Fake Microsoft, Netflix, & Apple Support: The Scam Lurking in Google Search

Daily Security Review

#Tech #News #Tech News #Daily Security Review

56:04

Growing up in a military family, Tristen Epps moved around a lot. But no matter where he was living, Friday nights were sacred. He got to dress up, go to a restaurant, not order from a kids menu, and feel like he was getting to know the place he was living — for now. At home, when his mom taught him to scramble an egg, he was mesmerized by the alchemy; one simple ingredient could transform into so many things. It's that wonder and curiosity that transformed him into the leader, visionary, and Top Chef winner he is today. He joined Tinfoil Swans at the Food & Wine Classic in Aspen to talk about his mission to “un-colonize colonized food,” the freedom he feels cooking in Air Jordans, why it's important to him to celebrate oxtails with Michelin-level finesse, and his belief that cooking has power to correct history. For more info visit: foodandwine.com/tinfoilswans Sponsor: Old Fitzgerald® Kentucky Straight Bourbon Whiskey. Bardstown, KY. 50% Alc./Vol. Think Wisely. Drink Wisely. Learn more about your ad choices. Visit podcastchoices.com/adchoices…

about a year ago 32:40

MP3•Episode home

In this eye-opening episode, we break down a sophisticated new trend in tech support scams (TSS) that’s catching even the most cautious users off guard.

Scammers are now hijacking Google Ads and manipulating search results to funnel users—who are simply looking for help—to malicious phone numbers injected directly into legitimate websites like Apple, Microsoft, Netflix, and major banks. Clicking on what appears to be an official Google Ad can land you on a real brand page — but with a fake tech support number secretly inserted into the URL path or internal search results.

We’ll dive into:

How scammers use Google Ads as a primary conduit for distributing rogue tech support ads.
The alarming tactic of injecting fraudulent phone numbers into real company websites.
Why even Fortune 500 companies are vulnerable to these attacks — with 86% of the top 50 companies affected.
The shift from “aggressive” pop-up-based scams to “passive” professional-looking scam pages that evade detection for longer.
How black hat SEO and support domains are driving long-lived scam infrastructure.
The persistent financial motivation behind these scams — and why many victims end up giving remote access to their devices or sharing sensitive banking details.

We’ll also cover what law enforcement and cybersecurity experts are doing to counter this new wave of scams, why detection remains so challenging, and practical tips that users and defenders can take to protect themselves.

If you’ve ever searched for tech support online — or know someone who has — this is an episode you won’t want to miss.

269 episodes

Fake Microsoft, Netflix, & Apple Support: The Scam Lurking in Google Search

Daily Security Review

published about a year ago

MP3•Episode home

In this eye-opening episode, we break down a sophisticated new trend in tech support scams (TSS) that’s catching even the most cautious users off guard.

We’ll dive into:

How scammers use Google Ads as a primary conduit for distributing rogue tech support ads.
The alarming tactic of injecting fraudulent phone numbers into real company websites.
Why even Fortune 500 companies are vulnerable to these attacks — with 86% of the top 50 companies affected.
The shift from “aggressive” pop-up-based scams to “passive” professional-looking scam pages that evade detection for longer.
How black hat SEO and support domains are driving long-lived scam infrastructure.
The persistent financial motivation behind these scams — and why many victims end up giving remote access to their devices or sharing sensitive banking details.

If you’ve ever searched for tech support online — or know someone who has — this is an episode you won’t want to miss.

269 episodes

#Tech #News #Tech News #Daily Security Review

All episodes

Daily Security Review

1
ReVault: Critical Dell Firmware Flaws Allow Windows Login Bypass and Persistent Implants 48:07

3 days ago48:07

48:07

In a powerful reminder that hardware security is just as critical as software defense, Cisco Talos researchers have uncovered “ReVault,” a collection of five high-severity firmware vulnerabilities in Dell’s ControlVault3 subsystem. These flaws impact over 100 Dell laptop models, including the Latitude, Precision, and XPS series—devices used widely across enterprise, government, and high-security environments. **ReVault allows attackers with physical access to bypass Windows login, implant persistent malware, and exfiltrate sensitive credentials and biometric data—**even surviving a full reinstallation of Windows. ControlVault3, Dell’s secure enclave designed to protect fingerprints, smartcard credentials, and cryptographic keys, has become a dangerous point of exploitation, enabling attackers to reprogram biometric validation, leak stored credentials, or embed stealth firmware backdoors. This episode dives deep into the attack chains revealed by Cisco: from unsafe deserialization flaws and remote code execution to USB-based login bypasses and firmware manipulation without needing any credentials. In certain cases, the attacker can reprogram fingerprint sensors to accept any print, defeating one of the system’s core security defenses. We also explore the broader implications of firmware-level attacks, why persistence below the OS is so dangerous, and how this threat bypasses antivirus, firewalls, and even full-disk encryption. With firmware attacks rising sharply and more organizations adopting biometric security, ReVault is a stark warning of how “trusted hardware” can become an invisible threat. We’ll cover Dell’s mitigation guidance, the importance of enabling BIOS chassis intrusion alerts, disabling unused ControlVault features, and monitoring unusual biometric service activity. We’ll also break down best practices for firmware security, including secure boot, cryptographic validation, and detection strategies for stealth implants. This isn’t just a Dell issue. It’s a wake-up call to the industry: firmware is the new attack surface—and it’s wide open. #ReVault #Dell #FirmwareSecurity #ControlVault3 #WindowsBypass #BiometricSecurity #RCE #Persistence #CiscoTalos #LaptopSecurity #Cybersecurity #SecureBoot #FirmwareImplants #ChassisIntrusion #EndpointSecurity #SecureHardware #XPS #Precision #Latitude…

Daily Security Review

1
Air France–KLM Data Breach Exposes Customer Info via Compromised Third-Party Platform 36:56

3 days ago36:56

36:56

The aviation industry has suffered yet another major cybersecurity incident. Air France and KLM have confirmed a data breach impacting customer records via an external customer service platform. While no sensitive financial or identity documents were compromised, attackers successfully accessed unspecified customer data—prompting both airlines to notify authorities and warn affected individuals to remain vigilant against suspicious communications. This episode explores what we know about the breach, the growing trend of third-party vulnerabilities, and the broader cyber threat landscape engulfing aviation in 2025. Air France–KLM joins a long and growing list of global airlines—including Qantas, WestJet, and Hawaiian Airlines—that have fallen victim to data breaches, ransomware, and DDoS attacks in just the first half of the year. We contextualize this breach within a 131% increase in aviation cyberattacks from 2022 to 2023, as revealed by ICAO, and discuss how these intrusions impact not just data privacy—but also flight safety, operational capacity, and global trust in airline systems. With the average cost of a breach nearing $4.88 million, and attackers frequently targeting frequent flyer data, biometric systems, and airport infrastructure, this incident is more than a privacy lapse—it’s a warning shot across an industry struggling to keep pace with rapidly evolving digital threats. We’ll also examine the regulatory response—including GDPR mandates and global data breach notification laws—and offer best practices for cybersecurity resilience in aviation, from vendor security vetting and zero-trust frameworks to identity verification reform and continuous employee training. As global aviation embraces digital transformation, the stakes have never been higher. In the air and on the ground, cybersecurity now means safety. #AirFrance #KLM #DataBreach #AviationCybersecurity #ThirdPartyBreach #CustomerData #AirlineHacks #FlyingBlue #QantasBreach #AviationSecurity #CyberResilience #GDPR #Ransomware #AviationBreach #CyberThreats #ZeroTrust #IncidentResponse #AirlineCyberattack…

