Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 3h ago
Added twenty-two weeks ago
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Daily Security Review
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/the-agile-brand-with-greg-kihlstromr-expert-mode-marketing-technology-ai-cx">The Agile Brand with Greg Kihlström®: Expert Mode Marketing Technology, AI, & CX</a></span>
Expert mode marketing technology, AI, and CX insights from top brands and Martech platforms fill every episode, focusing on what leaders need to know to build customer lifetime value and long-term business value. The Agile Brand with Greg Kihlström® features executives and thought leaders from top brands and tech platforms discussing the industry's trends, like AI adoption, first-party data strategies, artificial intelligence in the consumer journey, consumer data privacy, omnichannel customer experience, and more. The Agile Brand is hosted by Greg Kihlström, martech and artificial intelligence transformation advisor and consultant to leading brands, speaker, entrepreneur, and best-selling author. It provides a fresh perspective on the continually evolving dynamic between brands and the audiences they serve.
Zero-Click, Zero-Warning: The FreeType Flaw Behind a Spyware Surge
Manage episode 490418264 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we dive deep into the story behind CVE-2025-27363, a critical zero-click vulnerability in the widely used FreeType font rendering library. Initially discovered by Facebook’s security team and patched by Google in May 2025, this flaw allowed attackers to execute arbitrary code on Android devices—without any user interaction—by exploiting how FreeType parsed certain font structures.
This seemingly obscure bug became a key attack vector for Paragon Solutions’ "Graphite" spyware, an Israeli-made surveillance tool capable of taking near-total control of compromised smartphones. Through forensic analysis, it was revealed that Paragon’s spyware leveraged CVE-2025-27363 to infect targets via WhatsApp: malicious PDF files sent through groups triggered the vulnerability, which then deployed Graphite and escaped Android’s sandbox protections. The spyware could then exfiltrate encrypted chats, enable microphones and cameras, and track real-time GPS—without the user’s knowledge.
Our discussion also explores:
- The technical nuances of the vulnerability—how a signed/unsigned integer mismatch led to a dangerous heap overflow.
- The patching timeline, and Google’s move toward replacing FreeType with the safer Rust-based Skrifa library.
- How governments in countries like Australia, Canada, Italy, and Israel are suspected of deploying this spyware.
- The role of The Citizen Lab in uncovering evidence of targeted attacks against journalists, activists, and civil society members—despite Paragon’s public claims of safeguarding human rights.
- Practical advice for detecting spyware infections and why hybrid detection strategies offer the best protection.
Finally, we examine the broader implications for software supply chains, surveillance ethics, and why even basic libraries like font parsers must be designed with security in mind. Tune in for an eye-opening look at how a small coding bug cascaded into a global espionage tool.
198 episodes
Share
Manage episode 490418264 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we dive deep into the story behind CVE-2025-27363, a critical zero-click vulnerability in the widely used FreeType font rendering library. Initially discovered by Facebook’s security team and patched by Google in May 2025, this flaw allowed attackers to execute arbitrary code on Android devices—without any user interaction—by exploiting how FreeType parsed certain font structures.
This seemingly obscure bug became a key attack vector for Paragon Solutions’ "Graphite" spyware, an Israeli-made surveillance tool capable of taking near-total control of compromised smartphones. Through forensic analysis, it was revealed that Paragon’s spyware leveraged CVE-2025-27363 to infect targets via WhatsApp: malicious PDF files sent through groups triggered the vulnerability, which then deployed Graphite and escaped Android’s sandbox protections. The spyware could then exfiltrate encrypted chats, enable microphones and cameras, and track real-time GPS—without the user’s knowledge.
Our discussion also explores:
- The technical nuances of the vulnerability—how a signed/unsigned integer mismatch led to a dangerous heap overflow.
- The patching timeline, and Google’s move toward replacing FreeType with the safer Rust-based Skrifa library.
- How governments in countries like Australia, Canada, Italy, and Israel are suspected of deploying this spyware.
- The role of The Citizen Lab in uncovering evidence of targeted attacks against journalists, activists, and civil society members—despite Paragon’s public claims of safeguarding human rights.
- Practical advice for detecting spyware infections and why hybrid detection strategies offer the best protection.
Finally, we examine the broader implications for software supply chains, surveillance ethics, and why even basic libraries like font parsers must be designed with security in mind. Tune in for an eye-opening look at how a small coding bug cascaded into a global espionage tool.
198 episodes
All episodes
×
D
Daily Security Review
1 CitrixBleed Returns: CVE-2025-5777 and the Exploitation of NetScaler Devices 1:02:21
1:02:21 
Play Later 
Play Later 
Lists 
Like 
Liked1:02:21
Play Later Play Later Lists Like LikedIn this episode, we dissect CitrixBleed 2 —a newly disclosed and actively exploited vulnerability affecting Citrix NetScaler ADC and Gateway appliances. Tracked as CVE-2025-5777 (and possibly also CVE-2025-6543), this critical flaw mirrors the notorious original CitrixBleed by allowing attackers to extract sensitive memory content , including user session tokens , through crafted POST login requests. Despite Citrix’s claims that there’s no active exploitation, threat intelligence reports from security researchers and government agencies like CISA tell a different story: public proof-of-concept exploits are circulating , and attacks have been observed as early as mid-June. The vulnerability stems from a format string misuse involving the snprintf function, allowing memory leakage in small byte increments—enough for determined attackers to reconstruct sensitive data, hijack authenticated sessions, and potentially access administrative utilities. We cover everything from the technical mechanics of the vulnerability to the strategic mitigation steps enterprises must take. Affected systems include NetScaler MPX, VPX, SDX , and NetScaler Gateway , making the scope of risk widespread, especially in large-scale remote access and cloud deployments. In this episode, we unpack: How CVE-2025-5777 works, including the format string flaw and session token exposure Indicators of active exploitation and CISA’s inclusion of related CVEs in its KEV catalog The timeline and evidence suggesting exploitation began weeks before disclosure Why slow patch adoption is increasing risk across industries A guided breakdown of the NetScaler Secure Deployment Guide , covering: Strong authentication, MFA, and password security Role-based access control (RBAC) and session management Secure traffic segmentation, ACL configuration, and TLS hardening App-layer protections like WAF and rewrite policies for cookie security Logging, SNMP configuration, and remote syslog best practices DNSSEC and cryptographic key management How to verify patch status via the NetScaler Console and initiate remediation scans This episode delivers a clear message: Patch now, monitor aggressively, and revisit your NetScaler hardening strategy . With public exploits in circulation and attackers harvesting session tokens, this vulnerability represents a pressing concern for enterprises relying on Citrix infrastructure.…
D
Daily Security Review
1 SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk 1:02:01
1:02:01 Play Later Play Later Lists Like Liked1:02:01
Play Later Play Later Lists Like LikedIn this episode, we break down SAP’s July 2025 Security Patch Day—a high-stakes moment for any enterprise relying on SAP’s core business applications. With 27 new and 4 updated security notes released, including seven rated as critical , this patch cycle directly targets some of the most serious vulnerabilities seen in SAP environments in recent memory. At the center of this month’s update is CVE-2025-30012 , a critical unauthenticated command execution flaw in SAP Supplier Relationship Management (SRM). Initially classified as high priority, this vulnerability has now been escalated to critical status due to its severe impact. Also in the spotlight: a remote code execution bug in SAP S/4HANA and SCM (CVE-2025-42967) , and four insecure deserialization vulnerabilities affecting SAP NetWeaver Java systems—longtime targets for threat actors and ransomware groups alike. While there are no confirmed in-the-wild exploits for these new issues, history tells us that such gaps don’t remain unexploited for long. Just earlier this year, vulnerabilities in SAP’s Visual Composer framework were actively exploited by ransomware operators like BianLian and RansomEXX . As threat actors grow more sophisticated and supply chain targets grow more lucrative, patch speed has never been more important. This episode covers: The vulnerabilities patched in SAP’s July advisory and their real-world risk Why CVSS scoring matters —and how SAP determines what counts as "critical" The SAP vulnerability lifecycle , and how organizations can use structured frameworks for patch and incident management Key lessons from past exploits , including zero-day activity targeting SAP systems The shared security model in cloud deployments like RISE with SAP—and what you’re responsible for vs. what SAP handles Why alert fatigue and delayed patching are existential threats in SAP environments How to verify your patch level, interpret SAP Notes, and ensure you’re protected We also discuss how critical tools like SecurityBridge , NIST-aligned vulnerability workflows, and proactive community engagement can help mitigate threats and support SAP admins, DevSecOps teams, and CISOs navigating the growing complexity of ERP security.…
D
Daily Security Review
1 106GB Exposed? Telefónica, HellCat, and the Silent Data Breach 50:33
50:33 Play Later Play Later Lists Like Liked50:33
