Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 14h ago
Added twenty-four weeks ago
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Daily Security Review
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k
3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k347
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Podcasts Worth a Listen
SPONSORED
S
Squid Game: The Official Podcast
Squid Game is back—and this time, the knives are out. In the thrilling Season 3 premiere, Player 456 is spiraling and a brutal round of hide-and-seek forces players to kill or be killed. Hosts Phil Yu and Kiera Please break down Gi-hun’s descent into vengeance, Guard 011’s daring betrayal of the Game, and the shocking moment players are forced to choose between murdering their friends… or dying. Then, Carlos Juico and Gavin Ruta from the Jumpers Jump podcast join us to unpack their wild theories for the season. Plus, Phil and Kiera face off in a high-stakes round of “Hot Sweet Potato.” SPOILER ALERT! Make sure you watch Squid Game Season 3 Episode 1 before listening on. Play one last time. IG - @SquidGameNetflix X (f.k.a. Twitter) - @SquidGame Check out more from Phil Yu @angryasianman , Kiera Please @kieraplease and the Jumpers Jump podcast Listen to more from Netflix Podcasts . Squid Game: The Official Podcast is produced by Netflix and The Mash-Up Americans.…
9.8 Severity and Counting: Inside Trend Micro’s Latest Security Emergency
Manage episode 488555244 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we break down Trend Micro’s urgent June 10th security update that patched ten high- and critical-severity vulnerabilities—some with CVSSv3.1 scores as high as 9.8—across Apex Central and Endpoint Encryption PolicyServer (TMEE). While no active exploitation has been observed, the risks are too severe to ignore.
We spotlight the most dangerous issues: pre-authentication remote code execution vulnerabilities stemming from insecure deserialization, a critical authentication bypass that allows attackers full admin access, and SQL injection flaws that enable privilege escalation. Apex Central and TMEE users running vulnerable versions could face full system compromise if left unpatched.
We’ll explain what deserialization means, why insecure deserialization is so dangerous, how attackers could exploit these bugs, and why immediate patching is non-negotiable. We also explore mitigation strategies including updated intrusion prevention filters, secure coding practices, and why perimeter security and monitoring matter more than ever—even if no exploitation has been spotted (yet).
Tune in for a deep dive into one of the year’s most critical coordinated vulnerability disclosures—and make sure your systems aren’t left exposed.
237 episodes
ShareManage episode 488555244 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we break down Trend Micro’s urgent June 10th security update that patched ten high- and critical-severity vulnerabilities—some with CVSSv3.1 scores as high as 9.8—across Apex Central and Endpoint Encryption PolicyServer (TMEE). While no active exploitation has been observed, the risks are too severe to ignore.
We spotlight the most dangerous issues: pre-authentication remote code execution vulnerabilities stemming from insecure deserialization, a critical authentication bypass that allows attackers full admin access, and SQL injection flaws that enable privilege escalation. Apex Central and TMEE users running vulnerable versions could face full system compromise if left unpatched.
We’ll explain what deserialization means, why insecure deserialization is so dangerous, how attackers could exploit these bugs, and why immediate patching is non-negotiable. We also explore mitigation strategies including updated intrusion prevention filters, secure coding practices, and why perimeter security and monitoring matter more than ever—even if no exploitation has been spotted (yet).
Tune in for a deep dive into one of the year’s most critical coordinated vulnerability disclosures—and make sure your systems aren’t left exposed.
237 episodes
All episodes
×
D
Daily Security Review
1 Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux 44:03
44:03 
Play Later 
Play Later 
Lists 
Like 
Liked44:03
Play Later Play Later Lists Like LikedA new and highly sophisticated malware strain named Koske is redefining the threat landscape for Linux environments. Suspected to be partially developed using artificial intelligence, Koske introduces novel and highly evasive techniques, blending image files, rootkits, and adaptive cryptomining logic to create a stealthy and persistent backdoor into systems worldwide. What sets Koske apart is its ingenious use of polyglot files—specifically, JPEG images of panda bears that look harmless to the user but contain embedded shell scripts and C code. These files not only display a cute picture but simultaneously execute malicious commands to deploy CPU- and GPU-optimized cryptominers targeting 18 different cryptocurrencies. When one mining pool goes offline, Koske switches dynamically to another, demonstrating AI-assisted adaptability. But the deception doesn't stop there. Koske uses stealth rootkits to hide its files, processes, and even its own presence from system monitoring tools. It establishes persistence through cron jobs, modifications to .bashrc and .bash_logout, and even creates custom systemd services. Its connectivity module is capable of proxy discovery and failover, giving it resilience in varied network conditions—a hallmark of AI-generated logic. Security researchers have flagged verbose, modular code structures, well-commented logic, and defensive programming patterns as signs that large language models (LLMs) played a role in writing Koske. This points to a disturbing new frontier: the rise of AI-generated malware that can learn, adapt, and hide better than anything seen before. With 70% of web servers running on Linux, and many enterprises relying on misconfigured or poorly secured systems, the danger posed by malware like Koske is immense. Traditional antivirus tools fall short, especially against polyglot-based file delivery, making runtime protection, network anomaly detection, and strict access controls more essential than ever. In this episode, we break down how Koske operates, what makes it so hard to detect, and why it represents a paradigm shift in malware evolution. We also cover defensive strategies, including Linux-specific hardening, container protection, AI-powered defense tools, and why user awareness is still one of the most powerful safeguards. This isn’t just a story about malware. It’s a case study in the cyber arms race between AI-powered offense and AI-powered defense—and why the stakes have never been higher. #KoskeMalware #LinuxSecurity #AIThreats #PolyglotFiles #CryptominingMalware #Rootkits #Cybersecurity #PandaJPEGAttack #ShellScriptMalware #GPUCryptoMiner #AIinCybercrime #CyberThreats #LLMGeneratedCode #StealthMalware #LinuxCryptojacking #AdaptiveMalware #CyberHygiene #ContainerSecurity #AIvsAI #MalwareEvasion #InfosecPodcast #APT #CyberDefense #PersistentMalware #DynamicMalware…
D
Daily Security Review
1 Operation Checkmate: BlackSuit Ransomware’s Dark Web Sites Seized 39:19
39:19 Play Later Play Later Lists Like Liked39:19
Play Later Play Later Lists Like LikedBlackSuit, the ransomware strain known for crippling critical sectors and demanding multi-million dollar payouts, has just suffered a devastating blow. In a coordinated international law enforcement operation codenamed "Operation Checkmate," authorities—including the U.S. Department of Justice, Homeland Security Investigations, FBI, Europol, the UK’s NCA, Dutch and German police, and more—have seized BlackSuit’s dark web extortion platforms. These takedowns included the gang’s negotiation and data leak sites, effectively severing their means to pressure and extort victims. BlackSuit is no small player. A direct descendant of Royal ransomware, and before that Quantum and Conti, this group has orchestrated attacks against hundreds of organizations worldwide, demanding ransoms ranging from $1 million to $60 million, with total demands exceeding $500 million USD. Their tactics—ranging from phishing, RDP exploitation, to malware-assisted lateral movement and data exfiltration—showcase a sophisticated playbook powered by open-source tools like Chisel, RClone, Gootloader, Cobalt Strike, and even SystemBC. Known for double extortion, BlackSuit steals data before encrypting it, then threatens to release sensitive information on the dark web. Victims across sectors like education, healthcare, manufacturing, and construction have been affected, with the United States as the primary target. “Operation Checkmate” goes beyond disruption: a decryptor tool has now been released to help victims recover encrypted files. This move mirrors past successes against ransomware groups like HIVE and LockBit, reflecting a growing trend of international cybercrime enforcement unity. But while the infrastructure has been seized, experts warn that BlackSuit’s members—many with ties to Conti and Royal—may resurface under a new alias. The takedown is a critical win, but not the end of the game. This episode explores the technical depths of BlackSuit’s operations, their evolution from Conti-linked origins, and what this takedown means for the broader ransomware threat landscape. We also examine key defense strategies, including multi-factor authentication, network segmentation, secure logging, and real-time monitoring, to defend against future attacks. #BlackSuitRansomware #OperationCheckmate #RoyalRansomware #RansomwareTakedown #Cybercrime #DoubleExtortion #DecryptorReleased #DarkWebSeizure #FBI #CISA #HomelandSecurity #Europol #NCA #ContiRansomware #DataExfiltration #Cybersecurity #CyberThreat #BigGameHunting #RDPExploit #MalwarePersistence #Infosec #PhishingAttacks #DecryptorTool #StopRansomware…
D
Daily Security Review
1 Coyote Malware Exploits Microsoft UI Automation in First-Ever Wild Attack 34:14
34:14 Play Later Play Later Lists Like Liked34:14
Play Later Play Later Lists Like LikedA new banking trojan called Coyote has emerged as a groundbreaking cyber threat, becoming the first known malware in the wild to exploit Microsoft’s User Interface Automation (UIA) framework—an accessibility tool originally designed to help users interact with Windows interfaces. But in the hands of attackers, UIA becomes a weapon of stealth and precision. Primarily targeting Brazilian banking and crypto users, Coyote uses sophisticated techniques to extract credentials from over 60 financial institutions by reading UI elements in active windows and phishing through subtle interface manipulation. Leveraging tools like GetForegroundWindow() and UIAutomation COM objects, Coyote identifies sensitive browser elements such as tabs and address bars—without ever requiring prior knowledge of the application’s structure. What makes this threat even more dangerous is its stealth. Traditional endpoint detection and response (EDR) tools struggle to detect UIA-based intrusions, allowing Coyote to operate quietly in the background—whether online or offline. Beyond keylogging and phishing, it can take screenshots, kill processes, mimic system updates, and even freeze entire systems. Even more alarming is the technical novelty: Coyote's final payload is written in Nim, a lesser-known programming language that helps it avoid signature-based detection. This Trojan spreads using the Squirrel installer, masquerading as a legitimate updater to gain initial access. Researchers warn this technique could be the beginning of a wave of UIA-based attacks, which will be much harder to detect and stop. Detection strategies now include monitoring the loading of UIAutomationCore.dll, and inspecting named pipes like UIA_PIPE_* to catch inter-process communication anomalies. In this episode, we also explore Cryptika’s role as a leading cybersecurity provider in the Middle East. From penetration testing and DFIR to GRC consulting and threat hunting, Cryptika is equipping organizations with the tools to detect and prevent threats like Coyote before they cause damage. Coyote is a harbinger of a future where even accessibility features can be turned against us—highlighting the urgent need for proactive monitoring, multi-layered defenses, and vigilant detection of abused system components. #CoyoteMalware #MicrosoftUIAutomation #UIAExploit #BankingTrojan #CredentialTheft #WindowsAccessibilityAbuse #NimMalware #CyberThreat #BrazilianTrojan #CryptocurrencySecurity #Cybersecurity #EDREvasion #NamedPipes #UIAutomationCore #InfoStealer #C2Infrastructure #BankingMalware #Phishing #CommandAndControl #AdvancedThreats #Cryptika #CyberDefense #ThreatDetection #DFIR #GRC #RedTeaming #InfosecPodcast…
D
Daily Security Review
1 No Fix Coming: Remote Code Execution Flaw in 1,300 LG Security Cameras 31:12
31:12 Play Later Play Later Lists Like Liked31:12
Play Later Play Later Lists Like LikedA newly disclosed critical vulnerability, CVE-2025-7742, is putting hundreds of LG Innotek LNV5110R security cameras at risk around the world—including within critical infrastructure. This high-severity authentication bypass flaw allows remote attackers to gain full administrative control without credentials, giving them access to live camera feeds, the ability to disable or disrupt device functionality, and the opportunity to pivot deeper into internal networks. The most alarming detail? LG Innotek has confirmed it will not release a patch, as the affected camera model has officially reached its end-of-life (EOL) status. Security researcher Souvik Kandar uncovered the vulnerability, which is now being highlighted by major security bodies like CISA. With over 1,300 internet-exposed devices still active, the risk of exploitation is very real—and immediate. This episode unpacks the technical details of the vulnerability, the wider dangers of unpatched EOL devices, and the pressing need for network segmentation, Zero Trust access controls, and proactive EOL management policies. We examine how remote code execution (RCE) enables threat actors to escalate privileges, maintain persistence, and launch further attacks—all starting with an unpatched IoT device. From the failure to patch, to poor lifecycle management, to the broader lessons in infrastructure security, this is more than just a flaw in one device—it’s a case study in how old tech becomes a new threat. #CVE20257742 #LGInnotek #SecurityCameras #RemoteCodeExecution #RCE #CriticalInfrastructure #IoTSecurity #Cybersecurity #UnpatchedDevices #EndOfLife #NetworkSegmentation #ZeroTrust #VulnerabilityDisclosure #CISAwarning #PivotAttack #ReverseShell #AdminAccess #CyberThreats #Infosec #ThreatHunting…
