive deep into the alarming revelations surrounding Graphite, a powerful spyware tool developed by Israeli firm Paragon Solutions. Promoted as a “responsible alternative” to the NSO Group’s Pegasus, Graphite is now implicated in the surveillance of journalists, humanitarian activists, and civil society figures—contrary to the vendor’s public claims.

We’ll examine new forensic findings by Citizen Lab and how notifications from Apple and WhatsApp revealed targeting in Italy and potentially Canada. Confirmed cases include members of the refugee aid group Mediterranea Saving Humans and journalists critical of the Italian government. We also explore Paragon’s controversial ties with Italy’s intelligence agencies, the rejection of its offer to help investigate the abuse, and the murky termination of the spyware contract.

Beyond the political implications, we address the technical side of zero-click attacks, the difficulty of detection, and the real fears expressed by ordinary users on platforms like Reddit. This conversation unpacks not just what happened—but what it means for privacy, transparency, national security, and the future of global surveillance regulation.

zeroRISC just raised $10 million to bring OpenTitan—the first open-source silicon Root of Trust—to market. In this episode, we break down what this funding means for the future of supply chain security, and why investors are betting on open hardware to fix vulnerabilities baked into modern chips.

We explore how geopolitical tension, forced labor enforcement (like the UFLPA), and cyber threats are forcing companies to look deeper into their supply chains—including third-party IP and sub-suppliers. We also look at the real-world implications of secure silicon for IoT, data centers, and critical infrastructure.

From tamper-resistant firmware updates to attestation against AI deepfakes, we explain why zeroRISC’s Integrity Management Platform may shift control back to device owners—and how open-source innovation is becoming a national security imperative.

The financial services industry is under siege. In this episode, we unpack the latest findings from Radware’s 2025 Financial Threat Analysis and multiple intelligence reports detailing a relentless rise in cyberattacks targeting banks and financial institutions across the globe.

We examine the surge in sophisticated attacks that blend legitimate tools with malicious intent—an approach known as "living off the land"—featuring the emergence of new ransomware strains like Fog and RedFox. These campaigns exploit compromised VPN credentials, sideload DLLs through trusted applications, and evade defenses with stealthy tactics that cripple online banking systems, ATMs, and trading platforms.

From the 9,000% increase in DDoS attacks in APAC to targeted breaches like the ABDA Insurance attack in Indonesia, we analyze the global scope of these threats. We also dig into the tactics of state-aligned groups like Moonstone Sleet and APT28, who are now weaponizing ransomware and advanced loaders to further geopolitical aims.

Tune in for a detailed breakdown of the actors, tactics, and tools defining this new wave of financial sector cyber warfare—and learn the key mitigation strategies experts recommend to stay ahead of these escalating threats.

In this episode, we break down Trend Micro’s urgent June 10th security update that patched ten high- and critical-severity vulnerabilities—some with CVSSv3.1 scores as high as 9.8—across Apex Central and Endpoint Encryption PolicyServer (TMEE). While no active exploitation has been observed, the risks are too severe to ignore.

We spotlight the most dangerous issues: pre-authentication remote code execution vulnerabilities stemming from insecure deserialization, a critical authentication bypass that allows attackers full admin access, and SQL injection flaws that enable privilege escalation. Apex Central and TMEE users running vulnerable versions could face full system compromise if left unpatched.

We’ll explain what deserialization means, why insecure deserialization is so dangerous, how attackers could exploit these bugs, and why immediate patching is non-negotiable. We also explore mitigation strategies including updated intrusion prevention filters, secure coding practices, and why perimeter security and monitoring matter more than ever—even if no exploitation has been spotted (yet).

Tune in for a deep dive into one of the year’s most critical coordinated vulnerability disclosures—and make sure your systems aren’t left exposed.

In this episode, we dissect the critical vulnerabilities plaguing Mitel MiCollab, a widely used unified communications platform, and explore how attackers are exploiting these flaws in the wild. Recently, security researchers uncovered a trio of dangerous vulnerabilities, including CVE-2024-35286 (a SQL injection flaw), CVE-2024-41713 (an authentication bypass), and an unpatched arbitrary file read zero-day. With active exploitation confirmed and proof-of-concept (PoC) exploits already in circulation, these issues have escalated into an urgent cybersecurity crisis.

We’ll examine how these vulnerabilities allow attackers to gain unauthorized file access and even full administrative control over affected systems. As noted by watchTowr Labs, the ability to infiltrate VoIP platforms like MiCollab could grant attackers unprecedented access to live communications—a serious concern for enterprise security. The U.S. CISA has added these flaws to its Known Exploited Vulnerabilities catalog, prompting immediate patching directives.

Join us as we break down the timeline of discovery, Mitel's patch response, and the current mitigation strategies recommended by FortiGuard Labs and other security experts. If you’re running MiCollab in your environment, this is not an episode you can afford to miss.

Join us for a gripping discussion on "Operation Secure," a landmark international crackdown that reverberated through the dark corners of the cybercriminal world between January and April 2025. Led by INTERPOL and involving law enforcement from 26 countries, primarily across the Asia-Pacific region, this massive coordinated effort, bolstered by critical support from private sector cybersecurity giants like Group-IB, Kaspersky, and Trend Micro, aimed to dismantle the very infrastructure fueling information-stealing malware.

In this episode, we'll peel back the layers of Operation Secure, revealing the astounding scale of its impact: over 20,000 malicious IP addresses and domains neutralized, 32 arrests made, and 41 servers seized, containing a staggering 100GB of invaluable cybercriminal data. We'll explore how this intelligence goldmine is now being leveraged to inform future threat hunting and attribution efforts.

But why are infostealers such a critical target? We'll delve into the insidious nature of these digital thieves, designed to pilfer sensitive data like passwords and credit card numbers, acting as a perilous gateway to even more severe cybercrimes, including devastating ransomware attacks and widespread fraud. Learn about the "Malware-as-a-Service (MaaS)" model that has fueled the proliferation of notorious strains like Lumma, RisePro, and META, making sophisticated cyber weaponry accessible to a wider range of criminals. We'll also examine the booming infostealer market, which, despite previous law enforcement successes, continues to demonstrate remarkable resilience and innovation.

Operation Secure is more than just a series of arrests; it's a testament to the power of global public-private partnership in the fight against an ever-evolving digital threat. We'll discuss the pivotal roles played by INTERPOL in coordinating this complex operation and the crucial contributions of cybersecurity firms in providing intelligence and analysis.

While acknowledging the persistent adaptability of cybercrime, Operation Secure sets a powerful precedent. We'll ponder the strategic importance of targeting operators and developers, not just the low-level distributors, and consider what the future holds for continued cross-border cooperation in curbing the infostealer menace. Tune in to understand why "Operation Secure" is not just a tactical victory, but a crucial step forward in securing our digital future.

On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many traced back to DigitalOcean infrastructure, were involved in a widespread and opportunistic campaign. In this episode, we dissect the attack pattern, what makes Apache Tomcat a recurring target, and why this surge should be treated as an early warning signal—not just random noise.

We go deep into the authentication and configuration weaknesses that attackers exploit and walk through concrete hardening steps every Tomcat admin should implement—starting with strong password hashing (like Argon2id), multi-factor authentication, and locking down management interfaces. We also highlight specific Tomcat security configurations—from Realms and RemoteAddrValve tuning to disabling TRACE, SSLv3, and limiting directory listings.

The discussion also covers essential logging and incident response measures, such as setting up AccessLogValve, conducting regular log analysis, enabling secure session management, and building a living incident response plan. Whether you’re running a public-facing Tomcat server or managing multiple internal environments, this episode offers a focused breakdown of proactive defense strategies to secure against both opportunistic and targeted threats.

Tune in to learn how to defend your systems before they become someone else’s reconnaissance experiment.

On May 12, 2025, the Texas Department of Transportation (TxDOT) disclosed a significant data breach that compromised crash reports containing personal data of over 423,000 individuals. In this episode, we take a forensic look at what went wrong, how one compromised account enabled unauthorized downloads of sensitive crash data, and what this means for the cybersecurity posture of government agencies.

We’ll explore the risks such breaches pose to citizens—ranging from phishing and social engineering to full-blown identity theft—and discuss the immediate steps individuals should take if they’re impacted. Our conversation expands into the systemic cybersecurity challenges facing public institutions, from outdated systems and internal threats to the rising need for AI-driven defense and cloud-based record protection.

Also in this episode: best practices for securing government data, insights from recent large-scale public breaches, and how to evaluate identity monitoring services in the wake of a personal data leak.

What happens when hundreds of thousands of college applications are submitted—not by hopeful students, but by bots using stolen identities? In this episode, we dive deep into the alarming rise of financial aid fraud in U.S. higher education, driven by "ghost students" and increasingly sophisticated scams powered by AI. From fraud rings applying for Pell Grants using inmate names to bots flooding online colleges for quick cash refunds, we examine how these schemes operate, who’s behind them, and how they’re hurting real borrowers and legitimate students.

We also spotlight internal institutional fraud—from bribed grade changes to fake vendors draining college budgets—and discuss the critical red flags institutions often miss. You'll learn how weaknesses in verification systems, outdated IT controls, and lax internal oversight are enabling widespread fraud.

Finally, we explore how colleges, the Department of Education, and victims are responding—from new ID verification rules to AI-powered fraud detection systems—and where these defenses still fall short. If you're a college administrator, student aid officer, policy maker, or just someone who wants to understand how organized scams are hijacking federal aid, this episode is essential listening.

In this episode, we break down the massive supply chain attack that rocked the React Native ecosystem beginning on June 6, 2025. Over 16 NPM packages, collectively downloaded over one million times per week, were silently weaponized with a Remote Access Trojan (RAT) embedded in obfuscated code. The attack, linked to the same threat actor behind the May 2025 rand-user-agent breach, exploited a compromised contributor token to inject malicious payloads into widely used libraries under the @react-native-aria and @gluestack-ui namespaces.

We examine how the malware embedded itself stealthily—using whitespace padding, hidden payloads, and path hijacking to achieve long-term persistence, especially on Windows systems. The trojan's capabilities include arbitrary command execution, system data exfiltration, and stealthy control via hardcoded C2 servers on non-standard ports. Despite the maintainers’ response—deprecating affected versions and implementing 2FA—experts warn that system-level compromises may already be widespread.

This incident is not isolated. We also highlight related supply chain attacks across NPM, PyPI, and even browser extensions and macOS malware. From credential theft to sabotage and full host takeovers, these threats underscore a growing trend: open-source ecosystems are high-value targets, and current trust models are not enough.

Join us for a deep technical dive into what happened, how it was detected, what makes this attack different—and what you must do now if you rely on these packages.

In this episode, we dive into the latest wave of active Mirai botnet campaigns exploiting high-severity remote code execution (RCE) vulnerabilities in critical enterprise and IoT systems. The Mirai malware—still evolving nearly a decade after its first appearance—has adapted its tactics to weaponize recent CVEs with CVSS scores of 9.8 and 9.9, impacting the Spring Framework (Spring4Shell), Wazuh SIEM, and TBK DVR devices.

We break down how attackers used Spring4Shell (CVE-2022-22965) to deploy web shells via Tomcat access logs, enabling remote code execution and malware downloads. Then we examine CVE-2025-24016 in Wazuh, where the unsafe use of Python’s eval() in its distributed API gave attackers direct system-level access via crafted payloads. Lastly, we cover CVE-2024-3721 in TBK DVRs, exploited through unauthenticated POST requests that install Mirai binaries equipped with anti-VM and string obfuscation to evade detection.

You’ll hear about:

• The technical mechanisms behind each exploit and how Mirai is being delivered.
• Real-world observations from Trend Micro, Akamai, and Kaspersky, including infection vectors and payload behaviors.
• Why DVRs, SIEMs, and Java-based frameworks remain high-value targets for botnets.
• Critical mitigation strategies, including API hardening, input sanitization, patch timelines, and anomaly detection.

Whether you’re a security analyst, incident responder, or system admin, this briefing gives you the situational awareness and practical defenses needed to address these active, high-impact threats.

🛡️ Don’t wait to patch. Mirai isn’t slowing down—and neither should your defense posture.

On June 5, 2025, United Natural Foods Inc. (UNFI)—North America's largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a major cyberattack that forced the company to shut down key IT systems. The result: widespread delivery disruptions to over 30,000 locations across the U.S. and Canada, eerily empty shelves at Whole Foods, canceled shifts for workers, and a 6% plunge in UNFI’s stock price.

In this episode, we unpack the layers of this unfolding incident: how a likely ransomware attack forced one of the largest food logistics networks in North America to its knees, what it reveals about vulnerabilities in the retail and food distribution sectors, and why industry insiders are calling this a wake-up call. We’ll explore the ripple effects on grocery supply chains, the financial blowback, the strategic implications for Amazon and Whole Foods, and the growing concern that single-vendor reliance in critical infrastructure is an unacceptable risk in the age of decentralized cyber threats.

You’ll also hear about:

• The eerie warning signs posted in Whole Foods’ refrigerated sections
• How attackers exploit “digital over-dependence” in retail
• Why experts believe this is only the beginning of a larger industry trend
• What this means for the future of cybersecurity in essential services

This isn’t just another cyber incident—it’s a national disruption with visible consequences. Tune in as we connect the dots between a digital breach and the real-world breakdown of our food delivery ecosystem.

In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. By abusing GitHub’s search functionality and reputation signals, threat actors are pushing backdoored code under the guise of popular tools, game cheats, and exploit kits. These malicious repositories often look legitimate, complete with automated commits, fake contributors, and modest star counts to avoid suspicion.

We explore how Distribution-as-a-Service (DaaS) operations are driving these attacks, significantly lowering the barrier to entry for cybercriminals. Notable actors like “ischhfd83” and the “Stargazer Goblin” group have maintained thousands of malicious repositories, many embedding backdoors via PreBuild events, Python obfuscation, and Unicode deception techniques. Their payloads include info-stealers like Lumma and RATs like Remcos, with command-and-control often running through Telegram.

We also examine the implications of the Coinbase-linked cascading supply chain attack, how even cybercriminals are falling victim, and what developers and security teams need to do now to detect red flags, verify source code, and stop blindly trusting stars and search rankings. If you’re relying on open-source tools, this episode could save you from compiling your next compromise.

In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early 2024. ClickFix exploits the human tendency to trust browser prompts by using fake error messages, CAPTCHA pages, and verification requests to convince users to execute malicious PowerShell commands via simple keyboard shortcuts.

What makes ClickFix so dangerous? It’s “frictionless.” No exploits, no downloads—just user interaction. Attackers preload malware-laced commands into the clipboard and trick victims into running them through legitimate Windows tools like powershell.exe and mshta.exe, effectively bypassing traditional antivirus and EDR tools. This tactic is being leveraged by major threat groups including APT28, MuddyWater, and TA571, and is distributing malware like Stealc, Rhadamanthys, LummaC2, NetSupport RAT, and even macOS stealers like AMOS and AppleProcessHub.

We’ll unpack how ClickFix pages mimic trusted platforms like Google Meet, Zoom, TikTok, and cryptocurrency sites to exploit verification fatigue and deliver payloads silently via obfuscated scripts. You'll hear how attackers use LOLBins, JavaScript loaders, and ROT13-encoded payloads to hide their tracks, and why even experienced users are falling for this trick.

We’ll also examine the distribution ecosystem, from malvertising and TikTok scams to fake GitHub issues and cracked game forums, and explore the traffers teams and threat actors monetizing this attack method at scale.

If you think malware needs a download or a macro to infect a system, think again—ClickFix proves that all it takes is one careless paste.

Stay tuned to learn:

• How the attack chain works step-by-step
• Why ClickFix is hard to detect and block
• Which threat actors are using it and how
• Real-world examples of malware campaigns using ClickFix
• What defenders and users can do to spot and stop these attacks

This is one of the most insidious and scalable social engineering attacks of the decade—and it’s only just getting started.

Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six key trends reshaping the global threat landscape, including AI as an attack surface, multichannel intrusions, and the rising exploitation of personal identities. But we don’t stop at theory.