Play Later Play Later Lists Like LikedIn this episode, we explore a shadowy and unconfirmed—but highly consequential—data breach at Spanish telecommunications giant Telefónica. Allegedly orchestrated by the HellCat ransomware group, the breach involves a staggering 106GB of exfiltrated data, including internal communications, customer records, and employee information. Telefónica has yet to acknowledge the breach publicly, while the threat actor “Rey” released a 5GB sample to support their claim, pointing to a Jira server misconfiguration as the entry point. We unpack the evolving tactics of HellCat—a ransomware gang known for targeting Atlassian’s Jira platform—and examine how such misconfigurations continue to expose sensitive data across major organizations like NASA, Google, and Yahoo. Telefónica is no stranger to HellCat; a similar attack occurred in January, making this latest breach appear not only credible but also indicative of ongoing remediation failures. But this isn’t just a story about technical lapses—it’s also a warning shot for every organization subject to the GDPR and Spain’s national data protection laws. We dig into the regulatory implications, potential fines, and legal obligations that Telefónica could face if the breach is confirmed. You'll also hear why Atlassian’s Jira platform has become a soft target for threat actors, and what companies need to do to harden their SaaS deployments against similar threats. Finally, we explore frameworks for responsible breach response—from immediate containment to post-incident review—and what every enterprise should learn from this growing wave of misconfiguration-fueled cyberattacks. Key discussion points include: The anatomy of the Telefónica breach and the leaked data How HellCat exploits Jira misconfigurations and infostealer-compromised credentials The broader trend of Atlassian-based intrusions across multiple industries GDPR and NLOPD obligations: What counts as a notifiable breach? Regulatory fines, reputational risks, and the right to compensation Best practices for SaaS security and breach response in 2025 This episode is a must-listen for CISOs, privacy officers, IT security professionals, and legal teams navigating the intersection of cybersecurity failures and regulatory exposure.…
D
Daily Security Review
1 Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout 59:56
59:56 Play Later Play Later Lists Like Liked59:56
Play Later Play Later Lists Like LikedThe recent ransomware attack on Ingram Micro , a global technology distribution giant, reveals not only a sophisticated human-operated cyber assault—but also the fragile state of modern supply chain cybersecurity. In this episode, we break down how attackers, believed to be affiliated with the SafePay ransomware group , penetrated Ingram Micro’s infrastructure, reportedly by exploiting a Palo Alto GlobalProtect VPN vulnerability and leveraging stolen credentials. The breach disrupted the company’s website and order systems, impacting partners and resellers worldwide. This case is a microcosm of a much larger threat: ransomware groups are evolving, using targeted, manual operations rather than automated malware blasts. And when a company like Ingram Micro gets hit, the downstream effects ripple through entire IT ecosystems. This episode explores the deeper story behind the headlines, including: Human-operated ransomware tactics , including credential theft, privilege escalation, lateral movement, and double extortion. The critical vulnerability CVE-2024-3400 in GlobalProtect , which is being actively exploited in real-world ransomware campaigns. SafePay’s emergence in 2025 as a serious actor, using stolen VPN credentials and backdoor persistence methods to deploy ransomware discreetly. How human-operated ransomware attacks differ from commodity malware—and why they're more dangerous. The risks of supply chain dependence , as illustrated by partners experiencing delays and business interruptions from Ingram Micro’s outage. The importance of adopting a Cybersecurity Supply Chain Risk Management (C-SCRM) strategy using NIST’s framework . Key mitigation steps, including enforcing multi-factor authentication (MFA) , hardening remote access tools, implementing network segmentation , and maintaining robust offline backups . Best practices for incident response and recovery , based on guidance from CrowdStrike, Microsoft, and NCSC. How ransomware threat actors are becoming increasingly selective, strategic, and efficient—often targeting misconfigured enterprise platforms as initial entry points. The Ingram Micro attack is a reminder that resilience isn’t just about stopping the ransomware—it’s about preparing for its inevitable arrival . For organizations operating in the cloud, distributing hardware, or serving as a linchpin in digital ecosystems, the lessons from this breach are urgent and universal.…
D
Daily Security Review
1 The Illusion of Shutdowns: What Hunters International's Closure Really Means 42:41
42:41 Play Later Play Later Lists Like Liked42:41
Play Later Play Later Lists Like LikedIn a sudden and cryptic announcement, the notorious ransomware group Hunters International has declared its shutdown, citing “recent developments” and pledging to release decryption keys to victims. Active since late 2022 and suspected to be a rebrand of the earlier Hive ransomware gang , Hunters International has been responsible for attacks on nearly 300 organizations across various industries. Yet, cybersecurity experts believe this announcement is less about remorse—and more about reinvention. In this episode, we dissect what this “shutdown” really means. Far from disappearing, the group may already be operating under a new name: World Leaks . This episode explores the lifecycle of ransomware gangs and how rebranding, splintering, and strategic pauses are common tactics used to throw off law enforcement and improve operational resilience. Key discussion points include: The lifecycle of ransomware groups, from emergent to established , using the GRIT taxonomy. How rebranding is used to evade law enforcement pressure and manage public perception, especially after high-profile disruptions. The Hive–Hunters–World Leaks lineage , and what indicators point to continuity rather than closure. Why law enforcement actions rarely shut down ransomware permanently, often leading to splinter or successor groups . The business model of ransomware , including double extortion, data leak sites, and Ransomware-as-a-Service (RaaS). Which sectors remain most vulnerable—including manufacturing, professional services, finance, and education —and how victim selection is increasingly based on financial footprint and data value . The significance of public communications and tactics like apologies, targeting rules, and ethics messaging used to shape ransomware groups' public image. The importance of ransomware payment tracking via blockchain , with insights into Bitcoin-based laundering operations and the transparency paradox of public ledgers. The value of Ransomware Susceptibility Index™ (RSI) metrics to help organizations prioritize defenses and understand their exposure. This case study of Hunters International exemplifies the strategic fluidity of modern ransomware operations —where shutting down may simply mean rebooting under a different brand. For defenders, staying ahead means recognizing these patterns, maintaining continuity in threat intelligence, and preparing for the next iteration before it strikes.…
D
Daily Security Review
1 CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late 40:49
40:49 Play Later Play Later Lists Like Liked40:49
Play Later Play Later Lists Like LikedA newly discovered and actively exploited zero-day vulnerability in Google Chrome has sent ripples through the cybersecurity community. Known as CVE-2025-6554 , this critical type confusion flaw in Chrome’s V8 JavaScript and WebAssembly engine enables remote attackers to perform arbitrary read/write operations or execute code via a single malicious webpage. With active exploitation confirmed and inclusion in CISA’s Known Exploited Vulnerabilities catalog , organizations are under urgent pressure to patch all affected systems—immediately. In this episode, we break down what makes this vulnerability especially dangerous, why Google’s Threat Analysis Group (TAG) is paying close attention, and what this incident tells us about the state of browser security, enterprise patch management, and memory safety technologies . Though Google has released patches for Chrome and other Chromium-based browsers—including Microsoft Edge, Brave, and Vivaldi—the scale of exposure across platforms is massive. Key topics we explore include: Technical breakdown of CVE-2025-6554 : How type confusion in the V8 engine leads to total compromise. Sandboxing in V8 : How Chrome's V8 Sandbox mitigates memory corruption—and what this exploit bypassed. Indicators of nation-state exploitation : The role of Google’s TAG and what it implies about the attackers. Patching priorities : Why immediate updates to versions 138.0.7204.96/.97 (Windows/Linux) and .92/.93 (macOS) are non-negotiable. Beyond Chrome : The ripple effect on all Chromium-based browsers and Electron-based applications. Patch management best practices : From realistic testing environments and system categorization to rollback procedures, KPIs, and automation. With CVE-2025-6554 being the fourth zero-day in Chrome this year , this isn’t just a browser issue—it’s a litmus test for security readiness . As attackers grow faster and more sophisticated, your ability to rapidly detect, prioritize, and patch vulnerabilities is more crucial than ever. Whether you're managing an enterprise IT infrastructure, leading an AppSec team, or securing a fleet of endpoints, this episode will arm you with both the technical insight and operational perspective needed to respond decisively to this threat—and to the next one.…
D
Daily Security Review
1 ANSSI vs. Houken: France Battles Advanced Chinese Hacking Threat 33:16
33:16 Play Later Play Later Lists Like Liked33:16
