Deception, influence, and social engineering in the world of cyber crime.
…
continue reading
Ot Security Podcasts
Dale Peterson interviews the innovators in ICS / SCADA cyber security as well as the top talent in related fields. It is the podcast for those who want more information similar to what is presented at the annual S4 event each January in Miami South Beach.
…
continue reading
Nozomi Networks security experts discuss topics that are important to the OT and IoT security community. This includes current cybersecurity threat intelligence, trends, news, and challenges. If you work in security or operations, or if you are a researcher, you’ll find episodes of interest.
…
continue reading
Felix explores Internet of Things (IoT) and Operational Technology cyber security. Perfect for project managers, developers, and those learning about penetration testing in this niche area. Email Felix using [email protected] Get more information at the website: yougottahackthat.com Find You Gotta Hack That on LinkedIn and X @gotta_hack
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.
…
continue reading
There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting t ...
…
continue reading
The Critical Assets Podcast covers important OT and ICS security topics with an eye toward standards and regulation to keep you ahead of your adversaries... and your auditors. Ampyx Cyber. Securing your world. See our other content such as blogs, cybersecurity news and more at www.ampyxcyber.com
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Join HOU.SEC.CON Cofounders Michael and Sam each week as they chat with conference speakers about the latest topics and trends in the cybersecurity space.
…
continue reading
Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs. We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad g ...
…
continue reading
Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.
…
continue reading
In this podcast, we delve into various aspects of cybersecurity, inviting global security leads to discuss trends, the impact of new concepts and regulations, talent retention, and more through one-on-one discussions.
…
continue reading
Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders, researchers, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments.
…
continue reading
Join us every week as we take you on an journey into the dynamic realm of cybersecurity. Our podcast brings you exclusive interviews with top-notch leaders in the field, providing an in-depth exploration of the thrilling world of digital security. Discover discussions that encompass everything from the ingenious minds of hackers to the cutting-edge advancements in artificial intelligence. We tackle the crucial topics of diversity and the imperative mission of closing the substantial skills g ...
…
continue reading
Simply ICS Cyber podcast features veteran OT security experts Don and Tom, delivering practical insights on securing critical infrastructure and industrial automation systems. With episodes covering essential topics from ICS fundamentals to advanced security frameworks, our show reaches a dedicated audience of operators, security professionals, and decision-makers actively implementing industrial cybersecurity control solutions. Connect with your ideal customers through targeted sponsorships ...
…
continue reading
Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.
…
continue reading
SecurityWeek podcast series. Hear from cybersecurity industry experts and visionaries. Easy listening, great insights..
…
continue reading
Welcome to The OT Life: A careers podcast from the OTs of Cygnet Health Care. We created The OT Life for OTs around the country who are interested in hearing from people who share the same passion for Occupational Therapy.We chat all things OT from our opinions about the profession, our role in health and social care, stories and experiences, and career advice.This is the place to help you make the most of the profession you love.https://join.cygnethealth.co.uk/ot-life/
…
continue reading
Tune in to hear thought leaders discuss the latest trends and best practices for IT/OT convergence and industrial connectivity.
…
continue reading
Daily Security Review, the premier source for news and information on security threats, Ransomware and vulnerabilities
…
continue reading
Interviews, conversations, and content from professionals in the cybersecurity industry providing you with valuable tips, tools, techniques, training, and resources to make you a top cyber pro.Connect with more from Top Cyber Pro at: Website: https://topcyberpro.com/ Facebook: https://www.facebook.com/TopCyberPro/ Instagram: https://www.instagram.com/topcyberpro/ Twitter: https://twitter.com/TopCyberPro TikTok: https://www.tiktok.com/@topcyberpro LinkedIn: https://www.linkedin.com/company/to ...
…
continue reading
מפגשים עם האנשים בחזית הגנת הסייבר לתעשייה ותשתיות קריטיות Meetings with the people at the forefront of cyber defense for industry and critical infrastructure ICS SCADA OT IoT
…
continue reading
Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life. Security Ledger provides well-reported and context-rich news and opinion about computer security topics that matter in our IP-enabled homes, workplaces and daily lives.