We go deep into the real-world case of the ViLE hacking group—responsible for one of the most egregious doxing and extortion campaigns in recent memory. Hear how hackers breached a DEA portal using stolen police credentials, exfiltrated sensitive personal data, impersonated law enforcement to manipulate social media platforms, and threatened victims’ families unless paid.

We also confront the darker side of doxing: how legal loopholes and insufficient protections leave victims—especially women and marginalized groups—exposed to psychological, reputational, and physical harm. From online harassment to SWATing incidents, this episode reveals the chilling consequences of unchecked digital exposure.

Finally, we offer actionable insights for both organizations and individuals to build cyber resilience—from proactive employee training and AI-powered defense tools to reviewing digital footprints and involving families in cyber hygiene.

This isn’t just about breaches and ransomware—it’s about human lives, eroded trust, and the urgent need to close the growing gap in cyber protection. Tune in to understand the stakes—and what must change.

In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid succession following targeted attacks. At the center is CVE-2025-5419, a high-severity out-of-bounds read/write flaw in the V8 JavaScript engine that allows attackers to exploit heap corruption through crafted HTML pages — and it’s already being weaponized in the wild.

We also revisit CVE-2025-2783, a Chrome Mojo vulnerability used in Operation ForumTroll, a nation-state espionage campaign targeting Russian organizations. This flaw allowed attackers to bypass Chrome’s sandbox entirely with just one click on a phishing link. The third major zero-day, CVE-2025-4664, exposed gaps in Chrome's Loader component, permitting policy bypass and potential full account takeover.

Join us as we analyze the technical root causes, discuss Google's mitigation strategies including emergency out-of-band patches and configuration changes, and explore the implications of these rapid-fire exploits in a threat landscape increasingly shaped by advanced persistent threats and browser-based vulnerabilities. We’ll also offer key takeaways for IT teams and CISOs on patching strategy, user awareness, and the critical role of update velocity in today's cybersecurity defense playbook.

Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the newly enacted Cyber Security Act 2024. In this episode, we dissect what this means for businesses, law enforcement, and the global cybersecurity landscape.

We break down the key aspects of the legislation, including which organizations are affected, what counts as a "ransomware payment," and the strict 72-hour deadline for reporting incidents to the Australian Signals Directorate. We'll also explore how the government intends to use this data to track attackers, strengthen national defenses, and drive policy change — without currently requiring public disclosure.

But it’s not all praise. Critics argue the law imposes strict obligations without offering real help to victims. We examine concerns from cybersecurity experts about a lack of proactive support, the continued pressure to pay ransoms, and whether this initiative is more about optics than outcomes. Plus, we look at how this could influence other countries — including the UK — which are watching closely and debating similar moves.

If your organization does business in Australia or wants to understand the global implications of ransomware regulation, this is the conversation you need to hear. Tune in as we unpack what might be the most consequential cybersecurity law of the year — and what’s coming next.

In this episode, we dive into Trustifi’s recent $25 million Series A funding round, led by growth equity firm Camber Partners. Specializing in AI-powered email security, Trustifi has now raised a total of $29 million to accelerate its product development, go-to-market strategy, and global marketing initiatives—especially in the MSP space.

We unpack what makes Trustifi’s platform stand out in a crowded cybersecurity market, from AI-driven threat detection and seamless Microsoft 365/Google Workspace integration to outbound encryption policies and account takeover protection. We also explore Camber Partners’ investment thesis and how their operational expertise is poised to help Trustifi scale.

With CEO Rom Hendler’s roadmap and a growing need for intelligent, adaptable email security solutions, Trustifi is positioning itself at the intersection of AI innovation and rising cybersecurity threats. Tune in to learn how this funding round signals more than growth—it marks a strategic shift in how businesses protect their communications.

In this episode, we dissect Google's recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, and Netlock. These high-impact moves are rooted in Chrome's strict enforcement of compliance, transparency, and security standards for public trust.

We explore the role of the Chrome Root Store and Certificate Verifier, the timeline and technical specifics of the CA distrust actions taking effect in November 2024 and August 2025, and the broader implications for enterprises and the Web Public Key Infrastructure (WebPKI). You'll hear how these changes affect certificate validation, enterprise overrides, and post-quantum cryptographic readiness.

We also examine what these actions signal for the future of digital trust, CA accountability, and browser power dynamics. Tune in to understand how Chrome’s decisions are reshaping the rules of HTTPS trust and what enterprises must do now to stay ahead of disruptions.

Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, we dissect how these flaws, triggered by insecure usage of PHP’s Reflection API and abuse of vBulletin’s template engine, allow unauthenticated attackers to execute arbitrary PHP code and gain remote shell access.

We’ll break down the exploit chain, from protected method invocation via malformed API calls to injection of malicious <vb:if> conditionals, enabling full Remote Code Execution (RCE) in vulnerable versions of vBulletin running PHP 8.1 or later. You’ll learn how attackers are currently weaponizing these bugs in the wild—leveraging public exploit code and scanning endpoints like /ajax/api/ad/replaceAdTemplate to plant backdoors.

We also cover:

• Patch levels and which versions are safe (hint: upgrade to v6.1.1 now)
• Temporary mitigations for legacy vBulletin deployments
• IOC monitoring, containment strategies, and threat hunting advice
• Why dynamic method invocation should never be your access control boundary
• Lessons for developers and sysadmins on avoiding similar reflection-based pitfalls

Whether you run a vBulletin forum or just want to understand the anatomy of a modern web RCE exploit, this episode is your front-row seat to one of 2025’s most serious application-layer vulnerabilities.

In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine cryptocurrency at scale.

We unpack how cybercriminals targeted misconfigured Docker APIs, publicly exposed HashiCorp Nomad and Consul servers, and vulnerable Gitea instances — turning enterprise-grade compute resources into crypto-mining farms, all while staying under the radar. This campaign marks the first publicly documented exploitation of HashiCorp Nomad in the wild.

We discuss:

• How attackers used XMRig, cron jobs, and process-hiding tools to persist and evade detection
• The impact of misconfiguration and unpatched vulnerabilities in fast-moving DevOps workflows
• The financial and operational cost of unauthorized crypto mining in the cloud
• The role of DevSecOps in preventing these attacks, with actionable recommendations for securing your containers and runtimes
• Key practices to “shift left” and catch security flaws early in the software development lifecycle
• Why Cloud Workload Protection Platforms (CWPP) are becoming essential in defending modern cloud-native environments

We also highlight best practices for hardening Docker images, avoiding privileged containers, monitoring system behavior, and responding to incidents with speed and precision.

In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s apport and Red Hat/Fedora’s systemd-coredump, exposing a little-known but critical attack vector: core dumps from crashed SUID programs.

We dive into how these TOCTOU (Time-of-Check to Time-of-Use) race conditions let local attackers manipulate system timing to trick crash handlers into leaking sensitive data. While the CVSS score is a moderate 4.7, the implications are serious—core dumps can contain password hashes, encryption keys, or proprietary data from privileged processes.

Join us as we discuss how the vulnerabilities work, which Linux distributions are affected, and how administrators can apply patches or disable SUID core dumps as a temporary fix. We also explore what this means for system hardening, local threat models, and the often-overlooked risk posed by debugging and crash-reporting tools.

Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, invoice alerts, and even deceptive CAPTCHA prompts, these attackers are bypassing traditional email and web filters by operating under the guise of reputable platforms.

We’ll dive into specific attack techniques, including multi-stage payload delivery using VBScript, clipboard hijacking with fake MP3 files, and the deployment of tools like NetBird and OpenSSH for persistent access. We’ll also explore the rise of Phishing-as-a-Service kits like Haozi that lower the barrier for launching these sophisticated campaigns. Finally, we cover key mitigation strategies—from detection platforms to user education—that organizations can adopt to stay ahead of these evolving threats.

This episode is a must-listen for IT professionals, CISOs, and anyone tasked with defending against phishing and social engineering attacks in today’s high-trust, high-risk digital landscape.

In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune malware before deployment. Led by Dutch authorities and supported by agencies from the U.S., Germany, France, and others, this operation marks a major win in Operation Endgame—a sweeping initiative targeting malware infrastructure, ransomware syndicates, and initial access brokers.

AVCheck enabled attackers to simulate antivirus scans and ensure their payloads were virtually undetectable, making it a cornerstone of the modern malware development cycle. Authorities seized domains, servers, and a rich database of user information, some of which links AVCheck directly to notorious ransomware groups. The same investigation also exposed ties between AVCheck and crypting services like Cryptor.biz and Crypt.guru, underscoring how deeply integrated these dark web services are.

We also explore the implications of this crackdown: how disrupting enabler services like AVCheck may prevent future cyberattacks, why ransomware groups are now shifting tactics—including potentially more violent threats—and what comes next as cybercriminals adapt. From undercover ops to fake login traps and forensic analysis, this episode covers the full scope of the AVCheck takedown and its impact on global cybercrime.

ConnectWise has confirmed a cyberattack targeting ScreenConnect, its remote access solution used by thousands of Managed Service Providers (MSPs). The breach is reportedly tied to a sophisticated nation-state actor and linked to CVE-2025-3935, a critical ViewState code injection vulnerability that could allow Remote Code Execution (RCE).

In this episode, we dissect what happened, why it matters, and what MSPs need to do right now. We cover the technical details behind CVE-2025-3935, including how attackers exploit machine keys to execute malicious payloads on vulnerable servers. You'll hear what ConnectWise has—and hasn't—shared publicly, why their communication is frustrating some users, and why many believe the impact might be broader than officially stated.

We also examine the bigger picture: What does this mean for cybersecurity in the MSP ecosystem? How prepared are we for nation-state-level threats? And how can organizations improve patch management and incident response before the next zero-day is weaponized?

Whether you're an MSP, a CISO, or an IT admin responsible for remote access tools, this is a breach you can’t afford to ignore. Tune in for expert analysis, community reactions, and actionable insights on securing your infrastructure.

In this episode, we dive into the graphical corruption saga triggered by Firefox version 139, released on May 27, 2025. Aimed at uncovering what went wrong, we review reports from across the web detailing how the update wreaked havoc for Windows users running NVIDIA graphics cards—particularly those with multi-monitor setups using mixed refresh rates.

We discuss the symptoms users experienced: severe flickering, video playback issues, and flashing web pages that rendered the browser unusable for many. We explore the underlying technical culprit—Firefox’s use of Windows DirectComposition surfaces instead of swapchains—and how this specific implementation conflicted with certain NVIDIA driver configurations.

You'll also hear how Mozilla responded, from recommending a manual workaround through about:config, to issuing a rapid emergency update (version 139.0.1) that restored a blocklist to prevent the artifacts. We reflect on how this incident highlights the fragile intersection of GPU drivers, OS-level composition tools, and browser rendering pipelines.

If you're running a multi-monitor rig with NVIDIA GPUs—or just interested in how complex modern browser rendering really is—this episode breaks it all down and explains how Mozilla handled a potentially reputation-damaging bug with transparency and speed.

In this episode, we break down the recent $4 million seed funding round for Unbound, a startup tackling one of the biggest unsolved problems in enterprise AI: how to stop employees from leaking sensitive data through ungoverned use of Generative AI tools.

Unbound’s AI Gateway aims to be the missing link between rapid AI adoption and responsible usage—offering real-time redaction of sensitive prompts, intelligent model routing, and deep usage analytics. With early adopters already preventing thousands of data leaks and cutting AI costs by up to 70%, investors are betting big on governance infrastructure as the next AI gold rush.

We discuss why Unbound’s funding isn’t just another startup headline—it’s a signal that AI governance is no longer optional. As companies like Sony suffer from preventable data exposures and shadow AI runs rampant inside enterprises, this episode explores how and why AI Gateways are poised to become a foundational layer of enterprise architecture.

Microsoft is taking direct aim at one of the biggest pain points in the Windows ecosystem: update fragmentation. In this episode, we dive deep into the details of Microsoft’s newly announced Windows-native update orchestration platform, currently in private preview. We explore how this unified infrastructure aims to centralize updates for all apps, drivers, and core OS components under the familiar Windows Update umbrella—bringing it more in line with the seamless update experiences of Android and macOS.

We’ll discuss the root of the fragmentation problem, how third-party apps currently operate in silos, and the operational headaches this causes for end-users and IT administrators alike. You'll learn how the new platform works, how developers can integrate with it using WinRT APIs and PowerShell, and what benefits it promises—from better reliability and performance optimization to unified logging and smarter scheduling. We also cover critical challenges ahead, including developer adoption, concerns over user control, potential security risks, and the implications of centralizing such a crucial system function.

Plus, we touch on current tools like the PSWindowsUpdate PowerShell module and platforms like Action1 that are helping bridge the update management gap today—until Microsoft’s new platform becomes mainstream. Whether you're a sysadmin, a developer, or just someone tired of juggling app update popups, this episode breaks down what’s coming and why it matters.

Linux systems are under siege—particularly in the world of IoT and internet-exposed servers. In this episode, we dissect PumaBot, a new GoLang-based botnet that's turning Linux IoT devices into cryptomining workhorses. We’ll break down how attackers brute-force SSH credentials, install malware disguised as legitimate services, and use systemd for stealthy persistence.

We dive deep into ATT&CK technique T1501, where systemd services like redis.service or mysqI.service are hijacked or maliciously created to ensure malware survives system reboots. You'll learn how adversaries leverage GoLang’s cross-platform strengths and embed rootkits like pam_unix.so to capture credentials, all while evading detection with environment fingerprinting.

We also explore the broader implications: how cryptojacking continues to rise, what SSH brute-forcing says about current security hygiene, and why IoT devices remain a weak link in enterprise infrastructure. If you manage Linux systems or deploy connected devices, this episode is your tactical briefing on the latest threats—and what to look out for before your CPU cycles are stolen for someone else's crypto wallet.

On December 25, 2024, while most businesses were offline, a serious data breach struck LexisNexis Risk Solutions—exposing the personal data of over 360,000 individuals. The twist? The attack vector wasn’t a direct hack, but an indirect compromise through a third-party GitHub repository. Even more concerning, the breach went undetected until April 1, 2025.

In this episode, we break down the timeline, scope, and implications of the LexisNexis incident. We examine how the company’s own privacy principles—centered on accountability, security, and privacy-by-design—stack up against what actually happened.

We’ll also explore:

• The role of third-party platforms in modern breaches
• Why detection delays remain a persistent issue
• How this breach compares with past major incidents, like Equifax and Yahoo
• What this means for the future of privacy frameworks and enterprise security postures

As data breaches become increasingly common and complex, this case raises critical questions: Are published privacy principles enough? And what can companies do to truly align policy with practice?

🔐 Tune in to find out—and what enterprises must do to avoid being next.

On this episode, we dissect the ransomware attack that brought MathWorks—a cornerstone software provider for engineers, scientists, and educators—to a grinding halt. The attack, which began on May 18, 2025, and was officially confirmed on May 26, crippled a wide range of customer-facing and internal systems, from MATLAB Online and ThingSpeak to license distribution and downloads.

We examine the timeline of the incident, MathWorks’ response, and what services remain down or degraded even as restoration efforts continue. With over 5 million users and customers across 100,000 organizations, the outage has triggered a wave of disruptions—especially for students relying on MATLAB Online during finals week.

We also explore the silence from ransomware groups, speculate on whether a ransom was paid, and discuss why this significant attack has received surprisingly little media coverage. Is MathWorks buying time behind closed doors, or is this another sign of growing sophistication among ransomware gangs?

Tune in for a comprehensive breakdown of the incident, the user impact, and the broader implications in today’s escalating ransomware threat landscape.

The cybersecurity market is booming, projected to triple in size from $215 billion in 2025 to $697 billion by 2035. This explosive growth is being fueled by rising cyber threats, the digital transformation of global businesses, and an urgent need for advanced security operations. One of the clearest signals of this momentum? Zscaler’s acquisition of Red Canary—a leading Managed Detection and Response (MDR) provider.