D
Daily Security Review
1 ToolShell Exploited: China-Linked Hackers Breach NNSA and U.S. Government Networks 1:14:36
1:14:36 Play Later Play Later Lists Like Liked1:14:36
Play Later Play Later Lists Like LikedIn one of the most concerning state-sponsored cyber incidents of the year, Chinese hackers exploited zero-day vulnerabilities in Microsoft SharePoint to breach the networks of the National Nuclear Security Administration (NNSA)—the U.S. agency responsible for managing the nation's nuclear arsenal. The attackers, part of a suspected Chinese state-sponsored group, used a sophisticated chain of vulnerabilities dubbed ToolShell, targeting not only the NNSA but also other high-profile U.S. and global entities, including the National Institutes of Health (NIH). While the U.S. Department of Energy reports no classified data was compromised, cybersecurity experts are sounding the alarm. The campaign, active since at least July 7, 2025, has compromised hundreds of servers and affected more than 148 organizations worldwide, making it one of the broadest cyber-espionage campaigns in recent history. This episode unpacks: How Chinese state-sponsored actors exploited SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-49706 to deploy malware and maintain persistence The TTPs (Tactics, Techniques, and Procedures) these actors used, including web shells, lateral movement, credential harvesting, and even disabling Microsoft Defender protections Why the NNSA’s use of cloud-based infrastructure and rapid detection minimized the breach’s impact The growing sophistication of China’s cyber espionage campaigns, from economic and political spying to targeting critical U.S. defense infrastructure The broader implications for international cybersecurity, attribution, and the increasingly blurred lines between cybercrime and cyberwarfare We also explore the cybersecurity gaps that persist across the U.S. public sector, the urgency of "security by design," and the need for immediate patching, endpoint protection, and coordinated threat intelligence sharing. As geopolitical tensions rise and cyberspace becomes the newest front in international conflict, this incident offers a chilling reminder: even the most sensitive government systems are not immune from sophisticated, well-funded nation-state actors. #NNSA #CyberEspionage #ChineseHackers #SharePointZeroDay #ToolShell #MicrosoftVulnerability #CVE202553770 #StateSponsoredHacking #USNationalSecurity #CriticalInfrastructure #ZeroDayExploit #CyberAttack #DOE #Storm2603 #WebShell #Cybersecurity #InfoSec #CloudSecurity #TTPs #GovernmentCyberDefense #CyberWarfare #MicrosoftDefender #PersistentAccess #NuclearSecurity #APT #ChinaCyberOps #CyberThreats #NationalSecurity #CISA #CyberStrategicPlan #CyberResilience…
D
Daily Security Review
1 Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts 41:44
41:44 Play Later Play Later Lists Like Liked41:44
Play Later Play Later Lists Like LikedIn this episode, we expose the alarming supply chain attack that compromised millions of JavaScript projects across the globe. This sophisticated breach targeted the NPM ecosystem, infecting widely-used packages like eslint-config-prettier and is, through a coordinated phishing campaign and the exploitation of non-expiring legacy access tokens. Attackers began by impersonating the official npm registry with a typosquatted domain (npnjs[.]com), stealing credentials from developers via fake login prompts. Once inside, they bypassed GitHub commit histories and published rogue versions of key packages directly to the registry, effectively weaponizing trusted developer pipelines. The real payload? Scavenger malware—a stealthy, cross-platform info-stealer designed to harvest sensitive data from Chromium-based browsers. It ran entirely in JavaScript or injected malicious DLLs, evading detection with anti-VM and antivirus checks, and even capable of disabling browser security alerts. We break down: The timeline and tactics of the attack Why NPM’s legacy access tokens became the attackers’ golden ticket The vulnerabilities in Chromium’s local security model that allowed malware like Scavenger to thrive How human error and overlooked MFA practices amplified the threat Lessons on securing software supply chains and managing third-party risks With over 180 million weekly downloads potentially affected, this breach wasn’t just a security failure—it was a wake-up call for the entire developer community. We also explore the assigned CVE-2025-54313, and what this means for NPM and open source governance going forward. You'll hear what security professionals, maintainers, and platforms must do now to prevent another incident of this scale—from granular access token enforcement to phishing-resistant MFA and proactive malware scanning. This is more than a breach—it’s a blueprint for future attacks if safeguards don’t evolve. #NPM #ScavengerMalware #SupplyChainAttack #CVE202554313 #JavaScriptSecurity #OpenSourceSecurity #eslint #Prettier #InfoStealer #LegacyTokens #TokenSecurity #Chromium #Typosquatting #SoftwareSupplyChain #Cybersecurity #Phishing #2FA #Nodejs #Malware #DeveloperSecurity #DevSecOps #npmEcosystem #MaliciousPackages #CrossPlatformMalware #CredentialTheft…
D
Daily Security Review
1 Clorox Sues Cognizant Over $356M Cyberattack: Who's Really to Blame? 44:38
44:38 Play Later Play Later Lists Like Liked44:38
Play Later Play Later Lists Like LikedIn one of the most dramatic cybersecurity legal battles of the past year, Clorox has filed a lawsuit against IT services giant Cognizant, accusing the company of gross negligence that allegedly enabled a catastrophic 2023 cyberattack. The breach wreaked havoc on Clorox's operations—causing widespread product shortages, a multibillion-dollar hit to its market cap, and an estimated $356 million in damages. At the center of the controversy? A series of alleged failures by Cognizant's help desk staff, who Clorox claims repeatedly reset passwords and multi-factor authentication (MFA) credentials without verifying identities. Hackers, believed to be part of the Scattered Spider group, reportedly exploited these lapses to gain system access via social engineering—highlighting a growing trend of attacks bypassing technical safeguards by targeting human weaknesses. But Cognizant is pushing back hard, arguing that its role was limited to narrow help desk services and that Clorox's own cybersecurity defenses were inadequate. The dispute raises urgent questions about third-party risk, contractual clarity, and the fine line between support roles and security responsibilities in IT outsourcing relationships. This episode dives deep into: The timeline and tactics behind the Clorox breach What the lawsuit reveals about gaps in MFA implementation and help desk protocols The contractual gray areas now under legal scrutiny Why even companies hailed for cybersecurity investments—Clorox spent over $500 million on IT upgrades—can fall victim to poor vendor oversight Lessons for organizations on drafting better IT service contracts, vetting MSPs, and strengthening protections against social engineering attacks We also examine how this case underscores the broader industry shift: Organizations may outsource IT functions, but they can never outsource accountability. Whether you’re in legal, IT, procurement, or the C-suite, this is a must-listen episode on how a help desk misstep became a case study in enterprise risk, and what every company can learn from it. #Clorox #Cognizant #Cybersecurity #CyberAttack #DataBreach #Lawsuit #MFA #SocialEngineering #ITContracts #ThirdPartyRisk #ScatteredSpider #CyberLiability #OutsourcedIT #HelpDeskBreach #InfoSec #SupplyChainDisruption #CISO #TechLaw #DigitalRisk #EnterpriseSecurity #SecurityAwareness #BusinessContinuity #DataProtection #SecurityCompliance #CyberInsurance…
D
Daily Security Review
1 HeroDevs Secures $125M to Extend Life of Critical Open Source Software 35:36
35:36 Play Later Play Later Lists Like Liked35:36
Play Later Play Later Lists Like LikedIn this episode, we dive deep into HeroDevs' recent $125 million strategic growth investment, a move that signals a major expansion in the fight against the vulnerabilities of end-of-life (EOL) open source software. Based in Salt Lake City, HeroDevs has carved out a critical niche—providing "Never-Ending Support" (NES) to ensure security, compliance, and functionality for deprecated OSS widely used across enterprise systems. With this latest round, HeroDevs has raised a total of $133 million, and they’re putting it to strategic use. The funding will enhance their NES offerings, reinforce proactive defense against AI-driven vulnerabilities, and expand compatibility across more frameworks like Drupal 7, Bootstrap, jQuery, and even CentOS. Perhaps most significantly, $20 million of the raise is earmarked for their Open Source Sustainability Fund, a powerful initiative supporting creators and maintainers of OSS projects that follow best practices when entering end-of-life. HeroDevs already supports over 900 organizations, including nearly a third of the Fortune 100. Their NES model allows companies to avoid the costly burden of migrating away from deprecated tools while maintaining security and regulatory compliance with standards like HIPAA, PCI-DSS, and FedRAMP. As the adoption of AI accelerates and increases security surface area, the need for long-term, secure OSS support becomes more urgent. We explore how HeroDevs plans to meet that demand, the risks of unmanaged EOL software, and how their NES services are already mitigating threats before they’re disclosed publicly. This is not just about patching old code. It’s about sustaining the backbone of modern digital infrastructure, supporting the developers who maintain it, and giving companies a viable path forward in a rapidly evolving threat landscape. #HeroDevs #OpenSourceSecurity #NeverEndingSupport #OSS #EndOfLifeSoftware #CyberSecurity #Compliance #VulnerabilityManagement #SustainabilityFund #AIThreats #CentOS #Drupal7 #Bootstrap #jQuery #OpenSourceFunding #SoftwareMaintenance #DevSecOps #EnterpriseSecurity #LegacySoftware #AaronFrost #PSGInvestments…
D
Daily Security Review
1 UK Moves to Ban Ransomware Payments for Public Sector and Critical Infrastructure 48:22
48:22 Play Later Play Later Lists Like Liked48:22
Play Later Play Later Lists Like LikedIn a landmark move to disrupt the financial engine powering ransomware attacks, the United Kingdom is pushing forward with legislation that would ban ransom payments across the public sector and critical national infrastructure (CNI). This sweeping proposal covers everything from local councils and schools to healthcare providers like the NHS, aiming to make essential public services less attractive to cybercriminals. The government is also introducing a mandatory ransomware incident reporting regime , requiring organizations to notify authorities within 72 hours of a suspected attack and submit a detailed report within 28 days. For private sector businesses, a new Ransomware Payment Prevention Regime would require prior government notification before any ransom can be paid — a measure designed to ensure sanctions compliance and transparency. While ransomware groups increasingly target vulnerable and underfunded public services, the UK’s targeted ban seeks to remove the core incentive: money. The plan enjoys overwhelming support from the public sector and critical infrastructure organizations, though debate continues over exemptions for essential services and how to support victims during live incidents. This episode breaks down what these legislative proposals mean, how they fit into the larger fight against ransomware, and why the timing couldn’t be more urgent. With ransomware attacks surging to record levels — fueled by leaked credentials, infostealers, and ransomware-as-a-service — the UK aims to shift the risk-reward calculus for threat actors. We’ll also explore how attackers are adapting post-macro disablement, turning to container payloads and social engineering to gain access, and how nation-state groups from Russia, China, Iran, and North Korea are blending financial and political motives in their cyber operations. As ransomware groups continue to evolve, the UK is trying to stay one step ahead — not just by catching criminals, but by cutting off their funding altogether. #RansomwareBan #UKCyberSecurity #NHS #CriticalInfrastructure #NoMoreRansoms #RansomwareReporting #Infostealers #CNI #CyberCrime #UKGov #CyberLegislation #RansomwareEconomics #MandatoryReporting #CyberResilience #MFA #ZeroTrust #CredentialTheft #PublicSectorSecurity #SecureWorks #RansomwareAsAService #Clop #LaceTempest #StateSponsoredCyber #CyberPolicy…
D
Daily Security Review
1 New SysAid Vulnerabilities Added to CISA’s KEV List: XXE Flaws Could Enable RCE 26:10
26:10 Play Later Play Later Lists Like Liked26:10