…
continue reading
Electricity. Finance. Transportation. Our water supply. In Hack the Plant, podcast host Bryson Bort looks for answers to the question: Does connecting these systems, and others, to the internet leaves us more vulnerable to attacks by our enemies? We often take these critical infrastructure systems for granted, but they’re all becoming increasingly dependent on the internet to function. From the ransomware threats of Colonial Pipeline to the failure of the Texas power grid, it is clear our in ...
…
continue reading
Control System Cyber Security Association International, or (CS)²AI, is the premier global non-profit workforce development organization supporting professionals of all levels charged with securing control systems. With over 34,000 members worldwide, we provide the platform for members to help members, foster meaningful peer-to-peer exchange, continue professional education, and directly support OT and ICS cyber security professional development in every way. Our founder, Derek Harp, intervi ...
…
continue reading
A Broad array of topics in the technology space Informative, relevant, and engaging. Without the self-serving narrative. We aim to share industry best practices, drive awareness, and discuss what thought leaders share. Companies or manufacturers often only focus on their area of interest, which is short-sighted, limiting, and siloed. Our diversity and partner network offers substantial, informative value. Similar challenges and growth aspirations exist in the b2b and b2c space. This podcast ...
…
continue reading
We know it can be challenging to secure your business, especially when you have limited time. The Get Cyber Resilient Show, brought to you by Mimecast, is the perfect way to stay up-to-date with the latest cyber developments across Australia and New Zealand. From cyber security to cyber awareness, your hosts Daniel McDermott, Garrett O'Hara and Vinh Nguyen will bring you insights and real stories from IT and Security Leaders, just like you. Don’t get angry at downtime and data breaches, Get ...
…
continue reading
Visionary leaders from industrial companies share their insights on technology, innovation, and leadership. This podcast is for industrial business leaders who are looking to make data-driven decisions and learn from those who have experienced similar challenges.
…
continue reading
Brent Gunning and former Toronto Maple Leafs GM Gord Stellick provide the most insightful Maple Leafs pre- and post-game show with Leafs Nation.
…
continue reading
1
Reduce Cyber Risk Podcast - Cyber Security Made Simple
Shon Gerber, vCISO, CISSP, Cyber Security Consultant, Author and Entrepreneur
1
189
Shon Gerber from the Reduce Cyber Risk podcast provides valuable insights, guidance, and training to you each week that only a senior cyber security expert and vCISO can perform. Shon has over 23+ years of experience in cyber security from large corporations, government, and as a college professor. Shon provides you the information, knowledge, and training needed to help protect your company from cyber security threats. Shon weekly provides cyber security training topics covering: Insider Th ...
…
continue reading
Royal College of Occupational Therapists is the professional membership body for occupational therapy staff in the UK. This is the home for our podcast series. www.rcot.co.uk/podcasts
…
continue reading
Welcome to the Methods podcast! Methods are the UK’s leading independent transformation partner for public services. We apply our skills in innovation and collaboration from across the Methods Group, to deliver end-to-end business and technical solutions that are people-centered, safe, and designed for the future. You can find out more about the Methods group at www.methods.co.uk.
…
continue reading
Cyber resilience is the ultimate IT goal for every business. Twice per month, join Assurance IT as they discuss various cyber security topics with IT leaders to help you get closer to your cyber security goals. Each episode includes best practices that can be applied to your enterprise. Cyber resilience is a collaborative effort; let's work toward it together!
…
continue reading
Dave Kittle, DPT of www.CashBasedPhysicalTherapy.org discuss Physical Therapy and Technology in this podcast. Full VIDEO versions of each episode can be found at https://www.youtube.com/PTTechTalk Dave Kittle also owns www.ConciergePainRelief.com (Home Physical Therapy) serving New York City, Long Island, NJ, and CT.
…
continue reading
In just 25 minutes, I deliver concise and thought-provoking conversations with top minds in technology, cybersecurity, business, culture and enterpreneurship. Whether you’re a technologist, executive, culture-enthusiast or someone passionate about growth, each episode explores trends, strategies and ideas that shape success. For those with limited time but unlimited ambition, 25Minutes offers actionable insights and fresh perspectives where they matter most. Your time is valuable. Your 25 mi ...