In this episode, we unpack Zscaler’s strategic decision to acquire Red Canary and what it reveals about the evolving cybersecurity landscape. We explore how this move reflects a broader M&A trend in the sector, where large players are aggressively acquiring innovative startups to enhance their detection capabilities and talent pool. With access to 500 billion daily data transactions via Zscaler’s Zero Trust Exchange, Red Canary is poised to supercharge its threat detection accuracy and speed.

We’ll break down how MDR differs from traditional MSSPs and EDR, why it's now considered a critical service for enterprises, and how AI-driven security operations are becoming the new normal. Plus, we dive into how Zscaler’s zero trust architecture is simplifying post-acquisition integration, allowing for faster value realization with less risk.

Tune in for a deep-dive look at one of the most significant cybersecurity deals of 2025—and what it means for the future of AI, MDR, and the multi-billion-dollar battle to secure the digital world.

In this episode, we unpack a critical supply chain breach that’s rattled the cybersecurity world: the exploitation of multiple zero-day vulnerabilities in SimpleHelp Remote Support Software — most notably CVE-2024-57726, a privilege escalation flaw scored 9.9 by the NVD.

Threat actors linked to the DragonForce ransomware operation and the Scattered Spider group are actively leveraging these vulnerabilities to infiltrate Managed Service Providers (MSPs), hijack their remote management infrastructure, and deploy ransomware to downstream clients. We break down how these bugs were chained to gain admin-level control, upload malicious files, steal data, and deliver double-extortion payloads.

You'll hear how attackers turned SimpleHelp’s legitimate access capabilities into a mass distribution weapon — transforming a trusted MSP tool into a delivery vehicle for destruction. We also explore the role of Scattered Spider as an access broker and social engineering powerhouse, using SIM swapping, MFA fatigue, and cloud exploitation to support this campaign.

We analyze real-world impact, including UK retail disruptions, and examine how delayed patching, inadequate segmentation, and poor monitoring allowed this breach to cascade across environments. Finally, we’ll share urgent mitigation steps for MSPs and enterprises using RMM software — before they become the next victim.

🔒 Whether you’re in IT security, part of an MSP, or manage remote support software, this is one episode you can't afford to miss.

This episode dives deep into Operation RapTor, one of the largest international crackdowns on dark web crime to date. We analyze how coordinated law enforcement actions across ten countries led to the arrest of 270 individuals, the seizure of $200 million in currency and digital assets, and the dismantling of major darknet marketplaces including Incognito, Tor2Door, and Bohemia.

We explore the persistence and evolution of dark web crime—how vendors are adapting by migrating to smaller, single-vendor shops, and why drug trafficking, particularly involving fentanyl, remains the dominant force in the underground digital economy. The discussion covers high-profile convictions tied to counterfeit Adderall and fentanyl-laced pills, the use of encrypted apps and cryptocurrency in laundering operations, and how criminals turn industrial pill presses into deadly enterprise tools.

We also unpack the central role of cryptocurrency in enabling and concealing illicit transactions and the growing need for law enforcement expertise in digital asset tracing and seizure. Plus, we examine lesser-known areas like the counterfeit goods market on the dark web—from luxury watches to electronics—and how its makeup diverges significantly from traditional customs seizures.

As global policing efforts intensify, what does the future hold for dark web marketplaces, and how can intelligence agencies, regulators, and tech experts stay ahead? Tune in as we dissect the trends, threats, and technological arms race shaping the next era of cybercrime enforcement.

In this episode, we take a deep dive into the recent Marlboro-Chesterfield Pathology (MCP) ransomware attack—one of the most significant healthcare breaches of 2025. On January 16th, MCP detected unauthorized activity on its internal systems. Just days later, the SAFEPAY ransomware group claimed responsibility, posting stolen data—over 30GB of sensitive information affecting 235,911 individuals—on the dark web.

We examine what data was exposed, the organization’s response, and the broader implications for cybersecurity in the healthcare sector. From PII and PHI leakage to the potential legal fallout and reputational damage, this breach underscores persistent vulnerabilities in outdated infrastructure, third-party integrations, and underfunded security protocols.

We also explore the critical role of the Cybersecurity and Infrastructure Security Agency (CISA), how organizations can adopt “secure by design” principles, and what proactive steps healthcare providers can take to protect their patients and operations. Was a ransom paid? What lessons can other providers learn from this breach? Tune in to find out.

In this episode, we dive deep into the underground cybercrime ecosystem powering the surge of modern infostealers—Stealc, Vidar, and LummaC2. These malware strains aren't just code—they're full-service products sold as Malware-as-a-Service (MaaS), giving even low-skilled attackers access to powerful data theft tools.

We break down how these stealers are delivered through clever deception tactics like ClickFix, which uses fake pop-ups on shady streaming sites to trick users into pasting malicious PowerShell commands. We also explore drive-by downloads masquerading as cracked software and how attackers abuse legitimate tools like mshta and PowerShell to silently deploy and persist infostealers on victim machines.

From obfuscation techniques that thwart static analysis to the use of browser-based panels that manage infections and exfiltrated data, we reveal how these stealers target everything from browser credentials to cryptocurrency wallets and messaging apps. We’ll also unpack the advanced persistence methods and evasion techniques being deployed—including anti-VM checks, script encoding, and dynamic WinAPI loading.

With new variants like Stealc V2 introducing MSI-based payloads, streamlined C2 communication, and multi-monitor screenshot capture, defenders face an increasingly complex landscape. We discuss how behavioral detection, threat intelligence, and advanced obfuscation detection techniques like Logistic Regression with Gradient Descent are becoming essential in combating these evolving threats.

Tune in for a frontline briefing on how infostealers operate today—and what it will take to stop them.

In this episode, we dive deep into the growing tension between AI innovation and data privacy through the lens of a major controversy: Microsoft’s Windows 11 Recall feature. Designed to screenshot nearly everything a user does every few seconds, Recall creates a searchable visual archive of on-screen activity. But while Microsoft claims it enhances productivity, critics call it “spyware,” “creepy,” and a “privacy nightmare.”

Leading the charge against Recall is Signal Messenger, which has deployed a DRM-based screen security fix to block Recall from capturing its app’s content—an unprecedented move in the realm of desktop applications. Signal’s action isn’t just a technical patch; it's a bold statement in the escalating debate about surveillance, user control, and the unchecked power of AI-enabled features.

We explore how this confrontation underscores broader issues: AI’s ability to infer sensitive information from mundane data, the gaps in global data protection frameworks, and the urgent need for stronger developer tools and user-centric privacy controls. We also discuss the ethical and legal implications of AI systems that transform ephemeral user behavior into permanent, searchable records—often without full consent.

This isn't just about one controversial feature—it's a microcosm of the privacy challenges we're all about to face. Whether you're a developer, privacy advocate, or just someone who values control over your digital life, this episode will change how you think about the systems you use every day.

In this episode, we break down the resurgence of the Bumblebee malware loader and its latest distribution method: blackhat SEO campaigns and trojanized software installers. By mimicking legitimate download pages through typosquatted domains and poisoning Bing search results, attackers are tricking IT professionals into unknowingly infecting their own networks.

We explore how malware is being embedded into fake versions of tools like Milestone XProtect, RVTools, WinMTR, and Zenmap—critical software often run with administrative privileges. Once executed, these installers silently load Bumblebee, enabling attackers to deploy ransomware, infostealers, or Cobalt Strike payloads.

You’ll also hear about:

• Why Bumblebee’s return fills the gap left by QBot’s takedown
• The anatomy of the campaign’s DLL side-loading and use of legitimate Windows binaries
• Real-world indicators of compromise (IoCs) and typosquatted domains to watch out for
• How a DDoS attack on the real RVTools website added to the confusion
• What security teams must do now to mitigate and respond

If your IT department uses any of the targeted tools, don’t miss this urgent discussion on one of the most deceptive malware delivery strategies we’ve seen this year.

In this episode, we dive into the evolving tactics of the Silent Ransom Group (SRG)—also known as Luna Moth—a cybercriminal outfit that has shifted from traditional phishing to a new, more deceptive strategy: impersonating IT support over the phone. Their latest victims? U.S. law firms, targeted for the sensitive data they hold and the large financial transactions they handle.

We explore how SRG uses legitimate remote access tools like Zoho Assist and AnyDesk to silently exfiltrate data while avoiding antivirus detection. Once the data is stolen, the group threatens to publish it unless a ransom is paid—causing severe financial and reputational harm to their victims.

This episode also covers critical defense strategies including the importance of cybersecurity awareness training, robust data backup plans, and the deployment of multifactor authentication (MFA)—with a special focus on Microsoft Entra MFA. We’ll break down how Conditional Access policies and modern authentication methods can prevent breaches, even when credentials are compromised.

Whether you're in legal, IT, or risk management, this is a wake-up call you don’t want to miss. Learn how to detect the signs of SRG activity and protect your organization before the phone rings.

A growing cyber threat is targeting macOS users who rely on Ledger cold wallets to secure their cryptocurrency. In this episode, we dissect the anti-Ledger malware campaign—an increasingly sophisticated phishing operation that impersonates the trusted Ledger Live application to trick users into revealing their 24-word recovery phrases. Once entered, these phrases give attackers full access to empty the victims’ wallets.

We examine how this threat evolved from simple data-stealing to focused seed phrase phishing. From the "Odyssey" stealer introduced by the threat actor Rodrigo to the infamous Atomic macOS Stealer (AMOS), this malware ecosystem now includes advanced evasion tactics, realistic UI clones, and deceptive error messages designed to lure users into handing over their credentials.

We also discuss the techniques these malware variants use—such as fake DMG installers, malvertising, Terminal-based execution bypasses, and phishing overlays—and highlight how cybercriminals are exploiting trust in cold wallet systems to bypass traditional defenses. Plus, we spotlight emerging threats like "mentalpositive" and the dark web chatter about an evolving anti-Ledger market.

Whether you're a crypto enthusiast or just concerned about digital hygiene, this episode offers critical insight and actionable advice to help you avoid becoming the next victim of this dangerous campaign.

In this episode, we break down the latest and most impactful phase of Operation Endgame, the international law enforcement campaign targeting the backbone of the ransomware ecosystem. Between May 19–22, authorities executed a sweeping takedown of 300 servers, neutralized 650 domains, and seized €3.5 million in cryptocurrency, adding to a total of €21.2 million seized over the course of the operation.

We explore how this phase zeroed in on Malware-as-a-Service (MaaS) and loader operations — the essential tools used by ransomware groups to infiltrate victims. Key malware families including DanaBot, Qakbot, Trickbot, Bumblebee, Lactrodectus, and Warmcookie were directly targeted.

This isn't just about servers and code — indictments were unsealed against 16 members of the DanaBot cybercrime gang, and the alleged leader of the Qakbot operation, responsible for compromising over 700,000 systems, has been charged. We also discuss the arrest of a crypter specialist for Conti and LockBit, illustrating the depth of the disruption.

You’ll also hear how intelligence from previous takedowns, like Smokeloader, led to follow-up arrests — a sign that this multi-phase operation is not only reactive but deeply strategic. Operation Endgame is proving that even as cybercriminals adapt, global law enforcement can strike harder, smarter, and with precision.

In this episode, we dive into the alarming surge of infostealer malware campaigns leveraging social media platforms, particularly TikTok, as their distribution vector. Threat actors are exploiting trending content—especially around AI tools like Sora, ChatGPT, and Google Gemini AI, and popular software like CapCut and MidJourney—to bait unsuspecting users into executing malicious PowerShell commands or downloading disguised malware.

We examine how the Malware-as-a-Service (MaaS) economy enables even low-skilled attackers to deploy highly evasive malware strains like Stealc, Vidar, Nova Stealer, and IceRAT, all armed with anti-analysis techniques, persistent backdoors, and data exfiltration modules that compromise everything from passwords to crypto wallets.

From analyzing the technical behavior of commands like iwr | iex to unpacking how fake tutorials and software activators are being used as lures, this episode walks through real-world examples, user victim reports, and insights from Bitdefender, Tinexta Defence, and Quorum Cyber.

We’ll also discuss:

• How malware uses scheduled tasks and PowerShell for persistence
• The exploitation of ClickFix and mshta for stealth execution
• What Indicators of Compromise (IOCs) to look for
• Defensive actions including endpoint monitoring, antivirus alerts, and system hardening

If you're in cybersecurity, IT, or even just a curious end-user, this is a must-listen episode that connects social engineering, tech trends, and threat actor innovation into one dangerous new malware frontier.

In this episode, we dive into the ransomware attack that struck Kettering Health, a major healthcare provider, and the evolving tactics of the Interlock ransomware group behind it. Interlock, active since late 2024, has adopted advanced techniques including double extortion, credential theft, and PowerShell-based backdoors to compromise healthcare systems. The attack on Kettering Health disrupted services and underscored the vulnerability of healthcare data to cybercriminals with professional-level operations.

We explore how ransomware groups like Interlock are no longer lone actors but sophisticated teams with their own reputations and operational playbooks. You'll hear about common infection vectors such as phishing, exposed RDP ports, and MSP compromise—and why healthcare data, ranging from patient records to proprietary research, is among the most valuable on the black market.

This briefing also unpacks how healthcare providers can build layered defenses, including adoption of the NIST Cybersecurity Framework (CSF), segmented networks, offline backups, and least-privilege access. Finally, we discuss why authorities advise against paying ransoms, and how collaboration with CISA, MS-ISAC, and law enforcement is critical in recovery and prevention.

Tune in for a direct, tactical analysis of what happened, how it happened, and what your organization can do to stay protected.

As digital deception evolves, so must our defenses. In this episode, we dive deep into the escalating battle for trust in our increasingly connected world. From nation-state-level authentication models to real-time behavioral biometrics on your mobile device, the tools to verify identity are becoming more sophisticated—and more essential—than ever.

We unpack the concept of a Pervasive Trusted Ecosystem, where every layer—from user identity and hardware to operating systems and global trust services—is fortified to resist cyber threats. Learn how Secure Boot protocols, hardware-based roots of trust, and Risk-Based Authentication (RBA) are shaping the architecture of secure systems.

But it’s not just about defense—it’s about deception too. The rise of deepfake technology, fueled by GANs and synthetic audio, is challenging the very idea of “seeing is believing.” We examine how these tools are being weaponized in fraud and misinformation campaigns—and what can be done to detect and stop them before trust collapses.

From mobile continuous authentication using gait, touch, and typing patterns, to deepfake detection and public education, this episode offers a critical look at the tools, techniques, and trust models we need to secure our digital lives.

🔐 This isn’t just cybersecurity. It’s a fight to preserve reality.

In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our electric grids, water supplies, and industrial automation—but thousands are reachable online, often unsecured.

We explore how researchers are working to distinguish between real ICS devices and honeypots—decoys used to bait cyber attackers. You’ll learn about scanning tools like Shodan, techniques like lightweight fuzzing and TTL analysis, and how attackers and defenders are racing to outsmart each other.

We’ll also unpack the latest data: over 119,000 potentially real ICS hosts exposed as of April 2024, and more than 39,000 suspected honeypots deployed globally. From protocol fingerprinting to cloud-hosted traps like GridPot, we explore what’s real, what’s fake, and why it matters for national infrastructure.

If you're in cybersecurity, critical infrastructure, or just curious how close we are to a digital blackout, don’t miss this briefing.

In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product delivery delays. This episode explores how a ransomware incident brought one of Europe’s leading food manufacturers to a standstill, revealing how vulnerable the food industry is to modern cyber threats.

We examine the critical infrastructure of the food supply chain and why operational technology (OT), programmable logic controllers (PLCs), and distribution systems are becoming prime targets. From the risks posed by third-party vendors to the dangers of shadow IT and outdated ICS environments, we analyze the multilayered vulnerabilities that cybercriminals are increasingly exploiting.

We also discuss Germany’s cybersecurity challenges, the rising professionalization of cybercriminal groups, and how businesses in the food and beverage sector can bolster their defenses through OT-specific protections, Zero Trust security, and robust incident response plans. The Arla incident is not just a case study—it’s a warning for every company in critical manufacturing.