Play Later Play Later Lists Like LikedTwo newly added vulnerabilities in SysAid’s On-Prem IT support software — CVE-2025-2775 and CVE-2025-2776 — have officially joined the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog, signaling increased concern around their potential abuse. While there are no confirmed reports of public exploitation or ransomware involvement to date, history suggests that SysAid products remain a viable target for threat actors. These flaws, discovered by watchTowr Labs in late 2024 and patched in early 2025, are XML External Entity (XXE) injection vulnerabilities that allow attackers to extract sensitive files and administrator credentials from vulnerable servers. When chained with a separate post-authentication command injection bug (CVE-2024-36394), they can lead to full remote code execution (RCE) as SYSTEM — an extremely dangerous scenario that effectively gives attackers unrestricted access to compromised servers. Though no active ransomware campaigns have yet exploited these specific flaws, CISA’s KEV designation highlights the need for urgent remediation — particularly given that SysAid products have been targeted before. In 2023, the Cl0p ransomware gang exploited a separate zero-day (CVE-2023-47246), using it to deploy malware across enterprise networks. That precedent, combined with the stealthy nature of XXE and RCE attacks, underscores why organizations must treat these vulnerabilities as critical. This episode explores how the vulnerabilities work, what makes them exploitable in real-world attack chains, and why CISA’s inclusion in the KEV catalog should be taken seriously — especially under Binding Operational Directive 22-01, which mandates federal agencies to patch affected systems by strict deadlines. We also dive into broader threat trends from CrowdStrike’s 2025 Global Threat Report: how attackers are increasingly going malware-free, leveraging AI, and moving at unprecedented speeds. With 79% of breaches no longer relying on malware and a 442% rise in vishing attacks, defenders must prepare for identity-based intrusions and rapidly evolving social engineering. We wrap with actionable guidance: patch to SysAid version 24.4.60 or higher, conduct compromise assessments, disable external XML entity parsing, and strengthen access controls and monitoring to reduce lateral movement risk. Even if these vulnerabilities haven’t yet been publicly exploited, waiting for proof-of-exploit is no longer an option in today’s threat landscape. #SysAid #CVE20252775 #CVE20252776 #CISAKEV #XXEVulnerability #RemoteCodeExecution #RCE #KEVCatalog #WatchTowrLabs #CISAWarning #Cybersecurity #PatchNow #CommandInjection #Infosec #ITSupportSecurity #Cl0pRansomware #SysAidSecurity #XMLInjection #CrowdStrike2025 #CyberThreats #BindingDirective #IdentitySecurity #AdminTakeover #ThreatIntelligence…
D
Daily Security Review
1 Lumma Stealer Returns: Malware-as-a-Service Resurges After Global Takedown 44:16
44:16 Play Later Play Later Lists Like Liked44:16
Play Later Play Later Lists Like LikedIn this episode, we unpack the rapid and concerning resurgence of Lumma Stealer , a sophisticated Malware-as-a-Service (MaaS) platform, just months after a major international takedown. Despite Microsoft, the FBI, Europol, and global partners dismantling over 2,500 malicious domains and seizing critical infrastructure in May 2025, Lumma Stealer has come roaring back. The cybercriminal group behind the malware — tracked as Water Kurita by Trend Micro and Storm-2477 by Microsoft — adapted quickly, hardening their operations and adopting stealthier tactics to evade future disruptions. We delve into how Lumma’s developers responded by shifting away from public cybercrime forums and deploying infrastructure across Russian data centers like Selectel. Their latest strategies include abusing cloud services, fake software websites, and social media platforms like YouTube and Facebook to spread the infostealer — often disguised as cracked tools, Photoshop downloads, or game cheats. Even GitHub is being weaponized with AI-generated lures targeting unsuspecting users. Lumma Stealer’s capabilities are dangerous and comprehensive: it steals credentials, financial data, crypto wallets, and even hijacks session cookies — effectively bypassing multi-factor authentication (MFA). Its code can run directly in memory, avoiding detection by traditional antivirus. The consequences are real — the malware has already been tied to breaches of Jaguar Land Rover and customer data leaks from Royal Mail. This episode also highlights the larger trend of information stealers enabling modern cybercrime. With generative AI accelerating phishing, malware coding, and even infrastructure building, the bar to entry for cybercriminals has never been lower. We explore actionable defense strategies including DNS filtering, browser hardening, dark web monitoring, and the critical role of behavioral endpoint detection. Listeners will also learn how companies can adjust security policies, implement segmentation, and improve staff awareness to defend against this evolving threat landscape. Lumma’s comeback isn’t just a case study in cyber resilience — it’s a wake-up call. Cybercrime doesn’t disappear when servers go offline. It morphs, rebuilds, and strikes again — smarter, faster, and harder to detect. #LummaStealer #MalwareAsAService #MaaS #InformationStealer #MicrosoftDCU #WaterKurita #Storm2477 #Cybercrime #FakeSoftware #Phishing #SessionHijacking #MFABypass #AIInCybercrime #DarkWeb #CredentialTheft #Infostealer #GitHubAbuse #CyberThreats #RansomwareEcosystem #BYODSecurity #DNSFiltering #CyberSecurity #TrendMicro #TakedownFail #PersistenceOfMalware…
D
Daily Security Review
1 Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access 37:32
37:32 Play Later Play Later Lists Like Liked37:32
Play Later Play Later Lists Like LikedHackers are actively exploiting a trio of critical zero-day vulnerabilities in Cisco’s Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), prompting urgent patching directives from the company. The flaws — CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337 — each carry a maximum CVSS severity score of 10.0, indicating the highest possible risk. These vulnerabilities allow remote, unauthenticated attackers to execute arbitrary code with root-level access, completely compromising the underlying system. Cisco has confirmed active exploitation attempts as of July 2025, making this not a theoretical threat but a real and present danger to enterprise networks. Each vulnerability is distinct and does not require chaining, yet all enable full system compromise. CVE-2025-20281 and CVE-2025-20337 exploit poor input validation on exposed APIs, while CVE-2025-20282 takes advantage of insecure file handling to write malicious files into privileged directories. None of these attacks require credentials or user interaction, making exploitation trivial for attackers once systems are exposed to the internet or internal threat actors. Cisco has urgently advised customers running ISE or ISE-PIC version 3.3 to upgrade to Patch 7, and version 3.4 to Patch 2. Importantly, earlier hot patches released by Cisco do not address CVE-2025-20337, leading to a patching gap for many organizations. There are no workarounds available — the only protection is to patch immediately. This episode breaks down how the vulnerabilities work, what makes them so dangerous, and why attackers are targeting Cisco’s identity infrastructure right now. We also cover who discovered these bugs, Cisco's delayed but critical patch guidance, and how privilege escalation to root on Linux opens the door for complete system takeover. If your network uses Cisco ISE or ISE-PIC, this episode could be the difference between resilience and root-level compromise. #CiscoISE #ZeroDay #CVE202520281 #CVE202520282 #CVE202520337 #PrivilegeEscalation #RemoteCodeExecution #RootAccess #CVSS10 #PatchNow #CyberSecurity #Cisco #ISEPIC #ThreatIntel #ExploitInTheWild #VulnerabilityManagement #LinuxSecurity #NetworkSecurity #RCE #ZeroDayExploit #CiscoPatch #TrendMicroZDI…
D
Daily Security Review
1 ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access 58:23
58:23 Play Later Play Later Lists Like Liked58:23
Play Later Play Later Lists Like LikedA new wave of zero-day attacks—collectively known as ToolShell—is actively targeting Microsoft SharePoint servers, with two vulnerabilities (CVE-2025-53770 and CVE-2025-53771) allowing unauthenticated remote code execution and identity control bypass. First observed in high-value targets across government, critical infrastructure, and manufacturing sectors, the ToolShell exploit chain has since expanded into opportunistic attacks, with early attribution pointing to China-linked threat actors. The attack chain begins by exploiting a deserialization flaw and a spoofing/path traversal bug to gain unauthenticated access to SharePoint’s ToolPane functionality. Once inside, attackers deploy stealthy ASPX webshells like xxx.aspx and spinstall0.aspx to exfiltrate cryptographic secrets—including ASP.NET MachineKey values—without triggering alerts. In more advanced cases, attackers avoid persistent shell artifacts altogether, using in-memory modules for fileless exploitation and credential theft. This episode dives into the full lifecycle of the ToolShell attacks: How attackers rapidly evolved their tactics after initial Microsoft patches were released Why SharePoint 2016 users remain at elevated risk due to the absence of a patch Evidence of AMSI evasion, SSO and MFA bypasses, and credential harvesting across victim networks Best practices for mitigation: patching, enabling AMSI "Full Mode", deploying antivirus with EDR, and rotating cryptographic keys Why machine key rotation is essential even post-patching to revoke compromised credentials and prevent persistent access We’ll also discuss the role of SharePoint's layout endpoints, how logging POST requests to /_layouts/15/ToolPane.aspx can reveal exploitation attempts, and why incident response planning and forensic readiness are now non-negotiable for organizations running on-prem SharePoint. The ToolShell campaign is a sobering example of how quickly adversaries can pivot in response to public disclosures—and why organizations must treat patching as a race against weaponization. If your infrastructure still relies on SharePoint Server, this is a must-listen breakdown of one of the most sophisticated exploit chains of 2025. #ToolShell #SharePointZeroDay #CVE202553770 #CVE202553771 #MicrosoftSharePoint #RemoteCodeExecution #ZeroDayExploit #Webshell #MachineKey #CryptographicTheft #AMSI #PatchNow #AdvancedPersistentThreat #Cyberattack #Infosec #ChinaAPT #EDR #SSOBreach #MFABypass #EnterpriseSecurity #ThreatIntel #OnPremSecurity #CyberThreats…
D
Daily Security Review
1 CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks 22:13
22:13 Play Later Play Later Lists Like Liked22:13
Play Later Play Later Lists Like LikedA critical zero-day vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, giving attackers administrative access to over a thousand unpatched servers globally. This severe security flaw—caused by improper validation in the AS2 protocol—has exposed enterprise-managed file transfer (MFT) systems across the US, Europe, and Canada. Security experts are sounding the alarm, and organizations relying on CrushFTP are urged to patch immediately. Discovered in mid-July 2025, the bug has been traced to reverse-engineering of recent CrushFTP patches. The vulnerability grants unauthenticated attackers complete control via exposed web interfaces, making it a high-value exploit for data theft, surveillance, and potential ransomware staging. While patched versions (10.8.5 and 11.3.4_23 or later) and properly configured DMZ instances are immune, over 1,000 servers remain vulnerable, according to Shadowserver. This is not CrushFTP’s first brush with exploitation. A similar zero-day (CVE-2024-4040) was weaponized in April 2024 by espionage-linked actors. A separate authentication bypass (CVE-2025-31161) was publicly exploited just two months ago. The rapid cadence of these exploits underscores the high-stakes environment surrounding MFT tools, which are increasingly targeted by ransomware gangs like Clop and advanced persistent threat (APT) groups. This episode dives deep into: The technical root of CVE-2025-54309 and how attackers exploit AS2 mishandling Indicators of compromise, including rogue admin accounts and fake version numbers How CrushFTP users can mitigate risk through patching, DMZ deployment, and backup restoration Why MFT tools have become a goldmine for threat actors—and how to defend them Best practices: zero trust policies, IP whitelisting, SFTP isolation, and automated encryption The CrushFTP zero-day is a case study in how unmanaged MFT exposure can lead to catastrophic administrative compromise. If you’re in IT, DevOps, or cybersecurity, this episode is a must-listen to understand the evolving risks in file transfer infrastructure and how to respond effectively before attackers strike. #CrushFTP #CVE202554309 #ZeroDay #MFTSecurity #ManagedFileTransfer #DataBreach #Cyberattack #AS2Protocol #PatchNow #FileTransferVulnerability #Shadowserver #Infosec #AdminTakeover #Exploit #Cybersecurity #ITSecurity #ClopGang #DataTheft #SFTP #DMZ #EnterpriseSecurity #CyberThreats #ZeroTrust #CVEAlert #CrushFTPExploit…
D
Daily Security Review
1 Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform 23:49
23:49 Play Later Play Later Lists Like Liked23:49
Play Later Play Later Lists Like LikedDell Technologies is the latest target in a growing trend of data extortion attacks as threat actors pivot away from traditional ransomware. The cybercrime group known as World Leaks—a rebrand of the former Hunters International gang—has claimed responsibility for breaching Dell’s Customer Solution Centers (CSC), a sandbox environment used primarily for product demonstrations and proofs of concept. Although World Leaks claims to have exfiltrated 1.3 TB of data, Dell has confirmed that the vast majority of it consists of synthetic, publicly available, or demonstration data, with the only legitimate information being an outdated internal contact list. Despite limited direct risk to customers, this breach underscores a dangerous and evolving trend in cybercrime: data extortion without encryption. In this episode, we analyze how World Leaks has shifted away from ransomware’s traditional encrypt-and-demand model in favor of stealthy data theft paired with psychological extortion tactics. The group has built out a data brokerage platform with open-source intelligence (OSINT) capabilities designed to contact, harass, and pressure victims across channels, making non-production systems like Dell’s CSC a prime target for leverage rather than disruption. We break down how synthetic data helps mitigate some risks, but also explore why “safe” environments aren’t really safe anymore—and why developers, security teams, and enterprise leaders must now treat demonstration and development platforms as attack surfaces. As the industry sees rising costs in cybersecurity investments and cyber insurance, organizations must now prepare for extortion scenarios with no encryption, no downtime—but serious reputational stakes. Join us for a deep dive into: The anatomy of the Dell breach The rise of extortion-as-a-service Best practices for securing non-production environments How organizations should update incident response plans to account for silent breaches Why consumer trust is on the line, even in “low-risk” attacks This breach may not be catastrophic in data terms—but its implications are loud and clear: data is the new weapon, and extortion is its delivery mechanism. #DellBreach #WorldLeaks #CyberExtortion #DataLeak #Cybersecurity #RansomwareEvolved #NonProductionSecurity #SyntheticData #CustomerSolutionCenters #Infosec #CyberAttack #HuntersInternational #DataBreach #DevOpsSecurity #SandboxBreach #DataPrivacy #NetworkSegmentation #ExtortionAsAService #CorporateCyberRisk #TechNews…