…
continue reading
Introducing Left to Our Own Devices - the podcast dedicated to everything product security. Every other week, we will be talking with a different cybersecurity policymaker, engineer, or industry leader to hear their war stories and get their insider tips for surviving the product security jungle. From Medical SBOMs, to WP. 29 and the latest industrial security threats, this is your place to catch up and learn from the pros. Hosted & produced by: *David Leichner, CMO at Cybellum - https://www ...
…
continue reading
1
The System Integrator’s Role in Supporting OT Security
32:38
32:38
Play later
Play later
Lists
Like
Liked
32:38
In this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity. Key Issues Identified: Organizations typically work with multiple specialized integrators across different facilities and systems Some SIs lack cybersecurity expertise, focusing…
…
continue reading
1
The Siemens-Microsoft Antivirus Dilemma Threatening OT Security
1:23:55
1:23:55
Play later
Play later
Lists
Like
Liked
1:23:55
This episode examines a serious conflict between Siemens’ Simatic PCS industrial control systems and Microsoft Defender Antivirus. The absence of an "alert only" mode in Defender has created a significant operational risk for plants running Siemens’ systems. Without this functionality, operators must choose between ignoring potential malware detect…
…
continue reading
1
AI-Native OT Security with FRENOS’ Harry Thomas and Colin Murphy
38:27
38:27
Play later
Play later
Lists
Like
Liked
38:27
Send us a text This week on Secure Insights, we're joined by FRENOS Founder Harry Thomas and Chief Hacking Officer Colin Murphy. Frenos is an innovative organisation revolutionising OT security through the use of AI and next-generation tech. In this episode, we shine a light on some of the most overlooked challenges in the OT space, exploring wheth…
…
continue reading
1
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
1:09:09
1:09:09
Play later
Play later
Lists
Like
Liked
1:09:09
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements o…
…
continue reading
1
adversary group naming (noun) [Word Notes]
10:17
10:17
Play later
Play later
Lists
Like
Liked
10:17
Please enjoy this encore of Word Notes. A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.By N2K Networks
…
continue reading
1
106GB Exposed? Telefónica, HellCat, and the Silent Data Breach
50:33
50:33
Play later
Play later
Lists
Like
Liked
50:33
In this episode, we explore a shadowy and unconfirmed—but highly consequential—data breach at Spanish telecommunications giant Telefónica. Allegedly orchestrated by the HellCat ransomware group, the breach involves a staggering 106GB of exfiltrated data, including internal communications, customer records, and employee information. Telefónica has y…
…
continue reading
1
Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout
59:56
59:56
Play later
Play later
Lists
Like
Liked
59:56
The recent ransomware attack on Ingram Micro, a global technology distribution giant, reveals not only a sophisticated human-operated cyber assault—but also the fragile state of modern supply chain cybersecurity. In this episode, we break down how attackers, believed to be affiliated with the SafePay ransomware group, penetrated Ingram Micro’s infr…
…
continue reading
1
The Illusion of Shutdowns: What Hunters International's Closure Really Means
42:41
42:41
Play later
Play later
Lists
Like
Liked
42:41
In a sudden and cryptic announcement, the notorious ransomware group Hunters International has declared its shutdown, citing “recent developments” and pledging to release decryption keys to victims. Active since late 2022 and suspected to be a rebrand of the earlier Hive ransomware gang, Hunters International has been responsible for attacks on nea…
…
continue reading
1
CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late
40:49
40:49
Play later
Play later
Lists
Like
Liked
40:49
A newly discovered and actively exploited zero-day vulnerability in Google Chrome has sent ripples through the cybersecurity community. Known as CVE-2025-6554, this critical type confusion flaw in Chrome’s V8 JavaScript and WebAssembly engine enables remote attackers to perform arbitrary read/write operations or execute code via a single malicious …
…
continue reading
1
Identity, AI & Access: Highlights from Identiverse 2025 - Sagi Rodin, Ajay Amlani, Treb Ryan, Ajay Gupta, Artyom Poghosyan, Amir Ofek - ESW #414
1:49:38
1:49:38
Play later
Play later
Lists
Like
Liked
1:49:38
Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical too…
…
continue reading
1
Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict
28:40
28:40
Play later
Play later
Lists
Like
Liked
28:40
Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss the strategies guiding adversaries in their targeting of U.S. critical infrastructure. Primary of which is the desire of countries such as China, Russia, Iran, and North Korea to displace the U.S. as the global hegemon, she said. To disrupt the U.S.' standing as such, these …
…
continue reading
1
North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran - SWN #491
28:50
28:50
