Two newly disclosed critical vulnerabilities—CVE-2025-5349 and CVE-2025-5777—have put Citrix NetScaler ADC and Gateway deployments at serious risk, exposing enterprise environments to potential data breaches and service disruptions. These flaws underscore the persistent challenges facing infrastructure teams, especially when balancing security patc…

A malware distribution network hiding in plain sight — on GitHub. This episode unpacks the Stargazers Ghost Network, a massive Distribution-as-a-Service (DaaS) infrastructure run by a threat actor known as Stargazer Goblin. Using over 3,000 GitHub accounts, this operation pushes dangerous information-stealing malware disguised as legitimate game mo…

A single vendor was compromised — and suddenly, internal records from UBS, Pictet, Manor, and Implenia were leaked. The Chain IQ cyberattack is a textbook example of how fragile the digital supply chain has become. This episode dissects the breach that exposed names, roles, phone numbers, even CEO contact details of over 137,000 UBS employees, and …

Cybercriminals are increasingly turning GitHub into a malware distribution network. In this episode, we unpack two of the most alarming recent campaigns: Water Curse and Banana Squad — both targeting developers, red teams, and security professionals through poisoned open-source projects. Water Curse, a financially motivated group, used at least 76 …

State and local governments are under cyber siege. In this episode, we break down how and why these public institutions have become top targets for attackers — and why the threats are getting worse. Digitization is expanding public access to services, but it's also opening new doors for threat actors. Many local authorities still rely on legacy IT …

CVE-2025-1568, dubbed "GerriScary", has shaken the open-source ecosystem by exposing a fundamental weakness in Google’s Gerrit code review system—one that could have enabled attackers to infiltrate 18 of Google’s most widely used open-source projects, including Chromium, ChromiumOS, Dart, and Bazel. This episode breaks down how the vulnerability wa…

Cisco and Atlassian have both released urgent security advisories in response to newly discovered high-severity vulnerabilities—and the implications are serious. Cisco’s firmware flaws impact Meraki MX and Z Series devices running AnyConnect VPN. A bug in the SSL VPN process allows authenticated attackers to crash the VPN server, causing repeated d…

A deep dive into one of the most aggressive ransomware groups operating today—Play—and their latest high-profile target: Krispy Kreme. Operating since 2022, the Play ransomware group has become notorious for its double extortion model, where sensitive data is exfiltrated before systems are encrypted. Victims are pressured not just by digital ransom…

In this episode, we unpack the dramatic takedown of Archetyp Market, a darknet marketplace that dominated the online drug trade since its launch in May 2020. With over €250 million ($290 million) in drug transactions, more than 600,000 users, and 17,000 listings, Archetyp wasn’t just another darknet forum—it was the largest dedicated drug market on…

In this episode, we break down one of 2025’s most significant healthcare cybersecurity incidents: the ransomware attack on Ocuco, a global eyecare software provider. On April 1st, 2025, threat actors from the KillSec ransomware group exploited CVE-2024-41197 — a critical authentication bypass in Ocuco’s INVCLIENT.EXE — to gain Administrator-level a…

In this episode, we dive deep into the current state of cybersecurity in healthcare, where the growing sophistication of cyber threats has led to increasingly devastating breaches. We begin with a close look at the rise of Ransomware-as-a-Service (RaaS), focusing on DragonForce, a ransomware group that has transitioned from politically motivated at…

In this episode, we break down the seismic implications of Google’s proposed $32 billion acquisition of Wiz, the world’s largest cybersecurity unicorn—and why this isn’t just another tech deal. At the core is the U.S. Department of Justice's antitrust investigation, triggered by concerns that the deal could tighten Google’s grip on a critical secto…

In this critical episode, we dive into the alarming exploitation of CVE-2024-57727, a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software actively leveraged by ransomware operators since early 2025. This isn't just a theoretical risk—it's already being used to compromise utility billing providers and downstream MSP customers…

In this episode, we dissect UNK_SneakyStrike—a major account takeover campaign targeting Microsoft Entra ID users with precision and scale. Tracked by Proofpoint, this campaign began in December 2024 and has since escalated, leveraging TeamFiltration, a legitimate penetration testing tool, to enumerate users and launch password spraying attacks tha…

In this episode, we dive deep into one of the most critical attack techniques in modern cyber warfare: privilege escalation—and how it recently hit center stage with three high-severity vulnerabilities discovered in Tenable’s Nessus Agent for Windows. We break down CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, which, when exploited, allow a n…