Daily Security Review

1
Critical Flaws in CyberArk Conjur and HashiCorp Vault Put Enterprise Secrets at Risk 37:29

4 days ago37:29

37:29

Enterprise secrets managers—long considered the most secure components in modern infrastructure—are now under fire. In a groundbreaking report, cybersecurity firm Cyata revealed 14 critical zero-day vulnerabilities across CyberArk Conjur and HashiCorp Vault, exposing flaws that allow unauthenticated attackers to achieve remote code execution (RCE), privilege escalation, and even full system takeover—all without a password or token. These aren’t just theoretical risks. The vulnerabilities could give attackers access to every database, every API key, every cloud resource—the very lifeblood of an enterprise’s security posture. In some cases, Cyata researchers demonstrated that a single unauthenticated API request was enough to completely compromise the vault. We break down the most dangerous findings: CyberArk Conjur's vulnerabilities include IAM authenticator bypasses, remote code execution, and file disclosure exploits that could be chained together for total control. HashiCorp Vault is hit even harder, with nine critical flaws such as RCE via plugin abuse, MFA and lockout bypasses, and a root privilege escalation bug caused by policy normalization inconsistencies. One Vault bug had been lurking for nine years, silently compromising the trust model for machine identity. These issues highlight a broader shift in cybersecurity—from traditional memory corruption exploits to subtle but devastating logic flaws within authentication and policy enforcement layers. As enterprises move toward automation and DevSecOps, the security of secrets managers is more important than ever—and these discoveries expose how fragile that foundation can be. We also unpack the best practices for secrets management and mitigation: Patch now—both vendors have issued urgent fixes. Avoid "Secret Zero" vulnerabilities. Rotate secrets regularly, apply least-privilege policies, and never hardcode secrets. Embrace secure SDLC practices with red teaming, static analysis, and shift-left threat modeling. This episode is a wake-up call: even your vault isn’t safe. If your secrets manager is compromised, your infrastructure is already lost. #HashiCorpVault #CyberArkConjur #SecretsManagement #ZeroDayVulnerabilities #RemoteCodeExecution #PrivilegeEscalation #RCE #AuthenticationBypass #Cyata #DevSecOps #EnterpriseSecurity #APIKeySecurity #VaultBreach #CyberSecurity #SecretsSprawl #SecureSDLC #SecureCoding #PatchNow…

Daily Security Review

1
Prompt Injection Nightmare: Critical AI Vulnerabilities in ChatGPT, Copilot, Gemini & More 56:52

4 days ago56:52

56:52

Enterprise AI assistants are revolutionizing productivity—but they’re also opening new doors for cyberattacks. In this episode, we explore explosive research from Zenity Labs, which reveals that leading AI tools like ChatGPT, Microsoft Copilot, Google Gemini, Cursor, and Salesforce Einstein are vulnerable to prompt injection attacks—a class of exploit that can silently hijack these systems without user interaction. These aren’t theoretical flaws. Through real-world demonstrations at Black Hat USA 2025, Zenity unveiled “AgentFlayer”, a suite of 0-click prompt injection exploits capable of exfiltrating data, modifying records, or rerouting communications—all via malicious files, calendar invites, browser extensions, or embedded email instructions. Victims never click a link or open an attachment. We examine how attackers manipulate large language models (LLMs) by embedding rogue commands into content streams. Whether it’s stealing API keys from ChatGPT, rerouting customer emails in Salesforce, altering CRM data in Copilot, or conducting stealth phishing via Gemini’s Gmail summarization, the risks are widespread and deeply concerning. The episode also explores the critical limitations of traditional security tools, which can’t detect these LLM-specific exploits. We highlight why AI security demands an “AI-first” approach, including new frameworks like Google’s AI control plane model, MITRE’s SAFE-AI, and OWASP’s Top 10 for LLMs—where prompt injection now ranks as the #1 threat. As vendors scramble to patch some of these vulnerabilities, many others remain live, with some companies labeling them “intended functionality.” With AI now deeply embedded in corporate infrastructure, can your enterprise afford to ignore this threat? We break down mitigation strategies—from prompt validation and red teaming to browser inspection and role-based access controls—and examine how this new era of cyber risk is forcing companies to rethink everything they thought they knew about software security. #PromptInjection #AIsecurity #ChatGPT #Copilot #Gemini #SalesforceEinstein #Zenity #AgentFlayer #ManInThePrompt #Cybersecurity #LLMrisks #EnterpriseAI #BrowserExploits #StealthPhishing #0ClickAttacks #AIFirstSecurity #AIcontrols #BlackHat2025 #GenAI #SAILframework #SAFEAI #AIMaturityModel…

Daily Security Review

1
From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis 46:37

4 days ago46:37

46:37

A new wave of cyber extortion is sweeping across global enterprises, and the battlefield is Salesforce CRM. The notorious **ShinyHunters group—tracked internally by Google as UNC6040/UNC6240—**has launched a coordinated series of breaches using vishing (voice phishing) to compromise employee credentials, exfiltrate sensitive customer data, and demand ransoms to prevent public leaks. Among the victims: Google, Adidas, Qantas, Allianz Life, Cisco, and subsidiaries of LVMH, with some companies reportedly paying hefty Bitcoin ransoms to keep their data off the dark web. Google itself confirmed in June that basic business contact information was stolen from one of its Salesforce instances, underscoring the widespread reach of these attacks. This episode dives into how vishing has evolved, often bolstered by AI-driven deepfake voices and extensive reconnaissance, to trick employees into approving malicious connected apps disguised as legitimate Salesforce tools. We’ll explore how ShinyHunters are leveraging custom scripts, VPN obfuscation, and multi-extortion tactics—threatening not just data theft, but public leaks and reputational ruin. We also break down the shared responsibility model of Salesforce security, where organizations—not Salesforce itself—carry the burden of safeguarding their CRM data. With CRM systems considered the “crown jewels” of enterprise operations, these breaches reveal the vulnerabilities created by human error, third-party risk, and insufficient security controls. Finally, we discuss the proactive measures organizations must adopt: universal multi-factor authentication, least-privilege access, connected app management, IP-based login restrictions, Salesforce Shield monitoring, and robust incident response plans. With cyber extortion costs averaging $4.45 million per breach, and multi-extortion tactics on the rise, the question is no longer if attackers will try—but whether organizations are ready when they do. #SalesforceBreach #ShinyHunters #UNC6040 #UNC6240 #CyberExtortion #Vishing #VoicePhishing #CRMData #GoogleBreach #Adidas #Qantas #LVMH #Cisco #Allianz #Cybersecurity #DataExfiltration #Ransomware #MultiExtortion #SocialEngineering #SalesforceSecurity #IncidentResponse…

Daily Security Review

1
Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles 31:43

4 days ago31:43

31:43

Cisco has confirmed a new data breach after a vishing (voice phishing) attack tricked a company representative into exposing access to a third-party CRM system. Detected on July 24, 2025, the breach compromised basic user details such as names, emails, and phone numbers of Cisco.com registrants. While the data was non-sensitive, the incident underscores a rising and dangerous trend: cybercriminals bypassing traditional defenses by exploiting the human factor. In this episode, we unpack how vishing—often using AI-driven deepfake voices—has surged by over 1,600% in 2025, targeting employees in IT, HR, and customer service roles. Unlike email phishing, vishing sidesteps filters and relies on psychological tactics like urgency, fear, and authority to manipulate victims. Cisco’s quick response included securing its systems and launching enhanced staff retraining programs to prevent future attacks. But this isn’t the first breach Cisco has faced. In October 2024, the notorious hacker IntelBroker infiltrated Cisco’s DevHub environment, exfiltrating source code and sensitive archives. Taken together, these incidents highlight the dual threats of sophisticated cybercriminals and highly effective social engineering campaigns. We’ll explore why CRM data is considered the “crown jewels” of enterprises, the dangers of third-party vendor risks, and why layered security is no longer optional. From vendor due diligence and multi-factor authentication to real-time monitoring and incident response playbooks, this breach is a case study in how attackers exploit gaps in security culture—not just technology. With AI making vishing more convincing than ever, the big question remains: can companies like Cisco keep pace with the evolving threat landscape? #Cisco #DataBreach #Vishing #VoicePhishing #IntelBroker #Cybersecurity #CRMData #ThirdPartyRisk #AIPhishing #SocialEngineering #DataSecurity #IncidentResponse #MultiFactorAuthentication #DevSecOps #DeepfakeThreats #Cybercrime #SupplyChainSecurity…