Play later
Play later
Lists
Like
Liked
28:50
North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-491
…
continue reading
1
ANSSI vs. Houken: France Battles Advanced Chinese Hacking Threat
33:16
33:16
Play later
Play later
Lists
Like
Liked
33:16
In this episode, we uncover a high-stakes cyber campaign targeting the heart of French digital infrastructure. ANSSI, France’s national cybersecurity agency, has exposed a Chinese-linked hacking group known as Houken (UNC5174 or Uteus) responsible for a widespread espionage operation since late 2024. This state-adjacent threat actor infiltrated cri…
…
continue reading
1
Psychological Manipulation and AI Fraud: How Spain Exposed a $12M Scam
17:21
17:21
Play later
Play later
Lists
Like
Liked
17:21
In this episode, we examine a growing threat reshaping financial crime in Europe: sophisticated, technology-driven investment fraud. Spanish law enforcement has recently dismantled a fraud operation that spanned multiple years, deceived over 300 victims, and resulted in more than $11.8 million in losses. What made this case particularly notable was…
…
continue reading
1
CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security
41:32
41:32
Play later
Play later
Lists
Like
Liked
41:32
A devastating vulnerability—CVE-2025-20309—has been discovered in Cisco’s Unified Communications Manager (Unified CM) and its Session Management Edition (SME), threatening the security of over a thousand internet-exposed VoIP systems globally. In this episode, we break down this critical flaw, which scores a perfect CVSS 10.0, and explore why it's …
…
continue reading
1
macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains
43:09
43:09
Play later
Play later
Lists
Like
Liked
43:09
A new, highly advanced malware strain—NimDoor—has emerged as the latest cyber weapon in the arsenal of North Korean state-sponsored hackers, specifically targeting macOS systems used by cryptocurrency and Web3 organizations. This episode explores the complex tactics and alarming capabilities of NimDoor, a malware family showcasing a blend of C++ an…
…
continue reading
1
Exploring Meshtastic and LoRa Mesh Networks - Rob Allen - PSW #881
1:08:14
1:08:14
Play later
Play later
Lists
Like
Liked
1:08:14
This week, we dive into the world of Meshtastic and LoRa—two technologies empowering secure, long-range, and infrastructure-free communication. We'll talk about the origins of Meshtastic, how LoRa radio works, and why mesh networking is revolutionizing off-grid messaging for adventurers, hackers, emergency responders, and privacy advocates alike. W…
…
continue reading
1
Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks
56:02
56:02
Play later
Play later
Lists
Like
Liked
56:02
A newly disclosed vulnerability—CVE-2025-20309—in Cisco's Unified Communications Manager (Unified CM) and Session Management Edition has sent shockwaves through enterprise VoIP and IT security teams. The flaw stems from hardcoded root SSH credentials that could allow unauthenticated remote attackers to gain full control of affected systems. In this…
…
continue reading
1
Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites
50:32
50:32
Play later
Play later
Lists
Like
Liked
50:32
A critical new WordPress vulnerability—CVE-2025-6463—has been discovered in the widely used Forminator plugin, affecting over 600,000 active installations and putting hundreds of thousands of websites at risk of full compromise. In this episode, we dive deep into the mechanics, risks, and remediation of this arbitrary file deletion flaw and explain…
…
continue reading
1
The Future of Data Protection: Straight Talk with Lepide’s CEO Aidan Sinister
40:00
40:00
Play later
Play later
Lists
Like
Liked
40:00
Send us a text In this episode of Secure Insights, we sit down with Aiden Simister, CEO of Lepide a company dedicated to tackling the full spectrum of data security. Aiden shares his views on the growing trend of overcomplicating security conversations, especially when it comes to buzzwords and jargon. We talk about why keeping things clear, practi…
…
continue reading
1
Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis
1:08:04
1:08:04
Play later
Play later
Lists
Like
Liked
1:08:04
In one of the latest large-scale data breaches to hit the U.S. private sector, Kelly Benefits, a provider of payroll and benefits administration services, disclosed a significant cybersecurity incident impacting over 553,000 individuals. The breach, which occurred in December 2024 but was only revealed in April 2025, exposed sensitive personal info…
…
continue reading
1
Bits and Bytes: Episode 18 - IT Infrastructure in M&A - A Playbook for Due Diligence and Integration
24:28
24:28
Play later
Play later
Lists
Like
Liked
24:28
We explore the critical role of #IT infrastructure in Mergers and Acquisitions - from pre-acquisition technical due diligence to post-acquisition network integration. Hear firsthand from Andy Green, Director of IT for Guardian Pharmacy. He has done this repeatedly. He shares what to look out for, what often goes wrong, and how to build a scalable, …
…
continue reading
1
Brushed aside: The subtle scam you didn't order.