D
Daily Security Review
1 Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting 59:16
59:16 Play Later Play Later Lists Like Liked59:16
Play Later Play Later Lists Like LikedA critical vulnerability in ExpressVPN’s Windows client has put a spotlight on the often-overlooked dangers of debug code making its way into production software. This episode dives into how a debug configuration error allowed Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, potentially exposing users’ real IP addresses and compromising their privacy. While encryption remained intact, the misrouting flaw meant anyone observing the network—such as ISPs or threat actors on shared Wi-Fi—could infer which remote servers a user was accessing via RDP. This vulnerability, discovered by security researcher "Adam-X," affected multiple versions of the ExpressVPN client (from version 12.97 up to 12.101.0.2-beta) before a patch was issued in version 12.101.0.45. Although the issue was deemed "low risk" due to RDP’s more limited use among IT professionals and enterprise users, the implications are far-reaching. We explore how this misstep echoes a previous DNS leak caused by ExpressVPN's split tunneling feature and what it reveals about the persistent risks in VPN architecture. We also expand the conversation to include broader software development lessons. From Common Weakness Enumerations (CWEs) like CWE-489 (Active Debug Code) and CWE-215 (Sensitive Info in Debug Code), to real-world consequences such as the infamous HP keylogging controversy, debug code remains a silent but dangerous adversary in cybersecurity. We'll cover how poor internal testing and oversight can unravel even the most privacy-focused tools—and what best practices can prevent these incidents, including zero-trust frameworks, strict tunneling policies, secure RDP configurations, and vigilant monitoring. If you rely on a VPN for privacy, especially in corporate settings or when using remote access tools like RDP, you won’t want to miss this deep dive into one of the year’s most revealing security incidents. #ExpressVPN #VPNLeak #RDP #DebugCode #CVE #Cybersecurity #VPNPrivacy #RemoteAccess #SplitTunneling #IPLeak #EnterpriseSecurity #ZeroTrust #NetworkSecurity #SecureVPN #PrivacyBreach #SoftwareDevelopment #SecurityPatch #CWE #ITSecurity #TechNews…
D
Daily Security Review
1 Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack 41:11
41:11 Play Later Play Later Lists Like Liked41:11
Play Later Play Later Lists Like LikedIn this episode, we unpack the January 2025 data breach at Dior, the iconic luxury fashion house, which exposed sensitive personal information of U.S. customers—including names, addresses, and even Social Security and passport numbers. Although payment data remained secure, the incident's impact is substantial, both in terms of customer trust and corporate accountability. What makes this breach especially troubling is that it wasn’t Dior’s systems that failed—it was a third-party service provider handling customer relationship management and marketing communications. The breach, discovered only in May, is now believed to be part of a larger cyberattack against LVMH, Dior’s parent company, which also affected Louis Vuitton. The ShinyHunters cyber extortion group is suspected of being behind the attack. We explore how third-party vulnerabilities have become the Achilles' heel of even the most well-resourced brands. Drawing from FINRA, FTC, and cybersecurity expert analysis, we look at: The rising frequency and scale of third-party breaches, including parallels to NotPetya, SolarWinds, and MOVEit; The type of data compromised, and why attackers are now focusing more on customer identity data than payment credentials; Dior's incident response, including customer notifications, legal compliance, and free identity theft protection; The regulatory landscape, including SEC and GDPR mandates, and what companies are now legally required to do post-breach; Effective preventative practices, from vendor risk management and contract due diligence to real-time monitoring and zero-trust principles. With luxury brands increasingly targeted not for their wealth but for their rich customer profiles, this episode is a critical listen for business leaders, CISOs, and consumers alike. The Dior breach is more than just a fashion headline—it's a cautionary tale about the hidden risks in our digital supply chains. #DiorDataBreach #Cybersecurity #LVMH #LuxuryRetailHack #ThirdPartyRisk #ShinyHunters #DataLeak #CustomerDataBreach #VendorBreach #IdentityTheft #SSNExposure #PrivacyBreach #DigitalSupplyChain #LouisVuittonHack #CRMbreach #IncidentResponse #CyberAttack #DataProtection #CyberThreats2025 #FashionIndustryCyberattack #BreachNotification #PIILeak #RegulatoryCompliance #FINRA #FTC #GDPR #ZeroTrustSecurity #CyberIncident #LuxuryBrandsUnderAttack…
D
Daily Security Review
1 StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE 52:49
52:49 Play Later Play Later Lists Like Liked52:49
Play Later Play Later Lists Like LikedIn an era where generative AI is being used not just for productivity but for precision cybercrime, a San Francisco-based startup, StrongestLayer, is taking a bold stand. Backed by $5.2 million in seed funding from Sorenson Capital and others, the company is pioneering a radically new approach to cybersecurity with its AI-native platform TRACE (Threat Reasoning AI Correlation Engine). This episode dives deep into what makes StrongestLayer’s technology different—and why that difference matters. Unlike traditional AI-enhanced tools, TRACE is built from the ground up around LLMs and continuous learning, enabling it to reason through intent rather than just detect patterns. It's capable of identifying AI-generated spear phishing, fake company websites, real-time adaptive phishing campaigns, and more—all with the cognitive power of over a thousand analysts. We explore the fundamental shift from AI-enabled to AI-native security platforms, how TRACE uses reasoning engines instead of rule-based programming, and why traditional filters and blacklists are no match for today’s deepfakes, chat-based phishing, and polymorphic malware. You'll hear insights from CEO Alan LeFort, who explains why human vigilance must evolve in lockstep with technology, and how StrongestLayer is not only detecting threats but training employees to spot AI-enhanced attacks in real time. We break down the risks, the defenses, and the growing arms race between AI-powered attacks and AI-powered defenses. Whether you're a CISO, security analyst, or just someone worried about clicking the wrong link, this episode is a must-listen on the future of cyber defense. #AIPhishing #Cybersecurity #StrongestLayer #EmailSecurity #LLMSecurity #GenerativeAI #PhishingDefense #AlanLeFort #CyberStartup #ThreatDetection #AInative #SpearPhishing #CyberThreats #TRACEPlatform #AIvsAI #DeepfakeSecurity #PhishingAwareness #SOCtools #MalwareDetection #ZeroTrust #SecurityTraining #TechStartup2025…
D
Daily Security Review
1 750,000 Records Exposed: Inside the TADTS Data Breach by BianLian 1:03:29
1:03:29 Play Later Play Later Lists Like Liked1:03:29
Play Later Play Later Lists Like LikedIn July 2024, The Alcohol & Drug Testing Service (TADTS), a Texas-based company handling sensitive employment-related data, suffered a catastrophic data breach. Nearly 750,000 individuals had personal information compromised—Social Security numbers, financial data, driver’s licenses, health insurance info, and even biometric identifiers. The attack was claimed by the BianLian ransomware group, which has shifted its strategy away from encryption to pure data theft and extortion. Despite the scope of the breach, TADTS waited nearly a year to notify victims and has not offered free identity theft protection, even though the stolen data includes everything needed to commit large-scale identity fraud. In this episode, we unpack the incident, explore BianLian's evolving tactics, and highlight the regulatory and legal implications for companies that fail to secure consumer data. You’ll learn: How BianLian transitioned from ransomware encryption to data-only extortion Why the IMSI data and biometric exposure raise the stakes for victims The technical tactics used by BianLian—custom backdoors, PowerShell abuse, RDP exploitation, credential dumping, and data syncing via tools like Rclone and Mega The alarming delay in breach disclosure—nearly 365 days late What Texas law and federal regulations require in such breaches—and whether TADTS violated them The class action lawsuit risks now emerging What individuals can do to defend themselves: credit freezes, fraud alerts, password changes, and monitoring We also look at the broader cybersecurity implications: why sectors handling biometric and medical data must implement MITRE ATT&CK-aligned defenses, enforce multi-factor authentication, and maintain robust backup strategies to prevent and recover from modern extortion campaigns.…
D
Daily Security Review
1 SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses 50:12
50:12 Play Later Play Later Lists Like Liked50:12
Play Later Play Later Lists Like LikedA new attack technique is exposing just how vulnerable global mobile networks remain in 2025. Cybersecurity firm Enea has discovered a surveillance operation that bypasses SS7 firewalls by exploiting a subtle weakness in the TCAP encoding layer—allowing stealth location tracking of mobile users across borders. The method? Tampering with the IMSI field in ProvideSubscriberInfo (PSI) requests to hide it from detection. Many mobile operators’ SS7 stacks simply fail to decode the malformed tag, allowing unauthorized tracking messages to pass security controls. In this episode, we cover: The technical anatomy of the IMSI hiding exploit How this attack evades standard SS7 security checks The surveillance firms and platforms involved—WODEN, ASMAN, HURACAN, and others Broader SS7 weaknesses: lack of encryption, lack of authentication, and global trust architecture The disturbing truth: most mobile networks still depend on legacy protocols from the 1970s Why users can’t opt out—and no app can protect you We also examine the countermeasures: advanced signaling firewalls, protocol filtering, TCAP signing, and why even now, SS7 remains irreplaceable due to the persistence of 2G/3G roaming infrastructure. This isn’t a theoretical vulnerability—it’s a real-world surveillance method in use today, targeting phones across continents without users ever knowing.…
D
Daily Security Review
1 The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain 23:30
23:30 Play Later Play Later Lists Like Liked23:30
Play Later Play Later Lists Like LikedIn June 2025, United Natural Foods, Inc. (UNFI)—the primary distributor for Whole Foods and tens of thousands of retailers across North America—suffered a major cyberattack that halted deliveries, emptied shelves, and forced core operations offline. The financial damage? Between $350 and $400 million in net sales lost, and up to $60 million in reduced income for fiscal year 2025. In this episode, we break down: What happened during the UNFI cyberattack How ordering, shipping, and receiving systems were taken down Why this wasn’t just a business disruption—but a critical infrastructure failure The pattern of attacks across the food sector, from JBS to Dole to Sam’s Club The national security implications of digitally compromised supply chains Where cyber insurance, contingency planning, and regulation fall short We also compare this incident with the 2020 SolarWinds breach, showing how both attacks exploited software vulnerabilities and disrupted essential services on a massive scale. UNFI’s recovery may be underway, but the larger question remains: Is the U.S. food supply chain prepared for the next attack?…
D
Daily Security Review
1 Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning 21:28
21:28 Play Later Play Later Lists Like Liked21:28
Play Later Play Later Lists Like LikedMore than five years after the Cambridge Analytica scandal, the legal and financial consequences are still playing out—this time in Delaware’s Chancery Court, where Mark Zuckerberg and Meta executives are being sued by investors seeking over $8 billion in damages. This landmark class-action lawsuit argues that Meta’s leadership knowingly violated a 2012 FTC consent order, misled users and regulators, and failed to prevent the improper sharing of personal data—culminating in the largest privacy fine in U.S. history. In this episode, we explore: The core allegations against Zuckerberg, Sandberg, and others How the FTC's 2012 and 2019 orders shaped Meta's legal obligations Why investors believe Meta’s disclosures were fraudulent What former insiders, including Jeffrey Zients and Yul Kwon, are saying on the stand The broader implications for data privacy governance and board-level accountability How the Supreme Court’s dismissal of Meta’s appeal revived the case And why this trial could redefine what “fiduciary duty” means in the digital age From API loopholes to insider warnings, stock sales, and alleged cover-ups, this case is a referendum on corporate responsibility in the age of surveillance capitalism—and a signal that executive leadership can be held personally liable for privacy failures.…