Daily Security Review

1
Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities 52:37

4 days ago52:37

52:37

The world of application security is shifting dramatically as AI begins to move from simply flagging vulnerabilities to actively fixing them. Ox Security has launched Agent Ox, a groundbreaking AI-powered extension designed to automate secure, organization-specific code fixes. Unlike generic coding assistants that offer boilerplate advice, Agent Ox analyzes each company’s unique codebase and runtime environment to deliver tailored, context-aware solutions. This episode explores how Agent Ox could transform developer workflows and the broader DevSecOps landscape. We examine its three-step process: detection through native and third-party scans, prioritization with code projection to cut false positives, and multi-agent remediation that generates secure fixes aligned with business logic and data sensitivity. Developers remain in control—able to review, customize, and approve fixes directly within their familiar tools—helping to build trust in AI-driven security. We also compare Agent Ox to other next-gen tools like Pixee, which is automating the “final mile” of application security. Together, these innovations are addressing long-standing challenges: developer fatigue, overwhelming vulnerability lists, and the struggle to prioritize what truly matters. With financial losses from cyberattacks climbing and developer teams under constant pressure, AI-driven remediation may be the future of secure software development. Is this the moment where AI finally bridges the gap between security and speed in software development? Join us as we break down how Agent Ox could redefine what it means to keep code safe. #AgentOx #OxSecurity #ApplicationSecurity #DevSecOps #AI #CodeRemediation #VulnerabilityManagement #Cybersecurity #Pixee #SecureCoding #DeveloperTools #ContextAwareAI #CodeSecurity #Automation #SoftwareDevelopment #AIinSecurity…

Daily Security Review

1
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp 34:45

4 days ago34:45

34:45

Meta has removed 6.8 million accounts tied to criminal scam centers in the first half of 2025, marking one of the most aggressive crackdowns on digital fraud in the company’s history. The move comes amid an alarming surge in online scams that cost global victims $16.6 billion in 2024 alone, a 33% increase from the year before. Many of these scams are linked to transnational criminal networks operating out of Southeast Asia—especially Cambodia and Myanmar—where thousands of trafficking victims are forced to run elaborate online fraud operations under brutal conditions. This episode investigates how scammers are exploiting platforms like WhatsApp, TikTok, Telegram, and dating apps using increasingly sophisticated tactics—many powered by AI tools such as ChatGPT. These schemes include fake crypto investments, romance scams, pyramid schemes, and phishing attacks that target vulnerable populations, particularly older adults. We break down how Meta is introducing new safety features on WhatsApp to disrupt these scams, such as alerts for unknown group invites and warning banners before responding to suspicious messages. We also explore the disturbing connection between scam operations and human trafficking, where victims are lured by false job ads and then coerced into fraud work under violent, inhumane conditions. From the FBI’s "Operation Level Up" to ASEAN’s regional declaration on tech-abused trafficking, we analyze the global response to this rising tide of cyber-enabled exploitation. Meta’s joint disruption with OpenAI—taking down operations using ChatGPT for mass fraud campaigns—signals a new era of AI in both committing and fighting crime. But as scams evolve, can tech companies keep up? #Meta #WhatsApp #ScamCenters #OnlineFraud #CryptoScams #ChatGPT #AI #Cybercrime #HumanTrafficking #ForcedCriminality #Cambodia #Myanmar #Telegram #TikTok #DigitalSafety #RomanceScams #PigButchering #Cybersecurity #OpenAI #SEAsiaCrimes…

Daily Security Review

1
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case 30:59

5 days ago30:59

30:59

In a landmark decision, a California jury has ruled Meta guilty of violating user privacy laws in a class-action lawsuit tied to the popular Flo Health period tracking app. Plaintiffs alleged that Meta, through embedded software tools and tracking pixels, collected deeply personal menstrual and fertility data — from period dates to pregnancy goals — without user consent, weaponizing it for targeted advertising. While Google and Flo settled earlier, Meta chose to fight in court, denying the accusations and insisting its platform terms prohibit collecting sensitive health information. Yet jurors were swayed by technical evidence showing how Meta’s systems captured and monetized data that users believed was private, setting a powerful precedent in the ongoing battle over digital health privacy. This episode dives into: Why fertility and health apps hold some of the most intimate data imaginable — from sexual activity and pregnancy attempts to mental health insights. The gaps in U.S. privacy law, where HIPAA protections don’t extend to apps like Flo, leaving sensitive health data vulnerable. California’s Consumer Privacy Act (CCPA/CPRA) and why this case may signal stronger enforcement ahead. The role of “dark patterns” and misleading consent mechanisms, where companies promise privacy in bold letters but disclose the opposite in fine print. The corporate accountability shift, with juries now holding Big Tech responsible for opaque data practices. The broader trend of tech companies profiting from personal health data, even under the guise of “research” or “analytics.” The growing call for a federal privacy law to unify protections and ensure individuals truly control their most sensitive information. This verdict is more than a courtroom loss for Meta — it’s a warning shot to the entire digital health industry. As fertility apps and other health platforms continue to collect vast amounts of intimate data, the demand for transparency, ethical safeguards, and meaningful consent has never been louder. #Meta #FloHealth #DigitalPrivacy #CCPA #HIPAA #DataBreach #PeriodTracking #HealthApps #DarkPatterns #ClassAction #UserPrivacy #CaliforniaVerdict #BigTech #HealthData #AIandPrivacy…

Daily Security Review

1
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets 1:06:45

5 days ago1:06:45

1:06:45

In a stunning development, Taiwanese authorities have arrested six individuals suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s most advanced semiconductor producer. At the heart of the case is TSMC’s 2-nanometer (2nm) chip technology, a crown jewel in the global race for next-generation AI and high-performance computing power. This marks the first major prosecution under Taiwan’s 2022 National Security Act, underscoring the escalating risk of insider threats and economic espionage in the semiconductor industry. Prosecutors are investigating whether the stolen technology was funneled to outside entities — a potential national security risk with global repercussions. This episode examines: TSMC’s global dominance, producing over 90% of the world’s advanced chips, and why its 2nm technology is considered a strategic asset for AI, defense, and global tech leadership. The insider threat problem: how current and former employees allegedly bypassed TSMC’s defenses and why the semiconductor industry has become a prime target for espionage. China’s aggressive pursuit of chip technology, with trade secret theft playing a central role in its strategy to achieve semiconductor independence. The broader landscape of semiconductor espionage, from Google and Apple to Samsung and SK hynix, highlighting the billions lost annually to IP theft. Taiwan’s robust countermeasures, including AI-driven monitoring systems and strict new laws carrying up to 12 years in prison for offenders. The U.S. response, from the CHIPS and Science Act to export controls and supply chain diversification, as Washington seeks to reduce reliance on Taiwan while maintaining chip access. The geopolitical stakes, as the world’s economic security becomes increasingly tied to Taiwan’s semiconductor output — making any disruption a potential global crisis. With the semiconductor market projected to hit $654.7 billion by 2025, and AI fueling unprecedented demand, this case shines a harsh light on the intersection of economic power, national security, and insider espionage. The outcome could shape global tech competition for years to come. #TSMC #Semiconductors #2nm #TradeSecrets #Taiwan #NationalSecurity #AIChips #ChipEspionage #IPTheft #China #CHIPSAct #Geopolitics #AI #InsiderThreats…