Play Later Play Later Lists Like LikedIn this episode, we uncover a high-stakes cyber campaign targeting the heart of French digital infrastructure. ANSSI , France’s national cybersecurity agency, has exposed a Chinese-linked hacking group known as Houken (UNC5174 or Uteus) responsible for a widespread espionage operation since late 2024. This state-adjacent threat actor infiltrated critical sectors including government, media, transport, telecom, and finance using an arsenal of sophisticated tactics—blending zero-day exploits, rootkits, and stealthy post-exploitation tools. The Houken group leveraged multiple zero-day vulnerabilities in Ivanti Cloud Service Appliances (CSA) —CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380—to gain initial access. But this wasn’t just about intrusion; Houken’s operators dug in deep: stealing credentials, moving laterally , and deploying a rare Linux kernel-mode rootkit capable of hijacking any inbound TCP traffic while remaining virtually invisible to traditional defenses. What sets this campaign apart isn’t just its technical sophistication—it’s the hybrid nature of the threat. ANSSI suggests Houken may be a cyber mercenary group , simultaneously working in the service of China’s Ministry of State Security (MSS) and pursuing financial gains , such as cryptocurrency mining and reselling system access. This “multiparty approach” signifies a dangerous evolution in cybercrime—where espionage and monetization coexist within a single operational framework. We delve into: The attack chain : from zero-day exploitation to credential harvesting and stealth persistence. The rootkit sysinitd.ko : a kernel module granting root-level command execution while avoiding detection. Defense evasion tactics : including timestomping , log deletion , and self-patching vulnerabilities to lock out rival threat actors. Houken’s toolkit : a mix of commodity utilities (Nmap, Netcat, Fscan) and custom implants (PHP webshells, SparkRAT, Neo-reGeorg). Operational clues that tie activity to China Standard Time (UTC+8) and highlight probable MSS alignment. This is more than a breach. It’s a signal that cyber mercenary operations are maturing , and European states are squarely in the crosshairs. The Houken campaign forces a reconsideration of perimeter defenses, zero-day management, and detection strategies for advanced persistent threats. Whether you’re a security architect, CISO, or public sector technologist, this episode provides a deep and essential briefing on one of the most sophisticated cyber espionage efforts uncovered in 2025.…
D
Daily Security Review
1 Psychological Manipulation and AI Fraud: How Spain Exposed a $12M Scam 17:21
17:21 Play Later Play Later Lists Like Liked17:21
Play Later Play Later Lists Like LikedIn this episode, we examine a growing threat reshaping financial crime in Europe: sophisticated, technology-driven investment fraud. Spanish law enforcement has recently dismantled a fraud operation that spanned multiple years, deceived over 300 victims, and resulted in more than $11.8 million in losses. What made this case particularly notable was the use of high-pressure call centers inside Spain , supported by strategic psychological manipulation , to drive fraudulent investments advertised across social media platforms. The scheme, launched in 2022, mimicked the playbook of larger international fraud networks—slick branding, convincing digital ads, and seemingly personalized pitches to lure in unsuspecting investors. Behind the scenes, victims were connected to well-trained fraud agents posing as investment advisors who used scripted tactics to manipulate emotional trust and urgency. This case, however, is just one node in a much broader web of financial crime being actively investigated across Spain: Authorities arrested 21 individuals and seized luxury vehicles, stacks of cash, and other high-value assets linked to the scheme. In a separate crackdown, Spanish police disrupted a ring that laundered over €500 million , highlighting the scale and integration of illicit finance operations within legitimate economic channels. Another scam exploited AI-generated advertisements and deepfakes to lure cryptocurrency investors into fake opportunities, netting €19 million. We unpack the evolving tactics used by fraudsters , including: Social engineering techniques that exploit emotional triggers and authority bias. The use of AI and deepfakes to create authentic-looking investment platforms and personalities. Affinity fraud , where scammers target members of specific communities or shared identity groups to exploit trust. The integration of cryptocurrency and decentralized finance (DeFi) to obscure money trails and enable rapid laundering. This episode also dives into the regulatory landscape , including how the EU’s Anti-Money Laundering Directive (AMLD) and organizations like FATF and Moneyval are attempting to curb these activities through stricter oversight, risk-based frameworks, and obligations for financial and non-financial intermediaries to report suspicious transactions. As these fraud rings adopt increasingly advanced tools—ranging from Telegram social engineering to metaverse impersonations—Spain’s efforts signal a broader shift: financial crime is becoming cybercrime , and law enforcement must keep pace. Whether you’re a financial compliance professional, cybersecurity lead, or simply someone navigating digital investments, this episode is your briefing on where the threat landscape is heading—and what can be done to stay one step ahead.…
D
Daily Security Review
1 CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security 41:32
41:32 Play Later Play Later Lists Like Liked41:32
Play Later Play Later Lists Like LikedA devastating vulnerability— CVE-2025-20309 —has been discovered in Cisco’s Unified Communications Manager (Unified CM) and its Session Management Edition (SME), threatening the security of over a thousand internet-exposed VoIP systems globally. In this episode, we break down this critical flaw , which scores a perfect CVSS 10.0 , and explore why it's one of the most dangerous telecom vulnerabilities in recent memory. The vulnerability stems from unchangeable hardcoded SSH root credentials inadvertently left in production code during development. Exploitable without authentication, this flaw grants remote attackers full root access to affected systems—an open door to full system takeover , VoIP eavesdropping , lateral movement , and even ransomware deployment . We discuss: What is CVE-2025-20309? A look at the hardcoded credential flaw impacting versions 15.0.1.13010-1 to 15.0.1.13017-1 of Cisco Unified CM. How bad is it? Full root access, unauthenticated, with over 1,000 vulnerable instances publicly exposed—especially in critical sectors across the U.S. and Asia. Threat actor implications : APT groups like APT28, APT41, and MuddyWater are known to exploit similar flaws. CloudSEK warns that access brokers may soon target and monetize these systems on darknet forums. What’s at stake : VoIP traffic manipulation : Intercept SIP/RTP streams for surveillance or disruption. Call log and voicemail exfiltration . Deployment of persistent malware and ransomware . Lateral movement to other enterprise systems . Mitigation roadmap : Patch immediately using Cisco’s released patch file: ciscocm.CSCwp27755_D0247-1.cop.sha512. Upgrade to 15SU3 when released. Monitor logs for root access attempts (/var/log/active/syslog/secure). Restrict administrative access , isolate Unified CM systems, and enforce VPN/firewall segmentation. No workarounds : This is not a flaw you can firewall away. Cisco has confirmed that there are no viable workarounds—patching is the only fix. The bigger picture : This incident also highlights the ongoing risks of default credentials , poor credential hygiene , and overreliance on perimeter defenses in VoIP and UC systems. It’s a reminder that VoIP isn’t just about call quality—it’s a core part of your network infrastructure that demands zero-trust scrutiny . Additional Cisco vulnerabilities : We also briefly touch on two related medium-severity flaws—CVE-2025-20308 (Spaces Connector privilege escalation) and CVE-2025-20310 (stored XSS in Cisco Enterprise Chat)—which, while not yet exploited, reinforce the need for robust Cisco infrastructure hygiene. This episode is essential listening for VoIP admins, network engineers, CISOs , and anyone managing unified communication platforms. Don’t wait for signs of compromise— patch now and audit your exposed assets . Security for voice systems is no longer optional; it’s foundational.…
D
Daily Security Review
1 macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains 43:09
43:09 Play Later Play Later Lists Like Liked43:09
Play Later Play Later Lists Like LikedA new, highly advanced malware strain— NimDoor —has emerged as the latest cyber weapon in the arsenal of North Korean state-sponsored hackers, specifically targeting macOS systems used by cryptocurrency and Web3 organizations. This episode explores the complex tactics and alarming capabilities of NimDoor, a malware family showcasing a blend of C++ and Nim programming , stealthy persistence mechanisms, and an intense focus on stealing digital assets . First identified in early 2025, NimDoor marks a significant evolution in North Korean cyber operations. Delivered through social engineering on Telegram , the attack chain begins with a deceptive fake Zoom SDK update. Once executed, the malware installs multiple payloads—including GoogIe LLC and CoreKitAgent —designed to establish persistence, exfiltrate data, and communicate with command-and-control servers using TLS-encrypted WebSocket connections and layered RC4 encryption . This episode covers: Anatomy of the NimDoor Infection Chain : How Telegram lures and fake SDKs lead to multi-stage infections on macOS. Advanced Persistence via Signals : A rare signal-based persistence mechanism enables NimDoor to reinstall itself if terminated—an unusually resilient feature for macOS malware. Targeted Data Theft : NimDoor steals sensitive browser data, cryptocurrency wallet credentials, Telegram's encrypted databases, macOS Keychain items, and even command histories. Why Nim Matters : The use of Nim , a lesser-known and rarely detected language in malware development, allows attackers to evade traditional antivirus and EDR solutions while enabling sophisticated binary construction. North Korea’s Cyber Objectives : The Lazarus Group and its affiliated APTs are not just stealing information—they are funneling stolen cryptocurrency to fund the North Korean regime , bypassing sanctions. macOS as a Target : This attack busts the myth of Apple’s invincibility, illustrating how macOS is now firmly in the crosshairs of nation-state threat actors. Modular Payloads and Exfiltration Tools : From C++ loaders to Nim-compiled components and Bash scripts like upl and tlgrm, the malware’s design is optimized for flexibility and maximum data theft. How to Defend : Don’t trust third-party cryptocurrency tools—especially if shared via chat platforms like Telegram. Train teams to recognize fake software prompts and suspicious update requests. Apply the principle of least privilege, and implement strict application allowlists. Patch aggressively and monitor for unexpected outbound connections over wss (WebSocket over TLS). Understand that malware written in Nim is no longer exotic—it's active and dangerous . The NimDoor campaign represents a convergence of nation-state strategy, programming innovation, and cryptocurrency exploitation . For Web3 builders, crypto investors, and cybersecurity professionals, it’s a wake-up call that threat actors are not just evolving—they're innovating faster than ever.…
D
Daily Security Review
1 Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks 56:02
56:02 Play Later Play Later Lists Like Liked56:02
