Best Dropzone Podcasts (2025)

1
Dropzone AI Secures $37M to Tackle Alert Fatigue with Autonomous SOC Analysts 17:11

9d ago17:11

17:11

In this episode, we dive into Dropzone AI’s landmark $37 million Series B funding round, bringing the company’s total raised to over $57 million. Backed by major investors, Dropzone AI is accelerating the development of its AI-powered SOC analysts — tools designed to autonomously investigate and resolve security alerts across critical threat catego…

1
ReVault: Critical Dell Firmware Flaws Allow Windows Login Bypass and Persistent Implants 48:07

1h ago48:07

48:07

In a powerful reminder that hardware security is just as critical as software defense, Cisco Talos researchers have uncovered “ReVault,” a collection of five high-severity firmware vulnerabilities in Dell’s ControlVault3 subsystem. These flaws impact over 100 Dell laptop models, including the Latitude, Precision, and XPS series—devices used widely …

1
Air France–KLM Data Breach Exposes Customer Info via Compromised Third-Party Platform 36:56

1h ago36:56

36:56

The aviation industry has suffered yet another major cybersecurity incident. Air France and KLM have confirmed a data breach impacting customer records via an external customer service platform. While no sensitive financial or identity documents were compromised, attackers successfully accessed unspecified customer data—prompting both airlines to n…

1
Critical Flaws in CyberArk Conjur and HashiCorp Vault Put Enterprise Secrets at Risk 37:29

7h ago37:29

37:29

Enterprise secrets managers—long considered the most secure components in modern infrastructure—are now under fire. In a groundbreaking report, cybersecurity firm Cyata revealed 14 critical zero-day vulnerabilities across CyberArk Conjur and HashiCorp Vault, exposing flaws that allow unauthenticated attackers to achieve remote code execution (RCE),…

1
Prompt Injection Nightmare: Critical AI Vulnerabilities in ChatGPT, Copilot, Gemini & More 56:52

18h ago56:52

56:52

Enterprise AI assistants are revolutionizing productivity—but they’re also opening new doors for cyberattacks. In this episode, we explore explosive research from Zenity Labs, which reveals that leading AI tools like ChatGPT, Microsoft Copilot, Google Gemini, Cursor, and Salesforce Einstein are vulnerable to prompt injection attacks—a class of expl…

1
From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis 46:37

14h ago46:37

46:37

A new wave of cyber extortion is sweeping across global enterprises, and the battlefield is Salesforce CRM. The notorious **ShinyHunters group—tracked internally by Google as UNC6040/UNC6240—**has launched a coordinated series of breaches using vishing (voice phishing) to compromise employee credentials, exfiltrate sensitive customer data, and dema…

1
Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles 31:43

17h ago31:43

31:43

Cisco has confirmed a new data breach after a vishing (voice phishing) attack tricked a company representative into exposing access to a third-party CRM system. Detected on July 24, 2025, the breach compromised basic user details such as names, emails, and phone numbers of Cisco.com registrants. While the data was non-sensitive, the incident unders…

1
Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities 52:37

20h ago52:37

52:37

The world of application security is shifting dramatically as AI begins to move from simply flagging vulnerabilities to actively fixing them. Ox Security has launched Agent Ox, a groundbreaking AI-powered extension designed to automate secure, organization-specific code fixes. Unlike generic coding assistants that offer boilerplate advice, Agent Ox…

1
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp 34:45

22h ago34:45

34:45

Meta has removed 6.8 million accounts tied to criminal scam centers in the first half of 2025, marking one of the most aggressive crackdowns on digital fraud in the company’s history. The move comes amid an alarming surge in online scams that cost global victims $16.6 billion in 2024 alone, a 33% increase from the year before. Many of these scams a…

1
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case 30:59

1d ago30:59

30:59

In a landmark decision, a California jury has ruled Meta guilty of violating user privacy laws in a class-action lawsuit tied to the popular Flo Health period tracking app. Plaintiffs alleged that Meta, through embedded software tools and tracking pixels, collected deeply personal menstrual and fertility data — from period dates to pregnancy goals …