Daily Security Review

1
Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats 55:37

5 days ago55:37

55:37

In a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 million (approximately $6.7 million) in Series A funding. The round, led by the Investment Fund for Scotland with support from Souter Investments, Lanza techVentures, and Scottish Enterprise, will fuel the expansion of Approov’s research and development hub in Scotland while driving global growth. Founded in 2012, Approov has built a reputation as a pioneer in Runtime Application Self-Protection (RASP) and patented mobile app attestation technology. Their solutions block malicious activities such as emulator abuse, rooted device exploitation, tampering frameworks, and man-in-the-middle (MITM) attacks, ensuring only legitimate apps in secure environments can access backend resources. This episode dives into: Why mobile applications and APIs have become the frontline targets for cybercriminals. The role of AI-powered attacks — from deepfakes to automated malware — in shaping today’s cybersecurity landscape. How Approov’s deterministic, real-time defense model provides an edge over traditional, AI-behavioral detection approaches plagued by false positives. The explosive rise of API attacks — projected to grow nearly 1,000% by 2030 — and why app attestation is becoming essential for financial services and beyond. The broader industry trend of mobile security market growth, set to reach $18.42 billion by 2032, driven by rising demand for protection against sophisticated digital threats. Best practices for organizations, including Zero Trust adoption, continuous monitoring, schema enforcement, encryption, and proactive threat intelligence. With 9 out of 10 enterprises already experiencing API security incidents, and 74% of IT security professionals reporting major impacts from AI-driven threats, Approov’s funding marks a pivotal moment in the arms race between defenders and adversaries. This is not just about one company — it’s about defining the future of mobile and API security in an era where digital transformation and AI threats collide. #Approov #MobileSecurity #APIsecurity #CybersecurityFunding #RASP #AppAttestation #ManInTheMiddle #AIthreats #APIs #ZeroTrust #EdinburghTech #SeriesAFunding #MobileAppSecurity…

Daily Security Review

1
Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes 1:07:32

6 days ago1:07:32

1:07:32

This October, Pwn2Own Ireland 2025 will take over Cork with one of the most ambitious cybersecurity competitions yet. Co-sponsored by Meta and organized by Trend Micro’s Zero Day Initiative (ZDI), the event is putting record-breaking payouts on the line — including up to $1 million for a zero-click WhatsApp exploit that can deliver remote code execution. From October 21-24, elite hackers and security researchers will go head-to-head across a diverse set of categories designed to reflect today’s most pressing cybersecurity challenges. These include: Mobile & Messaging: WhatsApp takes center stage, with Meta offering unprecedented rewards to strengthen the world’s most popular messaging app. Wearables & AR Devices: Competitors will probe devices like Ray-Ban Meta smart glasses and Quest VR headsets, highlighting privacy risks in emerging tech. SOHO Smashup: Targeting home office devices — routers, NAS systems, and IoT hubs — reflecting the increased vulnerabilities created by widespread remote work. Traditional Mobile Platforms: iOS and Android remain prime targets given their ubiquity in both corporate and personal environments. The competition comes against a backdrop of escalating cyber risks tied to remote and hybrid work, with phishing, unpatched home networks, sideloaded apps, and insecure Wi-Fi fueling attacks. With AI-powered exploits accelerating the pace of discovery, the stakes for proactive defense have never been higher. We’ll explore: Why Meta is investing so heavily in zero-click exploit prevention for WhatsApp. How Pwn2Own’s unique model of ethical vulnerability disclosure is shaping global security standards. The growing threat landscape for remote work and mobile-first attacks, including AI-driven phishing and sideloaded malware. Why wearables like Ray-Ban smart glasses are becoming new privacy battlegrounds in the workplace. How competitions like Pwn2Own both spotlight vulnerabilities and drive vendors toward faster patching and security hardening. As Pwn2Own Ireland 2025 kicks off, it’s clear this event isn’t just about prize money — it’s about securing the technologies that underpin modern communication, work, and life. #Pwn2Own #Meta #WhatsApp #ZeroClickExploit #ZDI #Cork2025 #Cybersecurity #RemoteWorkSecurity #SOHOSmashup #SmartGlasses #QuestHeadset #MobileSecurity #AIphishing #ZDI #BugBounties…

Daily Security Review

1
Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack 1:02:48

6 days ago1:02:48

1:02:48

A major warning has hit the AI community: Nvidia’s Triton Inference Server — one of the most widely used open-source platforms for deploying and scaling AI models — has been found to contain critical vulnerabilities that could allow attackers to take complete remote control of affected systems. The discovery, made by cloud security firm Wiz, revealed a chain of flaws that escalate from information disclosure to remote code execution (RCE), enabling attackers to not only steal valuable AI models but also access sensitive organizational data. Nvidia has since released urgent patches, but the incident highlights the growing security crisis in AI infrastructure. In this episode, we break down: The Vulnerabilities: How Wiz uncovered issues like arbitrary read/write flaws in Triton that could be chained for full system compromise. The Risks: From model theft and intellectual property loss to AI pipelines being hijacked for espionage, data exfiltration, or even cryptojacking. The Bigger Picture: Why MLSecOps (Machine Learning Security Operations) is becoming mission-critical as AI adoption accelerates — and why traditional DevSecOps approaches aren’t enough for AI/ML. Other Red Flags: This disclosure follows a recent Wiz warning about a Nvidia Container Toolkit flaw, underscoring systemic weaknesses in GPU-powered AI ecosystems. Lessons from AI Security Research: How flaws in serialization, custom model layers, and shared memory APIs are creating new attack surfaces unique to AI workloads. Best Practices for Defense: Immediate patching to the latest Triton version, secure deserialization practices, sandboxed execution environments, strong IAM and MFA, dependency auditing, and proactive adversarial testing with open-source MLSecOps tools. The Nvidia Triton vulnerabilities aren’t just another bug report — they’re a wake-up call that AI deployments must adopt defense-in-depth, zero-trust security models, and proactive AI-specific security testing. As AI becomes critical infrastructure, the stakes have never been higher. #Nvidia #Triton #AIsecurity #MLSecOps #WizResearch #RemoteCodeExecution #CVE2025 #AIInfrastructure #ModelTheft #RCE #CloudSecurity #AISupplyChain #AIModelSecurity #CISA #DevSecOps #AdversarialML…

Daily Security Review

1
CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses 43:50

6 days ago43:50

43:50

The U.S. Department of Homeland Security, through CISA and FEMA, has announced over $100 million in new cybersecurity grant funding for Fiscal Year 2025 — a critical investment aimed at protecting America’s most vulnerable digital frontlines. The funding is split between the State and Local Cybersecurity Grant Program (SLCGP), allocating $91.7 million, and the Tribal Cybersecurity Grant Program (TCGP), providing $12.1 million. In this episode, we explore how these funds will be used to bolster defenses for state, local, and tribal governments (SLTT) — key operators of public services and critical infrastructure that face mounting threats from ransomware, nation-state attacks, and insider risks. We’ll break down: The Objectives of the Grants: Governance and planning, cybersecurity workforce development, threat mitigation, and continuous assessment of cyber readiness. Eligible Uses: From hiring qualified cybersecurity staff and acquiring new tools like EDR platforms and VPNs to launching training and awareness programs, conducting tabletop exercises, and even migrating to the .gov domain. Unique Challenges for SLTT Entities: Limited resources, legacy systems, and the difficulty of balancing 24/7 operations with patching and security updates. The Tribal Cybersecurity Grant Program: Direct funding for federally recognized tribes, requiring approved cybersecurity planning committees and participation in CISA’s Cyber Hygiene Services. CISA’s Internal Strains: Ongoing staffing losses within the Joint Cyber Defense Collaborative (JCDC) may affect the agency’s ability to fully support grant recipients. Best Practices from the Cybersecurity Guidebook for Local Government 2.0: Including the “Necessary Nine” checklist — from offline backups and MFA to patch management and clear incident response plans. With $1 billion allocated through the Bipartisan Infrastructure Law over four years, this latest round of funding marks a major step in the U.S. government’s strategy to reduce cyber risk and build long-term resilience. But questions remain: Will SLTT governments move fast enough to implement these measures? And can CISA maintain the capacity to oversee and support these initiatives effectively? #CISA #FEMA #CybersecurityGrants #SLCGP #TCGP #StateCybersecurity #TribalCybersecurity #RansomwareDefense #CriticalInfrastructure #CyberResilience #ZeroTrust #CyberHygiene #CybersecurityWorkforce #DHS #CISAGrants…