Play Later Play Later Lists Like LikedA newly disclosed vulnerability— CVE-2025-20309 —in Cisco's Unified Communications Manager (Unified CM) and Session Management Edition has sent shockwaves through enterprise VoIP and IT security teams. The flaw stems from hardcoded root SSH credentials that could allow unauthenticated remote attackers to gain full control of affected systems. In this episode, we unpack the gravity of this vulnerability and its broader implications for VoIP security. Cisco has issued a patch to remove the backdoor account from affected versions, but the vulnerability’s CVSS score of 10.0 underscores the risk to organizations still running unpatched systems. A successful exploit could enable attackers to manipulate network topology, execute denial-of-service attacks, intercept VoIP traffic via port mirroring, or even erase logs and implant persistence mechanisms. While no active exploitation has been reported, the risk is far from theoretical. This episode explores both the technical and strategic dimensions of VoIP security, including: Understanding CVE-2025-20309 : How static root credentials opened the door to full system compromise and why this vulnerability is especially dangerous in a Unified CM context. VoIP-Specific Security Risks : The inherent architectural vulnerabilities of VoIP, including its tight QoS constraints, encryption-induced latency, NAT complications, and its integration with dynamic, open networks. Protocol-Level Complexity : Challenges introduced by SIP, H.323, and NAT traversal protocols like STUN, TURN, and ICE—and how attackers can exploit these for interception or disruption. Encryption Dilemmas : Why SRTP, IPsec, and key management schemes like MIKEY offer needed protection but also introduce latency, jitter, and crypto-engine bottlenecks that VoIP networks struggle to absorb. Hardening VoIP Systems : Change default device passwords and audit all endpoints, including phones and switches. Separate voice and data networks where possible to reduce attack surface. Apply VoIP-aware firewalls and intrusion detection tools. Encrypt both signaling and media streams with SRTP or H.235 where feasible. Use Session Border Controllers (SBCs) or Application Layer Gateways (ALGs) to manage NAT traversal securely. Legal and Compliance Considerations : Interception laws, call record retention, and regulatory requirements differ for VoIP—organizations must consult legal counsel to avoid unintended violations. What Cisco Admins Must Do Now : Guidance for patching, log review for potential indicators of compromise, and securing remote access to Unified CM environments going forward. VoIP systems are increasingly integral to enterprise communications—and increasingly targeted. This episode stresses that security must evolve with functionality , and that modern communications infrastructure cannot afford to overlook foundational flaws like hardcoded credentials.…
D
Daily Security Review
1 Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites 50:32
50:32 Play Later Play Later Lists Like Liked50:32
Play Later Play Later Lists Like LikedA critical new WordPress vulnerability— CVE-2025-6463 —has been discovered in the widely used Forminator plugin , affecting over 600,000 active installations and putting hundreds of thousands of websites at risk of full compromise. In this episode, we dive deep into the mechanics, risks, and remediation of this arbitrary file deletion flaw and explain what every WordPress administrator, developer, and security professional needs to know. At the heart of this issue is improper validation in how the Forminator plugin handles file paths when deleting form entries. This allows unauthenticated attackers to inject file paths into form submissions—even in fields not meant to accept files—and trick the system into deleting critical WordPress files like wp-config.php. The result? A full site reset , granting attackers an opportunity to seize control of the site . Here’s what we unpack in this episode: The CVE-2025-6463 Vulnerability : How the exploit works, which function is flawed (entry_delete_upload_files), and why unsanitized file arrays in form fields make this so dangerous. Real-World Impact : Deleting wp-config.php can reset a WordPress site, giving an attacker a window to install a fresh site under their control . Scope of Exposure : Over 400,000 sites remain unpatched , and many administrators may not even be aware they’re running outdated versions of the Forminator plugin. The Fix in Version 1.44.3 : We discuss how the patch restricts deletions to specific field types, limits file deletions to safe directories, and enforces path normalization and filename sanitization. Why WordPress Sites Are Frequent Targets : A broader look at WordPress security—including why abandoned plugins, weak file permissions, brute force attacks, and poor update hygiene continue to lead to compromises. Best Practices to Secure WordPress : Always keep core, themes, and plugins up to date Remove unused plugins and themes completely—not just deactivate them Set secure file permissions (755 for directories, 644 for files, and 400 or 440 for wp-config.php) Use activity logs , 2FA , and limit login attempts Disable file editing in wp-config.php Turn off PHP error reporting in production environments Use reputable security plugins like Jetpack or Wordfence for real-time protection The Role of Hosting Providers : Why choosing a secure hosting platform with automatic backups, patching, and server-level firewalls makes a huge difference in your site’s security posture. Mitigating Plugin-Related Risks : We explain how to monitor plugins using services like WPScan and how to respond swiftly to new CVEs. This is a wake-up call for the WordPress community: A single vulnerable plugin can bring down an entire website . Whether you manage one site or hundreds, understanding this threat and acting fast can be the difference between a minor maintenance task and a full-blown compromise.…
D
Daily Security Review
1 Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis 1:08:04
1:08:04 Play Later Play Later Lists Like Liked1:08:04
Play Later Play Later Lists Like LikedIn one of the latest large-scale data breaches to hit the U.S. private sector, Kelly Benefits , a provider of payroll and benefits administration services, disclosed a significant cybersecurity incident impacting over 553,000 individuals . The breach, which occurred in December 2024 but was only revealed in April 2025 , exposed sensitive personal information—including names, Social Security numbers, financial data, and even medical records —of employees linked to over 40 partner organizations , such as Aetna Life Insurance and United Healthcare . This episode explores what really happened, why this breach matters, and how it fits into the growing wave of identity theft driven by third-party vendor compromises. We take you through: The Scope of the Kelly Benefits Breach : What data was stolen, how many entities were affected, and why the delayed disclosure has legal and ethical ramifications. The Invisible Cost of Vendor Vulnerabilities : How breaches at service providers can cascade downstream, exposing thousands of individuals tied to organizations with no direct involvement in the original breach. The Growing Identity Theft Epidemic : With over 500,000 individuals exposed in this incident alone, we look at how breaches like this contribute to financial fraud, medical identity theft , and long-term privacy violations. Common Identity Theft Tactics : From phishing and spoofing to malware and physical document theft, threat actors exploit every avenue to steal and monetize personal information. Warning Signs of Identity Theft : Unfamiliar accounts, strange billing activity, and credit applications you didn’t submit—learn what to look for and when to act. What Victims Can Do Now : We provide a step-by-step recovery roadmap: Freeze your credit at all three bureaus Monitor all financial and health accounts Use the FTC's IdentityTheft.gov to file official reports Replace compromised IDs and secure your digital identity Organizational Responsibilities : What companies like Kelly Benefits (and those they serve) should have in place: risk assessments, vendor security audits, encryption policies, and phishing-resistant multi-factor authentication (MFA). Best Practices for Prevention : Use strong, unique passwords and MFA Keep devices patched and software up to date Secure personal Wi-Fi and avoid public networks for sensitive access Beware of phishing, spoofing, and suspicious attachments Periodically check your credit reports for unfamiliar activity We also spotlight the legal rights of breach victims , including placing fraud alerts, disputing fraudulent accounts, and demanding removal of bad information from credit reports. The episode underscores a critical point: identity theft is no longer a matter of “if,” but “when” —and preparation is your best defense. Whether you're an affected individual, an employer relying on third-party benefit providers, or a cybersecurity professional tasked with securing sensitive PII, this episode offers critical insights and practical takeaways .…
D
Daily Security Review
1 FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks 46:04
46:04 Play Later Play Later Lists Like Liked46:04
Play Later Play Later Lists Like LikedA newly disclosed exploit dubbed FileFix is redefining how attackers bypass Microsoft Windows' built-in security protections—specifically the Mark-of-the-Web (MotW) mechanism. Developed and detailed by security researcher mr.d0x , this attack takes advantage of how browsers save HTML files and how Windows handles HTA (HTML Application) files . The result? Malicious scripts can execute without warning, bypassing the very safeguards designed to flag untrusted code. In this episode, we break down how FileFix works, why it’s effective, and what makes it uniquely dangerous. Unlike many malware campaigns, FileFix doesn’t rely on zero-day exploits or complex payloads—instead, it exploits the weakest link in the chain: human behavior. Key topics include: Understanding FileFix Mechanics : How a simple rename from .html to .hta can convert a saved webpage into a launchpad for malicious code execution— without triggering MotW protections . Social Engineering at the Core : FileFix depends on user interaction. By designing convincing phishing lures, attackers guide users to unknowingly bypass their own defenses— a modern twist on old tricks . The Role of mshta.exe : This deprecated Windows binary remains powerful and dangerous. We examine how attackers use it to execute scripts and why defenders should consider disabling or removing it entirely. MotW Bypass Techniques : Beyond FileFix, we dive into container-based bypasses (.iso, .img), and how utilities and encoding tricks (e.g., RLO, double extensions, invisible Unicode) help malware evade detection. Masquerading and Human Blind Spots : From fake filenames like Invoice.pdf.exe to Unicode manipulation, attackers exploit user assumptions and default system behaviors to hide malware in plain sight. Detection and Mitigation Strategies : We offer a practical set of defenses: Disable or restrict mshta.exe through AppLocker or WDAC Block or quarantine .html, .htm, and .hta email attachments Enable file extension visibility across endpoints Train users to recognize suspicious file behaviors and social engineering lures Implement behavioral detection—e.g., alert when mshta.exe spawns powershell.exe Why FileFix Matters Now : With the rise of AI-generated content and increasingly polished phishing infrastructure, low-tech, high-impact attacks like FileFix are gaining new relevance . The simpler the technique, the broader its reach. As Windows continues to harden its systems, attackers are shifting focus to user-driven execution paths . FileFix exemplifies this shift—blending psychological manipulation with deep technical understanding of system behaviors. For defenders, the challenge is clear: technical controls must be matched by human-aware defenses . This is a must-listen for enterprise defenders, SOC analysts, and red teamers tracking the latest in Windows exploitation tactics. If your security strategy still assumes technical exploitation is the biggest threat, FileFix is your wake-up call .…