1
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets 1:06:45

1d ago1:06:45

1:06:45

In a stunning development, Taiwanese authorities have arrested six individuals suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s most advanced semiconductor producer. At the heart of the case is TSMC’s 2-nanometer (2nm) chip technology, a crown jewel in the global race for next-generation AI and hig…

1
Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats 55:37

3d ago55:37

55:37

In a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 million (approximately $6.7 million) in Series A funding. The round, led by the Investment Fund for Scotland with support from Souter Investments, Lanza techVentures, and Scottis…

1
Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes 1:07:32

3d ago1:07:32

1:07:32

This October, Pwn2Own Ireland 2025 will take over Cork with one of the most ambitious cybersecurity competitions yet. Co-sponsored by Meta and organized by Trend Micro’s Zero Day Initiative (ZDI), the event is putting record-breaking payouts on the line — including up to $1 million for a zero-click WhatsApp exploit that can deliver remote code exec…

1
Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack 1:02:48

4d ago1:02:48

1:02:48

A major warning has hit the AI community: Nvidia’s Triton Inference Server — one of the most widely used open-source platforms for deploying and scaling AI models — has been found to contain critical vulnerabilities that could allow attackers to take complete remote control of affected systems. The discovery, made by cloud security firm Wiz, reveal…

1
CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses 43:50

4d ago43:50

43:50

The U.S. Department of Homeland Security, through CISA and FEMA, has announced over $100 million in new cybersecurity grant funding for Fiscal Year 2025 — a critical investment aimed at protecting America’s most vulnerable digital frontlines. The funding is split between the State and Local Cybersecurity Grant Program (SLCGP), allocating $91.7 mill…

1
AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs 1:26:28

4d ago1:26:28

1:26:28

In this episode, we examine the rapidly growing threat of AI jailbreaks — a cybersecurity challenge reshaping the landscape of large language models (LLMs) and enterprise chatbots. According to the IBM 2025 Cost of a Data Breach Report, 13% of all data breaches now involve AI systems, with the vast majority stemming from jailbreak attacks that circ…

1
350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach 40:18

4d ago40:18

40:18

In this episode, we investigate the Northwest Radiologists data breach, a devastating cyberattack that compromised the personal and medical information of approximately 350,000 patients in Washington State between January 20 and January 25, 2025. What began as a so-called “network disruption” was later revealed to be a massive breach that exposed a…

1
Critical Honeywell Experion PKS Vulnerabilities Threaten Global Industrial Control Systems 1:16:35

8d ago1:16:35

1:16:35

In this episode, we analyze the multiple vulnerabilities recently disclosed in Honeywell’s Experion Process Knowledge System (PKS), a widely deployed industrial control and automation solution that underpins operations in energy, chemical plants, manufacturing, healthcare, and transportation sectors worldwide. Reported by CISA and Positive Technolo…

1
Auto-Color Linux Malware Exploits SAP Zero-Day CVE-2025-31324 36:36

8d ago36:36

36:36

In this episode, we uncover the Auto-Color Linux malware, a stealthy and highly persistent Remote Access Trojan (RAT) that is rapidly emerging as one of the most dangerous threats of 2025. First identified by Palo Alto Networks’ Unit 42 and later analyzed by Darktrace, Auto-Color has now been linked to active exploitation of CVE-2025-31324, a criti…

1
Inside the July 2025 PyPI Phishing Scam: How Hackers Stole Developer Credentials 54:17

8d ago54:17

54:17

In this episode, we investigate the growing cybersecurity storm targeting the Python Package Index (PyPI) — the backbone of Python’s software distribution ecosystem. A recent phishing campaign in July 2025 has developers on high alert, as attackers impersonated PyPI using a deceptive domain (pypj.org) to trick maintainers into handing over their cr…

1
IoT Security Crisis: Dahua Smart Camera Vulnerabilities Expose Surveillance Systems 1:02:05

8d ago1:02:05

1:02:05

In this episode, we examine the alarming discovery of critical security vulnerabilities in Dahua smart cameras, one of the world’s most widely deployed surveillance systems. Researchers at Bitdefender uncovered two zero-click flaws — CVE-2025-31700 and CVE-2025-31701 — that allow unauthenticated remote attackers to gain root access to Dahua devices…