Daily Security Review

1
AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs 1:26:28

6 days ago1:26:28

1:26:28

In this episode, we examine the rapidly growing threat of AI jailbreaks — a cybersecurity challenge reshaping the landscape of large language models (LLMs) and enterprise chatbots. According to the IBM 2025 Cost of a Data Breach Report, 13% of all data breaches now involve AI systems, with the vast majority stemming from jailbreak attacks that circumvent developer-imposed guardrails. A highlight of our discussion is Cisco’s “instructional decomposition” jailbreak technique, which shows how attackers can extract original training data — even copyrighted material — by manipulating conversational context and using incremental requests that evade security protocols. We’ll break down how this method works, why it’s so difficult to detect, and what it means for the future of enterprise AI. Topics we cover include: How Jailbreaks Work: From direct prompt injections to hidden instructions embedded in documents, images, or even ultrasonic audio signals. Data Exfiltration Risks: LLMs trained on proprietary business data can leak PII, intellectual property, or sensitive corporate knowledge. Real-World Cases: From Samsung’s 2023 ChatGPT data leak to the DeepSeek-R1 vulnerabilities and Cisco’s new demonstration of instructional decomposition, proving that what goes into LLMs can come out again. The Human Factor: With 97% of breached organizations lacking proper AI access controls, internal misuse and poor governance remain critical risks. Why Prevention is Hard: Experts warn it’s “very unlikely that LLMs will ever fully prevent jailbreaks,” meaning organizations must shift focus to access control and monitoring. Mitigation Strategies: Multi-factor authentication, strict input/output filtering, network isolation, Zero Trust models, and employee training. Regulatory Pressure: With GDPR, HIPAA, and the EU AI Act enforcing stricter compliance, failure to secure AI systems could mean not only data loss but also severe legal and financial repercussions. As enterprises accelerate AI adoption, the line between innovation and vulnerability is razor-thin. Jailbreaks prove that guardrails alone are not enough. To safeguard sensitive data and prevent catastrophic breaches, organizations must adopt layered defenses, continuous monitoring, and robust governance frameworks. #AIJailbreak #LLMSecurity #Cisco #InstructionalDecomposition #ChatbotRisks #DataExfiltration #GenerativeAI #Cybersecurity #AICompliance #IBMDataBreachReport #PromptInjection #EnterpriseAI #SamsungDataLeak #DeepSeekR1 #ZeroTrustAI #AIRegulation…

Daily Security Review

1
350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach 40:18

6 days ago40:18

40:18

In this episode, we investigate the Northwest Radiologists data breach, a devastating cyberattack that compromised the personal and medical information of approximately 350,000 patients in Washington State between January 20 and January 25, 2025. What began as a so-called “network disruption” was later revealed to be a massive breach that exposed a treasure trove of sensitive data — including names, Social Security numbers, health records, and financial information. This case study exemplifies the escalating crisis in healthcare cybersecurity. According to the 2025 Breach Barometer report, over 300 million patient records were compromised in 2024, with healthcare data breaches averaging nearly $10 million in costs per incident, making the sector the most expensive for cyberattacks. Key points we cover include: Scope of the Breach: Nearly 350,000 records exposed, including highly sensitive health and financial details. Transparency Issues: Northwest Radiologists initially described the event as a “network disruption,” delaying full disclosure. Formal notification to the Washington Attorney General came months after the breach, well beyond the state’s 30-day legal requirement. Legal Fallout: A class-action lawsuit alleges negligence and inadequate cybersecurity, pointing to “completely inadequate” data protections that allowed cybercriminals unprecedented access. Patient Impact: Victims face risks of identity theft, medical fraud, financial fraud, and long-term privacy violations. Many now rely on credit monitoring services, but trust in healthcare providers continues to erode. The Bigger Picture: With 77% of breached records in 2024 tied to business associates, insider threats, ransomware, and delayed notifications, the healthcare sector remains a prime target for cybercriminals. Protective Measures: Experts urge patients to avoid sharing Social Security numbers with providers when possible, use strong passwords for healthcare portals, monitor financial and medical accounts closely, and consider dark web monitoring services. The Northwest Radiologists breach is more than a local crisis — it’s a warning about the systemic vulnerabilities in U.S. healthcare cybersecurity. Without stronger defenses, transparency, and accountability, the cost of inaction will not only be financial but measured in patient safety and public trust. #NorthwestRadiologists #HealthcareBreach #DataBreach #Cybersecurity #HIPAA #MedicalDataSecurity #Ransomware #PatientPrivacy #IdentityTheft #HealthcareCybersecurity #WashingtonState #CISA #DataProtection #BreachBarometer…

Daily Security Review

1
Critical Honeywell Experion PKS Vulnerabilities Threaten Global Industrial Control Systems 1:16:35

10 days ago1:16:35

1:16:35

In this episode, we analyze the multiple vulnerabilities recently disclosed in Honeywell’s Experion Process Knowledge System (PKS) , a widely deployed industrial control and automation solution that underpins operations in energy, chemical plants, manufacturing, healthcare, and transportation sectors worldwide. Reported by CISA and Positive Technologies , these flaws range from remote code execution (RCE) to denial-of-service (DoS) , giving attackers the potential to disrupt or manipulate critical processes in environments where downtime is simply not an option. While Honeywell’s affected devices are often deployed in isolated operational technology (OT) networks , the stakes remain dangerously high. If attackers gain access—via remote exploitation, insider compromise, or supply chain attacks—they could stop or reboot industrial systems, modify process parameters, or cause widespread operational disruption. CISA warns that the vulnerabilities, including flaws in Control Data Access (CDA) components, are low-complexity and remotely exploitable , meaning even modestly skilled adversaries could weaponize them. We’ll break down: The nature of these Honeywell Experion PKS vulnerabilities (CVE-2025-2520, CVE-2025-2521, CVE-2025-2523, CVE-2025-3946) and their potential consequences. Why ICS/OT environments face unique patching challenges , with safety and uptime often prioritized over security. How nation-state APTs, ransomware groups, and insider threats are increasingly targeting industrial control systems. The critical role of network segmentation, Zero Trust architectures, and anomaly detection in defending critical infrastructure. Why rapid patching and rigorous testing are essential, despite the cost and complexity of OT maintenance windows. Strategic mitigations, including progressive rollout, compensating controls, intrusion detection, and IT/OT collaboration . The Honeywell case highlights a recurring truth: in ICS and OT, the cost of inaction is measured not only in data loss or downtime but in real-world safety and public trust . As vulnerabilities grow more severe and the Time-to-Exploit window shrinks, organizations must balance operational continuity with aggressive security measures to prevent catastrophic outcomes. #Honeywell #ExperionPKS #CISA #PositiveTechnologies #ICS #OTSecurity #CriticalInfrastructure #RemoteCodeExecution #DenialOfService #ZeroTrust #PatchManagement #NetworkSegmentation #IndustrialAutomation #NIST #IEC62443 #Cybersecurity…