D
Daily Security Review
1 Sophisticated Cyberattack on the International Criminal Court: Justice in the Crosshairs 19:37
19:37 Play Later Play Later Lists Like Liked19:37
Play Later Play Later Lists Like LikedThe International Criminal Court (ICC), the world’s foremost tribunal for prosecuting war crimes, genocide, and crimes against humanity, has confirmed yet another sophisticated cyberattack , highlighting the persistent threat facing high-profile global institutions. This marks the second targeted intrusion against the ICC in recent years , and although the organization successfully detected and contained the attack, critical questions remain—who was behind it, what data may have been compromised, and how can institutions like the ICC defend against increasingly complex threats? In this episode, we examine the June 2025 cyber incident targeting the ICC’s internal systems. While the technical specifics remain undisclosed, the context is telling: mounting geopolitical tensions, high-profile arrest warrants for global leaders, and a growing wave of politically motivated cyber intrusions. Key insights include: The strategic targeting of international justice institutions and how the ICC’s sensitive caseload (including cases involving heads of state) may drive cyber interest from state-aligned actors. A review of the ICC’s cyber resilience measures and how their swift containment of the breach reflects a mature security posture—but also underscores the limits of transparency in cyber disclosures. The critical need for integrated resilience strategies , merging business continuity, disaster recovery, cybersecurity, and incident response into a unified framework. The lifecycle of a well-structured incident response: from identification and containment to post-incident forensics and recovery. Lessons for international organizations and government agencies , particularly those engaged in politically sensitive or human rights-related work. A discussion on common organizational gaps —such as siloed planning, inadequate testing, or lack of senior leadership engagement—that can weaken cyber preparedness even in highly secure institutions. The escalating geopolitical risk of cyber conflict, where disinformation, sabotage, and espionage become tools of statecraft targeting justice systems, election infrastructures, and human rights advocates. This incident reinforces the reality that even the most globally respected institutions must constantly evolve their cyber defenses. As the line between geopolitics and cyberspace continues to blur, organizations like the ICC are not just administering justice—they're operating on the front lines of global cyber warfare. For CISOs, risk leaders, and those in public international service, this episode is a call to action: build resilience not just for business continuity, but for mission continuity in a world where digital systems are both your greatest strength—and your greatest vulnerability.…
D
Daily Security Review
1 Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security 43:40
43:40 Play Later Play Later Lists Like Liked43:40
Play Later Play Later Lists Like LikedIn a major red flag for the industrial cybersecurity community, three newly disclosed vulnerabilities in Microsens NMP Web+ , a popular network management solution used across critical infrastructure, have revealed just how fragile many ICS environments remain. The flaws—two rated critical and one high—allow unauthenticated attackers to bypass authentication , generate forged JWTs , and execute arbitrary code , potentially enabling full system compromise with no credentials required. Discovered by security researcher Noam Moshe, the vulnerabilities demonstrate how a combination of weak authentication mechanisms and insecure file handling can open the door to devastating attacks. While patches have now been released, some vulnerable systems remain internet-exposed , prompting urgent warnings from CISA—especially for those in the critical manufacturing sector . In this episode, we dive into what went wrong, why these bugs are so dangerous, and how this incident reflects a deeper and systemic challenge in ICS security. Topics covered include: The technical anatomy of the vulnerabilities (CVE-2025-49151, CVE-2025-49153, CVE-2025-49152) and how attackers can chain them for full remote access. Why ICS systems—unlike traditional IT—face unique challenges around patching, downtime tolerance, and legacy software dependencies. The dangerous rise of internet-exposed ICS systems , with over 145,000 devices globally found accessible via public scans. The critical role of vendor patching , network segmentation, and compensating controls when downtime prevents immediate updates. Strategic best practices like: Building dedicated ICS test environments for patch validation Using firewalls and virtual patching to buy time when updates can’t be applied Adopting zero-trust architecture and isolating OT from business IT networks The persistent convergence of IT and OT networks , creating new attack surfaces if not tightly managed Real-world consequences of ICS vulnerabilities: from ransomware shutting down production lines to malware causing device malfunction and downtime Microsens isn’t the only vendor in the spotlight—this episode sheds light on an industry-wide problem where security is often deprioritized in favor of uptime , and vendors may still use outdated design practices like hardcoded credentials or unexpired tokens. For CISOs, OT engineers, and asset owners in manufacturing, energy, and industrial sectors , this is a critical wake-up call. Patching can’t be reactive—it must be strategic, tested, and integrated with operational priorities. Because when ICS systems go down, it’s not just data at risk—it’s the infrastructure behind national economies and physical safety.…
D
Daily Security Review
1 Qantas Data Breach: Third-Party Hack Exposes Millions of Frequent Flyers 24:36
24:36 Play Later Play Later Lists Like Liked24:36
Play Later Play Later Lists Like LikedIn a stark reminder of the aviation industry's growing exposure to cyber threats, Australian airline Qantas recently confirmed a serious data breach—this time not from its own systems, but from a third-party platform used by one of its customer contact centers. The breach exposed personal data for up to six million customers , including names, dates of birth, contact details, and frequent flyer numbers. Although financial and passport information were not affected , the scale and nature of the compromise have sent shockwaves through the sector. This episode unpacks what happened, why it matters, and what the broader aviation and cybersecurity communities can learn from this breach. We examine: The anatomy of the Qantas breach —how attackers infiltrated a call center platform, bypassing internal security safeguards. The suspected involvement of Scattered Spider , a notorious cybercrime group adept at vishing, MFA bypass, and social engineering tactics. Why third-party risk is the aviation industry’s Achilles’ heel , with many airline vendors holding poor cybersecurity ratings and limited defenses. The rising tide of ransomware, DDoS attacks, and nation-state aggression aimed at aviation networks. How the aviation industry’s focus on physical security has historically come at the expense of digital resilience—and why that must change. The Qantas breach also surfaces urgent regulatory, reputational, and operational questions: Under Australia’s updated Privacy Principle 11 , what constitutes “reasonable steps” to protect customer data? Are airlines truly ready for evolving mandates from regulators like the U.S. TSA, the EU, and ICAO? How do communication failures during cyber incidents amplify public distrust, and what does Qantas’s response tell us about effective crisis management? With billions flowing into aviation cybersecurity and cyber insurance costs climbing , industry stakeholders must address the weakest links—especially vendor ecosystems and human-centric attack vectors. That includes upgrading to phishing-resistant MFA, simulating real-world social engineering attacks, and implementing rigorous access controls across third-party platforms. Whether you're a CISO at an airline, a cybersecurity leader in transportation, or a vendor in the aviation supply chain , this episode offers critical insights into managing cyber risk in one of the world’s most high-stakes industries.…
D
Daily Security Review
1 Berlin Regulator Targets DeepSeek AI Over Data Transfers to China 43:41
43:41 Play Later Play Later Lists Like Liked43:41