D
Daily Security Review
1 Operation Eastwood: Inside the Takedown of NoName057(16) 21:17
21:17 Play Later Play Later Lists Like Liked21:17
Play Later Play Later Lists Like LikedA major Europol-led crackdown—Operation Eastwood—has disrupted one of the most active pro-Russian hacktivist collectives in Europe: NoName057(16). Known for a relentless barrage of DDoS attacks targeting NATO allies and Ukraine-supporting nations, this ideologically driven group ran a global network powered by gamified recruitment, cryptocurrency incentives, and Telegram coordination. In this episode, we unpack: Who NoName057(16) is—and how their DDoS-for-crypto campaign operated The gamification of cyberwarfare, where young sympathizers earn crypto and badges for attacking government targets How Operation Eastwood led to arrests, infrastructure takedowns, and international arrest warrants Why DDoS remains a go-to weapon for hacktivists and state-aligned cyber actors The role of crypto on both sides of the Russia-Ukraine cyber conflict, from donations to evasion to digital mercenaries Why hacktivist groups are blurring the lines between ideology and cybercrime, and how they're increasingly operating like decentralized ransomware gangs We also explore the long-term implications: Can law enforcement really stop these groups? What happens when attackers are shielded by national borders or political alignment? And how should defenders prepare for digitally mobilized ideological threats with state-level reach? This is cyberwar by proxy—crowdsourced, monetized, and harder than ever to pin down.…
D
Daily Security Review
1 Phished and Exposed: What the Co-op Hack Reveals About Retail Cybersecurity 21:37
21:37 Play Later Play Later Lists Like Liked21:37
Play Later Play Later Lists Like LikedIn April 2025, The Co-op—one of the UK’s largest retailers—confirmed a data breach that exposed the personal information of 6.5 million members. No financial data was taken, but the attack hit at the core of trust, with CEO Shirine Khoury-Haq calling it a “personal attack on our members and colleagues.” This wasn’t just a technical failure—it was a masterclass in social engineering, executed by attackers linked to Scattered Spider and DragonForce ransomware. By impersonating staff and manipulating the IT helpdesk, the attackers gained privileged access and exfiltrated password hashes, enabling lateral movement and data theft without ever breaching a firewall. In this episode: How the attackers bypassed defenses using psychological manipulation—not malware The role of DragonForce ransomware and why Scattered Spider keeps showing up in major breaches Why social engineering remains the #1 cause of network compromise What retailers like Co-op and M&S are learning the hard way about helpdesk security, privileged accounts, and digital trust Arrests made by the UK’s National Crime Agency and their connection to the MGM Resorts breach We also dive into the broader context: Why retail is an increasingly high-value target The compliance landscape for UK retailers (GDPR, PCI DSS, Cyber Essentials) Critical mitigation strategies: phishing-resistant MFA, ZTNA, PAM, and resilient incident response plans This is not just about one breach—it’s about how an entire sector can fall to a single phone call.…
D
Daily Security Review
1 FileFix Attacks Are Here: How Interlock’s Ransomware is Skipping Your Defenses 21:52
21:52 Play Later Play Later Lists Like Liked21:52
Play Later Play Later Lists Like LikedIn this episode, we break down how Interlock, a fast-moving ransomware group launched in late 2024, has evolved from using web injectors and clipboard tricks (like ClickFix) to an even more covert social engineering technique that abuses Windows File Explorer’s address bar to execute malicious code without triggering security prompts or downloads. Key topics include: How FileFix works: The attacker tricks users into pasting a disguised PowerShell command into File Explorer, using a technique that removes the "Mark of the Web" (MOTW) and bypasses antivirus warnings. What makes it dangerous: Unlike traditional phishing, FileFix doesn’t rely on file execution or macros—just one paste and one Enter keystroke. The malware: The payload is a PHP-based Remote Access Trojan (RAT) that establishes persistence, gathers system information, and enables lateral movement and data exfiltration. The bigger picture: With FileFix confirmed in the wild and being actively adopted by Interlock, this attack method is poised to become a popular new vector for a variety of threat actors. We also cover how FileFix fits into a wider ransomware evolution: The shift to double extortion and Ransomware-as-a-Service (RaaS) The increasing use of EDR killers and lateral movement tools The importance of breakout time and why 1-10-60 detection rules matter more than ever Finally, we close with a call to action: FileFix shows that endpoint compromise doesn’t always start with a download. Organizations must reassess how they handle clipboard input, browser content, and even basic UI trust. Email training is no longer enough—file paths can now be weapons.…
D
Daily Security Review
1 Ontinue Uncovers SVG-Based Phishing: Why Your Browser Could Be the Weak Link 23:58
23:58 Play Later Play Later Lists Like Liked23:58
Play Later Play Later Lists Like LikedOntinue has uncovered a stealthy new phishing campaign that’s flipping conventional defenses on their head—weaponizing SVG image files to silently redirect victims to malicious websites, without requiring file downloads, macros, or even user clicks. In this episode, we break down how attackers are exploiting the JavaScript-capable structure of Scalable Vector Graphics (SVG) to embed obfuscated scripts that decrypt malicious payloads directly in the browser at runtime. These files are being distributed via spoofed emails with weak sender authentication, evading traditional detection tools by masquerading as innocuous graphics—when in fact, they’re functioning like client-side malware. Key topics include: How SVGs bypass legacy email security through script execution in the browser The role of JavaScript obfuscation and DOM manipulation in these attacks Why this approach is ideal for credential harvesting and phishing-as-a-service How weak SPF, DKIM, and DMARC records enable spoofing at scale Mitigation strategies: From treating SVGs as executables to enforcing strict CSP headers, Safe Links rewriting, and layered email authentication We also explore the broader implications of this trend within the phishing landscape—how attackers are moving away from traditional malware delivery toward zero-download, browser-native exploitation. This evolution makes every user’s browser session a potential threat surface and highlights the urgent need for both technical controls and human-centric awareness training. Ontinue’s discovery reinforces a core truth in modern cybersecurity: “innocent” file types can no longer be assumed harmless, and phishing tactics are increasingly blending code, content, and clever evasion. If your organization handles external emails, especially in B2B services, this episode is a critical briefing on a quiet but powerful threat.…
D
Daily Security Review
1 Exein Raises €70M: Defending the IoT-AI Frontier with Embedded Security 17:35
17:35 Play Later Play Later Lists Like Liked17:35
Play Later Play Later Lists Like LikedExein, the Italian cybersecurity company specializing in embedded IoT defense, has raised €70 million in Series C funding, marking a significant milestone in the race to secure AI-connected infrastructure. Backed by Balderton and a roster of prominent investors, this round pushes Exein’s total funding past $106 million and fuels its global expansion into the U.S. and Asia, while laying the groundwork for strategic M&A and product development. This episode breaks down what sets Exein apart in a crowded field: its AI-enabled, device-level runtime protection tailored for IoT systems in critical sectors like healthcare, energy, automotive, robotics, and semiconductors. While most firms focus on perimeter or network security, Exein embeds its defenses directly into devices, ensuring compliance with emerging global regulations like the EU Cyber Resilience Act and offering real-time safeguards against a rising tide of AI-specific threats. We also explore: The expanding attack surface created by the convergence of IoT and AI, and why traditional security tools are falling short How Exein’s model supports security-by-design at the firmware and runtime level The urgent need for protection against adversarial AI attacks, such as prompt injection, model theft, and data poisoning The growing push for runtime security solutions for LLMs and AI infrastructure, as generative models move into production environments Why the Series C round reflects strong investor confidence in embedded security, with parallels to recent M&A activity across AI runtime protection, identity access, and data loss prevention Exein’s momentum is not just about market expansion—it’s a signal of where security is headed: toward deeply integrated, proactive defenses that recognize AI and IoT as inseparable components of future cyber risk. As the industry braces for new regulatory and adversarial challenges, embedded runtime security is becoming the next competitive frontier.…
D
Daily Security Review
1 Salt Typhoon Strikes Again: National Guard, Telecoms, and a Crisis in U.S. Cyber Defense 21:58
21:58 Play Later Play Later Lists Like Liked21:58
Play Later Play Later Lists Like LikedSalt Typhoon, a sophisticated Chinese state-sponsored cyber threat actor, is conducting one of the most aggressive and sustained espionage campaigns ever uncovered against U.S. critical infrastructure. This episode explores how the group—linked to China's Ministry of State Security—compromised a U.S. state’s Army National Guard, infiltrated telecom giants like AT&T, Verizon, and T-Mobile, and exfiltrated massive volumes of configuration files, call metadata, and wiretap logs. Operating with alarming stealth, Salt Typhoon leveraged zero-day vulnerabilities in network devices, misconfigured infrastructure, and high-privilege accounts lacking MFA. Their goal? Strategic intelligence and counterintelligence dominance—mapping the communications lifelines of U.S. government, military, and private sector entities. We explore: How Salt Typhoon infiltrated over 100,000 routers, including core components of global telecommunications infrastructure The breach of the National Guard network, including admin credentials and communications with fusion centers across multiple states Exploited vulnerabilities (e.g., CVE-2023-20198, CVE-2023-20273) and GRE tunneling used to maintain persistent access The group’s broader footprint, including targets in Canada, universities worldwide, and access to U.S. court-authorized wiretap systems The tools and tactics of RedMike (aka Salt Typhoon), from living-off-the-land attacks to custom malware and encrypted exfiltration Why this is being called the worst telecom hack in U.S. history—and what it means for national security As U.S. officials roll out sanctions, international advisories, and enhanced telecom defenses, Salt Typhoon continues to adapt—illustrating the limitations of reactive security postures in an age of advanced persistent threats. The question is no longer if a breach will happen, but how long it takes to detect and contain it.…
D
Daily Security Review
1 DragonForce Ransomware Hits Belk: 150GB Data Leak and Operational Chaos 1:20:33
1:20:33 Play Later Play Later Lists Like Liked1:20:33
Play Later Play Later Lists Like LikedIn this episode, we dive into the May 2025 ransomware attack on Belk, the iconic U.S. department store chain, orchestrated by the DragonForce ransomware group—a fast-rising player in the ransomware-as-a-service (RaaS) ecosystem. The cyberattack brought down Belk’s online and in-store operations for days, exfiltrated over 156GB of sensitive data, and sparked legal action following the delayed breach disclosure. With customer names and Social Security numbers compromised and leaked, the impact has rippled far beyond Belk’s systems. We examine how this attack fits into a broader RaaS-fueled campaign against the retail sector, including recent incidents at Marks & Spencer, Co-op Group, and Harrods. DragonForce, leveraging a model built on affiliate partnerships and rebranded ransomware payloads, is lowering the barrier to entry for cybercriminals—enabling less sophisticated actors to inflict enterprise-level damage. This episode covers: The attack timeline and operational disruption across Belk's digital and physical storefronts What DragonForce stole—and why their leak site appearance suggests Belk didn’t pay the ransom The role of RaaS in expanding ransomware's reach, making powerful attack infrastructure available to anyone with money and motive How DragonForce affiliates, including those tied to Scattered Spider, are combining social engineering, credential theft, and advanced TTPs to bypass defenses Why retail chains are increasingly at risk—and how many still underestimate the severity of the threat Key defensive takeaways: from phishing-resistant MFA to Active Directory hardening, breach simulation exercises, and incident response planning The Belk breach illustrates the evolving nature of ransomware, where supply chain access, insider tricks, and layered obfuscation tactics are the norm—not the exception. As regulatory scrutiny rises and ransomware groups professionalize, retailers and mid-market enterprises must reframe security not as an IT task, but as a business continuity imperative.…
D
Daily Security Review
1 NVIDIA Issues Urgent Rowhammer Warning: Enable ECC or Risk AI Integrity 40:39
40:39 Play Later Play Later Lists Like Liked40:39