Daily Security Review

1
Auto-Color Linux Malware Exploits SAP Zero-Day CVE-2025-31324 36:36

10 days ago36:36

36:36

In this episode, we uncover the Auto-Color Linux malware, a stealthy and highly persistent Remote Access Trojan (RAT) that is rapidly emerging as one of the most dangerous threats of 2025. First identified by Palo Alto Networks’ Unit 42 and later analyzed by Darktrace, Auto-Color has now been linked to active exploitation of CVE-2025-31324, a critical SAP NetWeaver vulnerability with a perfect CVSS score of 10.0. This malware isn’t your average Linux RAT. It employs shared object injection, a malicious rootkit module, and privilege-aware execution, adapting its tactics depending on whether it has root access. If its Command-and-Control (C2) server is unreachable, it suppresses activity, appearing benign to analysts and evading detection in sandboxes and air-gapped environments. By hooking into /etc/ld.preload and loading implants like libcext.so.2, Auto-Color ensures deep, system-wide persistence. The exploitation of CVE-2025-31324 has been fast and widespread. Originally disclosed in April 2025, the vulnerability was already being exploited weeks earlier. Threat intelligence indicates involvement by both ransomware groups and Chinese state-sponsored APTs, with incidents ranging from university breaches to an attack on a U.S.-based chemicals company. Analysts warn that the Time-to-Exploit (TTE) window is collapsing — what used to take weeks now takes hours after disclosure. We’ll explore: How Auto-Color’s rootkit-level persistence allows attackers full remote control of Linux systems. The blurring line between nation-state operations and ransomware crews, who now share techniques and infrastructure. Why SAP NetWeaver environments are particularly high-risk targets, and how widespread CVE-2025-31324 really is. The multi-stage intrusion playbook: from phishing and DNS tunneling to webshell deployment and RAT installation. Practical mitigations, including immediate patching, anomaly-based detection, and close monitoring of /etc/ld.preload. With Auto-Color, the message is clear: patching delays can be catastrophic. As ransomware groups adopt APT-style zero-day exploitation, the security community must rethink defense speed, visibility, and collaboration. #AutoColor #LinuxMalware #SAPNetWeaver #CVE202531324 #Darktrace #Unit42 #Cybersecurity #Rootkit #APT #Ransomware #LinuxSecurity #ZeroDayExploits #SAPSecurity #IncidentResponse #ThreatIntelligence…

Daily Security Review

1
Inside the July 2025 PyPI Phishing Scam: How Hackers Stole Developer Credentials 54:17

11 days ago54:17

54:17

In this episode, we investigate the growing cybersecurity storm targeting the Python Package Index (PyPI) — the backbone of Python’s software distribution ecosystem. A recent phishing campaign in July 2025 has developers on high alert, as attackers impersonated PyPI using a deceptive domain (pypj.org) to trick maintainers into handing over their credentials. Victims were directed to a convincing PyPI lookalike site where their credentials were stolen — and silently relayed to PyPI’s legitimate servers, creating the illusion of a normal login and delaying detection. But phishing is just one front in a much larger battle. The open-source software supply chain is under siege, with malicious packages skyrocketing — over 512,000 discovered since late 2023, a 156% year-over-year increase. Attackers leverage typosquatting, dependency confusion, and data exfiltration techniques to compromise developers and enterprises alike. Malware buried in these packages has ranged from crypto miners and backdoors to credential stealers and PII exfiltration tools. Key issues we cover include: PyPI’s phishing threat response: how admins added warning banners and launched takedowns of the malicious infrastructure. The critical role of Multi-Factor Authentication (MFA), now mandatory for PyPI accounts, in preventing account compromise. The concept of Persistent Risk: why 80% of dependencies remain outdated for over a year, despite safer alternatives existing. Historic lessons from Log4Shell, SolarWinds, and the XZ Utils incident, showing the escalating sophistication of supply chain attacks. Why the AI revolution in phishing — with voice synthesis, deepfakes, and multi-channel deception — is raising the stakes for developers and organizations. Practical defenses, from Software Composition Analysis (SCA) tools in CI/CD pipelines to careful package reputation checks and strict credential hygiene. As the market for AI-driven cybersecurity surges toward $93.75 billion by 2030, the fight for the security of open-source ecosystems like PyPI is not just about protecting code — it’s about safeguarding the entire digital supply chain. #PyPI #Phishing #SupplyChainSecurity #OpenSource #Python #Cybersecurity #MFA #MaliciousPackages #Typosquatting #DependencyConfusion #Log4Shell #SolarWinds #XZUtils #SoftwareSupplyChain #CI_CD #AIPhishing #PyPA…

Daily Security Review

1
IoT Security Crisis: Dahua Smart Camera Vulnerabilities Expose Surveillance Systems 1:02:05

11 days ago1:02:05

1:02:05

In this episode, we examine the alarming discovery of critical security vulnerabilities in Dahua smart cameras, one of the world’s most widely deployed surveillance systems. Researchers at Bitdefender uncovered two zero-click flaws — CVE-2025-31700 and CVE-2025-31701 — that allow unauthenticated remote attackers to gain root access to Dahua devices. Exploited through the ONVIF protocol and an undocumented RPC upload endpoint, these flaws bypass integrity checks, enabling attackers to install malicious payloads, create persistent implants, and hijack surveillance systems without user interaction. The affected Dahua camera models, including popular IPC and SD series, are commonly used in retail, warehouses, residential security, and critical infrastructure, meaning millions of environments could be exposed. Dahua has since released patches, but experts stress that updating firmware is only part of the solution. With IoT devices like IP cameras notoriously vulnerable, leaving systems unpatched or exposed to the internet can lead to devastating consequences, including data breaches, surveillance hijacking, and use of compromised cameras in botnet operations. We’ll also explore: Why IoT devices remain one of the weakest links in cybersecurity, The dangers of insecure protocols like UPnP that open devices to remote access, Best practices for securing IP cameras, from network isolation to VPN-based remote access, Lessons from other IoT case studies, like the Tenda CP3 vulnerabilities with hardcoded passwords and missing firmware integrity checks, And why regular patching, strong authentication, and disabling unnecessary services are essential to protecting your surveillance infrastructure. This case underscores a sobering reality: as IoT adoption grows, attackers are increasingly targeting devices once considered “low risk” — turning everyday surveillance tools into gateways for cyber intrusion. #Dahua #Bitdefender #IoTSecurity #SmartCameras #CVE202531700 #CVE202531701 #ONVIF #UPnP #Cybersecurity #FirmwareUpdate #SurveillanceSecurity #IoTVulnerabilities #RPCExploit #RootAccess #Botnets…

Daily Security Review

1
Dropzone AI Secures $37M to Tackle Alert Fatigue with Autonomous SOC Analysts 17:11

11 days ago17:11

17:11

In this episode, we dive into Dropzone AI’s landmark $37 million Series B funding round, bringing the company’s total raised to over $57 million. Backed by major investors, Dropzone AI is accelerating the development of its AI-powered SOC analysts — tools designed to autonomously investigate and resolve security alerts across critical threat categories like phishing, insider threats, and compromised accounts. The cybersecurity industry is at a turning point. With hybrid work, widespread cloud adoption, and economic uncertainty fueling a surge in cyberattacks, security teams face an overwhelming volume of alerts. Alert fatigue — the constant flood of notifications and false positives — has become one of the industry’s greatest pain points, leading to burnout, delayed responses, and missed threats. Dropzone AI’s autonomous agents aim to solve this by mimicking human reasoning, analyzing data from existing security tools, and taking swift, informed containment actions. We’ll unpack: Why 74% of organizations report insider threats are increasing and harder to detect, How AI is transforming phishing campaigns into scalable, multi-channel attacks using deepfakes and voice synthesis, Dropzone AI’s vision to cut false positives by 70% and speed up investigations 5x, The debate over whether AI SOC analysts will augment or replace human analysts, And why the global AI in cybersecurity market is projected to hit $93.75 billion by 2030, marking a generational shift in cyber defense. This funding is not just about expanding Dropzone AI’s platform — it’s about redefining the security operations center of the future, where autonomous AI agents act faster and humans think deeper. As insider threats and AI-driven phishing escalate, the question isn’t whether AI will reshape cybersecurity, but how quickly. #DropzoneAI #Cybersecurity #AIinCybersecurity #SOC #AlertFatigue #InsiderThreats #Phishing #Deepfakes #MachineLearning #SeriesB #CyberDefense #SOCAnalysts #ThreatDetection #CyberOps…