A major cyberattack has rocked Canada's second-largest airline, WestJet—crippling internal systems and prompting warnings for customers to monitor their accounts and change passwords. But this is more than just a corporate incident. It’s the latest sign of a broader, escalating crisis in aviation cybersecurity. In this episode, we examine the WestJ…

In this episode, we dig into a disturbing yet underreported national security threat: the exploitation of internet-connected surveillance cameras—especially those manufactured in the People’s Republic of China—as a cyber weapon against U.S. critical infrastructure. Drawing from recent DHS intelligence briefings and independent cybersecurity analyse…

In this episode, we dive deep into the alarming revelations surrounding Graphite, a powerful spyware tool developed by Israeli firm Paragon Solutions. Promoted as a “responsible alternative” to the NSO Group’s Pegasus, Graphite is now implicated in the surveillance of journalists, humanitarian activists, and civil society figures—contrary to the ve…

zeroRISC just raised $10 million to bring OpenTitan—the first open-source silicon Root of Trust—to market. In this episode, we break down what this funding means for the future of supply chain security, and why investors are betting on open hardware to fix vulnerabilities baked into modern chips. We explore how geopolitical tension, forced labor en…

The financial services industry is under siege. In this episode, we unpack the latest findings from Radware’s 2025 Financial Threat Analysis and multiple intelligence reports detailing a relentless rise in cyberattacks targeting banks and financial institutions across the globe. We examine the surge in sophisticated attacks that blend legitimate to…

In this episode, we break down Trend Micro’s urgent June 10th security update that patched ten high- and critical-severity vulnerabilities—some with CVSSv3.1 scores as high as 9.8—across Apex Central and Endpoint Encryption PolicyServer (TMEE). While no active exploitation has been observed, the risks are too severe to ignore. We spotlight the most…

In this episode, we dissect the critical vulnerabilities plaguing Mitel MiCollab, a widely used unified communications platform, and explore how attackers are exploiting these flaws in the wild. Recently, security researchers uncovered a trio of dangerous vulnerabilities, including CVE-2024-35286 (a SQL injection flaw), CVE-2024-41713 (an authentic…

Join us for a gripping discussion on "Operation Secure," a landmark international crackdown that reverberated through the dark corners of the cybercriminal world between January and April 2025. Led by INTERPOL and involving law enforcement from 26 countries, primarily across the Asia-Pacific region, this massive coordinated effort, bolstered by cri…

On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many traced back to DigitalOcean infrastructure, were involved in a widespread and opportunistic campaign. In this episode, we dissect the attack pattern, what makes Apache Tomcat a…

On May 12, 2025, the Texas Department of Transportation (TxDOT) disclosed a significant data breach that compromised crash reports containing personal data of over 423,000 individuals. In this episode, we take a forensic look at what went wrong, how one compromised account enabled unauthorized downloads of sensitive crash data, and what this means …

What happens when hundreds of thousands of college applications are submitted—not by hopeful students, but by bots using stolen identities? In this episode, we dive deep into the alarming rise of financial aid fraud in U.S. higher education, driven by "ghost students" and increasingly sophisticated scams powered by AI. From fraud rings applying for…

In this episode, we break down the massive supply chain attack that rocked the React Native ecosystem beginning on June 6, 2025. Over 16 NPM packages, collectively downloaded over one million times per week, were silently weaponized with a Remote Access Trojan (RAT) embedded in obfuscated code. The attack, linked to the same threat actor behind the…

In this episode, we dive into the latest wave of active Mirai botnet campaigns exploiting high-severity remote code execution (RCE) vulnerabilities in critical enterprise and IoT systems. The Mirai malware—still evolving nearly a decade after its first appearance—has adapted its tactics to weaponize recent CVEs with CVSS scores of 9.8 and 9.9, impa…

On June 5, 2025, United Natural Foods Inc. (UNFI)—North America's largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a major cyberattack that forced the company to shut down key IT systems. The result: widespread delivery disruptions to over 30,000 locations across the U.S. and Canada, eerily empty…

In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. By abusing GitHub’s search functionality and reputation signals, threat actors are pushing backdoored code under the guise of popular tools, game cheats, and …

In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early 2024. ClickFix exploits the human tendency to trust browser prompts by using fake error messages, CAPTCHA pages, and verification requests to convince users to execute malicious PowerShell…

Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six key trends reshaping the global threat landscape, including AI as an attack surface, multichannel intrusions, and the rising exploitation of personal identities. But we don’t stop at theory. W…