In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security Center APIs, this tool disables Windows Defender by impersonating a trusted antivirus and injecting its code into Microsoft-signed Task Manager. We explore how Defendnot bypasses Protected Process Light and security signatures, effectively neutering the built-in antivirus on Windows systems.

The discussion broadens to cover the common antivirus and EDR detection mechanisms — including static analysis, AMSI, ETW, API hooking, IAT inspection, and behavioral monitoring — and the sophisticated techniques attackers now use to bypass them. From DLL injection and reflective loading to direct/indirect syscalls and anti-sandbox checks, we break down the tools and tactics adversaries use to slip past enterprise defenses.

We also discuss the broader implications of tools like Defendnot: how trusted Windows infrastructure is being turned against itself, why these attacks are difficult to mitigate, and what the security community needs to consider moving forward. Whether you're a red teamer, blue teamer, or somewhere in between, this episode is your technical crash course on how modern endpoint protection is being circumvented — and what that means for defenders.

In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. The intelligent SaaS platform promises to replace outdated, reactive playbooks with automated, tailored response plans that span legal, security, IT, and executive teams. With participation from top cybersecurity VCs and the addition of industry giants Kevin Mandia and Nicole Perlroth to its board, BreachRx is pushing to make operational resilience the new standard.

We unpack how BreachRx’s AI-powered platform addresses compliance with frameworks like NIST, SEC, and ISO 27001, protects CISOs from liability, and enables real-time cross-functional collaboration during high-pressure breach scenarios. The conversation also explores their go-to-market expansion, MSSP partnerships, and the role of communications in managing incidents effectively — not just technically, but reputationally.

If you're tired of “stale paper plans” and want to understand the next generation of incident response, this episode is for you.

In this episode, we unpack the 2024 cybersecurity incident that rocked the debt collection and healthcare sectors: the massive data breach at Nationwide Recovery Services (NRS), a third-party collections agency and subsidiary of ACCSCIENT. Between July 5 and July 11, 2024, threat actors gained unauthorized access to NRS’s systems, exfiltrating sensitive personal and medical data belonging to individuals whose information was handled by NRS on behalf of healthcare providers and government entities.

We'll break down what was exposed — including names, Social Security numbers, medical records, and financial account details — and discuss why this breach is considered particularly severe. With downstream vendors like Harbin Clinic, DRH Health, and the City of Chattanooga now notifying over 110,000 individuals (and counting), the scale of the breach is significant — and growing.

Our discussion explores:

• Why NRS delayed notifying affected clients until February 2025 — 7 months after detection.
• The legal and contractual backlash, including Chattanooga’s canceled contract and threats of litigation.
• Regulatory obligations under HIPAA and GDPR, and how NRS may have fallen short.
• Lessons for healthcare providers and public entities in managing third-party risk.
• Steps individuals should take now if they were affected — and why identity protection services matter.

We also analyze how the incident has intensified scrutiny of the debt collection industry’s data security posture and why vendor oversight must be a priority in any data-driven operation.

Tune in for a comprehensive breakdown of a breach with far-reaching consequences — and what it signals for future legal and cybersecurity landscapes.

In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader component. This vulnerability allows attackers to leak cross-origin data, including sensitive query parameters and session information, via crafted HTML pages. Even more alarming: it's not limited to Chrome. Other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also at risk.

We’ll explore the technical mechanism behind the flaw, how it abuses Link headers and referrer-policy directives, and why it's capable of bypassing same-origin protections, putting OAuth-based login flows and session security at risk. With confirmed active exploitation, CVE-2025-4664 has been added to CISA’s Known Exploited Vulnerabilities Catalog, triggering federal mandates to patch or discontinue use of vulnerable versions before June 5, 2025.

Our discussion covers:

• How the vulnerability works and why it’s dangerous
• Which browsers and versions are affected
• The urgency of applying the latest Chrome and Edge updates
• Security best practices and monitoring recommendations for SOC teams
• Lessons this incident teaches about browser security architecture

Don’t miss this essential security update—whether you're managing enterprise systems or browsing on your personal laptop, this vulnerability demands immediate attention.

🎧 Tune in to learn how to stay protected.

In this episode, we dive deep into a newly disclosed healthcare data breach affecting over 483,000 patients of Catholic Health, stemming from a misconfigured Elasticsearch database maintained by third-party vendor Serviceaide.

From September 19 to November 5, 2024, the database was inadvertently exposed to the public internet, putting highly sensitive information—including names, Social Security numbers, birthdates, medical record numbers, treatment and prescription details, insurance information, and even login credentials—at risk.

Although Serviceaide reported no confirmed exfiltration, they admitted they cannot rule it out, raising alarms across the cybersecurity and healthcare communities. The exposed data’s scope and sensitivity make this breach especially dangerous, with potential long-term implications for identity theft and patient privacy.

We’ll break down:

• The exact nature and cause of the exposure
• Why third-party vendor risks continue to plague healthcare systems
• What information was compromised
• How the breach compares to others in the industry
• What mitigation steps are being taken, including free credit monitoring

This incident is another stark reminder of the critical importance of vendor vetting, infrastructure configuration, and ongoing security monitoring—especially in sectors that handle life-altering data like healthcare.

In this episode, we take an in-depth look at the newly discovered CVE-2025-4664 vulnerability in Google Chrome’s Loader component. This high-severity security flaw is affecting not only Chrome but also other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi. The issue lies in insufficient policy enforcement within the browser’s Loader, enabling attackers to manipulate the referrer-policy and leak sensitive cross-origin data, potentially leading to full account takeovers.

We discuss the technical details of the exploit, focusing on how attackers leverage the Link header to set the referrer-policy to unsafe-url, thus capturing full URLs with sensitive query parameters, such as OAuth tokens and session identifiers. These parameters, once intercepted, can give attackers unauthorized access to user accounts. The podcast also addresses the confirmed existence of active exploits "in the wild" and why immediate patching is crucial, particularly after Google’s emergency update for Chrome.

With CVE-2025-4664 now included in CISA’s Known Exploited Vulnerabilities Catalog, the urgency of addressing this issue becomes even more pressing. We will also cover recommended mitigation strategies, including the need for secure HTTP headers, real-time traffic monitoring, and third-party resource audits to prevent exploitation attempts.

Join us as we break down this critical vulnerability and provide actionable advice on how to stay secure in light of CVE-2025-4664.

In this episode, we dive deep into the recent wave of cyberattacks plaguing major UK retailers such as Marks & Spencer, Co-op, and Harrods, with a special focus on the threat group behind them: Scattered Spider (also known as UNC3944, Muddled Libra, and several other aliases). We'll explore how this loosely coordinated cybercriminal group has expanded its operations from targeting casinos to now focusing on the retail sector, including a growing presence in the US market.

Scattered Spider’s unique blend of sophisticated social engineering tactics, including vishing, phishing, and MFA bypass strategies, has made them a formidable threat to retailers worldwide. Their use of the DragonForce ransomware—aimed at encrypting critical systems—has already disrupted operations, with significant impacts on M&S and Co-op, from stolen customer data to operational shutdowns.

We'll also discuss the group's evolving tactics, such as rapid phishing domain rotation and "Rickrolling" as a means of evading detection, as well as their ability to operate even after arrests in late 2024.

With retail under constant threat, we’ll highlight expert recommendations for bolstering defenses, from strengthening IT help desk protocols to improving MFA and phishing detection systems.

Join us for a critical analysis of how Scattered Spider is reshaping the landscape of cybersecurity threats in retail and how organizations can take action to prevent falling victim to these increasingly sophisticated attacks.

 In a major move within the cybersecurity space, Proofpoint has announced the acquisition of Hornetsecurity for over $1 billion. This deal significantly strengthens Proofpoint’s foothold in Microsoft 365 security, while expanding its reach into the small and mid-sized business (SMB) market through Hornetsecurity’s extensive network of managed service providers (MSPs) in Europe. In today’s episode, we break down how this acquisition enhances Proofpoint’s portfolio of AI-powered security solutions, including Hornetsecurity’s flagship product, 365 Total Protection. We dive into the strategic impact on SMBs and MSPs, explore the growing need for human-centric security, and discuss how this acquisition sets Proofpoint up for dominance in the Microsoft 365 security space. Plus, we analyze the ongoing trend of consolidation in the cybersecurity industry and what it means for the future of cybersecurity innovation. 

In this episode, we dive into the active exploitation of two critical zero-day vulnerabilities in SAP NetWeaver—CVE-2025-31324 and CVE-2025-42999. Threat actors have been leveraging these flaws since January 2025 to gain unauthenticated access, upload malicious web shells, and ultimately achieve remote code execution by chaining an insecure deserialization bug. With over 2,000 vulnerable SAP NetWeaver servers exposed online—including deployments at more than 20 Fortune 500 and Global 500 companies—the impact is massive.

We break down how the attack chain works, the tools being deployed (like Brute Ratel), and what this says about modern supply chain security. We also examine the role of Chinese threat actor Chaya_004 and the response from the U.S. government, including CISA’s mandate for federal agencies to patch by May 20. Plus, we discuss SAP’s mitigation guidance and the broader implications of enterprise software zero-days in an increasingly hostile cyber threat landscape.

Tune in to understand why this campaign could be one of the most consequential enterprise breaches of 2025—and what security teams must do now.

The recent ransomware attack on Marks & Spencer (M&S) is a sobering example of the evolving cyber threat landscape confronting the retail industry. In this episode, we unpack how one of the UK's most iconic retailers fell victim to a sophisticated cybercriminal group known as Scattered Spider. This group, recognized for its advanced social engineering tactics, reportedly infiltrated M&S systems, stole customer data, and encrypted critical VMware ESXi infrastructure—disrupting store operations, wiping out millions in online revenue, and shaking investor confidence.

We dive deep into how threat actors like Scattered Spider gain initial access—leveraging phishing, SIM swapping, MFA fatigue, and vishing—to breach even mature IT environments. The attackers exploited Active Directory and targeted virtual infrastructure, maximizing both disruption and ransom leverage. We also explore the anatomy of modern ransomware campaigns and how social engineering remains the single most effective tool in a hacker’s playbook.

Beyond the breach, we discuss why retail is now the fourth most targeted sector, what technical and organizational defenses could have prevented this, and the regulatory consequences businesses face after a data leak. From the need for modern Active Directory security to the importance of incident response and breach notification protocols, this episode offers a comprehensive analysis—and practical takeaways—for CISOs, IT leaders, and security professionals across all industries.

In this episode, we break down Apple’s massive May 2025 security update blitz—a sweeping patch release that spanned iOS, macOS, iPadOS, tvOS, visionOS, and watchOS. The urgency? Two zero-day vulnerabilities, CVE-2025-31200 (Core Audio) and CVE-2025-31201 (Core Media), were already under active exploitation in what experts are calling “extremely sophisticated, targeted attacks.”

We’ll dig into the technical details of these zero-days, explore who might be behind the attacks, and explain how they allowed malicious audio and media files to potentially execute arbitrary code on unpatched Apple devices.

Beyond the zero-days, Apple’s updates patched over 30 serious vulnerabilities affecting components such as WebKit, CoreGraphics, AirDrop, and the Kernel. We’ll also examine new revelations:

• A side-channel attack dubbed SysBumps that bypasses kernel-level protections on Apple Silicon Macs
• Security enhancements in the Notes app aimed at preventing unauthorized access
• And the first-ever security update for Apple’s C1 modem—a possible sign of increasing focus on baseband-level threats.

We also spotlight the researchers and red teams from around the world—including India, Korea, and China—whose findings were acknowledged in Apple’s advisories.

If you're an Apple user, security analyst, or IT admin, this is a critical episode: we’ll tell you what’s been patched, what’s still concerning, and what you should do next.

In this episode, we unpack the groundbreaking $1.4 billion privacy settlement between Google and the state of Texas—now the largest of its kind in U.S. history. This isn't just about numbers; it's about how data privacy enforcement is shifting dramatically at the state level in the absence of federal legislation.

We dive deep into the Texas Capture or Use of Biometric Identifier Act (CUBI), the cornerstone of this case, and explain how it mandates informed consent before companies can collect biometric data like voiceprints and facial geometry. You'll learn how Google’s alleged misuse of biometric data—combined with misleading claims about browser "incognito mode"—landed it in legal hot water.

We also explore the growing global trend toward comprehensive data protection laws, including new regulations in India, Vietnam, and the Middle East, and how U.S. states are stepping in to fill the federal privacy gap. And if you've ever relied on "private browsing" for anonymity, think again—this episode reveals what incognito mode does and doesn’t protect you from.

From biometric surveillance to browser misconceptions, we break down what this settlement means for consumers, companies, and the future of data governance—and why Texas has become the unlikely champion of digital privacy enforcement.

In April 2024, a sophisticated cyber espionage campaign orchestrated by the Türkiye-linked hacker group, Marbled Dust, began exploiting a previously unknown zero-day vulnerability in the Output Messenger platform—a self-hosted enterprise chat application. This vulnerability (CVE-2025-27920) resides in the Output Messenger Server Manager and allows attackers to upload malicious files, such as GoLang-based backdoors, facilitating extensive data exfiltration. The primary targets of this campaign are individuals and entities affiliated with the Kurdish military in Iraq, aligning with Marbled Dust's ongoing geopolitical focus.

This podcast dives deep into the technical aspects of the attack, which begins with authenticated access to the vulnerable Output Messenger platform. Once inside, the threat actors exploit the directory traversal flaw to upload malicious scripts to the system’s startup folder, ensuring persistence through GoLang backdoors. We’ll explore how the group's new capabilities represent a shift in their technical prowess—signifying a departure from their prior reliance on known vulnerabilities and DNS manipulation to the use of a true zero-day exploit.

We will also break down the security implications of such attacks, shedding light on the criticality of regular software patching, especially for enterprise applications that may not be as heavily scrutinized as other more popular platforms. The podcast will also cover Marbled Dust’s historical tactics, their continued evolution, and the need for enhanced security practices—especially in regions with high geopolitical stakes like the Middle East. How can organizations better secure their internal messaging systems and implement the necessary countermeasures? Tune in to get the full analysis and recommendations for defending against such sophisticated cyber espionage tactics.

In this episode, we dissect CVE-2025-47729, a critical vulnerability in TeleMessage, a message archiving app recently thrust into the spotlight due to its use by former National Security Advisor Mike Waltz. Following Waltz’s controversial tenure—marked by the "Signalgate" leak and the subsequent appearance of TeleMessage on his phone—researchers uncovered a major flaw: a lack of end-to-end encryption between the app and its archive server.

Hackers have exploited this flaw in the wild, accessing unencrypted chat logs—including internal communications from Coinbase and a list of Customs and Border Protection employees. The breach has raised red flags at the federal level, with CISA adding CVE-2025-47729 to its Known Exploited Vulnerabilities (KEV) catalog, mandating urgent action from federal agencies.

We explore:

• How TeleMessage works and why it was adopted in sensitive government contexts
• What independent code analysis revealed about its flawed encryption model
• What was stolen—and what wasn’t—in the confirmed breaches
• Smarsh’s response and the suspension of TeleMessage services
• Why CISA is effectively advising users to stop using the app altogether

Whether you’re in cybersecurity, compliance, or just concerned about how message archiving can become a liability, this episode lays out the facts—and the failures—behind the latest messaging app security scandal.

A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we break down how threat actors published malicious modules—sw-cur, sw-cur1, and aiide-cur—promising cheap access to Cursor's AI features. Once installed, these packages function as backdoors, stealing credentials, modifying critical application files like main.js, disabling updates, and granting persistent remote access.

We’ll discuss how the attackers used social engineering tactics around “cost savings” to compromise trust, the technical breakdown of the malware’s behavior, and what this means for developers and enterprises relying on modern IDEs. With over 3,200 downloads before detection, this campaign represents a significant escalation in supply chain threats.

Join us as we explore:

• The mechanics of the backdoor and how persistence was achieved
• The risks of lateral movement in enterprise CI/CD environments
• What this attack says about the future of developer-focused malware
• Real-world remediation steps and how to protect your development environments

Whether you're a developer, CISO, or security researcher, this episode will give you a sharp look into a growing and deeply concerning attack vector.