Play Later Play Later Lists Like LikedGermany’s battle over digital sovereignty and data privacy has intensified, with the Berlin Commissioner for Data Protection formally requesting that Google and Apple remove the DeepSeek AI application from their app stores. The move stems from allegations that DeepSeek, a Chinese-developed generative AI platform, violates the EU’s General Data Protection Regulation (GDPR) by unlawfully collecting data from German users and transferring it to Chinese servers—beyond the EU’s legal jurisdiction and outside GDPR’s protections. This episode explores the broader implications of this takedown request under Article 16 of the EU Digital Services Act (DSA) and unpacks what this means for AI platforms, app store governance, and global data flows. We go beyond the headlines to examine: How GDPR governs cross-border data transfers , and why transfers to China often fall short of EU legal adequacy requirements. The clash of data philosophies between the EU’s GDPR and China’s PIPL , revealing a deeper regulatory rift grounded in individual rights versus state sovereignty. Why DeepSeek’s refusal to comply voluntarily triggered enforcement escalation , and how this signals a tougher European stance on foreign AI apps operating in the single market. The role of the Digital Services Act (DSA) in compelling app platforms like Google and Apple to act on national regulatory concerns—even when raised by a single EU state authority. The risk of fragmenting global data flows and creating incompatible governance zones, hindering both trade and innovation. What this action reveals about the “Brussels Effect” —the EU’s growing influence on global digital regulation—and how that’s reshaping how tech firms build and deploy AI. We also situate the DeepSeek case within broader global dynamics, including: Rising tensions around AI regulation, national security, and data localization How multinational firms struggle to comply with competing privacy frameworks The environmental and economic costs of fragmented data governance Regulatory uncertainty around AI tools' collection, training data use, and transparency This is a must-listen episode for privacy professionals, compliance officers, digital policymakers, AI developers, and global tech executives navigating today’s increasingly territorial data landscape.…
D
Daily Security Review
1 CISA Flags Citrix NetScaler Flaws: What CVE-2025-6543 Means for Federal and Private Networks 56:41
56:41 Play Later Play Later Lists Like Liked56:41
Play Later Play Later Lists Like LikedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—an urgent signal for federal agencies and private enterprises alike. At the center of this update is CVE-2025-6543 , a memory overflow flaw affecting NetScaler ADC and Gateway appliances, which could lead to Denial of Service attacks under specific configurations. This joins earlier additions from 2023, including CVE-2023-6548 and CVE-2023-6549, covering code injection and buffer overflow vulnerabilities. In this episode, we explore why NetScaler vulnerabilities are drawing heightened attention, how they are actively being exploited, and what organizations must do to stay ahead of increasingly sophisticated cyber threats. But the scope of this episode goes far beyond Citrix. We delve into the latest intelligence on: Active APT campaigns like Swan Vector , which leverages OAuth abuse, DLL sideloading, and Cobalt Strike to infiltrate institutions across Taiwan and Japan The rise of “Shadow AI” in enterprises , where unsanctioned GenAI tools introduce hidden risks like data exfiltration, training leakage, and geopolitical exposure A roundup of critical vulnerabilities , including high-severity flaws in Cisco ISE (CVE-2025-20281/20282), Veeam Backup, Roundcube Mail Server, and Trend Micro PolicyServer—all being actively targeted or at high risk Key insights from the episode: Why CISA’s KEV catalog should be a top priority for every organization’s patch management strategy How vulnerabilities like CVE-2025-6543 can be weaponized in real-world attacks , and why even memory overflows in peripheral configurations matter Best practices for hardening Citrix NetScaler environments , including RBAC, TLS restrictions, session timeouts, and audit logging The strategic implications of APT groups abusing legitimate services like Google Drive and PrintDialog.exe to remain stealthy How organizations can shift from blocking to secure AI enablement , using real-time browser monitoring and open-source LLMs tuned for enterprise context The consequences of lagging on patches: RCE, privilege escalation, SQL injection, and OS command execution across enterprise infrastructure The episode also covers TWCERT/CC’s alerts on actively exploited vulnerabilities in ASUS routers, Acer software, Zyxel devices, and SAP systems—underscoring the truly global and cross-sector nature of the threat landscape. This episode is essential listening for security architects, IT managers, CISOs, and vulnerability management teams trying to cut through the noise and act on what truly matters. With mandated remediation deadlines (like July 21, 2025, for CVE-2025-6543) now baked into CISA advisories, the time to act is now.…
D
Daily Security Review
1 Cato Networks Secures $359M to Fuel AI-Powered SASE Expansion 17:12
17:12 Play Later Play Later Lists Like Liked17:12
Play Later Play Later Lists Like LikedCato Networks just raised $359 million in Series G funding , pushing its valuation past $4.8 billion and its total funding beyond the $1 billion mark—a milestone that cements its place as one of the most formidable players in the rapidly expanding Secure Access Service Edge (SASE) market. In this episode, we unpack what this massive investment means for the future of enterprise cybersecurity, AI integration, and network transformation. Founded in 2015, Cato has built a cloud-native platform that seamlessly unifies SD-WAN, security services, and a global private backbone across more than 85 Points of Presence. With over 3,500 customers already on board, Cato offers a tightly integrated, single-vendor solution that simplifies operations while delivering enterprise-grade security and network performance. This funding round is more than just a headline—it’s a validation of Cato’s unique vision in a market projected to exceed $28.5 billion by 2028 . We explore how Cato is using this capital to scale its AI-powered threat detection, expand its global infrastructure, and accelerate feature innovation across its SASE stack. Key topics covered: Why investors are pouring hundreds of millions into SASE—and why Cato is leading the pack The advantages of Cato’s single-vendor architecture vs. multi-vendor patchworks How Cato’s AI-driven engine enhances threat detection and incident response Enterprise customer success stories from Elkjøp, Häfele, Swissport, Carlsberg, and others The shift from legacy MPLS to Cato’s converged, cloud-native model—and the cost savings that come with it Cato’s performance advantages in global markets, including China The strategic importance of Zero Trust Network Access (ZTNA), XDR, and integrated CASB/DLP features A comparison of Cato with major competitors like Zscaler, Netskope, and Palo Alto Networks The operational simplicity enabled by “plug-and-play” Cato Sockets and a true single-pane-of-glass dashboard What this round means for Cato’s roadmap, customer reach, and long-term vision As enterprises face mounting pressure to secure increasingly complex hybrid and global infrastructures, Cato Networks is emerging as the go-to platform for organizations seeking agility, performance, and security—all in one place.…
D
Daily Security Review
1 Chrome’s Latest Zero-Day: CVE-2025-6554 and Remote Code Execution Risks 54:24
54:24 Play Later Play Later Lists Like Liked54:24
Play Later Play Later Lists Like LikedA new high-severity zero-day vulnerability in Google Chrome— CVE-2025-6554 —has sent shockwaves across the cybersecurity landscape. This episode dives into the technical details, real-world impact, and broader implications of this actively exploited flaw. Tracked as a type confusion bug in Chrome’s V8 JavaScript engine , the vulnerability allows attackers to remotely execute code by luring users to malicious HTML pages—a powerful vector for surveillance, espionage, or criminal exploitation. We break down the story behind the vulnerability, discovered by Google’s own Threat Analysis Group, and examine what it reveals about the state of browser security today. Chrome users across all platforms have been urged to update immediately to patched versions, as threat actors are already leveraging this exploit in the wild. In this episode, we cover: What CVE-2025-6554 is and how it works : A type confusion bug that opens the door to remote code execution via a malicious webpage. Why this matters : This is the fourth actively exploited Chrome vulnerability in 2025—part of a disturbing trend in targeted, zero-day browser attacks. The evolving threat landscape : Cybercriminals and state-sponsored actors alike are embracing ransomware-as-a-service , phishing campaigns, and social engineering to exploit browser flaws. The hidden complexity of browser security : IT teams face a logistical nightmare patching browsers across diverse devices, configurations, and hybrid work environments. Misconfigured browsers become open doors for attackers. Type confusion explained : We break down how dynamic typing in JavaScript can be manipulated to bypass security controls—and why it’s so dangerous. Enterprise implications : With over 2 billion users relying on Chrome, organizations must take proactive steps: patch promptly, configure securely, segment work and personal browsing, and monitor emerging threats. Remote Code Execution (RCE) : Why this class of vulnerabilities remains one of the most feared in cybersecurity, with the potential for full system compromise. We also explore best practices and future-forward strategies , including: Implementing Zero Trust policies Adopting AI-driven browser isolation and threat detection Using segmented browser profiles for corporate and personal use Educating users on phishing and social engineering tactics Investing in enterprise-grade secure browsing solutions Chrome’s latest zero-day is more than just a technical footnote—it’s a signal flare for the growing complexity and urgency of browser-based security. Whether you're a security architect, IT manager, or just trying to keep your organization protected in an increasingly dangerous web environment, this episode offers critical insights and actionable takeaways.…
D
Daily Security Review
1 Russia’s 16KB Curtain: Cloudflare Throttling and the Future of the RuNet 1:45:31
1:45:31 Play Later Play Later Lists Like Liked1:45:31