1
Axonius Buys Cynerio for $100M+: Closing Healthcare’s Biggest Cybersecurity Blind Spot 1:36:30

9d ago1:36:30

1:36:30

In this episode, we explore Axonius’s landmark acquisition of Cynerio, a healthcare cybersecurity company specializing in protecting vulnerable medical devices like MRI machines, infusion pumps, and ventilators. The deal — valued at over $100 million in cash and stock — marks Axonius’s first-ever acquisition and signals a major strategic expansion …

1
Critical Lenovo Firmware Flaws Expose Millions to Persistent UEFI Attacks 42:00

9d ago42:00

42:00

In this episode, we examine a critical firmware security crisis shaking Lenovo devices worldwide. Security researchers at Binarly have uncovered six serious vulnerabilities in the Insyde BIOS firmware used in Lenovo’s IdeaCentre and Yoga product lines. Four of these flaws, rated high severity, reside in the System Management Mode (SMM) — a privileg…

1
Promptfoo Secures $18.4M to Combat AI Security Threats in Generative AI 36:50

9d ago36:50

36:50

In this episode, we dive into Promptfoo’s groundbreaking $18.4 million Series A funding round, led by Insight Partners and supported by Andreessen Horowitz, bringing the AI security startup’s total funding to $23.4 million. Founded in 2024, Promptfoo has quickly emerged as a leader in securing Large Language Models (LLMs) and generative AI applicat…

1
1.1 Million Private Messages Leaked: Inside the Tea App Privacy Disaster 23:58

10d ago23:58

23:58

A platform designed to protect women’s safety in dating has instead become a nightmare for its users. In this episode, we uncover the catastrophic Tea app data breach, which exposed more than 59 GB of highly sensitive user data due to a fundamental security failure: a completely public Firebase storage bucket with no authentication, no encryption, …

1
Job Scams, Corporate Espionage, and Digital Deception: Inside the Deepfake Crisis 1:16:30

10d ago1:16:30

1:16:30

Deepfake technology has evolved from a fringe novelty into one of the most serious cybersecurity and national security threats of our time. In this episode, we examine how artificial intelligence–generated synthetic media is being weaponized to impersonate CEOs, manipulate elections, infiltrate corporate networks, and damage reputations worldwide. …

1
Microsoft Exposes Major macOS Flaws in Transparency, Consent, and Control 1:23:13

10d ago1:23:13

1:23:13

In this episode, we dive deep into Microsoft Threat Intelligence’s latest findings on two critical macOS vulnerabilities that shook Apple’s privacy defenses. The flaws, identified as CVE-2025-31199 (Sploitlight) and CVE-2024-44133 (HM Surf), specifically targeted Apple’s Transparency, Consent, and Control (TCC) framework, the system designed to gua…

1
Aeroflot in Chaos: How Hackers Crippled Russia’s Flagship Airline 24:25

10d ago24:25

24:25

On July 28, 2025, Aeroflot—Russia’s largest state-owned airline—was brought to its knees in one of the most severe cyberattacks since the country’s invasion of Ukraine in 2022. The sophisticated assault, carried out by Ukrainian hacktivist group Silent Crow and the Belarusian Cyber-Partisans, led to the cancellation of more than 100 flights, strand…

1
Neferpitou Claims Cyberattack on French Naval Defense Giant 44:17

11d ago44:17

44:17

French defense contractor Naval Group, a cornerstone of Europe’s naval defense industry, is facing a high-stakes cybersecurity crisis. A threat actor known as “Neferpitou” claims to have exfiltrated 1TB of sensitive data, including combat management system (CMS) source code for submarines and frigates, technical documents, developer virtual machine…