In this episode, we break down the February 2025 data breach that hit Valsoft Corporation, operating under the name AllTrust, through its subsidiary Aspire USA. Over 160,000 individuals are potentially impacted, with exposed data including Social Security numbers, driver’s license information, and financial account details. We explore how the breach unfolded over a three-day window, the steps Aspire took to interrupt an in-progress data transfer, and how long it took to notify affected individuals.

We'll also examine the legal implications now facing Valsoft, including multiple law firm investigations and the potential for class action lawsuits. Additionally, we cover what this breach reveals about current cybersecurity practices in companies handling PII and how consumers can protect themselves when their data is exposed. From SOC2 compliance claims to the offer of free credit monitoring, we question whether the company’s response was adequate—or merely reactive.

Was this breach preventable? And what can other companies learn from Valsoft’s handling of it? Tune in for a hard look at one of 2025’s most notable PII exposure incidents.

In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery mechanism for a Remote Access Trojan (RAT). The attacker exploited the package’s deprecated but still-popular status, publishing malicious versions that never appeared in the GitHub repo.

We discuss how the threat actor used obfuscated code, off-screen whitespace tricks, and a Windows-specific PATH hijack to hide their RAT, which established a command-and-control (C2) channel capable of remote shell access, file uploads, and command execution. You’ll also hear how this incident fits into broader trends of CI/CD pipeline poisoning and software supply chain attacks—and what developers, security teams, and enterprises should do to avoid being the next target.

A zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, became the center of a global cybersecurity storm when it was exploited in the wild before Microsoft patched it on April 8, 2025. In this episode, we take a deep dive into how this elevation of privilege exploit allowed attackers to gain SYSTEM-level access and deploy ransomware payloads—including the RansomEXX family—across industries and continents.

We’ll break down the exploitation timeline, reveal how the PipeMagic backdoor was used as a launchpad, and analyze how attackers injected malicious payloads into Windows processes like winlogon.exe to dump credentials and maintain persistence. Our discussion also covers attribution insights, with Storm-2460 and actors associated with Play ransomware identified as users of this exploit, underscoring how the tool may have circulated in underground channels before the patch.

With insights from Microsoft, Symantec, Kaspersky, and Arctic Wolf, this episode unpacks the technical mechanism, post-exploitation behavior, and defensive recommendations, including why some versions of Windows 11 were immune and what security teams should do to harden their environments moving forward. Whether you're in IT, finance, software, or retail—this episode has vital intel on defending against emerging threats in a rapidly evolving ransomware landscape.

In this episode, we dive deep into the legal, technical, and geopolitical implications of the U.S. court ruling in WhatsApp v. NSO Group—a landmark case in the global effort to hold spyware developers accountable. The conversation unpacks the court’s decision to award over $167 million in damages to WhatsApp for the unauthorized deployment of Pegasus spyware, highlighting violations of anti-hacking laws and terms of service.

We explore how this ruling may impact the resilience of the commercial spyware industry, the potential chilling effect on investors, and the mounting legal pressures facing firms like NSO Group. We also examine the complexities of asserting jurisdiction in cross-border cyber cases, and why evidentiary sanctions—rather than clear precedents—still leave significant gaps in regulating spyware abuse.

Beyond the courtroom, we discuss Pegasus's widespread reported use by state actors against journalists, activists, and political figures, and the serious human rights concerns this raises. The episode also connects the dots between spyware and the broader cybersecurity threat landscape, from ransomware to state-sponsored APT groups.

Finally, we zoom in on the global regulatory response, spotlighting Indonesia’s newly enacted Personal Data Protection Law and how such frameworks are emerging worldwide to govern digital surveillance, data transfers, and privacy rights. This episode provides critical insight into how law, technology, and human rights intersect in the age of digital surveillance—and what’s next for global cybersecurity policy.

AI tools are generating more code than ever — but who’s reviewing it? In this episode, we spotlight CodeAnt AI, the fast-growing platform built to solve the growing code review bottleneck created by AI-assisted development.

You’ll learn how CodeAnt AI:

• Cuts review time and post-deployment bugs by over 50%
• Uses a proprietary language-agnostic AST engine to analyze 30+ programming languages
• Powers one-click security and quality fixes for Fortune 1000 dev teams
• Offers on-prem deployment for security-sensitive organizations
• Secured $2M in funding and a $20M valuation with backing from Y Combinator and others

We also break down the core components of software code quality—readability, maintainability, reliability, efficiency, and security—and how AI is changing how enterprises scale development.

If you're serious about faster, more secure code delivery, this episode is a must-listen.

A newly disclosed zero-day vulnerability, CVE-2025-3248, is being actively exploited in the wild—and it's targeting Langflow, a popular open-source framework for building AI-powered applications. In this episode, we unpack how a missing authentication check in the /api/v1/validate/code endpoint allowed remote attackers to run arbitrary code on unpatched servers. With a critical CVSS score of 9.8 and confirmation from CISA's Known Exploited Vulnerabilities Catalog, this flaw has serious implications for organizations using versions prior to 1.3.0.

We explore the technical mechanics behind the exploit—including abuse of Python decorators and default arguments—and highlight evidence of real-world attacks detected by honeypots and TOR-sourced payloads. Whether you're running Langflow or managing open-source AI tools, this is a wake-up call for patching, hardening, and reassessing how you expose development platforms to the internet.

Stay ahead of the threat. Tune in now to learn what went wrong, what’s being done, and what you can do to protect your infrastructure.

In this episode, we break down the active exploitation of CVE-2024-7399, a critical path traversal and arbitrary file upload vulnerability in Samsung MagicINFO 9 Server. Despite a patch released in August 2024 (version 21.1050 and later), many systems remain exposed — and threat actors are taking full advantage.

We explore how attackers are exploiting this flaw to gain system-level access, upload malicious .jsp files, and deploy Mirai botnet variants. You'll hear insights from key cybersecurity sources including Arctic Wolf, The Hacker News, and the Internet Storm Center, who confirm widespread targeting of unpatched MagicINFO servers.

Listeners will learn about:

• How the vulnerability works and why it’s dangerous
• The tactics used to upload and execute botnet scripts
• The real-world impact of compromised digital signage networks
• Why patching, access controls, and secure file handling are critical for IoT and CMS systems

Whether you're an infosec pro, IT admin, or digital signage operator, this episode delivers everything you need to know about CVE-2024-7399, its implications, and how to stay protected in an increasingly botnet-riddled world.

A critical zero-day vulnerability — CVE-2025-31324 — is shaking the enterprise tech world.
 In this episode, we dive deep into the alarming exploit targeting SAP NetWeaver Java systems, specifically the Visual Composer component, now under active attack.

This vulnerability enables unauthorized file uploads, which attackers are using to deploy webshells, cryptominers (like XMRig), and potential infostealers. Threat actors are already exploiting this flaw in the wild, as confirmed by leading cybersecurity firms and SAP itself.

You’ll hear:

• How attackers are weaponizing CVE-2025-31324 for remote code execution
• Real-world attack activity detected as early as April 26, 2025
• Tools and indicators of compromise (IOCs) released by SAP, Onapsis, Mandiant, Pathlock, and WithSecure
• What defenders need to do right now to patch or mitigate
• Why experts expect a second wave of attacks, as exploit code circulates publicly

We also cover:

• The CVSS 10.0 criticality score and what it means
• How attackers are using Living Off the Land (LOL) techniques, such as certutil, for lateral movement
• SAP’s emergency patch (Note #3594142) and temporary mitigation strategies

If your organization uses SAP, this is must-listen content. Even if it doesn’t, this episode is a masterclass in how fast zero-days go from discovery to weaponization — and how defenders can keep up.

🔐 Patching isn't optional anymore — it's urgent.

In this episode, we break down the anatomy of some of the most critical vulnerabilities threatening enterprise systems in 2025 — and the real-world attacks already exploiting them. We explore how seemingly small issues like path traversal can escalate into full remote code execution (RCE), and how threat actors are chaining vulnerabilities to bypass authentication and compromise systems.

We’ll examine CVE-2025-34028 in Commvault Command Center and CVE-2025-32432 in Craft CMS, both added to CISA’s Known Exploited Vulnerabilities (KEV) catalog after confirmed in-the-wild exploitation. You'll hear how attackers are abusing unfiltered file paths, uploading malicious files, and exploiting image processing features to take control of servers — all without authentication.

We also talk about the architectural reasons why arbitrary code execution (ACE) is so dangerous, how the Von Neumann model enables this class of exploits, and why input validation and patching are non-negotiable. This is a must-listen if you’re responsible for patching, monitoring, or securing web apps and core business platforms.

✅ Topics Covered:

• ACE vs. RCE: What’s the difference and why it matters
• How path traversal works and how it’s exploited
• Breakdown of recent Craft CMS and Commvault vulnerabilities
• Why chained exploits are increasing in real-world attacks
• CISA’s KEV catalog and what it means for your patching priorities
• Mitigation steps that actually work — from WAF rules to file-integrity monitoring

In this episode, we dive deep into the massive data breach at Kelly Benefits, a payroll and benefits administrator that exposed the sensitive personal data of over 413,000 individuals. We break down what happened, what data was compromised, and how the breach escalated from 32,000 initially impacted people to hundreds of thousands across the country.

We also explore the broader implications of the breach: the rising threat to payroll and HR systems, the legal aftermath including class-action lawsuits, and what organizations must do to protect employee data. Drawing from official guidance by the U.S. Department of Labor, we outline 12 essential cybersecurity best practices—covering everything from risk assessments and third-party audits to multi-factor authentication and encryption protocols.

Finally, we talk directly to individuals who may be affected, highlighting steps recommended by Experian for dealing with Social Security number theft, including credit freezes, fraud alerts, and identity protection tips.

Whether you’re a business leader, IT professional, or concerned employee, this episode unpacks how preventable this breach was—and how your organization can avoid being next.

 In this episode, we unpack the rising tensions surrounding the Cybersecurity and Infrastructure Security Agency (CISA) as it faces proposed budget cuts, looming layoffs, and growing criticism over alleged mission overreach. While CISA continues to champion its role in defending national infrastructure and guiding cyber resilience, reports of domestic speech monitoring—particularly around elections and COVID-19—have ignited political backlash and civil liberties concerns. We explore the facts behind the funding crisis, examine the claims of censorship, and consider what’s at stake for U.S. cyber defense as trust in the agency erodes. Is CISA evolving beyond its mandate, or being strategically undermined? Tune in for a deep dive into one of the most polarizing issues in national cybersecurity today. 

The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to China without ensuring equivalent protection standards. This landmark decision marks one of the largest fines under GDPR and places a spotlight on the persistent challenge of cross-border data transfers—particularly to jurisdictions like China with divergent national security and surveillance laws.

In this episode, we break down the DPC’s findings, which include TikTok’s failure to verify that Chinese legal protections matched EU standards, inadequate assessments of Chinese laws, and a lack of transparency in its privacy policies. The fine also follows TikTok’s admission in 2025 that some EEA user data was in fact stored in China—contradicting earlier statements and raising the possibility of further regulatory action.

We’ll also examine TikTok’s defense, including its multi-billion-euro "Project Clover" initiative, and its warnings about the ruling’s potential implications for all global businesses operating in the EU. From privacy law to data localization, this episode explores the evolving landscape of international data governance, what this decision means for GDPR enforcement in 2025, and why every global company should be paying attention.

In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development landscape. With $93 million raised in an oversubscribed Series B round and 30x ARR growth in just 18 months, Endor Labs is rapidly emerging as a market leader in securing AI-generated and open-source code.

We dive into the platform’s unique approach—combining SCA, SAST, Secrets Detection, CI/CD, and Container Scanning with reachability analysis and AI-powered code review. These capabilities allow Endor Labs to cut through the noise of false positives and zero in on real, architectural risks—like unauthenticated admin endpoints introduced by AI-generated code.

You'll also hear how Endor Labs enables developer-friendly workflows and integrates security into the development lifecycle—turning AppSec from a bottleneck into a catalyst. We discuss their evaluation framework for open-source dependencies, the growing risks of transitive vulnerabilities, and how AI Code Governance is essential for ensuring code reliability, quality, and security at scale.

Whether you're a CISO, a DevSecOps leader, or a developer navigating the AI coding wave, this episode unpacks why the future of secure software starts with smarter tools, deeper insights, and platforms purpose-built for this new era.

In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute webshells after obtaining valid credentials. This flaw, rated 8.8 on the CVSS 3.1 scale, was exploited as a zero-day by a suspected nation-state actor in February 2025 to breach Commvault’s Azure cloud environment.

We unpack how the attack unfolded, what made this vulnerability so dangerous, and why the breach didn’t impact customer backup data but still triggered major concern across the cybersecurity community. The discussion also covers how webshells work, why authenticated access was a key part of the exploit chain, and the steps Commvault took to contain and remediate the breach.

You'll also learn what it means when CISA adds a CVE to its Known Exploited Vulnerabilities (KEV) catalog, and what agencies—and private enterprises—should do in response. We’ll explore Commvault’s guidance around patching, credential rotation, IP blocklists, and how Conditional Access Policies in Azure AD/Entra ID can mitigate similar attacks in the future.

Finally, we’ll look at the broader implications of the incident, including the role of cybersecurity incident response planning (CSIRP) and the increasing use of zero-trust models to defend cloud workloads against sophisticated actors.

On April 25, 2025, Nova Scotia Power, the province’s primary electricity provider, confirmed what many suspected: a cyber incident involving unauthorized access had compromised customer data. But what looked at first like an isolated disruption is, in reality, a single node in a much broader—and much more dangerous—global pattern.

In this episode, we dive deep into the Nova Scotia Power breach, exploring how attackers forced IT shutdowns, exposed personal customer data, and sparked a crisis of trust in utility providers. Was this ransomware, espionage, or reconnaissance? Why did it coincide with power instability in Spain and Portugal? And why did it happen just as the utility was seeking millions in cybersecurity funding?

From Canada’s Atlantic coast to Denmark, Saudi Arabia, and the U.S., energy infrastructure is under relentless digital siege. We analyze the tactics of cybercrime groups, nation-state actors, and hacktivists who are exploiting the power sector’s deep reliance on remote access, cloud services, and third-party vendors.

This is more than a tech story—it’s a national security issue. With quotes from cybersecurity experts and intelligence sources, we unravel the silent war happening behind the scenes. You’ll learn why utilities downplay these threats, how attacker motives are shifting, and why Nova Scotia may have been targeted not as a high-value asset, but as a low-friction testbed for future disruption.

Because when the lights go out, the real danger might not be the darkness—it might be what we weren’t told.

In a rare move, SentinelOne has publicly confirmed that it is under persistent attack from nation-state threat actors and ransomware gangs. This episode breaks down their recent report detailing how these adversaries—some believed to be backed by China and North Korea—are targeting SentinelOne to gain insight into how thousands of environments are protected.

We explore how these campaigns go beyond passive espionage. From elaborate social engineering to credential theft, adversaries are trying to infiltrate SentinelOne’s systems directly, including through fake job applications from North Korean IT operatives. We also discuss the implications of this disclosure: why SentinelOne chose to speak out, what it means for the rest of the cybersecurity industry, and what businesses should learn from this level of transparency.

This is not just a story about cyberattacks—it’s about trust, vendor risk, and the growing reality that even the protectors need protecting.

In this episode, we unpack the evolving landscape of Product Lifecycle Management (PLM) and why it's become a strategic cornerstone in modern IT environments. From conception to retirement, managing a product’s lifecycle is now about more than just operations—it's about security, compliance, innovation, and cost.

We explore the critical milestones of End-of-Life (EOL) and End-of-Support (EOS)—moments where products either stop receiving updates or lose all support, including vital security patches. These transition points can expose organizations to serious cybersecurity threats and operational failures if not proactively managed. But managing them isn't easy—information is often fragmented, inconsistently defined, and scattered across vendors.