Play Later Play Later Lists Like LikedRussia has entered a new phase of digital authoritarianism. In a sweeping move, Russian Internet Service Providers (ISPs) have begun systematically throttling access to Cloudflare and other Western-backed services, including infrastructure giants Hetzner and DigitalOcean. This throttling is so severe that it restricts downloads to just 16 kilobytes per connection—effectively rendering affected websites unusable. It’s a chilling technical development dubbed the “16KB Curtain.” In this episode, we explore Russia’s strategic effort to isolate its internet from the global web—a campaign known as digital sovereignty. This isn’t just a geopolitical talking point. It’s an active campaign of infrastructure control, information censorship, and aggressive filtering. We examine: The mechanics of the 16KB throttle : How it works, what it breaks, and why it’s so effective. Cloudflare’s position : The company has confirmed it cannot mitigate the throttling—this is not a technical glitch, it’s a political weapon. The broader pattern : Throttling is only part of a sweeping campaign to restrict VPNs, disrupt anti-censorship tools like Psiphon, and elevate domestic tech over foreign services. But this isn't just about website access. It’s about the future of RuNet —a Russian internet fenced off from global influence. The Kremlin’s vision includes a national DNS system, deep packet inspection at scale, and mandates for domestic apps and cloud infrastructure. Yet, behind this ambition lies a critical weakness: Russia’s ongoing dependence on Western and Chinese technologies , from chips to software. We also unpack: The expansion of mobile internet blackouts across over 30 regions—even those far from conflict zones. The illusion of self-sufficiency : Despite homegrown efforts in CPUs and software, Russia still lacks foundational capabilities in 5G, storage, and OS development. Impact on Russian citizens and international companies : Users are increasingly isolated. Businesses are forced to exit or adapt to a tech landscape dictated by the state. In a world where censorship increasingly masquerades as cybersecurity, Russia is pioneering an extreme model of network control—one that may be replicated elsewhere. Whether you work in global IT infrastructure, cybersecurity, or international policy, this episode reveals the high-stakes intersection of technology, politics, and freedom of information .…
D
Daily Security Review
1 Ahold Delhaize Data Breach: 2.2 Million Employee Records Exposed 37:44
37:44 Play Later Play Later Lists Like Liked37:44
Play Later Play Later Lists Like LikedAhold Delhaize, one of the world’s largest food retailers, is now the subject of one of the most significant ransomware breaches in recent U.S. history. Affecting over 2.2 million current and former employees , this incident—claimed by the cybercrime group INC Ransom —highlights the rising threat posed by ransomware-as-a-service operations targeting enterprise systems across critical sectors. In this episode, we unpack the breach, its long-delayed public disclosure, and the sensitive data exposed—including Social Security numbers, financial accounts, health records, and employment data. While customer payment information appears unaffected, the breach underscores systemic vulnerabilities in enterprise cybersecurity, especially around internal systems and employee data. We also explore the evolving tactics of modern ransomware groups , such as: Double extortion : stealing and threatening to leak sensitive data in addition to encrypting systems Initial access via known vulnerabilities (e.g., Citrix NetScaler) and social engineering Skipping encryption altogether , focusing solely on pure extortion Targeting soft spots like IT help desks and internal apps, rather than traditional perimeter defenses INC Ransom, a relatively new but increasingly active ransomware group, has used these methods in over 250 attacks , including hits on government and healthcare systems. The Ahold Delhaize incident represents their largest breach by data volume to date. We also examine the legal and regulatory implications of the breach: Potential class action lawsuits for negligence and delayed notification Risks under HIPAA if health data is involved Compliance issues under state breach notification laws and privacy regulations Impacts of international frameworks like GDPR for global operations As ransomware attacks grow in scale and sophistication, this breach signals broader challenges for enterprise resilience. We'll discuss what went wrong, how businesses can prepare, and what steps every organization should consider now: Implementing Zero Trust architectures Strengthening employee training and phishing defenses Enhancing vendor and internal app security Regular resilience audits and incident response testing This episode is essential listening for CISOs, IT leaders, legal teams, and anyone involved in protecting sensitive data across large, distributed enterprises. The Ahold Delhaize breach isn’t just a warning—it’s a roadmap of how today’s attackers are bypassing yesterday’s defenses.…
D
Daily Security Review
1 Why Canada Banned Hikvision: National Security vs. Geopolitics 52:07
52:07 Play Later Play Later Lists Like Liked52:07
Play Later Play Later Lists Like LikedCanada has taken a definitive stance in the escalating global scrutiny of Chinese technology, ordering surveillance giant Hikvision to cease all operations within its borders. Citing national security concerns and acting on the advice of intelligence agencies, the Canadian government has banned the use of Hikvision products across its public sector, initiated reviews of existing installations, and aligned itself with a growing international movement to curtail the influence of Chinese state-linked tech. This podcast unpacks the details of Canada’s decision and places it within the broader geopolitical, regulatory, and cybersecurity context. Hikvision, already the subject of U.S. sanctions due to its alleged role in surveillance activities in China’s Xinjiang region, now finds itself at the center of a new wave of Western pushback. The ban raises serious questions about the intersection of security, foreign investment, human rights, and technology policy. In this episode, we explore: The Canadian government's justification for banning Hikvision, based on classified intelligence and national security assessments Hikvision's rebuttal and China’s diplomatic protest, framing the ban as a politically motivated and discriminatory act The growing body of restrictions against Chinese technology in the U.S., including NDAA §889, CFIUS interventions, and state-level bans Concerns over Hikvision’s alleged role in surveillance of Uyghur populations and its connection to broader human rights issues The tactics used by Chinese tech firms to circumvent restrictions, such as “white-labeling” of devices Key risks associated with Chinese-made surveillance equipment, including backdoors, weak encryption, and remote server control How Canada’s updated Investment Canada Act (ICA) is reshaping the foreign investment landscape with pre-closing reviews, enhanced penalties, and increased focus on SOEs The trend of “de-risking” versus “decoupling” from Chinese tech and what this means for Canada’s digital infrastructure strategy The geopolitical fallout of the ban, especially as it relates to Canada-China relations and ongoing concerns about cyberespionage campaigns targeting Canadian networks Strategic considerations for critical infrastructure, public procurement, and private sector organizations in response to the shifting regulatory terrain This episode is essential for anyone tracking global technology policy, cybersecurity, and national security in the digital age. As nations wrestle with balancing innovation, economic cooperation, and the imperative to secure their critical systems, Canada’s Hikvision ban signals a decisive step—and a broader trend of growing friction between Western democracies and Chinese state-linked technology providers.…
D
Daily Security Review
1 Scattered Spider Takes Flight: Inside the Cybercrime Group’s Move into Aviation 43:38
43:38 Play Later Play Later Lists Like Liked43:38
Play Later Play Later Lists Like LikedAs the aviation industry becomes more digitally interconnected, its exposure to sophisticated cyber threats continues to grow. One of the most dangerous actors in this space— Scattered Spider , a financially motivated and technically skilled cybercrime group—has recently shifted its focus to target the aviation sector. With recent incidents involving Hawaiian Airlines , WestJet , and others, global concern is rising over the safety of airline IT systems, vendor infrastructure, and the broader aviation supply chain. This episode unpacks how Scattered Spider operates, why the aviation industry is increasingly at risk, and what this means for cybersecurity readiness in one of the world’s most critical sectors. Known for its deep social engineering tactics , the group bypasses MFA, exploits IT help desks, abuses third-party vendor trust, and deploys ransomware in record time. As the FBI, CISA, and leading cybersecurity firms like Mandiant and Palo Alto Networks sound the alarm, airlines and their partners are being forced to rethink how they defend against these agile, persistent attackers. In this episode, we cover: The evolving cyber threat landscape facing the aviation industry A breakdown of Scattered Spider’s tactics, including phishing, SIM swapping, and help desk impersonation How the group maintains persistent access using federated identity and RMM tools Suspected links between Scattered Spider and recent incidents at Hawaiian Airlines and WestJet The aviation supply chain as a prime vulnerability—why low-scoring vendors pose high risks Why airlines face a 2.9x greater breach risk when they fall below an 'A' cybersecurity rating ICAO's cybersecurity strategy pillars and what global coordination could look like in practice CISA’s mitigation guidance: offline backups, phishing-resistant MFA, patching, and more The role of third-party risk management and “security by design” in preventing future breaches Why the FBI discourages ransom payments—and what alternatives exist This episode isn’t just a cautionary tale for airlines—it’s a wake-up call for any sector that relies on sprawling digital ecosystems and third-party providers. With Scattered Spider expanding its target footprint, now is the time for the aviation sector and its partners to elevate their defenses, harden human factors, and embrace a security culture built for the borderless age of cyberwarfare.…
D
Daily Security Review
1 Fortnite and the FTC: How Epic Games Misled Players into Unwanted Purchases 54:56
54:56 Play Later Play Later Lists Like Liked54:56