Play Later Play Later Lists Like LikedIn this episode, we dissect a major hardware-level cybersecurity warning issued by NVIDIA, one that directly affects data center operators, AI researchers, and enterprise IT teams using GPU infrastructure. The threat: Rowhammer —a physical DRAM vulnerability that’s now been successfully exploited on GPUs through a new attack method known as GPUHammer . Developed by researchers at the University of Toronto, GPUHammer targets NVIDIA A6000 GPUs , using rapid row activation to induce bit flips in GDDR6 memory , with alarming consequences. In controlled demonstrations, attackers were able to degrade AI model accuracy from 80% to less than 1% —all without ever accessing the model directly. The implications are clear: as GPUs become the backbone of AI infrastructure , memory integrity becomes a cybersecurity priority. And yet, many GPU users still disable ECC (Error Correcting Code) by default due to performance trade-offs—leaving high-value workloads vulnerable to silent corruption. We cover: What Rowhammer is , how it evolved from CPU memory exploits to GPU attacks, and what makes GDDR memory vulnerable. The mechanics of GPUHammer : how researchers bypassed proprietary memory mappings and refresh timings to trigger successful bit flips. Why AI models are especially susceptible , with a single exponent bit flip in a 16-bit float capable of cascading catastrophic results. NVIDIA’s guidance to mitigate the risk , including enabling System-Level ECC —a feature that can detect and correct these bit-level anomalies before they break inference. The trade-offs : enabling ECC can reduce available GPU memory by 6.25% and slow inference workloads by up to 10%. The distinction between On-Die ECC and System-Level ECC , and why only the latter offers end-to-end protection in transit between the GPU and system memory. How to verify and activate ECC , using both out-of-band (Redfish API) and in-band tools (e.g., nvidia-smi) depending on your deployment. As enterprises invest billions in AI-driven infrastructure, the integrity of GPU memory becomes a matter of trust, compliance, and operational resilience . Whether you're managing a multi-tenant ML platform or deploying sensitive models in healthcare or finance, the GPUHammer threat underscores the need to treat memory protection as a security imperative , not an optional performance toggle.…
D
Daily Security Review
1 Zip Security Secures $13.5M to Simplify and Scale Cyber Defense 48:43
48:43 Play Later Play Later Lists Like Liked48:43
Play Later Play Later Lists Like LikedIn this episode, we spotlight Zip Security , a rising New York-based cybersecurity startup that just closed a $13.5 million Series A funding round , led by Ballistic Ventures. This brings the company’s total raised to $21 million , underscoring growing investor confidence in Zip’s mission: to make enterprise-grade cybersecurity accessible, automated, and affordable —especially for the 95% of businesses that operate without a dedicated security team. Founded in 2022, Zip Security is reimagining the way organizations—particularly SMBs and mid-market firms —secure their operations. Their integrated platform combines security, compliance, and IT automation into a seamless user experience, designed for companies overwhelmed by tool sprawl, resource constraints, and the complexity of modern cyber risk. From endpoint protection and identity access management to mobile device security and secure browsing , Zip’s AI-powered system handles it all— without requiring in-house expertise . We explore: Why traditional cybersecurity models are failing smaller organizations , and why Zip calls today’s services model “broken.” The shift from fragmented point solutions to integrated, AI-driven platforms as the dominant cybersecurity trend. Zip’s focus on the "long tail of the economy" —the smaller businesses at the heart of supply chains, now increasingly targeted by sophisticated attackers. How Zip is leveraging AI and automation to deliver continuous protection, eliminate alert fatigue , and reduce the total cost of ownership. The growing appetite among businesses for platform solutions over best-of-breed tools , especially among those with 100+ employees. The urgent need for simplification in cybersecurity—not just in tools, but also in compliance, training, and operational practices. Where this new funding will go: engineering expansion, market presence, and further platform innovation . In a landscape where cybercrime is projected to cost $12 trillion globally by 2025 , the need for scalable, intelligent, and affordable cybersecurity solutions has never been more urgent. Zip Security’s approach, rooted in automation and accessibility, may be what finally closes the protection gap for smaller enterprises—and helps build resilience across the entire digital ecosystem.…
D
Daily Security Review
1 Century Support Services Breach: 160,000 Identities Compromised in Silent Cyberattack 32:03
32:03 Play Later Play Later Lists Like Liked32:03
Play Later Play Later Lists Like LikedIn this episode, we examine the major data breach at Century Support Services—also operating under the name Next Level Finance Partners—that exposed the personal information of over 160,000 individuals. While the company discovered indicators of a cyberattack as early as November 2023, it wasn’t until May 2024 that investigators confirmed sensitive data had likely been accessed or exfiltrated. The exposed data is deeply sensitive: names, Social Security numbers, dates of birth, driver’s license and passport details, health and financial information, and even digital signatures. This breach is notable not just for its scale, but for its opacity —no ransomware group has claimed responsibility, and the breach remained largely under the radar compared to other high-profile cyber incidents. Yet the implications are just as serious. We dig into what this breach reveals about the current state of cybersecurity and breach response across industries. From the rise of data leakage as a legally defined event to the complexities of breach detection timelines, this incident reflects many of the systemic issues plaguing organizations today. Topics explored include: The anatomy of the Century Support breach: timeline, scope, and the delayed confirmation of data compromise. Legal definitions and disclosure obligations surrounding personal data exposure. The evolution of data breaches since the early 2000s—and why most are still detected by third parties, not the breached company. Common vulnerabilities that enable such breaches: lack of encryption, social engineering, and third-party risk. The dark web economy: how exposed data circulates and why victims face elevated identity theft risk for years. The role of breach response playbooks, including incident containment, legal reporting, and the offer of identity theft protection (and why consumer uptake remains low). Why attackers might remain silent—exploring motivations and the growing role of stealth attacks not associated with ransomware branding. As attacks become more intricate and visibility more difficult, the Century Support Services case underscores a larger truth: data breaches are no longer exceptional events—they are persistent, costly, and often avoidable failures of digital trust.…
D
Daily Security Review
1 TikTok, China, and the EU: The Battle Over Data Sovereignty 58:06
58:06 Play Later Play Later Lists Like Liked58:06
Play Later Play Later Lists Like LikedIn this episode, we explore the mounting scrutiny TikTok faces over its handling of European user data, with the EU’s Data Protection Commission (DPC) launching a fresh investigation into alleged transfers of data to China. TikTok, owned by Beijing-based ByteDance, is once again in the crosshairs for possible violations of the General Data Protection Regulation (GDPR) — this time following revelations that contradicted previous assurances given during a years-long inquiry. At the heart of the episode lies the broader question: Who controls data in a globalized, politically fractured internet? We delve into the intricate politics of data localization , examining how governments are increasingly treating data flows as matters of sovereignty and national security. With the EU enforcing a rights-based data protection regime and China emphasizing state-centric control through its Personal Information Protection Law (PIPL) , companies like TikTok are navigating a legal minefield where compliance in one jurisdiction could mean noncompliance in another. Topics discussed include: TikTok’s €530 million GDPR fine and the new inquiry sparked by undisclosed data transfers to Chinese servers. The role of Project Clover , TikTok’s €12 billion initiative to localize EU user data and build trust through European-based infrastructure and security auditing. How GDPR’s Article 46 requires equivalency in legal safeguards for any cross-border data transfers, and why Chinese laws such as the National Intelligence Law fail that test. The strategic enforcement power of the Irish DPC and how remote access, not just physical storage, is now classified as a “data transfer” under GDPR. The stark contrast between GDPR and China’s PIPL: one centers on individual rights and transparency, while the other prioritizes state surveillance and geopolitical control. The collateral damage to global cloud computing, API efficiency, and data redundancy when localization laws fragment digital ecosystems. Europe’s evolving stance toward Chinese tech firms—once seen through a commercial lens, now increasingly treated as security and sovereignty issues. Through the lens of the TikTok case, this episode unpacks the new realities of digital governance, where data is power , and control over that data is rapidly becoming a tool of foreign policy. For enterprises and policymakers alike, the challenge is not just about compliance, but navigating a digital world divided by legal borders and political agendas .…
D
Daily Security Review
1 Booz Allen Invests in Corsha: Defending Machine-to-Machine Communication at Scale 33:00
33:00 Play Later Play Later Lists Like Liked33:00
Play Later Play Later Lists Like LikedAs the cybersecurity landscape shifts toward hyperautomation and AI-driven autonomy, a new frontier has emerged: the identity and access security of machines . In this episode, we explore Booz Allen Ventures’ strategic investment in Corsha , a company at the forefront of Machine Identity Provider (mIDP) technology. Their collaboration marks a pivotal moment in redefining how we secure machine-to-machine (M2M) communication , especially in operational environments and critical infrastructure. Corsha’s platform addresses a seismic transformation: machines now outnumber humans in digital ecosystems by a ratio of 50:1—or even 80:1 in some accounts. With the rise of Agentic AI , autonomous software agents are making decisions, executing tasks, and accessing networks without human oversight. This paradigm shift makes human-centric identity models obsolete and demands dynamic, cryptographic, and automated lifecycle management for non-human identities (NHIs) . This episode covers: Why identity is the new perimeter —and why it starts with machines. The vulnerabilities in today's identity and access management (IAM) frameworks, particularly in API-heavy, cloud-native environments where machines drive over 90% of all traffic . How Corsha’s mIDP delivers MFA for machines , manages millions of machine credentials , and secures connections across legacy industrial systems and modern cloud deployments . The significance of Corsha’s integration with traditional IdPs like EntraID and AWS IAM, bringing adaptive identity management to autonomous, interconnected ecosystems. The growing strategic alignment between national security imperatives and machine identity solutions. With Zero Trust becoming a mandate across U.S. federal agencies, Corsha’s capabilities directly support mission-critical autonomy, AI governance, and cyber-physical resilience. The role of Booz Allen Ventures in not just funding Corsha but helping scale its solutions for government and industrial sectors. The firm sees Corsha as “ foundational infrastructure for next-generation mission systems .” How this investment follows Corsha’s Series A and A-1 rounds, and enables the expansion of Corsha Labs , advancing agentless behavioral identity and AI-enhanced IAM for autonomous systems. We conclude with a forward-looking view: as critical infrastructure, defense systems, and industrial operations become more automated , machine identity will become as central as human authentication is today . With Agentic AI accelerating the pace of change, Corsha—and investments like Booz Allen’s—are laying the groundwork for a secure, autonomous future.…
D
Daily Security Review
1 WSUS Meltdown: Global Sync Failures and the Shift Toward Cloud Patch Management 27:45
27:45 Play Later Play Later Lists Like Liked27:45