Daily Security Review

1
Axonius Buys Cynerio for $100M+: Closing Healthcare’s Biggest Cybersecurity Blind Spot 1:36:30

11 days ago1:36:30

1:36:30

In this episode, we explore Axonius’s landmark acquisition of Cynerio, a healthcare cybersecurity company specializing in protecting vulnerable medical devices like MRI machines, infusion pumps, and ventilators. The deal — valued at over $100 million in cash and stock — marks Axonius’s first-ever acquisition and signals a major strategic expansion into the healthcare sector. Already valued at $2.6 billion, Axonius is now positioning itself as a leader in securing one of the most overlooked yet high-risk areas of cybersecurity: clinical environments filled with network-connected medical devices. Healthcare remains the most expensive industry for data breaches, with average costs exceeding $10 million and breach containment timelines stretching over 300 days. Beyond financial fallout, these breaches carry life-threatening implications: compromised devices can delay critical care or even endanger patients. Cynerio, known for its purpose-built healthcare cybersecurity solutions and ranked a top provider in the KLAS Healthcare IoT Security report three years running, brings specialized expertise in passive network discovery, real-time threat detection, and automated risk mitigation. Together, Axonius and Cynerio aim to eliminate what Axonius’s CEO calls a “digital security blind spot” — the lack of comprehensive monitoring and protection for medical devices that cannot be rebooted, aggressively scanned, or patched like standard IT equipment. This move addresses not only patient safety and compliance concerns but also the growing regulatory and threat landscape. We’ll also discuss the broader context: Why 53% of healthcare IoT devices contain known critical vulnerabilities, How medical device security requires a Total Product Life Cycle (TPLC) approach, The escalating risks of ransomware, data theft, and patient safety incidents in healthcare, And why consolidation in the cybersecurity market — like Axonius’s move — is shaping the future of digital healthcare defense. This acquisition isn’t just about expanding market share — it’s about redefining how healthcare providers secure the entire clinical environment, from electronic records to life-supporting devices. #Axonius #Cynerio #HealthcareCybersecurity #MedicalDeviceSecurity #MRI #InfusionPumps #Cyberattacks #IoTsecurity #HealthcareIT #HIPAA #PatientSafety #Ransomware #AssetManagement #ePHI #IoT #ClinicalEnvironmentSecurity…

Daily Security Review

1
Critical Lenovo Firmware Flaws Expose Millions to Persistent UEFI Attacks 42:00

12 days ago42:00

42:00

In this episode, we examine a critical firmware security crisis shaking Lenovo devices worldwide. Security researchers at Binarly have uncovered six serious vulnerabilities in the Insyde BIOS firmware used in Lenovo’s IdeaCentre and Yoga product lines. Four of these flaws, rated high severity, reside in the System Management Mode (SMM) — a privileged execution mode sometimes called “Ring -2.” Exploiting these vulnerabilities allows attackers to deploy persistent UEFI implants that can bypass Secure Boot, gain elevated privileges, and even survive a full operating system reinstallation. The remaining two vulnerabilities, rated medium severity, enable information disclosure that could further aid attackers in stealthy intrusions. This disclosure comes against the backdrop of a growing firmware security crisis. The PKfail scandal, involving leaked and mismanaged Secure Boot Platform Keys, has left over 10% of devices from major vendors — including Lenovo, Dell, HP, and Intel — exposed to permanent Secure Boot bypass risks. At the same time, Microsoft continues to grapple with BlackLotus UEFI bootkit mitigations (CVE-2023-24932), rolling out staged updates that risk device instability, BitLocker lockouts, and recovery media failures. We’ll break down: How SMM vulnerabilities give attackers unfettered control over hardware and memory, Why firmware-level malware persists invisibly beyond OS defenses, The challenges Lenovo faces in delivering BIOS patches amid revoked driver certificates and Windows Defender blocks, The broader pattern of nation-state and criminal groups exploiting UEFI and firmware-level flaws for ransomware, espionage, and long-term persistence, And why firmware is now one of the most dangerous attack surfaces in enterprise and consumer security. As Lenovo scrambles to patch affected devices, this story underscores a chilling truth: firmware attacks represent the ultimate stealth threat, bypassing traditional antivirus, EDR, and even secure OS reinstalls. #Lenovo #Binarly #FirmwareSecurity #UEFI #BIOS #SMM #SecureBoot #BlackLotus #PKfail #PersistentThreats #Cybersecurity #UEFIbootkit #Ransomware #NationStateAttacks #FirmwareExploits #BitLocker…

Daily Security Review

1
Promptfoo Secures $18.4M to Combat AI Security Threats in Generative AI 36:50

12 days ago36:50

36:50

In this episode, we dive into Promptfoo’s groundbreaking $18.4 million Series A funding round, led by Insight Partners and supported by Andreessen Horowitz, bringing the AI security startup’s total funding to $23.4 million. Founded in 2024, Promptfoo has quickly emerged as a leader in securing Large Language Models (LLMs) and generative AI applications against critical threats like prompt injections, data leaks, hallucinations, and compliance violations. With its open-source tools already adopted by over 100,000 developers and nearly 30 Fortune 500 companies, Promptfoo is not just scaling technology — it’s redefining how enterprises defend their AI systems. CEO Ian Webster warns that “AI security has become the largest blocker to enterprises shipping generative AI applications,” pointing to the skyrocketing attack surface created by advanced architectures such as Retrieval-Augmented Generation (RAG), multi-agent systems, and the Model Context Protocol (MCP). We explore why AI security is no longer optional, how red teaming and automated testing are becoming essential for preventing catastrophic failures, and why financial institutions, in particular, see this as a race against time to prevent regulatory fines, insider threats, and sophisticated adversarial attacks. We’ll also discuss the industry-wide shift toward proactive defenses, the importance of data leakage prevention strategies, and the emerging security arms race among AI startups, enterprises, and cloud providers. Tune in as we break down how Promptfoo’s funding will fuel platform expansion, team growth, and the democratization of advanced red teaming techniques — making AI security a built-in safeguard, not an afterthought. #AIsecurity #Promptfoo #GenerativeAI #LLM #InsightPartners #AndreessenHorowitz #AIrisks #PromptInjection #DataLeakage #RedTeaming #FinTechSecurity #Cybersecurity #MCP #RAG #AIagents #EnterpriseAI…

Daily Security Review

1
1.1 Million Private Messages Leaked: Inside the Tea App Privacy Disaster 23:58

12 days ago23:58

23:58

A platform designed to protect women’s safety in dating has instead become a nightmare for its users. In this episode, we uncover the catastrophic Tea app data breach, which exposed more than 59 GB of highly sensitive user data due to a fundamental security failure: a completely public Firebase storage bucket with no authentication, no encryption, and no internal checks. Among the compromised data were 13,000 government ID selfies collected for user verification, over 59,000 user-generated images from posts and comments, and a separate database containing 1.1 million private messages—some discussing deeply personal topics like infidelity, abortions, and abusive relationships. Far from being old or inactive data, some of the leaked conversations were as recent as last week. The fallout has been severe. Hackers quickly exploited the breach, sharing stolen data on forums, torrent sites, and even creating a “facesmash”-style site to publicly rate women from their selfies. Another leak mapped user locations on Google Maps, raising terrifying risks of stalking and real-world targeting. Victims now face identity theft, harassment, and social engineering attacks, with personal dignity and safety at stake. We break down how this disaster was made possible by “vibe coding” with AI-generated code, rushed development without security audits, and a failure to follow basic cybersecurity hygiene. We also examine Tea’s contradictory statements, delayed disclosure, and the potential legal and reputational fallout for a platform that promised women they’d “never have to compromise their safety while dating.” Finally, we discuss the critical lessons for developers and users: why infrastructure reviews, encryption, incident response planning, and staff training are essential, and what individuals should do if they suspect their personal data has been compromised. The Tea app breach isn’t just a cautionary tale—it’s a wake-up call for every digital platform that handles sensitive information. #TeaApp #DataBreach #Cybersecurity #Privacy #WomenSafety #IdentityTheft #Facesmash #Firebase #AIgeneratedCode #IncidentResponse #Doxxing #SocialEngineering #DataProtection #DigitalSafety #Cybercrime…