Play Later Play Later Lists Like LikedIn a landmark case that reshapes the conversation around digital ethics, the Federal Trade Commission’s $520 million settlement with Epic Games over its Fortnite monetization tactics highlights a critical issue facing the modern digital economy: the weaponization of interface design to manipulate users . Central to the case is the use of “dark patterns”—subtle yet deceptive design strategies intended to steer users, including children, into making unintended purchases. This episode dissects how Epic’s design choices—like omitting purchase confirmation screens and placing critical purchase functions adjacent to navigation buttons—led to millions in unauthorized transactions. We examine how these practices violated consumer trust and triggered a massive regulatory backlash, resulting in a historic payout, ongoing refund distributions, and industry-wide scrutiny of monetization practices. In this episode, we explore: The specifics of the FTC’s case against Epic Games and the broader legal context How interface design was manipulated to encourage accidental or unwanted in-game purchases The psychological mechanisms behind dark patterns and how they exploit user behavior Real-world consequences: unauthorized purchases by minors and account lockouts for users who disputed charges A breakdown of the refund process and what affected players can expect Common types of dark patterns—from roach motels and confirm shaming to hidden costs and privacy “zuckering” Why these tactics are so effective, and how they’ve quietly shaped modern digital platforms Regulatory response and future enforcement—how the FTC and other agencies are adapting What companies must do to comply with emerging standards around user consent and interface transparency The role of consumer awareness in pushing back against exploitative game design This case isn’t just about Fortnite—it’s a cautionary tale for the entire tech industry. As digital experiences become more immersive and monetization models more aggressive, the Epic Games settlement is a watershed moment in defining ethical boundaries for user interface design, especially when the audience includes minors. For developers, regulators, and consumers alike, this episode offers a timely, in-depth look at the shifting landscape of digital rights and design accountability.…
D
Daily Security Review
1 Microsoft 365 Direct Send Exploited: How Phishing Emails Masquerade as Internal Messages 41:44
41:44 Play Later Play Later Lists Like Liked41:44
Play Later Play Later Lists Like LikedPhishing has long been a favored weapon of cybercriminals, but a recent revelation about Microsoft 365’s Direct Send feature has elevated the threat to a new level— from inside the firewall . Designed for internal systems to send notifications without authentication, Direct Send can be abused by malicious actors to spoof emails that appear to originate from trusted internal sources. Without compromising a single user account, attackers can craft phishing messages that bypass standard defenses like DMARC and SPF, exploiting an organization’s own email infrastructure against it. In this episode, we dive deep into how this vulnerability is being exploited, why it remains a blind spot in many organizations’ security architectures, and how to effectively defend against it. Drawing on insights from security researchers and real-world abuse cases, we explore the technical mechanics and organizational gaps that make this attack vector so potent. What you’ll learn: How Microsoft 365’s Direct Send works—and why it lacks proper authentication controls The mechanics of the exploit: Using PowerShell and smart host predictability to impersonate internal users Why SPF, DKIM, and DMARC checks fail to stop these spoofed internal emails Header and behavioral indicators that reveal Direct Send abuse in action The critical role of DMARC policy enforcement (moving from monitoring to reject mode) Best practices to disable or restrict Direct Send usage without disrupting hybrid Exchange environments How attackers leverage trusted internal appearances to gain user trust and credentials Broader email security protocols—SPF, DKIM, and DMARC—and how they function together The importance of phishing-resistant MFA, continuous user training, and strong password policies How small and medium businesses can close these gaps even without large cybersecurity teams This case serves as a stark reminder: cybercriminals are constantly looking for ways to subvert legitimate features in everyday software. Without holistic security strategies, including behavioral analysis and protocol enforcement, even built-in functionality can become a backdoor for credential theft, malware deployment, and lateral movement within corporate networks.…
D
Daily Security Review
1 Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Risk 47:26
47:26 Play Later Play Later Lists Like Liked47:26
Play Later Play Later Lists Like LikedA critical flaw in the Open VSX Registry—an open-source alternative to the Visual Studio Code Marketplace—recently put over 8 million developers at risk of mass compromise. This vulnerability, discovered in the platform’s GitHub Actions workflow, exposed a super-admin publishing token that could have enabled malicious actors to overwrite or inject malware into any extension in the registry. Given the widespread use of Open VSX in platforms like Gitpod, Google Cloud Shell, and Cursor, the consequences could have been devastating. This episode explores the depths of this security lapse and the broader risks posed by extension marketplaces and IDE plugin ecosystems. Drawing parallels with SolarWinds and other landmark supply chain attacks, we examine how trusted development tools can become covert delivery mechanisms for sophisticated intrusions. You'll learn: How GitHub workflow misconfigurations enabled access to a powerful OVSX_PAT token What could’ve happened: full control over extensions, silent malware injection, and compromised developer machines Why IDE plugins are now a preferred attack vector for adversaries, and how they bypass traditional defenses Common methods of plugin compromise, from trojanized forks to dependency confusion and hijacked update mechanisms Why MITRE added “IDE Extensions” as a formal attack technique in its ATT&CK framework in 2025 Best practices for marketplace providers—like sandbox testing, verified publishers, and extension signature verification What developers and enterprises can do to defend: plugin audits, runtime permission monitoring, and network segmentation Why software supply chain trust must shift toward Zero Trust principles for IDEs and extension ecosystems As the developer environment becomes a frontline target, this case underscores the urgency of treating every plugin, dependency, and update path as a potential threat vector. The patch may have arrived in time—but the lessons remain vital for every organization that relies on open developer tooling.…
D
Daily Security Review
1 CitrixBleed 2: Critical NetScaler Vulnerability Enables Session Hijacking and MFA Bypass 18:41
18:41 Play Later Play Later Lists Like Liked18:41
Play Later Play Later Lists Like LikedA new critical vulnerability in Citrix NetScaler ADC and Gateway systems, dubbed CitrixBleed 2 (CVE-2025-5777), has emerged as a serious threat to remote access infrastructure. This memory exposure flaw allows unauthenticated attackers to extract session tokens directly from device memory — enabling session hijacking and even bypassing multi-factor authentication (MFA). With early evidence of exploitation in the wild and eerie similarities to the original CitrixBleed (CVE-2023-4966), the risk to enterprise environments is substantial. The vulnerability is caused by insufficient input validation, leading to out-of-bounds memory reads when NetScaler is configured as a Gateway or AAA virtual server. Once session tokens are exfiltrated, attackers can impersonate legitimate users and gain persistent access — often without triggering alerts or violating login controls. Cybersecurity researchers, including ReliaQuest, assess with medium confidence that active exploitation is underway. This episode breaks down the mechanics of CitrixBleed 2 and explores how it fits into the broader landscape of session hijacking threats and identity-centric attacks. Topics include: How CVE-2025-5777 enables unauthorized access via session token exposure Technical comparisons with the original CitrixBleed vulnerability Session hijacking techniques at both network and application levels, including TCP desynchronization and token theft The second NetScaler vulnerability disclosed (CVE-2025-6543) and its denial-of-service impact Mitigation steps, including patching to versions 14.1-43.56, 13.1-58.32, or 13.1-37.235 Defense-in-depth recommendations, including phishing-resistant MFA, endpoint detection and response (EDR), and token revocation protocols Incident and vulnerability response strategies aligned with CISA playbooks CitrixBleed 2 is more than a software bug — it’s a gateway for attackers to silently bypass identity safeguards and establish footholds in enterprise networks. Rapid patching is essential, but long-term protection depends on layered controls, resilient MFA design, and disciplined incident response planning.…
D
Daily Security Review
1 OneClik Cyberattack Campaign Targets Energy Sector Using Microsoft ClickOnce and AWS 1:18:25
1:18:25 Play Later Play Later Lists Like Liked1:18:25
Play Later Play Later Lists Like LikedA sophisticated cyber-espionage campaign named OneClik is actively targeting energy, oil, and gas organizations using a combination of legitimate cloud infrastructure and novel attack techniques. The campaign, attributed to an unknown but likely state-affiliated actor, leverages Microsoft's ClickOnce deployment technology to deliver custom Golang-based malware known as RunnerBeacon . The use of AWS APIs for command-and-control (C2) communications allows OneClik to operate within trusted cloud environments, making detection by traditional tools extremely difficult. The campaign reflects broader trends in critical infrastructure cyber threats — particularly the abuse of legitimate services to “live off the land” and the use of advanced anti-analysis techniques to avoid detection. RunnerBeacon exhibits environment-aware behavior, anti-debugging checks, and is compiled in Golang to evade traditional antivirus scanning. While attribution remains inconclusive, indicators suggest a potential link to China-affiliated actors. This episode explores how OneClik fits into the evolving threat landscape and what defenders should know: How Microsoft’s ClickOnce technology is abused in phishing emails for stealthy malware deployment The use of AWS cloud services as a trusted C2 infrastructure to bypass detection RunnerBeacon’s anti-debugging and sandbox-evasion mechanisms, including RAM and domain checks The targeting of nuclear and energy facilities as part of broader geopolitical cyber pressure Recent ransomware trends in the energy sector, with attacks up 80% year-over-year The rise of Golang malware in cyber campaigns and its impact on defensive tooling The critical importance of supply chain and credential monitoring in energy networks OneClik underscores a modern cyber warfare model: sophisticated, cloud-native, and evasive. As threat actors move deeper into the supply chains and IT layers of critical infrastructure, defenders must evolve beyond perimeter controls to emphasize behavioral detection, threat attribution, and real-time intelligence. For cybersecurity leaders in energy and utilities, understanding this campaign is essential to preparing for what comes next.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to Daily Security Review
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