Enter OpenEoX, a groundbreaking initiative led by industry giants and government stakeholders, under the OASIS Open framework. OpenEoX aims to standardize how EOL/EOS data is defined, shared, and used—offering a blueprint to reduce tech debt, enhance risk visibility, and simplify lifecycle tracking across software, hardware, and even AI models.

We also spotlight lifecycle intelligence tools like ScalePad Lifecycle Manager and the Qualys Tech Debt Report, which help MSPs and enterprise IT teams track asset health, identify security gaps, and make informed upgrade decisions.

If you're in IT, cybersecurity, asset management, or product development, this conversation will change the way you look at product sunsets—and how to plan for them.

LayerX just raised another $11 million — and it’s not to build another antivirus. With $45 million in total funding, the company is betting that your browser is the most vulnerable—and most overlooked—part of your cybersecurity stack.

In this episode, we explore how LayerX turns everyday browsers like Chrome and Firefox into intelligent defense agents using machine learning. Their extension monitors behavior in real time, blocks malicious extensions, prevents data leaks, and even neutralizes threats embedded in legitimate web pages. Unlike traditional security tools that miss browser-layer threats or slow users down, LayerX promises near-zero performance impact while handling risks from AI-powered phishing, SaaS misuse, and shadow IT.

We dig into what makes their AI engine different, how they address growing SaaS vulnerabilities, and why securing the browser may be the key to surviving the next generation of cyberattacks.

Is LayerX the new face of enterprise security? Or just the first wave in a browser-based security revolution? Tune in to find out.

In this episode, we dive into the story of Pistachio, the Norwegian cybersecurity startup that just raised $7 million in new funding—bringing its total to $10.5 million. Pistachio isn’t building another firewall or antivirus tool; it’s targeting the weakest link in most security systems: people.

With AI-powered phishing attacks becoming increasingly personalized and harder to detect, Pistachio’s solution is to fight AI with AI. Their platform automates adaptive cybersecurity training and simulates attacks based on real-world tactics. By analyzing user behavior, Pistachio personalizes learning paths to teach employees how to spot scams embedded in emails, QR codes, fake browser windows, and even deepfake calls.

Now used by over 600 companies across 16 countries, and running over 2 million simulations annually, Pistachio is scaling its mission to North America. We unpack how they’re using AI to deliver smarter security awareness training—and why investors are betting on them to outpace the rapidly evolving threat landscape.

In this episode, we dive deep into AirBorne — a critical set of vulnerabilities in Apple’s AirPlay protocol and SDK, recently uncovered by security researchers at Oligo. These flaws enable zero-click, wormable remote code execution (RCE) attacks across iPhones, Macs, Apple TVs, CarPlay systems, and millions of third-party devices. Even more alarming: attackers don’t need physical access or user interaction. Just a shared network.

We break down how vulnerabilities like CVE-2025-24252 and CVE-2025-24132 open the door for malware to silently hop from one device to another, the risk of eavesdropping and data theft via CarPlay, and why third-party device patching could take years — if it happens at all.

From local file reads to MITM attacks, join us as we explore how these AirPlay flaws became one of the most significant Apple security stories of the year, what Apple has done so far, and what users and enterprises must do to stay protected.

The bots have taken over—and they’re not just crawling your website. In this episode, we dig into the alarming reality that automated bots now generate over half of all internet traffic. Armed with artificial intelligence and cloaked in residential proxies, these bots are evolving beyond simple scripts into highly evasive, persistent threats targeting every industry.

We break down the latest findings from Imperva, F5, Thales, and more to explore:

• The explosive growth of bot traffic—and why 37% of it is now malicious.
• How AI is enabling attackers to scale, adapt, and bypass traditional defenses.
• The rise of Bots-as-a-Service (BaaS) and residential proxy networks that make it easier than ever to launch credential stuffing, account takeovers, data scraping, and automated fraud.
• Why APIs are the new front line for bot attacks.
• Real-world impacts: From chargebacks and churn to brand damage and regulatory risks.
• What modern bot mitigation looks like—and why your legacy WAF won’t cut it.

Whether you're in eCommerce, finance, government, or healthcare, this conversation will change how you think about traffic—and threat detection. Tune in to learn what your business must do to detect, adapt, and stay one step ahead in the escalating war against AI-powered bots.

In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as affecting fewer than 2,000 individuals, the breach has now ballooned to a confirmed 4 million affected people. We trace the timeline from the initial detection of suspicious network activity on February 28, 2024, to the eventual notification of millions of impacted individuals beginning in April 2025.

Listeners will learn how sensitive information—names, addresses, birthdates, gender, and Social Security numbers—was exposed, and why this data combination poses a high risk of identity theft. We also unpack the reasons behind the prolonged disclosure process, VSI’s response efforts, the role of federal regulators, and the legal consequences now unfolding, including multiple class-action lawsuits.

Was this a case of evolving forensic findings—or of organizational opacity? And what does this incident tell us about third-party HR data security standards in 2025? Join us for a detailed breakdown of one of the year's largest and most quietly escalated data breaches.

Three actively exploited vulnerabilities—CVE-2025-42599 (Qualitia Active! mail), CVE-2025-3928 (Commvault Web Server), and CVE-2025-1976 (Broadcom Brocade Fabric OS)—have been added to CISA’s KEV catalog. The Qualitia flaw is a remote stack-based buffer overflow (CVSS 9.8) allowing code execution without authentication. Commvault's vulnerability permits authenticated attackers to deploy web shells for persistent access (CVSS 8.8), while Broadcom's code injection flaw lets local admin users escalate to root (CVSS 8.4). All three are confirmed to be under active exploitation.

CISA has issued remediation deadlines under BOD 22-01—May 17 for Qualitia and Commvault, and May 19 for Broadcom. Federal agencies must comply or disconnect affected assets. The KEV catalog’s inclusion signals reliable evidence of exploitation and elevates the urgency of patching beyond CVSS severity alone. Notably, Commvault's ecosystem also includes CVE-2025-34028, a separate unauthenticated path traversal vulnerability with PoC available, increasing its threat profile.

Web shells—used in the Commvault attack vector—highlight a broader trend in persistent access techniques. These scripts give attackers command execution abilities post-compromise, enabling exfiltration, lateral movement, and integration into broader C2 infrastructures. Effective countermeasures include integrity monitoring, privilege restrictions, and layered network defenses.

A wave of critical vulnerabilities in Planet Technology’s industrial switches and network management systems could let attackers hijack devices, steal data, and sabotage industrial networks—with no credentials required.

In this urgent episode, we dissect:
🔓 The 5 worst flaws (CVSS 9.3+)—from hard-coded database passwords to pre-auth command injection—discovered by Immersive Labs’ Kev Breen.
🏭 Why factories and critical infrastructure are prime targets: These switches are widely used in manufacturing, energy, and OT environments.
💻 How hackers exploit them:

• MongoDB exposed? Default creds (planet:123456) let attackers dump configs.
• Bypass auth entirely with a malformed URL parameter (/dispatcher.cgi?cmd=532&ip_URL=;).
• Intercept device communications due to hard-coded keys.
  🛡️ CISA’s emergency advisory (ICSA-25-114-06)—and why patching WGS, NMS, and UNI-NMS devices is non-negotiable.
  🔍 The researcher’s journey: How a home lab, firmware analysis, and a lucky accident uncovered these flaws.

If your network relies on Planet Technology switches, this episode is a wake-up call. Tune in before attackers beat you to the patch.

A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required.

In this urgent episode, we break down:
💥 Why this flaw scores a perfect 10.0 CVSS—the highest severity rating possible.
🔍 How hackers are exploiting it: From stealing data to uploading PHP web shells (like filemanager.php) for persistent access.
🛠️ The root cause: A Yii framework regression (CVE-2024-58136) that lets attackers hijack servers via crafted __class payloads.
🌍 Real-world attacks: Evidence of in-the-wild exploitation since February 2025, with 13,000+ vulnerable instances still exposed.
⚡ The Metasploit factor: How a public exploit module is lowering the bar for cybercriminals.
🔒 Patch or perish: Why updating to Craft CMS 3.9.15/4.14.15/5.6.17 and Yii 2.0.52+ is non-negotiable.

Plus: Indicators of Compromise (IOCs) to check if you’ve been hit, and why "just patching" isn’t enough—malicious files persist even after updates.

If you run Craft CMS, this episode is a must-listen. Tune in before your server becomes the next victim.

Recent research by HiddenLayer has uncovered a shocking new AI vulnerability—dubbed the "Policy Puppetry Attack"—that can bypass safety guardrails in all major LLMs, including ChatGPT, Gemini, Claude, and more.

In this episode, we dive deep into:
🔓 How a single, cleverly crafted prompt can trick AI into generating harmful content—from bomb-making guides to uranium enrichment.
💻 The scary simplicity of system prompt extraction—how researchers (and hackers) can force AI to reveal its hidden instructions.
🛡️ Why this flaw is "systemic" and nearly impossible to patch, exposing a fundamental weakness in how AI models are trained.
⚖️ The ethical dilemma: Should AI be censored? Or is the real danger in what it can do, not just what it says?
🔮 What this means for the future of AI security—and whether regulation can keep up with rapidly evolving threats.

We’ll also explore slopsquatting, a new AI cyberattack where fake software libraries hallucinated by chatbots can lead users to malware.

Is AI safety a lost cause? Or can developers outsmart the hackers? Tune in for a gripping discussion on the dark side of large language models.

In this episode, we break down the most urgent cybersecurity developments from late April 2025—including the Lazarus Group’s high-profile “Operation SyncHole” targeting South Korean industries. Discover how attackers are exploiting newly disclosed vulnerabilities faster than ever, with nearly 1 in 3 CVEs weaponized within 24 hours of publication.

We dive deep into the Lazarus Group's tactics, including watering hole attacks, one-day and potential zero-day vulnerabilities in tools like Innorix Agent and Cross EX, and their deployment of advanced malware families like ThreatNeedle and AGAMEMNON.

But that’s not all—we also cover:

• The evolution of phishing-as-a-service with generative AI (Darcula and Gamma AI),
• The increasing exploitation of browsers as attack surfaces,
• A Linux rootkit that avoids detection by bypassing system calls,
• Nation-state cyber activity from Russia, China, Iran, and North Korea,
• And the silent crisis looming over the CVE program’s future funding.

Plus, we explore the growing importance of non-human identities (NHIs) in security strategies, and the ongoing risks in software supply chains—from malicious npm packages to cryptocurrency library compromises.

If you're a cybersecurity professional or threat analyst, this is your essential 30-minute intel download.

In this episode, we dissect the real-world challenges of securing Microsoft 365 environments—especially for small and medium-sized businesses—amid rising threats and licensing limitations.

From Reddit frustrations to official Microsoft documentation, we explore the harsh truth: many essential security features, like alerting on suspicious logins, require Azure AD Premium or Defender for Cloud Apps. Can SMBs still stay secure without these? We look at third-party workarounds and how far PowerShell and community tools like Admindroid can go.

We also take a hard look at OAuth 2.0 phishing—a growing tactic used by Russian threat actors to hijack accounts via malicious app consent. Learn how attackers are bypassing traditional login alerts by quietly enrolling new devices, and how Microsoft recommends detecting these OAuth abuses through risky app investigation and alert configuration.

Other key topics include:

• How to manage access from unmanaged devices using Conditional Access (and the licensing hurdles involved)
• Why Microsoft’s default alert policies fall short—and how to build custom ones for better protection
• What "trusted device" really means in a Zero Trust world, and how attackers are exploiting that ambiguity
• A checklist of practical security recommendations specifically for Microsoft 365 Business users

Whether you’re an IT admin trying to protect your org with basic licenses, or a security lead facing OAuth phishing on the front lines, this episode offers concrete strategies, policy insights, and a dose of real talk.

🎧 Tune in and learn how to secure Microsoft 365—even when your tools are limited and the threats are anything but.

Microsoft has acknowledged a serious issue affecting users of classic Outlook for Windows: CPU usage spikes up to 50% just from typing emails. First appearing in builds released since November 2024, this bug is now hitting users across several update channels—including Current, Monthly Enterprise, and Insider—leading to power drain, sluggish performance, and user frustration.

In this episode, we unpack:

• What’s causing the CPU spike when typing
• Why Microsoft’s workaround is a trade-off between stability and security
• How switching to the Semi-Annual Channel may help
• The long and growing list of classic Outlook bugs, from calendar sync errors to crashes and UI glitches
• What this means for IT teams managing enterprise deployments
• Whether it’s finally time to move to the “New Outlook” or look at alternatives

We also explore Microsoft's update channels, why managing Outlook versions is so complex, and what this bug reveals about the future of the classic Outlook client.

🔧 Fix pending. Workarounds available. But is this the tipping point?

#Outlook #Microsoft365 #EmailClient #ITAdmin #SysAdmin #TechPodcast #ProductivityApps #InfoSec #PatchTuesday

A newly discovered Android spyware campaign is targeting Russian military personnel by weaponizing a popular mapping app. Disguised as a cracked version of Alpine Quest Pro, this trojanized app delivers Android.Spy.1292.origin—a powerful surveillance tool that steals data, tracks location in real-time, and downloads secondary payloads to extract confidential files from apps like Telegram and WhatsApp.

In this episode, we break down:

• How the malware is distributed through Telegram and Russian app catalogs
• What makes this attack stealthy and effective (fully functional app + hidden spyware)
• The scope of data being exfiltrated, including location logs and secure messaging content
• The broader implications for mobile device security in military environments
• Why cracked apps are an increasingly common cyber weapon in conflict zones

We also look at past incidents targeting Ukrainian forces and explore what this reveals about evolving cyber espionage tactics on both sides of the war.

This is a critical discussion for anyone interested in mobile security, military tech, and the intersection of modern warfare and cyber intelligence.

#MobileSecurity #Spyware #AndroidMalware #MilitaryCybersecurity #CyberEspionage #AlpineQuest #AndroidSpyware #Infosec #OperationalSecurity #MDM #ThreatIntel #Podcast

Blue Shield of California has confirmed a data breach affecting 4.7 million members—caused not by hackers, but by a misconfigured Google Analytics setup. Sensitive health information was inadvertently exposed to Google’s ad platforms between April 2021 and January 2024. In this episode, we break down what went wrong, what data was leaked, and what this means for privacy, compliance, and trust in healthcare IT.

We’ll also explore:

• How analytics tools can become security liabilities
• Why this breach is especially concerning despite no SSNs or financial info being leaked
• What the lack of identity protection or individual notifications signals about corporate response
• The broader trend of targeted advertising risks tied to health data
• The regulatory and reputational fallout Blue Shield may face—especially after their previous ransomware-related incident

This is a critical episode for anyone working in healthcare IT, compliance, or security.

#DataPrivacy #HealthcareSecurity #BlueShieldBreach #GoogleAnalytics #HIPAA #CyberSecurity #HealthcareIT #InfoSec #TargetedAds #DataBreach #Podcast

Cybercrime in the U.S. has reached new, record-breaking heights.

In this episode, we dive deep into the FBI's 2024 Internet Crime Complaint Center (IC3) report — a comprehensive look at the economic and human toll of cybercrime in America. With $16.6 billion in reported losses, a 33% increase year-over-year, and 859,532 complaints filed, the data paints a grim picture of just how widespread and costly online threats have become.

We’ll unpack:

• Why fraud and ransomware continue to dominate the threat landscape
• The growing vulnerability of older Americans, who lost nearly $4.8 billion in 2024 alone
• How underreporting and imperfect tracking mean the real losses are likely much higher
• The rise of impersonation scams, including fake FBI agents preying on previous victims
• What this means for individuals, businesses, and national infrastructure moving forward

🔐 Whether you're in cybersecurity, risk management, or just trying to stay informed — this is an episode you don't want to miss.

🎧 Tune in now and find out what the numbers are really telling us.

#Cybersecurity #FBIIC3 #CybercrimeStats #Ransomware #InfosecPodcast #DataBreach #CyberThreats #ElderFraud #FraudPrevention #FBIReport #Podcast2025 #CybercrimeCrisis

The FBI has issued a stark warning about a growing scam targeting individuals who’ve already been victimized. In this episode, we unpack how fraudsters are impersonating employees of the FBI's Internet Crime Complaint Center (IC3), promising to help victims recover lost funds — only to scam them again.