Play Later Play Later Lists Like LikedWindows Server Update Services (WSUS) has long been a cornerstone of enterprise patch management—but recent global synchronization failures have raised serious questions about its future viability. In this episode, we dissect the widespread outage that left organizations unable to sync critical Windows updates, unpacking both the technical cause and the broader implications for IT teams worldwide. In July 2025, system administrators across the US, UK, India, and Europe found their WSUS servers stuck in failed sync loops, thanks to a problematic update revision from Microsoft. With WSUS servers globally attempting full synchronizations simultaneously, Microsoft's update infrastructure was overwhelmed. The result? Timeout errors, stalled deployments, and massive headaches for IT teams already stretched thin. We walk through the exact symptoms of the incident—including IIS errors, .NET timeouts, and SoftwareDistribution.log anomalies—and the server-side fix that ultimately resolved it. But as we explore the root causes, it's clear this wasn’t just a one-off issue. Firewall misconfigurations, bloated WSUS databases, mismanaged application pools, and MIME-type conflicts all contribute to WSUS’s growing fragility. To keep WSUS functioning, organizations must implement rigorous maintenance routines: Regular SUSDB health checks for superseded, obsolete, and declined updates IIS application pool tuning to prevent 503 errors SQL and PowerShell-based cleanup scripts for reindexing, shrinking, and update pruning Firewall and service configuration audits to ensure all dependencies are running and reachable Even with these best practices, many experts believe WSUS is reaching end-of-life in spirit, if not in official terms. Microsoft's increasing emphasis on cloud-native solutions, like Windows Update for Business (WUfB) and Microsoft Endpoint Configuration Manager (MECM) , signals a strategic departure from the manual, high-maintenance nature of WSUS. We explore modern alternatives that offer automation, scalability, and security: WUfB + Intune : Cloud-native patching with faster deployment and tighter endpoint integration MECM (formerly SCCM) : Hybrid control with support for complex environments and third-party apps Third-party platforms : Like Vicarius vRx, providing cross-platform patching, scripting, and virtual remediation As security threats accelerate and zero-day exploits demand rapid mitigation, patch management can no longer rely on legacy systems prone to breaking under pressure. This episode makes it clear: now is the time to re-evaluate your patching strategy , invest in automation, and position your organization for secure, sustainable operations in a post-WSUS world.…
D
Daily Security Review
1 Cracking eSIM: Exposing the Hidden Threats in Next-Gen Mobile Security 16:43
16:43 Play Later Play Later Lists Like Liked16:43
Play Later Play Later Lists Like LikedeSIM technology has transformed the way we connect—but has it also introduced new vulnerabilities into the heart of modern telecommunications? In this deep-dive episode, we dissect the security architecture, remote provisioning systems, and critical attack surfaces of embedded SIM (eSIM) technology , now deployed in billions of mobile, consumer, and IoT devices worldwide. While eSIMs offer convenience, flexibility, and integration benefits, a growing body of research reveals severe flaws in their design and implementation— flaws that allow profile hijacking, cloning, and even eavesdropping on private communications. We begin by tracing the evolution of Subscriber Identity Module (SIM) technology into today’s eUICC-based eSIM architecture , reviewing the GSMA’s role in standardizing eSIMs for machine-to-machine (M2M), consumer, and IoT deployments . We unpack the core remote provisioning components, such as SM-SR, SM-DP+, LPA, and IPA , and explain how they interact to enable over-the-air SIM profile installation and switching—technically elegant, but increasingly a security liability. The heart of the episode delves into high-impact vulnerabilities that continue to shake the telecom industry: Memory exhaustion attacks that brick eSIMs by orphaning profile containers Malicious profile locking that disables switching to other networks Cloning and profile hijacking , demonstrated in 2025 by researchers who extracted private cryptographic keys from real-world GSMA-certified eUICCs Undetected Java app injection , allowing rogue code to be embedded in live profiles Critical failures in Java Card VM implementations , enabling type confusion and remote profile manipulation We also discuss the wider systemic implications , including: How attackers cloned an Orange eSIM and hijacked a subscriber’s identity undetected Why “tamper-proof” certification claims are now under scrutiny The limitations of current GSMA security fixes and certification frameworks Why hardware security modules (HSMs) and cryptographic audits are essential for true resilience The tension between convenience and control in mobile ecosystems—and what’s at stake if security doesn’t catch up with innovation As vendors scramble to issue patches and strengthen defenses, the telecom industry faces an urgent reckoning: Can eSIM technology remain viable without complete trust in its secure elements? And are operators, vendors, and standard bodies doing enough to prevent the next wave of remote SIM exploitation? Whether you're a telecom engineer, a cybersecurity professional, or an executive responsible for device security, this episode reveals the high-stakes battle for the security of our mobile identities —and what it will take to protect billions of connected users from invisible compromise.…
D
Daily Security Review
1 Qantas Breach and Beyond: Cybersecurity Risks in Australia’s Digital Supply Chains 1:03:23
1:03:23 Play Later Play Later Lists Like Liked1:03:23
Play Later Play Later Lists Like LikedAs Australia contends with a growing wave of cybersecurity incidents, this episode explores the intersection of national privacy laws, global supply chain vulnerabilities, and public trust in digital security . The recent Qantas data breach—affecting over 5 million customers—was the latest high-profile case to expose how fragile third-party service relationships can compromise even the most reputable organizations. But Qantas is not alone. The aviation sector, and critical infrastructure more broadly, is now a primary target for sophisticated cyberattacks fueled by digitization and undersecured supply chains. We begin with an overview of Australia’s privacy and data protection framework , governed by the Privacy Act, Cyber Security Act, Spam Act , and other related legislation. The Office of the Australian Information Commissioner (OAIC) plays a central role in enforcement, requiring timely breach notifications, secure data handling practices, and clear definitions around personal and sensitive information. Recent legislative amendments are pushing toward more stringent accountability, but enforcement still faces gaps, particularly in the context of global data transfers and outsourced operations. We then widen the lens through insights from ENISA’s latest supply chain cybersecurity report , which examines how organizations across the EU are struggling to implement consistent practices around vendor risk, vulnerability management, and patching. Despite having policies on paper, many essential entities lack dedicated resources, cybersecurity roles, or real-time visibility into their third-party environments. In an interconnected world, supply chain security is only as strong as its weakest link —a lesson repeatedly demonstrated in sectors like aviation, healthcare, and critical infrastructure. The Qantas breach, caused by an attack on a third-party call center platform , underscores the increasing relevance of this risk. Similar incidents at Cathay Pacific, SITA, and U.S. airports point to airlines becoming soft targets due to legacy systems, widespread outsourcing, and the complexity of digital ecosystems. Attackers, including state-aligned threat groups, are leveraging phishing, credential theft, and software vulnerabilities to breach these layered environments. We also discuss: The FAA’s proposed cybersecurity rules for aviation systems and how global regulators are responding to emerging threats Why call centers have become high-value entry points for attackers targeting sensitive personal information Best practices for breach response , including credit monitoring, fraud alerts, and legal safeguards for affected individuals Public sentiment in Australia, where consumers are expressing growing frustration with repeated breaches and lack of corporate accountability Actionable recommendations for companies: strong access controls, continuous monitoring, role-based restrictions, and transparent supplier audits The challenge of aligning technical, operational, and legal safeguards across jurisdictions in a rapidly evolving threat landscape Ultimately, this episode emphasizes that strong cybersecurity is not just a technical challenge—it’s a governance and trust imperative. As breaches continue to mount and regulations tighten, both organizations and individuals must adapt to protect their digital assets, reputations, and rights.…
D
Daily Security Review
1 Taiwan Sounds the Alarm: TikTok, WeChat, and the Chinese Data Threat 1:06:28
1:06:28 Play Later Play Later Lists Like Liked1:06:28
Play Later Play Later Lists Like LikedIn this episode, we examine Taiwan’s growing alarm over Chinese mobile applications , especially TikTok and WeChat, in light of rising global concern over data privacy and foreign surveillance. A recent inspection by Taiwan’s National Security Bureau (NSB) revealed that these apps aggressively collect personal data and transmit it to servers located in mainland China—where national laws require that user data be made available to Chinese government authorities upon request. Taiwan’s warning isn’t isolated—it echoes fears expressed by governments across the world, from the United States to India to European regulators, who see apps like TikTok, WeChat, and others as national security risks . At the center of this debate lies the Data Security Law (DSL) of the People’s Republic of China , a sweeping mandate that compels companies to store data within China and hand it over for national intelligence purposes. Taiwan’s NSB highlighted violations such as the unauthorized collection of facial recognition data, contacts, geolocation, and more—actions that could be leveraged for foreign surveillance, espionage, or influence operations. We explore: The mechanics of data collection by TikTok, WeChat, and similar Chinese-developed apps—including how these apps access sensitive personal information far beyond what's needed for their core functionality. How Chinese national laws—especially the DSL, Cybersecurity Law, and National Intelligence Law—enable state access to user data stored by any company operating in or connected to China. Taiwan’s broader national security context , including cyberattacks and espionage targeting its infrastructure, which raise the stakes for data security. Parallel concerns from other nations , including EU investigations into unlawful data transfers, India’s outright bans on hundreds of Chinese apps, and ongoing U.S. debates about TikTok's fate. The potential for foreign influence through content curation , especially via algorithmic targeting of political messages and behavioral profiling enabled by biometric data collection. Regulatory dilemmas facing democracies: how to balance free markets and open technology with the imperative to protect citizens’ data and national infrastructure. Taiwan’s alignment with global trends in confronting China-developed software—not just through advisories but also through technological countermeasures and increased cyber resilience efforts . The episode also covers what average users can do: re-evaluating app permissions, avoiding features with poor transparency, and understanding the geopolitical stakes behind seemingly innocuous mobile platforms.…
D
Daily Security Review
1 The Evolution of Atomic macOS Stealer: Backdoors, Keyloggers, and Persistent Threats 45:00
45:00 Play Later Play Later Lists Like Liked45:00
Play Later Play Later Lists Like LikedThis episode exposes the growing menace of Atomic macOS Stealer (AMOS) — a rapidly evolving malware-as-a-service (MaaS) platform targeting macOS users worldwide. Once seen as a simple data stealer, AMOS has matured into a potent, long-term threat featuring keyloggers , a persistent backdoor , and system-level access , all designed to exfiltrate data and maintain control over compromised systems. AMOS now enables threat actors to remotely execute commands, spy on users, and re-infect devices even after reboot , thanks to advanced macOS persistence techniques like LaunchDaemons and hidden binary scripts. Its infection chain relies on social engineering, counterfeit applications, and tampered DMG installers — making even savvy Mac users vulnerable. This episode explores: AMOS's evolution from stealer to full-platform malware with persistent remote access Key features of the latest version, including a keylogger and embedded backdoor capable of running arbitrary commands Real-world attack vectors , such as phishing campaigns, cracked software, poisoned torrents, and fake job ads targeting cryptocurrency holders and freelancers The use of macOS persistence mechanisms (LaunchDaemons, osascript, ScriptMonitor) and Gatekeeper evasion Cross-platform development in GoLang, allowing the malware to operate seamlessly across Mac architectures The global impact , with campaigns spanning over 120 countries and rising infection rates in the U.S., U.K., France, and Canada How AMOS compares to Cthulhu Stealer and North Korea-aligned tools like RustBucket and macOS BeaverTail Practical security steps to detect and mitigate AMOS, including IOC monitoring, digital signature verification, and behavioral endpoint defenses AMOS has rapidly become one of the top three most detected macOS threats , signaling a paradigm shift in Mac-targeted malware. With crypto wallets, browser data, and personal credentials at risk, this episode is essential listening for anyone in cybersecurity, IT, or using Macs in high-risk industries.…
D
Daily Security Review
1 CitrixBleed Returns: CVE-2025-5777 and the Exploitation of NetScaler Devices 1:02:21
1:02:21 Play Later Play Later Lists Like Liked1:02:21