In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid succession following targeted attacks. At the center is CVE-2025-5419, a high-severity out-of-bounds read/write flaw in the V8 JavaScript engine that allows attackers to exploit heap corruption…

Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the newly enacted Cyber Security Act 2024. In this episode, we dissect what this means for businesses, law enforcement, and the global cybersecurity landscape. We break down the key aspects of the legi…

In this episode, we dive into Trustifi’s recent $25 million Series A funding round, led by growth equity firm Camber Partners. Specializing in AI-powered email security, Trustifi has now raised a total of $29 million to accelerate its product development, go-to-market strategy, and global marketing initiatives—especially in the MSP space. We unpack…

In this episode, we dissect Google's recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, and Netlock. These high-impact moves are rooted in Chrome's strict enforcement of compliance, transparency, and security standards for public trust. We explore the ro…

Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, we dissect how these flaws, triggered by insecure usage of PHP’s Reflection API and abuse of vBulletin’s template engine, allow unauthenticated at…

In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine cryptocurrency at scale. We unpack how cybercriminals targeted misconfigured Docker APIs, publicly exposed HashiCorp Nomad and Consul servers, and vulnerable Gitea instances — turning ente…

In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s apport and Red Hat/Fedora’s systemd-coredump, exposing a little-known but critical attack vector: core dumps from crashed SUID programs. We dive into how…

Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like Google Apps Script and Google Firebase Storage to host phishing pages, evade detection, and steal credentials. Using cleverly crafted lures such as fake DocuSign notifications, i…

In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune malware before deployment. Led by Dutch authorities and supported by agencies from the U.S., Germany, France, and others, this operation marks a major win in Operation Endgame—a sweeping …

ConnectWise has confirmed a cyberattack targeting ScreenConnect, its remote access solution used by thousands of Managed Service Providers (MSPs). The breach is reportedly tied to a sophisticated nation-state actor and linked to CVE-2025-3935, a critical ViewState code injection vulnerability that could allow Remote Code Execution (RCE). In this ep…

In this episode, we dive into the graphical corruption saga triggered by Firefox version 139, released on May 27, 2025. Aimed at uncovering what went wrong, we review reports from across the web detailing how the update wreaked havoc for Windows users running NVIDIA graphics cards—particularly those with multi-monitor setups using mixed refresh rat…

In this episode, we break down the recent $4 million seed funding round for Unbound, a startup tackling one of the biggest unsolved problems in enterprise AI: how to stop employees from leaking sensitive data through ungoverned use of Generative AI tools. Unbound’s AI Gateway aims to be the missing link between rapid AI adoption and responsible usa…

Microsoft is taking direct aim at one of the biggest pain points in the Windows ecosystem: update fragmentation. In this episode, we dive deep into the details of Microsoft’s newly announced Windows-native update orchestration platform, currently in private preview. We explore how this unified infrastructure aims to centralize updates for all apps,…

Linux systems are under siege—particularly in the world of IoT and internet-exposed servers. In this episode, we dissect PumaBot, a new GoLang-based botnet that's turning Linux IoT devices into cryptomining workhorses. We’ll break down how attackers brute-force SSH credentials, install malware disguised as legitimate services, and use systemd for s…

On December 25, 2024, while most businesses were offline, a serious data breach struck LexisNexis Risk Solutions—exposing the personal data of over 360,000 individuals. The twist? The attack vector wasn’t a direct hack, but an indirect compromise through a third-party GitHub repository. Even more concerning, the breach went undetected until April 1…

On this episode, we dissect the ransomware attack that brought MathWorks—a cornerstone software provider for engineers, scientists, and educators—to a grinding halt. The attack, which began on May 18, 2025, and was officially confirmed on May 26, crippled a wide range of customer-facing and internal systems, from MATLAB Online and ThingSpeak to lic…

The cybersecurity market is booming, projected to triple in size from $215 billion in 2025 to $697 billion by 2035. This explosive growth is being fueled by rising cyber threats, the digital transformation of global businesses, and an urgent need for advanced security operations. One of the clearest signals of this momentum? Zscaler’s acquisition o…

In this episode, we unpack a critical supply chain breach that’s rattled the cybersecurity world: the exploitation of multiple zero-day vulnerabilities in SimpleHelp Remote Support Software — most notably CVE-2024-57726, a privilege escalation flaw scored 9.9 by the NVD. Threat actors linked to the DragonForce ransomware operation and the Scattered…