We’ll break down:

• How the scam works and why it’s spreading
• The tactics scammers use to build trust
• Real examples, including fake IC3 directors and Telegram outreach
• What the FBI says they will never do
• Practical steps to avoid falling for “recovery scams”

Whether you're in cybersecurity, law enforcement, or just trying to stay safe online, this episode is a must-listen.

🔗 Report scams or get official info: ic3.gov

#Cybersecurity #FBI #IC3Scam #ImpersonationFraud #ScamAwareness #RansomwareRecovery #SocialEngineering #Cybercrime #DigitalSafety #Podcast

Cyberattacks are no longer rare shocks—they're a constant drumbeat in the background of our digital lives. In this episode, we take you on a deep dive into some of the most alarming recent data breaches, unpacking how they happened, what went wrong, and what you need to know to stay protected.

We kick off with the Western Sydney University breach, where personal data of thousands of students ended up on the dark web, all because of a compromised sign-on system. Then we examine the Office of the Comptroller of the Currency, where attackers gained long-term access through a superuser email account—highlighting the dangers of unmonitored admin access.

It doesn’t stop there. We explore how the Mirai botnet is still alive and kicking, turning everyday devices like DVRs into weapons, and how WK Kellogg Co was hit by the Klop ransomware gang using two zero-day vulnerabilities—flaws so new that no patch even existed yet.

We also break down the terrifying evolution of ransomware with groups like Racedo and INC using double extortion tactics—not just encrypting your data but also threatening to leak it unless you pay up. Even institutions like the Texas State Bar weren’t spared, proving that no sector is safe.

But it’s not all doom and gloom. This episode also focuses on solutions, highlighting how technology providers like StoneFly are stepping up with powerful tools to build digital resilience. From immutable backups and air-gapped storage to hyper-converged infrastructure (HCI) and delta-based snapshots, we show you what a modern, multi-layered defense really looks like.

Whether you’re an IT pro, a small business owner, or just someone who cares about data privacy, this episode is packed with critical insights to help you understand, prepare, and protect against today’s cyber threats.

🔐 It’s not about if an attack happens—it’s about how ready you are when it does.

In this deep-dive episode, we untangle some of today’s most critical cybersecurity threats—from GitHub’s complex quadruple supply chain attack to the rising concerns over Kubernetes vulnerabilities and serious flaws in Next.js. 🧠💻

We kick things off with an inside look at StoneFly’s robust approach to data protection, from immutable air-gapped backups to ransomware-resistant infrastructure. Then, we unpack how a simple GitHub token compromise spiraled into a four-level attack chain targeting high-profile companies like Coinbase.

🔐 Key Takeaways:

• What went wrong in the GitHub supply chain exploit
• The anatomy of ransomware-resilient data infrastructure
• The critical importance of immutable storage and commit hash pinning
• Breaking down Kubernetes’ “Ingress Nightmare” and its real-world exploitation
• Why Next.js vulnerabilities could expose sensitive app data

Whether you're a developer, sysadmin, or cybersecurity enthusiast, this episode is a must-listen to stay ahead of the threat curve.

Is your web app truly secure? In this episode, we break down a critical NextJS vulnerability (CVE-2025-29927) that could allow attackers to bypass authentication and access sensitive data—impacting millions of websites. We explain what went wrong, what it means for your projects, and exactly how to fix it (even if you can’t upgrade yet).

Then, we pivot to something equally vital: disaster recovery and data protection. Learn how StoneFly's cutting-edge solutions—like immutable snapshots, air-gapped backups, and real-time replication—can safeguard your data from ransomware and downtime in 2025.

✅ Tune in to understand the threats—and the tools to defend against them.
🎯 Whether you're a developer, sysadmin, or tech leader, this is your security wake-up call.

👉 Don’t wait for a breach—subscribe now and stay one step ahead of the next security risk.
💬 Got questions or tools you love? Drop us a comment or share the episode with your dev team!

From data breaches at major banks to ransomware crippling healthcare and tech companies, cyber threats are hitting harder than ever. In this episode, we break down the latest wave of attacks, the vulnerabilities being exploited, and what organizations can do to protect their data.

Key Takeaways:

🔹 Breaking down the latest cyberattacks – Who was hit and how it happened
🔹 Ransomware, supply chain breaches, and stolen credentials – The evolving threat landscape
🔹 Data protection strategies – Why backups, immutability, and air-gapping are critical
🔹 Third-party risk management – How vendors can be a hidden security weakness
🔹 Proactive security measures – Steps to safeguard your business before an attack

🔊 Tune in now to stay ahead of cyber threats!
📢 How prepared are you for a cyberattack? Share your thoughts and join the conversation!

Cyber threats are inevitable, but a strong incident response plan can make all the difference. In this episode, we explore the essential steps for creating an effective incident response strategy, helping organizations detect, respond to, and recover from cyber incidents with minimal disruption.

Key Takeaways:

🔹 What is an Incident Response Plan? – Why every organization needs one
🔹 Key components of a strong strategy – From detection to recovery
🔹 Best practices for rapid response – Minimizing downtime and damage
🔹 Common pitfalls to avoid – Ensuring your plan is practical and effective
🔹 Real-world insights – How top organizations handle cyber incidents

🔊 Tune in now to strengthen your cybersecurity defenses!
📢 Have experience with incident response? Share your insights and join the conversation!

The Department of Homeland Security (DHS) has abruptly shut down the Critical Infrastructure Partnership Advisory Council (CIPAC), the central hub for cybersecurity collaboration between the government and private sector. Why was it shut down? No one knows. What happens next? That’s the real concern.

In this episode, we break down why CIPAC was crucial for national cybersecurity, the risks of losing a coordinated threat intelligence network, and what businesses must do to stay protected. Without CIPAC, the responsibility to secure critical infrastructure now falls even more on private companies. Cybersecurity firms, like StoneFly, are stepping up to fill the gap—helping businesses secure data, manage risk, and prepare for a world where government-backed coordination is no longer guaranteed.

Join us as we discuss the hidden dangers of this shutdown, the potential for future government-private partnerships, and what organizations need to do right now to strengthen their security posture.

🔒 Cyber threats aren’t slowing down. Can businesses keep up without CIPAC? Tune in to find out.

Over 517,000 individuals are now at risk after the Pennsylvania State Education Association (PSEA) suffered a massive data breach in July 2024—claimed by the Rhysida ransomware gang. Personal, financial, and health data, including Social Security numbers and payment details, were stolen, putting educators and union members at serious risk.

In this episode, we break down:
 🔹 How Rhysida ransomware infiltrated PSEA’s systems and their 20 BTC ransom demand
🔹 The type of stolen data and what it means for affected individuals
🔹 Why notification delays raise concerns about breach response practices
🔹 Rhysida’s attack history, including breaches of the British Library, Sony’s Insomniac Games, and major hospitals
🔹 What victims can do to protect themselves from identity theft and fraud

This breach isn’t just another cyberattack—it’s a wake-up call for unions, nonprofits, and education institutions to bolster their security against ransomware-as-a-service (RaaS) operations like Rhysida. Tune in to understand the full impact and what comes next.

For nearly a decade, a malware campaign dubbed DollyWay has silently compromised over 20,000 WordPress websites, evolving from a ransomware and banking trojan distributor to a sophisticated scam redirection network. Researchers at GoDaddy have now uncovered the full scale of this operation, which generates 10 million fraudulent ad impressions per month by redirecting site visitors to fake crypto, gambling, and dating scams.

In this episode, we break down:
 🔹 How DollyWay exploits WordPress plugin vulnerabilities to gain access
🔹 Its multi-stage redirection system that filters traffic and evades detection
🔹 Advanced persistence mechanisms, including hidden admin accounts and automatic re-infection
🔹 The monetization strategy through networks like VexTrio and LosPollos
🔹 Why removing DollyWay is extremely difficult—and what website owners can do to protect themselves

With WordPress powering over 40% of the web, this campaign is a wake-up call for website administrators everywhere. Tune in as we dissect the inner workings of DollyWay and provide actionable security tips to keep your site safe.

4o

A newly discovered critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC Baseboard Management Controller (BMC) software puts thousands of servers at risk—including those from HPE, Asus, and ASRockRack. This flaw allows remote attackers to bypass authentication and take full control of affected servers, enabling malware deployment, firmware tampering, indefinite reboot loops, and even physical damage through over-voltage attacks.

In this episode, we break down:
 🔹 How this vulnerability works and why it’s so dangerous
 🔹 The widespread impact across cloud providers, data centers, and enterprises
 🔹 Why exploits are “not challenging” to develop, even though none have been found in the wild—yet
 🔹 Immediate actions IT teams should take, including patching, network isolation, and log monitoring
 🔹 The broader supply chain risk posed by MegaRAC firmware and lessons from past vulnerabilities

With over 1,000 exposed servers already identified online, organizations must act fast. Tune in now to understand the risks and how to protect critical infrastructure before attackers strike! 🎙️💻

Microsoft’s latest Windows 10 and 11 updates (KB5053598 and KB5053606) have accidentally uninstalled Copilot, the AI assistant, from some users' systems—leaving many relieved rather than frustrated. In this episode, we break down Microsoft’s response, the temporary workaround, and what this says about the ongoing struggles of AI integration in Windows.

We’ll discuss:

• How the Windows update mistakenly removed Copilot.
• Microsoft’s workaround and why the fix isn’t listed in the Windows release health dashboard yet.
• A look back at past Copilot-related update issues.
• User reactions—why so many are happy about Copilot’s unexpected removal.
• What this means for Microsoft’s AI strategy and Windows update reliability.

Is this just another Microsoft patch blunder, or does it signal deeper issues with Copilot’s adoption? Tune in for expert insights! 🎙️💻

A new and incredibly deceptive phishing campaign is targeting Coinbase users—but this isn’t your typical scam. Instead of stealing your recovery phrase, attackers are handing you one—a pre-generated phrase they control—tricking users into creating wallets the hackers can drain instantly.

Disguised as an official Coinbase email, the attack bypasses traditional security checks, using a convincing story about a court-mandated shift to self-custodial wallets. The emails, which originate from a compromised Akamai account via SendGrid, direct users to the legitimate Coinbase Wallet app but instruct them to import a recovery phrase that’s already compromised. The moment victims transfer funds, their assets are gone.

We break down:
 🔹 How this phishing campaign bypasses SPF, DKIM, and DMARC to land in inboxes.
🔹 Why this "reverse phishing" technique is a dangerous evolution in crypto scams.
🔹 The role of social engineering and trust manipulation in making this attack successful.
🔹 Coinbase’s response and why you should never use a recovery phrase given to you—ever.
🔹 Practical steps to identify and avoid crypto phishing scams before it’s too late.

🚨 Whether you're a casual investor or a seasoned crypto trader, this new breed of phishing attack is a wake-up call. Tune in now to learn how to protect your assets and stay ahead of cybercriminals! #CryptoSecurity #PhishingScam #CoinbaseHack

Black Basta, one of the most notorious ransomware gangs, has taken brute-force attacks to the next level with BRUTED—an automated framework designed to breach VPNs, firewalls, and remote access tools. In this episode, we break down how BRUTED works, its key targets—including Cisco AnyConnect, Fortinet SSL VPN, and Palo Alto GlobalProtect—and why this tool is a game-changer for ransomware operations.

Leaked internal chat logs reveal how Black Basta uses BRUTED to automate credential-stuffing attacks, making it easier to infiltrate corporate networks and scale ransomware campaigns. We’ll discuss the techniques this tool employs, how it evades detection, and what security teams can do to defend against it.

With ransomware gangs evolving their tactics, organizations need to harden their defenses now more than ever. We’ll cover practical security measures—like multi-factor authentication, rate limiting, and threat intelligence monitoring—to keep your edge devices secure from brute-force attacks.

Tune in to learn why BRUTED is a serious cybersecurity threat and what steps your organization must take to stay ahead.

In this episode, we unpack a major supply chain attack that compromised the widely used GitHub Action ‘tj-actions/changed-files’, affecting over 23,000 repositories. Attackers injected malicious code that exposed CI/CD secrets in build logs, creating a potential goldmine for further attacks.

We’ll break down:
 🔹 How the attack happened – The use of a compromised GitHub Personal Access Token (PAT).
🔹 The impact – CI/CD secrets dumped in plaintext inside workflow logs.
🔹 Why this attack is different – No data exfiltration, just public exposure.
🔹 GitHub’s response – The compromised code was removed, and a CVE was assigned.
🔹 Lessons for DevOps teams – Best practices to secure CI/CD pipelines.

This attack underscores the growing threat of supply chain vulnerabilities in software development. We'll explore what went wrong, how you can protect your repositories, and why pinning dependencies to commit hashes is critical.

If your organization uses GitHub Actions, this is a wake-up call. Don’t miss this deep dive into one of the biggest CI/CD security threats of 2025.

In this episode of The Deep Dive, we explore the ongoing tension between development and security teams in cloud environments. While developers prioritize speed and agility, security teams focus on risk mitigation—leading to friction that can hinder innovation. We discuss how platform teams act as a bridge, aligning both sides to create a secure yet efficient workflow. With insights from industry studies and solutions from Stonefly.com, we uncover strategies to foster collaboration, integrate security from the start, and build a strong foundation for cloud success. Tune in to learn how organizations can balance speed and security without compromise.

Ever wondered what lies beneath the surface of the internet? 🤔 In this deep dive, we uncover the mysteries of the Dark Web—a hidden part of the internet that isn't accessible through regular search engines. But what exactly is the Dark Web, and how does it work? Is it really as dangerous as it seems, or is there more to the story?

🚀 In this video, we’ll explore:
✅ What the Dark Web is and how it differs from the Deep Web 🌊
✅ How people access it using tools like Tor 🕵️‍♂️
✅ The legal and illegal activities happening there ⚖️
✅ Common myths and misconceptions 🚨
✅ How to protect yourself from cybersecurity risks 🔐

The Dark Web is often portrayed as a shadowy underworld full of hackers and criminals, but there's a lot more to it than meets the eye. From privacy-focused browsing to black markets, we'll break it all down so you can stay informed and safe online.

💬 What are your thoughts on the Dark Web? Have you ever explored it? Drop a comment below! ⬇️

🔥 Don’t forget to:
👍 Like this video if you found it interesting
🔔 Subscribe for more deep dives into tech, cybersecurity, and digital mysteries
📢 Share this video with friends who might find this topic intriguing!

#DarkWeb #CyberSecurity #DeepWeb #Hacking #InternetMysteries #OnlinePrivacy

Ever wondered how sensitive credentials—like API keys, passwords, and certificates—end up scattered across your systems? 🤔 This hidden cybersecurity risk, known as secret sprawl, makes organizations an easy target for cybercriminals. 🚨

In this episode, we uncover:
 ✅ The root causes of secret sprawl 🔍
 ✅ Why traditional security methods aren’t enough ❌
✅ How attackers exploit exposed secrets 🎭
✅ A proven 5-step remediation plan to secure your data 🛡️

🔹 Plus, we’ll explore StoneFly’s proactive approach to secrets management, from automated discovery to securing your infrastructure.

🚀 Don’t leave your organization vulnerable—watch now and take control of your cybersecurity! 🔑

Did you know your phone is constantly mapping Wi-Fi hotspots around you—even when you're not using GPS? In this deep dive, we uncover the unsettling world of Wi-Fi positioning systems, how they track your movements, and the serious privacy risks involved. From global router databases to potential surveillance threats, we explore the implications of this hidden technology. Plus, we share practical steps to protect your privacy, including router settings that can help you opt out. Tune in to stay informed and secure your data in an increasingly connected world!