44:00
44:00
Play later
Play later
Lists
Like
Liked
44:00
This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a compl…
…
continue reading
1
FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks
46:04
46:04
Play later
Play later
Lists
Like
Liked
46:04
A newly disclosed exploit dubbed FileFix is redefining how attackers bypass Microsoft Windows' built-in security protections—specifically the Mark-of-the-Web (MotW) mechanism. Developed and detailed by security researcher mr.d0x, this attack takes advantage of how browsers save HTML files and how Windows handles HTA (HTML Application) files. The re…
…
continue reading
Who are you? This episode dives into one of the most challenging cybersecurity topics currently on the docket – identity management. My conversation with Brandon Traffanstedt, Sr. Director and Global Technology Officer at CyberArk, took us in two equally important directions. The first deals with individuals and how to properly manage those accessi…
…
continue reading
1
Sophisticated Cyberattack on the International Criminal Court: Justice in the Crosshairs
19:37
19:37
Play later
Play later
Lists
Like
Liked
19:37
The International Criminal Court (ICC), the world’s foremost tribunal for prosecuting war crimes, genocide, and crimes against humanity, has confirmed yet another sophisticated cyberattack, highlighting the persistent threat facing high-profile global institutions. This marks the second targeted intrusion against the ICC in recent years, and althou…
…
continue reading
1
Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security
43:40
43:40
Play later
Play later
Lists
Like
Liked
43:40
In a major red flag for the industrial cybersecurity community, three newly disclosed vulnerabilities in Microsens NMP Web+, a popular network management solution used across critical infrastructure, have revealed just how fragile many ICS environments remain. The flaws—two rated critical and one high—allow unauthenticated attackers to bypass authe…
…
continue reading
1
Qantas Data Breach: Third-Party Hack Exposes Millions of Frequent Flyers
24:36
24:36
Play later
Play later
Lists
Like
Liked
24:36
In a stark reminder of the aviation industry's growing exposure to cyber threats, Australian airline Qantas recently confirmed a serious data breach—this time not from its own systems, but from a third-party platform used by one of its customer contact centers. The breach exposed personal data for up to six million customers, including names, dates…
…
continue reading
1
The Value of Zero Trust - Rob Allen - BSW #402
32:29
32:29
Play later
Play later
Lists
Like
Liked
32:29
New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected …
…
continue reading
1
Berlin Regulator Targets DeepSeek AI Over Data Transfers to China
43:41
43:41
Play later
Play later
Lists
Like
Liked
43:41
Germany’s battle over digital sovereignty and data privacy has intensified, with the Berlin Commissioner for Data Protection formally requesting that Google and Apple remove the DeepSeek AI application from their app stores. The move stems from allegations that DeepSeek, a Chinese-developed generative AI platform, violates the EU’s General Data Pro…
…
continue reading
1
Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet.. - SWN #490
31:11
31:11
Play later
Play later
Lists
Like
Liked
31:11
Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-490
…
continue reading
1
CISA Flags Citrix NetScaler Flaws: What CVE-2025-6543 Means for Federal and Private Networks
56:41
56:41
Play later
Play later
Lists
Like
Liked
56:41
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—an urgent signal for federal agencies and private enterprises alike. At the center of this update is CVE-2025-6543, a memory overflow flaw affecting NetScaler ADC and Gateway appli…
…
continue reading
1
Cato Networks Secures $359M to Fuel AI-Powered SASE Expansion
17:12
17:12
Play later
Play later
Lists
Like
Liked
17:12
Cato Networks just raised $359 million in Series G funding, pushing its valuation past $4.8 billion and its total funding beyond the $1 billion mark—a milestone that cements its place as one of the most formidable players in the rapidly expanding Secure Access Service Edge (SASE) market. In this episode, we unpack what this massive investment means…
…
continue reading
1
Chrome’s Latest Zero-Day: CVE-2025-6554 and Remote Code Execution Risks