Daily Security Review

1
Job Scams, Corporate Espionage, and Digital Deception: Inside the Deepfake Crisis 1:16:30

12 days ago1:16:30

1:16:30

Deepfake technology has evolved from a fringe novelty into one of the most serious cybersecurity and national security threats of our time. In this episode, we examine how artificial intelligence–generated synthetic media is being weaponized to impersonate CEOs, manipulate elections, infiltrate corporate networks, and damage reputations worldwide. We explore shocking real-world cases, including a $25 million deepfake video call scam where criminals impersonated a CFO to defraud a company, and the alarming rise of fake job applications designed to gain insider access to sensitive networks. Beyond the financial industry, deepfakes are increasingly being used by nation-states like Russia, China, and North Korea to conduct disinformation campaigns, erode trust in democratic institutions, and funnel billions through fraudulent schemes. But the threat doesn’t stop at institutions—society itself is under siege. Over 90% of online deepfake content is non-consensual pornography, disproportionately targeting women and minors, with devastating personal and professional consequences. Meanwhile, the “Liar’s Dividend” allows bad actors to dismiss authentic evidence as fake, pushing us toward a post-truth digital world. We break down the technological, educational, and legislative responses required to combat this crisis. From AI-powered detection tools and blockchain-based content authentication, to media literacy campaigns and new federal legislation against deepfake misuse, we discuss the multifaceted strategies needed to fight back. This is not just a story about technology—it’s about the future of trust in the digital age. Join us as we uncover how deepfakes are reshaping security, finance, and society, and what must be done to stay ahead of this rapidly escalating threat. #Deepfakes #AIThreats #Cybersecurity #NationalSecurity #Fraud #CorporateEspionage #Disinformation #SyntheticMedia #ElectionSecurity #FinancialCrime #AI #GenerativeAI #Liar’sDividend #DigitalTrust #Privacy #OnlineSafety…

Daily Security Review

1
Microsoft Exposes Major macOS Flaws in Transparency, Consent, and Control 1:23:13

13 days ago1:23:13

1:23:13

In this episode, we dive deep into Microsoft Threat Intelligence’s latest findings on two critical macOS vulnerabilities that shook Apple’s privacy defenses. The flaws, identified as CVE-2025-31199 (Sploitlight) and CVE-2024-44133 (HM Surf), specifically targeted Apple’s Transparency, Consent, and Control (TCC) framework, the system designed to guard user data and manage app permissions. Sploitlight exploited Spotlight’s plugin mechanism to access sensitive files like Photos.sqlite and Apple Intelligence caches, exposing personal geolocation details and private user activities. Meanwhile, HM Surf allowed attackers to tap into Safari data—including browsing history, camera, and microphone—without authorization. We examine how these vulnerabilities managed to bypass Apple’s multi-layered security approach, from hardware-rooted protections like the Secure Enclave to advanced system defenses like Signed System Volume (SSV) and Kernel Integrity Protection (KIP). Despite Apple’s comprehensive platform security architecture, the incident underscores the evolving sophistication of threat actors targeting macOS. Apple has since released patches to close these security gaps, but the case raises serious questions: Are the TCC framework and other privacy safeguards enough in the face of increasingly complex exploits? What does this mean for the future of macOS security and the trust users place in Apple’s privacy promises? Join us as we unpack the technical details of Sploitlight and HM Surf, analyze Apple’s rapid response, and discuss how users and organizations can stay ahead of such privacy-breaching attacks. #Apple #macOS #Sploitlight #HMSurf #CVE2025_31199 #CVE2024_44133 #cybersecurity #MicrosoftThreatIntelligence #TCC #Spotlight #Safari #AppleIntelligence #dataprivacy #vulnerabilities #SecureEnclave #SignedSystemVolume #KernelIntegrityProtection…

Daily Security Review

1
Aeroflot in Chaos: How Hackers Crippled Russia’s Flagship Airline 24:25

13 days ago24:25

24:25

On July 28, 2025, Aeroflot—Russia’s largest state-owned airline—was brought to its knees in one of the most severe cyberattacks since the country’s invasion of Ukraine in 2022. The sophisticated assault, carried out by Ukrainian hacktivist group Silent Crow and the Belarusian Cyber-Partisans , led to the cancellation of more than 100 flights, stranded thousands of passengers across Moscow’s Sheremetyevo Airport and beyond, and triggered chaos at every level of Russia’s aviation sector. The attackers claim they had deep-tier access to Aeroflot’s corporate systems for a full year before executing their strike, ultimately destroying over 7,000 physical and virtual servers and stealing more than 20 terabytes of sensitive data —including passenger personal identifiable information (PII), employee records, internal communications, and even recorded phone calls. Silent Crow has threatened to release portions of this data unless Russia ends its “repressive cyber-aggression.” Beyond the immediate disruption, the attack has sent shockwaves through Russia’s tourism and aviation industries, costing Aeroflot tens of millions of dollars in damages, tanking its market value, and shaking global confidence in the security of air travel. For travelers, this serves as a stark reminder of how vulnerable aviation systems are in an era of escalating cyberwarfare. For Russia, it marks a humiliating breach of critical infrastructure during peak travel season, one that its own government has labeled “alarming.” In this episode, we break down the scope of the Aeroflot cyberattack, the groups behind it, the geopolitical motivations fueling this new wave of digital warfare, and what it means for the future of global aviation security. We also examine the economic, reputational, and operational fallout for Aeroflot—and the broader warnings this incident sends to the entire aviation sector. #Cyberattack #Aeroflot #SilentCrow #BelarusCyberPartisans #RussiaUkraineWar #DigitalWarfare #AviationSecurity #TourismCrisis #Cybersecurity #Hacktivism…

Daily Security Review

1
Neferpitou Claims Cyberattack on French Naval Defense Giant 44:17

13 days ago44:17

44:17

French defense contractor Naval Group, a cornerstone of Europe’s naval defense industry, is facing a high-stakes cybersecurity crisis. A threat actor known as “Neferpitou” claims to have exfiltrated 1TB of sensitive data, including combat management system (CMS) source code for submarines and frigates, technical documents, developer virtual machines, and internal communications. Initially demanding payment within 72 hours, Neferpitou later posted the entire dataset on DarkForums, a cybercrime hub that has surged in activity since the collapse of BreachForums. Naval Group, partly owned by Thales, denies any breach of its IT systems or operational disruption, labeling the event a “reputational attack.” They argue the claims may involve recycled data from a 2022 Thales breach by LockBit. Still, the gravity of the allegations—potentially exposing restricted and classified defense data—has triggered urgent investigations involving cybersecurity experts, Naval Group’s CERT, and French authorities. The incident reflects the rise of multi-extortion tactics in cybercrime, where threat actors don’t just encrypt or steal data but also weaponize reputation and public perception to pressure victims. In this case, the alleged breach raises pressing questions about the vulnerability of defense contractors, the credibility of cyber extortion claims, and the growing influence of platforms like DarkForums in shaping the cybercrime ecosystem. As defense supply chains grow more interconnected, such attacks carry serious national security implications, potentially offering adversaries insights into critical naval capabilities. This episode examines the authenticity of Neferpitou’s claims, the geopolitical stakes, the evolution of cyber extortion beyond ransom notes, and why defense contractors are now prime targets in the digital battlefield. #NavalGroup #Neferpitou #DarkForums #CyberExtortion #ReputationalAttack #FrenchDefense #CombatManagementSystems #Thales #DataLeak #LockBit #Cybersecurity #DefenseContractors #MultiExtortion #CriticalInfrastructure #NationalSecurity #CyberThreats #DataExfiltration #NavalSystems #CyberDefense #InfosecPodcast…

Daily Security Review

1
Root Evidence Launches With $12.5M to Redefine Vulnerability Management 36:51

13 days ago36:51