In this episode, we dive into a crucial topic—data security for government agencies. With evolving cyber threats, traditional security measures no longer cut it. We explore the rise of Zero Trust Security, its impact, and how organizations like StoneFly provide encryption, granular access controls, and backup solutions to safeguard critical data. Plus, we discuss why cybersecurity isn’t just for agencies—it’s for everyone. Tune in to learn how to protect sensitive information in an increasingly digital world.

panese telecommunications giant NTT Communications Corporation (NTT Com) has disclosed a data breach affecting information from nearly 18,000 corporate clients. The breach was identified on February 5, 2025, when suspicious activity was detected in the company's internal Order Information Distribution System. Immediate measures were taken to restrict access to the compromised system. However, on February 15, further unauthorized access was discovered on another device, which was subsequently isolated. 

The compromised data includes contract numbers, customer names, contact persons' names, telephone numbers, email addresses, physical addresses, and details related to service usage. Notably, information pertaining to individual customers was not affected, as the breach involved only corporate clients. 

NTT Com has stated that, as of now, there is no evidence of the stolen information being misused. The company is in the process of notifying all affected customers and has committed to enhancing its security measures and monitoring systems to prevent future incidents.

A massive malvertising campaign has compromised one million devices worldwide, using malicious ads on illegal streaming websites to distribute malware. Dubbed Storm-0408, this cybercrime operation leveraged GitHub, Dropbox, and Discord to host payloads, deploying information stealers like Lumma and Doenerium alongside remote access trojans (RATs) like NetSupport. By exploiting Living-off-the-Land techniques, attackers evaded detection, modified security settings, and stole system credentials with precision.

In this episode, we uncover the full attack chain—from deceptive online ads to multi-stage malware infections. We’ll explore Microsoft’s response, the critical security flaws exploited, and what organizations can do to protect against these evolving threats. Tune in to learn how cybercriminals weaponize everyday platforms, and why endpoint detection, multi-factor authentication (MFA), and browser security are more essential than ever.

A cybercrime operation involving the theft and resale of $635,000 worth of concert tickets—primarily for Taylor Swift’s Eras Tour—has been uncovered. New York prosecutors revealed that two employees of a third-party StubHub contractor exploited a vulnerability in the ticketing system, intercepting over 350 ticket orders. By redirecting digital ticket links to themselves and their co-conspirators, the perpetrators resold them for massive profits.

In this episode, we break down the details of the scam, the role of insider threats in cybercrime, and how businesses can protect their platforms from similar exploits. We’ll also explore the legal consequences the accused face, what this means for online ticketing security, and the broader implications for consumer protection in high-demand event sales. Tune in as we dissect this sophisticated scheme and what it teaches us about digital security, fraud prevention, and the risks lurking in today’s online marketplaces.

In this episode, we take an in-depth look at Silk Typhoon, the Chinese state-sponsored cyber espionage group that’s radically shifting its tactics. Moving away from direct breaches, Silk Typhoon is now targeting IT supply chains—exploiting remote management tools, identity systems, and cloud services to infiltrate organizations more stealthily and at scale.

We explore how the group leverages stolen API keys, compromised credentials, and zero-day vulnerabilities to access downstream customer networks, and how their use of techniques like social engineering via Microsoft Teams further amplifies their threat. Learn about the construction of their covert networks using compromised devices, and how these sophisticated methods mark a significant evolution in cyber-espionage strategies.

Our discussion highlights Microsoft’s warnings about these emerging tactics and examines the broader implications for industries such as healthcare, defense, and government. We also share actionable insights on bolstering IT supply chain security—from enforcing strong authentication measures and patching vulnerabilities promptly, to enhancing network monitoring and incident response.

Tune in to understand how Silk Typhoon’s new approach is redefining the cybersecurity landscape and why proactive defense is more critical than ever. 

In this episode, we dive into Rayhunter—an open source tool from the EFF designed to detect Stingray devices (cell-site simulators) that compromise your mobile privacy. We break down how Rayhunter leverages an affordable Orbic RC400L mobile hotspot to intercept and analyze control traffic between your device and cell towers, alerting you to suspicious activities like forced 2G downgrades or unusual IMSI requests.

Explore the cutting-edge technology behind Rayhunter, its potential to empower users against covert surveillance, and the critical legal and safety considerations you need to know before deploying it. Whether you’re a tech enthusiast or a privacy advocate, this episode unpacks the promise and challenges of using open source tools to safeguard your digital life. Tune in for a deep dive into the future of mobile security!

The ransomware landscape is shifting, and Black Basta and Cactus are at the center of it. In this episode, we break down the connections between these two ransomware gangs, their shared tactics, and the use of BackConnect malware for stealthy post-exploitation access.

We explore how both groups use social engineering via Microsoft Teams—posing as IT help desk personnel—to trick employees into granting them remote access through Windows Quick Assist. With Black Basta reportedly fading and its leak site offline, is Cactus simply a rebranded version of the notorious gang? Or is there a deeper overlap in their membership?

We also discuss the role of BackConnect malware in obfuscating attacker movements, how ransomware gangs evolve after law enforcement crackdowns, and why businesses need to rethink their security strategies.

Key Takeaways:
🔹 How ransomware gangs like Black Basta and Cactus use social engineering to breach corporate networks
🔹 The role of BackConnect malware in maintaining stealth and persistence
🔹 The possible decline of Black Basta and whether its members have migrated to Cactus
🔹 Why ransomware groups rebrand and shift tactics after crackdowns
🔹 Actionable security measures to protect against evolving ransomware threats

Cyber threats are evolving—stay ahead of them. Tune in now! 

Cyberattacks are increasingly targeting OnlyFans users through sophisticated phishing schemes. These attacks leverage fake Cloudflare CAPTCHAs to trick users into running malicious scripts that install malware, such as remote access trojans and keyloggers, and they distribute malware through deceptive links. These links often masquerade as legitimate login pages or special offers, leading to the download of malware-laden files and installation of remote-control software. Defensive strategies include careful URL verification, avoiding suspicious script execution, enabling multi-factor authentication, and maintaining updated security software. Enterprises are urged to prioritize proactive security measures and employee training to protect against these evolving threats. Staying informed about the latest threats, like those detailed in cybersecurity newsletters, is vital for maintaining a strong security posture.

In a shocking move, Microsoft has banned the popular Material Theme – Free and Material Theme Icons – Free extensions from the Visual Studio Marketplace, removing them from millions of VSCode instances after cybersecurity researchers discovered potentially malicious code. With nearly 9 million downloads, these extensions were a staple for developers—until now.

What went wrong? In this episode, we break down:
✅ The Supply Chain Risk – How an outdated Sanity.io dependency may have been compromised.
✅ Suspicious Code & Obfuscation – Why security researchers flagged the extensions and what was found.
✅ Microsoft’s Response – The swift removal of the extensions, the ban on the developer, and upcoming disclosures.
✅ Developer’s Defense – The claims of misunderstanding and Microsoft’s alleged lack of communication.
✅ Lessons for Developers – How to detect security threats in VSCode extensions and safeguard your workflow.

With concerns over supply chain attacks growing, this case raises critical questions about extension security, dependency management, and how much control Microsoft should have over third-party tools. Tune in as we dissect the facts and explore what this means for developers worldwide.

Bybit, a cryptocurrency exchange, experienced a massive security breach resulting in a $1.46 billion loss, the largest crypto hack in history. The attack involved social engineering and sophisticated manipulation of a multi-signature wallet, with investigators suspecting North Korean hackers. Bybit is collaborating with experts to track the stolen funds, while ensuring customers that their assets are safe. Meanwhile, StoneFly, Inc., focuses on data center solutions, providing storage, backup, and disaster recovery solutions, including air-gapped and immutable options for ransomware protection. StoneFly's offerings cater to various industries, helping businesses protect and manage their data effectively through hybrid and cloud-based solutions.

Data security is no longer just about backing up files—it’s about protecting your business from sophisticated cyber threats like ransomware, malicious insiders, and compliance violations. In this episode, we explore how cyber threats are evolving and why traditional security approaches are no longer enough.

We dive into the layered security strategy offered by StoneFly, a leader in data protection and disaster recovery, and how their Smart Protect technology, 24/7 monitoring, encryption, and immutability create an impenetrable shield against cyberattacks.

You’ll hear real-world examples of how businesses have recovered from major breaches in just hours with Stonefly’s solutions, and why cybersecurity is a shared responsibility—not just an IT problem. We’ll also share practical tips on developing strong passwords, recognizing phishing threats, and fostering a cybersecurity culture.

With the average cost of a data breach hitting $4.45 million, can your business afford to take a reactive approach? Tune in to learn how to stay ahead of cybercriminals and secure your most valuable asset—your data.

In today’s hyper-connected world, cybercrime is no longer just about stolen credit card numbers or ransomware payouts—it’s a full-scale national security threat. In this episode, we dive deep into the blurred lines between cybercriminals and nation-state actors, exploring how hackers are being weaponized for geopolitical gain. From power grid attacks to data breaches that destabilize economies, the digital battlefield is expanding, and no one is safe.

We break down the challenges of attributing cyberattacks, the rise of cybercrime-as-a-service, and the role of countries like Russia, China, Iran, and North Korea in fostering this evolving threat landscape. You’ll hear why companies and individuals must take a proactive approach to cybersecurity and how solutions like StoneFly’s data protection and disaster recovery services are essential for safeguarding against modern cyber threats.

Whether you’re a business leader, IT professional, or just someone concerned about the future of cybersecurity, this episode will give you the insights you need to stay ahead of emerging digital threats. Tune in to learn how to protect your data, mitigate risks, and navigate the evolving cyber battleground.

Russia’s recent crackdown on cybercriminals—especially ransomware gangs—has raised eyebrows in the cybersecurity world. After years of perceived tolerance, what’s behind this sudden shift? In this episode, we break down the motivations driving Russia’s actions, from geopolitical leverage in negotiations with the U.S. to the increasing international pressure to rein in cybercrime.

We explore the long-standing “unspoken agreement” that allowed hackers to operate freely as long as they avoided Russian targets and the possibility that this latest crackdown is just a temporary move rather than a real cultural shift. Can Russia’s actions genuinely disrupt cybercrime, or is this just a game of whack-a-mole, with new groups emerging elsewhere?

Beyond the geopolitical intrigue, we also discuss the practical implications for businesses and individuals. With ransomware profits already declining in 2024, how should organizations adapt their security strategies? We offer expert insights on proactive cybersecurity measures, including the importance of backup, disaster recovery, and ransomware protection solutions from providers like Stonefly.

Key Discussion Points:
✔ Why is Russia cracking down on cybercriminals now?
✔ The role of international pressure and negotiations in Russia’s actions.
✔ The historic relationship between Russian authorities and hackers.
✔ The potential ripple effects: Will other nations like China or Iran fill the gap?
✔ How businesses can stay ahead of evolving cyber threats with proactive security solutions.

Is this the beginning of a real shift in global cybercrime, or just another political maneuver? Tune in to find out.

In this episode, we dive deep into a massive, ongoing brute force attack that's shaking up cybersecurity worldwide. With almost 2.8 million IP addresses involved daily, this attack is relentlessly targeting networking devices like VPNs, firewalls, and gateways from major vendors, including Palo Alto Networks, Ivanti, and SonicWall. But what's behind this global onslaught?

We'll explore the intricate details of how threat actors leverage a vast botnet of compromised devices—including MikroTik, Huawei, Cisco, Boa, and ZTE routers—to bombard edge devices with login attempts. By using residential proxies, attackers mask their origins, making their activities appear as if they're coming from ordinary home users, bypassing traditional detection methods.

Our discussion includes:

• How the Attack Works: Analyzing the brute force tactics and the use of residential proxies to evade detection.
• Geographic Breakdown: Understanding why Brazil, Turkey, Russia, Argentina, Morocco, and Mexico are hotspots for this malicious traffic.
• High-Quality Nodes and Proxy Exit Points: Discover how compromised gateways serve as premium proxy nodes, making the attacks harder to trace.
• Mitigation Strategies: Practical steps to safeguard your organization, including strong passwords, multi-factor authentication, IP allowlisting, disabling unused interfaces, and ensuring up-to-date firmware.

We also look at the broader implications of this attack wave, connecting the dots with other major incidents like Cisco’s credential brute-forcing campaign, Citrix’s password spray warnings, and recent zero-day exploits from Apple and Microsoft.

Join us as we break down this massive cyber threat, revealing the sophisticated tactics used by attackers and offering actionable insights to bolster your organization’s defense against such large-scale brute force assaults.

In this gripping episode, we uncover the audacious billion-dollar cyber heist orchestrated by the notorious Carbonak Group. Operating across 30 countries and targeting over 100 banks, this highly sophisticated cybercrime operation marks one of the largest financial thefts in history. We explore their ingenious techniques, from phishing emails laced with malicious exploits to ATM manipulation and database alterations that siphoned vast sums without triggering suspicion.

Join us as we dissect how Carbonak meticulously infiltrated banking systems, installed keyloggers, and observed operations for months before executing their heist. Discover the investigation's turning points, including the critical ATM glitch in Taipei and the surprising live communication between a Kaspersky Lab investigator and a hacker. We also delve into the psychological dynamics driving these cybercriminals—why some hackers view themselves as digital Robin Hoods—and the ever-evolving tactics they employ to stay ahead.

This episode offers a comprehensive analysis of Carbonak's operations and highlights essential cybersecurity lessons for banks, businesses, and individuals. Learn about the human vulnerabilities exploited in these crimes and how organizations can fortify their defenses in an era where digital bank robberies are the new frontier.

 In this deep dive, we explore the evolution of bank heists from physical robberies to sophisticated cyberattacks. Covering insights from Modern Bank Heists 2025: Revenge of the Zero Days, we break down zero-day exploits, supply chain attacks, and the rise of AI-powered cybercrime. Discover how financial institutions are targeted, why the motives behind these crimes are shifting, and how companies like StoneFly are strengthening digital defenses. Stay informed on the latest threats shaping the future of financial security. 

In this episode, we dive into the latest developments shaking the cryptocurrency world. We begin with a critical vulnerability in Ethereum's software that could have led to widespread network disruptions. Next, we cover a shocking case in the UK, where a gang received lengthy prison sentences for crypto-related torture and kidnapping. The conversation expands to discuss large-scale crypto scams and the evolving regulatory stance of the SEC.

As cybercrime continues to plague the crypto industry, we emphasize the shared responsibility for security between developers, platforms, and users. Robust cybersecurity measures and vigilant practices are crucial for protecting digital assets. We also spotlight StoneFly as a trusted cybersecurity resource to help navigate the complex landscape of crypto threats.

Join us as we explore the intersection of technology, crime, and regulation in the fast-evolving world of cryptocurrency.

In this episode, we break down Wi-Fi security from the ground up, using a detailed pen testing guide as our roadmap. We explain key concepts like the differences between 2.4 GHz and 5 GHz bands, as well as why outdated protocols like WEP are still worth understanding in today’s security landscape. Learn about advanced threats, including monitor mode, deauthentication attacks, and how hackers exploit WPS vulnerabilities to crack networks.

We dive into post-connection dangers like man-in-the-middle attacks, DNS spoofing, and session hijacking, revealing how hackers intercept sensitive information even on networks that appear secure. Plus, we share actionable steps to secure your network, from disabling WPS to enabling multi-layered security measures.

Stay tuned to learn why reliable backup and recovery solutions, like those from StoneFly, are essential digital safety nets when things go wrong. Whether you’re a security enthusiast or just trying to protect your home Wi-Fi, this episode has crucial insights you can’t afford to miss.

In this episode, we delve into the escalating threat of cyber attacks on healthcare systems, analyzing three high-profile data breaches that have impacted millions of patients and providers. From the North Bay Healthcare breach compromising over 569,000 individuals' sensitive information to the River Region Cardiology incident involving 1.2 terabytes of stolen data, we explore how the healthcare sector has become a prime target for ransomware attacks.

Our expert discussion covers the emotional and financial toll on patients, the operational chaos for providers, and why healthcare data is so highly sought after on the dark web. We also provide practical advice on strengthening cybersecurity, from implementing secure backups to choosing security-conscious healthcare providers.

Whether you're a healthcare professional, IT leader, or concerned patient, this episode offers invaluable insights and actionable steps to navigate the growing landscape of cyber threats in healthcare.