1
Root Evidence Launches With $12.5M to Redefine Vulnerability Management 36:51

11d ago36:51

36:51

In July 2025, a team of seasoned cybersecurity leaders launched Root Evidence, a Boise-based startup with a mission to revolutionize how organizations tackle vulnerability management. Armed with $12.5 million in seed funding led by Ballistic Ventures, founders Jeremiah Grossman, Robert Hansen, Heather Konold, and Lex Arquette are setting out to fix…

1
NASCAR Hit by Medusa Ransomware: 1TB of Data Stolen in April 2025 Cyberattack 41:21

11d ago41:21

41:21

In April 2025, NASCAR became the latest victim of a major cyberattack, with hackers infiltrating its network between March 31 and April 3. During the breach, personal information—including names and Social Security numbers—was exfiltrated from NASCAR’s systems. In response, the organization has notified affected individuals, activated its incident …

1
Scattered Spider Strikes Again: Inside the VMware ESXi Ransomware Tactics 55:59

11d ago55:59

55:59

In this episode, we examine the sophisticated operations of Scattered Spider—also known as Muddled Libra, UNC3944, and Octo Tempest—a financially motivated cybercriminal group that has redefined the ransomware threat landscape. Recently highlighted by Google’s Threat Intelligence Group (GTIG), Scattered Spider has escalated its attacks by targeting…

1
Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux 44:03

14d ago44:03

44:03

A new and highly sophisticated malware strain named Koske is redefining the threat landscape for Linux environments. Suspected to be partially developed using artificial intelligence, Koske introduces novel and highly evasive techniques, blending image files, rootkits, and adaptive cryptomining logic to create a stealthy and persistent backdoor int…

1
Operation Checkmate: BlackSuit Ransomware’s Dark Web Sites Seized 39:19

14d ago39:19

39:19

BlackSuit, the ransomware strain known for crippling critical sectors and demanding multi-million dollar payouts, has just suffered a devastating blow. In a coordinated international law enforcement operation codenamed "Operation Checkmate," authorities—including the U.S. Department of Justice, Homeland Security Investigations, FBI, Europol, the UK…

1
Coyote Malware Exploits Microsoft UI Automation in First-Ever Wild Attack 34:14

14d ago34:14

34:14

A new banking trojan called Coyote has emerged as a groundbreaking cyber threat, becoming the first known malware in the wild to exploit Microsoft’s User Interface Automation (UIA) framework—an accessibility tool originally designed to help users interact with Windows interfaces. But in the hands of attackers, UIA becomes a weapon of stealth and pr…

1
No Fix Coming: Remote Code Execution Flaw in 1,300 LG Security Cameras 31:12

14d ago31:12

31:12

A newly disclosed critical vulnerability, CVE-2025-7742, is putting hundreds of LG Innotek LNV5110R security cameras at risk around the world—including within critical infrastructure. This high-severity authentication bypass flaw allows remote attackers to gain full administrative control without credentials, giving them access to live camera feeds…

1
ToolShell Exploited: China-Linked Hackers Breach NNSA and U.S. Government Networks 1:14:36

15d ago1:14:36

1:14:36

In one of the most concerning state-sponsored cyber incidents of the year, Chinese hackers exploited zero-day vulnerabilities in Microsoft SharePoint to breach the networks of the National Nuclear Security Administration (NNSA)—the U.S. agency responsible for managing the nation's nuclear arsenal. The attackers, part of a suspected Chinese state-sp…

1
Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts 41:44

15d ago41:44

41:44

In this episode, we expose the alarming supply chain attack that compromised millions of JavaScript projects across the globe. This sophisticated breach targeted the NPM ecosystem, infecting widely-used packages like eslint-config-prettier and is, through a coordinated phishing campaign and the exploitation of non-expiring legacy access tokens. Att…

1
Clorox Sues Cognizant Over $356M Cyberattack: Who's Really to Blame? 44:38

15d ago44:38

44:38

In one of the most dramatic cybersecurity legal battles of the past year, Clorox has filed a lawsuit against IT services giant Cognizant, accusing the company of gross negligence that allegedly enabled a catastrophic 2023 cyberattack. The breach wreaked havoc on Clorox's operations—causing widespread product shortages, a multibillion-dollar hit to …