Play Later Play Later Lists Like LikedIn this episode, we dissect CitrixBleed 2 —a newly disclosed and actively exploited vulnerability affecting Citrix NetScaler ADC and Gateway appliances. Tracked as CVE-2025-5777 (and possibly also CVE-2025-6543), this critical flaw mirrors the notorious original CitrixBleed by allowing attackers to extract sensitive memory content , including user session tokens , through crafted POST login requests. Despite Citrix’s claims that there’s no active exploitation, threat intelligence reports from security researchers and government agencies like CISA tell a different story: public proof-of-concept exploits are circulating , and attacks have been observed as early as mid-June. The vulnerability stems from a format string misuse involving the snprintf function, allowing memory leakage in small byte increments—enough for determined attackers to reconstruct sensitive data, hijack authenticated sessions, and potentially access administrative utilities. We cover everything from the technical mechanics of the vulnerability to the strategic mitigation steps enterprises must take. Affected systems include NetScaler MPX, VPX, SDX , and NetScaler Gateway , making the scope of risk widespread, especially in large-scale remote access and cloud deployments. In this episode, we unpack: How CVE-2025-5777 works, including the format string flaw and session token exposure Indicators of active exploitation and CISA’s inclusion of related CVEs in its KEV catalog The timeline and evidence suggesting exploitation began weeks before disclosure Why slow patch adoption is increasing risk across industries A guided breakdown of the NetScaler Secure Deployment Guide , covering: Strong authentication, MFA, and password security Role-based access control (RBAC) and session management Secure traffic segmentation, ACL configuration, and TLS hardening App-layer protections like WAF and rewrite policies for cookie security Logging, SNMP configuration, and remote syslog best practices DNSSEC and cryptographic key management How to verify patch status via the NetScaler Console and initiate remediation scans This episode delivers a clear message: Patch now, monitor aggressively, and revisit your NetScaler hardening strategy . With public exploits in circulation and attackers harvesting session tokens, this vulnerability represents a pressing concern for enterprises relying on Citrix infrastructure.…
D
Daily Security Review
1 SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk 1:02:01
1:02:01 Play Later Play Later Lists Like Liked1:02:01
Play Later Play Later Lists Like LikedIn this episode, we break down SAP’s July 2025 Security Patch Day—a high-stakes moment for any enterprise relying on SAP’s core business applications. With 27 new and 4 updated security notes released, including seven rated as critical , this patch cycle directly targets some of the most serious vulnerabilities seen in SAP environments in recent memory. At the center of this month’s update is CVE-2025-30012 , a critical unauthenticated command execution flaw in SAP Supplier Relationship Management (SRM). Initially classified as high priority, this vulnerability has now been escalated to critical status due to its severe impact. Also in the spotlight: a remote code execution bug in SAP S/4HANA and SCM (CVE-2025-42967) , and four insecure deserialization vulnerabilities affecting SAP NetWeaver Java systems—longtime targets for threat actors and ransomware groups alike. While there are no confirmed in-the-wild exploits for these new issues, history tells us that such gaps don’t remain unexploited for long. Just earlier this year, vulnerabilities in SAP’s Visual Composer framework were actively exploited by ransomware operators like BianLian and RansomEXX . As threat actors grow more sophisticated and supply chain targets grow more lucrative, patch speed has never been more important. This episode covers: The vulnerabilities patched in SAP’s July advisory and their real-world risk Why CVSS scoring matters —and how SAP determines what counts as "critical" The SAP vulnerability lifecycle , and how organizations can use structured frameworks for patch and incident management Key lessons from past exploits , including zero-day activity targeting SAP systems The shared security model in cloud deployments like RISE with SAP—and what you’re responsible for vs. what SAP handles Why alert fatigue and delayed patching are existential threats in SAP environments How to verify your patch level, interpret SAP Notes, and ensure you’re protected We also discuss how critical tools like SecurityBridge , NIST-aligned vulnerability workflows, and proactive community engagement can help mitigate threats and support SAP admins, DevSecOps teams, and CISOs navigating the growing complexity of ERP security.…
D
Daily Security Review
1 106GB Exposed? Telefónica, HellCat, and the Silent Data Breach 50:33
50:33 Play Later Play Later Lists Like Liked50:33
Play Later Play Later Lists Like LikedIn this episode, we explore a shadowy and unconfirmed—but highly consequential—data breach at Spanish telecommunications giant Telefónica. Allegedly orchestrated by the HellCat ransomware group, the breach involves a staggering 106GB of exfiltrated data, including internal communications, customer records, and employee information. Telefónica has yet to acknowledge the breach publicly, while the threat actor “Rey” released a 5GB sample to support their claim, pointing to a Jira server misconfiguration as the entry point. We unpack the evolving tactics of HellCat—a ransomware gang known for targeting Atlassian’s Jira platform—and examine how such misconfigurations continue to expose sensitive data across major organizations like NASA, Google, and Yahoo. Telefónica is no stranger to HellCat; a similar attack occurred in January, making this latest breach appear not only credible but also indicative of ongoing remediation failures. But this isn’t just a story about technical lapses—it’s also a warning shot for every organization subject to the GDPR and Spain’s national data protection laws. We dig into the regulatory implications, potential fines, and legal obligations that Telefónica could face if the breach is confirmed. You'll also hear why Atlassian’s Jira platform has become a soft target for threat actors, and what companies need to do to harden their SaaS deployments against similar threats. Finally, we explore frameworks for responsible breach response—from immediate containment to post-incident review—and what every enterprise should learn from this growing wave of misconfiguration-fueled cyberattacks. Key discussion points include: The anatomy of the Telefónica breach and the leaked data How HellCat exploits Jira misconfigurations and infostealer-compromised credentials The broader trend of Atlassian-based intrusions across multiple industries GDPR and NLOPD obligations: What counts as a notifiable breach? Regulatory fines, reputational risks, and the right to compensation Best practices for SaaS security and breach response in 2025 This episode is a must-listen for CISOs, privacy officers, IT security professionals, and legal teams navigating the intersection of cybersecurity failures and regulatory exposure.…
D
Daily Security Review
1 Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout 59:56
59:56 Play Later Play Later Lists Like Liked59:56
Play Later Play Later Lists Like LikedThe recent ransomware attack on Ingram Micro , a global technology distribution giant, reveals not only a sophisticated human-operated cyber assault—but also the fragile state of modern supply chain cybersecurity. In this episode, we break down how attackers, believed to be affiliated with the SafePay ransomware group , penetrated Ingram Micro’s infrastructure, reportedly by exploiting a Palo Alto GlobalProtect VPN vulnerability and leveraging stolen credentials. The breach disrupted the company’s website and order systems, impacting partners and resellers worldwide. This case is a microcosm of a much larger threat: ransomware groups are evolving, using targeted, manual operations rather than automated malware blasts. And when a company like Ingram Micro gets hit, the downstream effects ripple through entire IT ecosystems. This episode explores the deeper story behind the headlines, including: Human-operated ransomware tactics , including credential theft, privilege escalation, lateral movement, and double extortion. The critical vulnerability CVE-2024-3400 in GlobalProtect , which is being actively exploited in real-world ransomware campaigns. SafePay’s emergence in 2025 as a serious actor, using stolen VPN credentials and backdoor persistence methods to deploy ransomware discreetly. How human-operated ransomware attacks differ from commodity malware—and why they're more dangerous. The risks of supply chain dependence , as illustrated by partners experiencing delays and business interruptions from Ingram Micro’s outage. The importance of adopting a Cybersecurity Supply Chain Risk Management (C-SCRM) strategy using NIST’s framework . Key mitigation steps, including enforcing multi-factor authentication (MFA) , hardening remote access tools, implementing network segmentation , and maintaining robust offline backups . Best practices for incident response and recovery , based on guidance from CrowdStrike, Microsoft, and NCSC. How ransomware threat actors are becoming increasingly selective, strategic, and efficient—often targeting misconfigured enterprise platforms as initial entry points. The Ingram Micro attack is a reminder that resilience isn’t just about stopping the ransomware—it’s about preparing for its inevitable arrival . For organizations operating in the cloud, distributing hardware, or serving as a linchpin in digital ecosystems, the lessons from this breach are urgent and universal.…
D
Daily Security Review
1 The Illusion of Shutdowns: What Hunters International's Closure Really Means 42:41
42:41 Play Later Play Later Lists Like Liked42:41
Play Later Play Later Lists Like LikedIn a sudden and cryptic announcement, the notorious ransomware group Hunters International has declared its shutdown, citing “recent developments” and pledging to release decryption keys to victims. Active since late 2022 and suspected to be a rebrand of the earlier Hive ransomware gang , Hunters International has been responsible for attacks on nearly 300 organizations across various industries. Yet, cybersecurity experts believe this announcement is less about remorse—and more about reinvention. In this episode, we dissect what this “shutdown” really means. Far from disappearing, the group may already be operating under a new name: World Leaks . This episode explores the lifecycle of ransomware gangs and how rebranding, splintering, and strategic pauses are common tactics used to throw off law enforcement and improve operational resilience. Key discussion points include: The lifecycle of ransomware groups, from emergent to established , using the GRIT taxonomy. How rebranding is used to evade law enforcement pressure and manage public perception, especially after high-profile disruptions. The Hive–Hunters–World Leaks lineage , and what indicators point to continuity rather than closure. Why law enforcement actions rarely shut down ransomware permanently, often leading to splinter or successor groups . The business model of ransomware , including double extortion, data leak sites, and Ransomware-as-a-Service (RaaS). Which sectors remain most vulnerable—including manufacturing, professional services, finance, and education —and how victim selection is increasingly based on financial footprint and data value . The significance of public communications and tactics like apologies, targeting rules, and ethics messaging used to shape ransomware groups' public image. The importance of ransomware payment tracking via blockchain , with insights into Bitcoin-based laundering operations and the transparency paradox of public ledgers. The value of Ransomware Susceptibility Index™ (RSI) metrics to help organizations prioritize defenses and understand their exposure. This case study of Hunters International exemplifies the strategic fluidity of modern ransomware operations —where shutting down may simply mean rebooting under a different brand. For defenders, staying ahead means recognizing these patterns, maintaining continuity in threat intelligence, and preparing for the next iteration before it strikes.…
D
Daily Security Review
1 CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late 40:49
40:49 Play Later Play Later Lists Like Liked40:49
Play Later Play Later Lists Like LikedA newly discovered and actively exploited zero-day vulnerability in Google Chrome has sent ripples through the cybersecurity community. Known as CVE-2025-6554 , this critical type confusion flaw in Chrome’s V8 JavaScript and WebAssembly engine enables remote attackers to perform arbitrary read/write operations or execute code via a single malicious webpage. With active exploitation confirmed and inclusion in CISA’s Known Exploited Vulnerabilities catalog , organizations are under urgent pressure to patch all affected systems—immediately. In this episode, we break down what makes this vulnerability especially dangerous, why Google’s Threat Analysis Group (TAG) is paying close attention, and what this incident tells us about the state of browser security, enterprise patch management, and memory safety technologies . Though Google has released patches for Chrome and other Chromium-based browsers—including Microsoft Edge, Brave, and Vivaldi—the scale of exposure across platforms is massive. Key topics we explore include: Technical breakdown of CVE-2025-6554 : How type confusion in the V8 engine leads to total compromise. Sandboxing in V8 : How Chrome's V8 Sandbox mitigates memory corruption—and what this exploit bypassed. Indicators of nation-state exploitation : The role of Google’s TAG and what it implies about the attackers. Patching priorities : Why immediate updates to versions 138.0.7204.96/.97 (Windows/Linux) and .92/.93 (macOS) are non-negotiable. Beyond Chrome : The ripple effect on all Chromium-based browsers and Electron-based applications. Patch management best practices : From realistic testing environments and system categorization to rollback procedures, KPIs, and automation. With CVE-2025-6554 being the fourth zero-day in Chrome this year , this isn’t just a browser issue—it’s a litmus test for security readiness . As attackers grow faster and more sophisticated, your ability to rapidly detect, prioritize, and patch vulnerabilities is more crucial than ever. Whether you're managing an enterprise IT infrastructure, leading an AppSec team, or securing a fleet of endpoints, this episode will arm you with both the technical insight and operational perspective needed to respond decisively to this threat—and to the next one.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Daily Security Review
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k347
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