1
HeroDevs Secures $125M to Extend Life of Critical Open Source Software 35:36

15d ago35:36

35:36

In this episode, we dive deep into HeroDevs' recent $125 million strategic growth investment, a move that signals a major expansion in the fight against the vulnerabilities of end-of-life (EOL) open source software. Based in Salt Lake City, HeroDevs has carved out a critical niche—providing "Never-Ending Support" (NES) to ensure security, complianc…

1
UK Moves to Ban Ransomware Payments for Public Sector and Critical Infrastructure 48:22

16d ago48:22

48:22

In a landmark move to disrupt the financial engine powering ransomware attacks, the United Kingdom is pushing forward with legislation that would ban ransom payments across the public sector and critical national infrastructure (CNI). This sweeping proposal covers everything from local councils and schools to healthcare providers like the NHS, aimi…

1
New SysAid Vulnerabilities Added to CISA’s KEV List: XXE Flaws Could Enable RCE 26:10

16d ago26:10

26:10

Two newly added vulnerabilities in SysAid’s On-Prem IT support software — CVE-2025-2775 and CVE-2025-2776 — have officially joined the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, signaling increased concern around their potential abuse. While there are no confirmed reports of public explo…

1
Lumma Stealer Returns: Malware-as-a-Service Resurges After Global Takedown 44:16

16d ago44:16

44:16

In this episode, we unpack the rapid and concerning resurgence of Lumma Stealer, a sophisticated Malware-as-a-Service (MaaS) platform, just months after a major international takedown. Despite Microsoft, the FBI, Europol, and global partners dismantling over 2,500 malicious domains and seizing critical infrastructure in May 2025, Lumma Stealer has …

1
Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access 37:32

16d ago37:32

37:32

Hackers are actively exploiting a trio of critical zero-day vulnerabilities in Cisco’s Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), prompting urgent patching directives from the company. The flaws — CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337 — each carry a maximum CVSS severity score of 10.0, indicating the highe…

1
ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access 58:23

17d ago58:23

58:23

A new wave of zero-day attacks—collectively known as ToolShell—is actively targeting Microsoft SharePoint servers, with two vulnerabilities (CVE-2025-53770 and CVE-2025-53771) allowing unauthenticated remote code execution and identity control bypass. First observed in high-value targets across government, critical infrastructure, and manufacturing…

1
CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks 22:13

17d ago22:13

22:13

A critical zero-day vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, giving attackers administrative access to over a thousand unpatched servers globally. This severe security flaw—caused by improper validation in the AS2 protocol—has exposed enterprise-managed file transfer (MFT) systems across the US, Europe, and Canada. Se…

1
Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform 23:49

17d ago23:49

23:49

Dell Technologies is the latest target in a growing trend of data extortion attacks as threat actors pivot away from traditional ransomware. The cybercrime group known as World Leaks—a rebrand of the former Hunters International gang—has claimed responsibility for breaching Dell’s Customer Solution Centers (CSC), a sandbox environment used primaril…

1
Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting 59:16

17d ago59:16

59:16

A critical vulnerability in ExpressVPN’s Windows client has put a spotlight on the often-overlooked dangers of debug code making its way into production software. This episode dives into how a debug configuration error allowed Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, potentially exposing users’ real IP addresses and compromis…

1
Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack 41:11

18d ago41:11

41:11

In this episode, we unpack the January 2025 data breach at Dior, the iconic luxury fashion house, which exposed sensitive personal information of U.S. customers—including names, addresses, and even Social Security and passport numbers. Although payment data remained secure, the incident's impact is substantial, both in terms of customer trust and c…

1
StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE 52:49

18d ago52:49

52:49

In an era where generative AI is being used not just for productivity but for precision cybercrime, a San Francisco-based startup, StrongestLayer, is taking a bold stand. Backed by $5.2 million in seed funding from Sorenson Capital and others, the company is pioneering a radically new approach to cybersecurity with its AI-native platform TRACE (Thr…

Podcasts Worth a Listen

Dropzone Podcasts

Podcasts Worth a Listen

Quick Reference Guide