54:24
54:24
Play later
Play later
Lists
Like
Liked
54:24
A new high-severity zero-day vulnerability in Google Chrome—CVE-2025-6554—has sent shockwaves across the cybersecurity landscape. This episode dives into the technical details, real-world impact, and broader implications of this actively exploited flaw. Tracked as a type confusion bug in Chrome’s V8 JavaScript engine, the vulnerability allows attac…
…
continue reading
1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
38:26
38:26
Play later
Play later
Lists
Like
Liked
38:26
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…
…
continue reading
1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
38:26
38:26
Play later
Play later
Lists
Like
Liked
38:26
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…
…
continue reading
1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
38:26
38:26
Play later
Play later
Lists
Like
Liked
38:26
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…
…
continue reading
1
The RMM protocol: Remote, risky, and ready to strike. [Only Malware in the Building]
41:25
41:25
Play later
Play later
Lists
Like
Liked
41:25
Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a buil…
…
continue reading
Please enjoy this encore of Word Notes. A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. CyberWire Glossary link: https://thecyberwire.com/glossary/bsimm Audio reference link: “OWASP AppSecUSA 2014 - Keynote: Gary McGraw - BSIMM: A Dec…
…
continue reading
1
Russia’s 16KB Curtain: Cloudflare Throttling and the Future of the RuNet
1:45:31
1:45:31
Play later
Play later
Lists
Like
Liked
1:45:31
Russia has entered a new phase of digital authoritarianism. In a sweeping move, Russian Internet Service Providers (ISPs) have begun systematically throttling access to Cloudflare and other Western-backed services, including infrastructure giants Hetzner and DigitalOcean. This throttling is so severe that it restricts downloads to just 16 kilobytes…
…
continue reading
1
Ahold Delhaize Data Breach: 2.2 Million Employee Records Exposed
37:44
37:44
Play later
Play later
Lists
Like
Liked
37:44
Ahold Delhaize, one of the world’s largest food retailers, is now the subject of one of the most significant ransomware breaches in recent U.S. history. Affecting over 2.2 million current and former employees, this incident—claimed by the cybercrime group INC Ransom—highlights the rising threat posed by ransomware-as-a-service operations targeting …
…
continue reading
1
Why Canada Banned Hikvision: National Security vs. Geopolitics
52:07
52:07
Play later
Play later
Lists
Like
Liked
52:07
Canada has taken a definitive stance in the escalating global scrutiny of Chinese technology, ordering surveillance giant Hikvision to cease all operations within its borders. Citing national security concerns and acting on the advice of intelligence agencies, the Canadian government has banned the use of Hikvision products across its public sector…
…
continue reading
1
Scattered Spider Takes Flight: Inside the Cybercrime Group’s Move into Aviation
43:38
43:38
Play later
Play later
Lists
Like
Liked
43:38
As the aviation industry becomes more digitally interconnected, its exposure to sophisticated cyber threats continues to grow. One of the most dangerous actors in this space—Scattered Spider, a financially motivated and technically skilled cybercrime group—has recently shifted its focus to target the aviation sector. With recent incidents involving…
…
continue reading
1
The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413
1:52:05
1:52:05
Play later
Play later
Lists
Like
Liked
1:52:05
Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organ…
…
continue reading
1
Tabletop Exercises 2.0: How OpsBook Is Changing the Game
38:36
38:36
Play later
Play later
Lists
Like
Liked
38:36
What happens when your carefully crafted incident response playbook becomes worthless? Cody Sullivan from OpsBook reveals the brutal truth about tabletop exercises: most organizations are practicing with medieval armor for a drone war. From 70-participant, 6-hour exercises spanning three continents to the harsh reality of insider threats, this conv…
…
continue reading
1
Pedro Umbelino on Exploiting ATG Devices in Fuel Storage
27:14
27:14
Play later
Play later
Lists
Like
Liked
27:14
Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, i…
…
continue reading
1
Fortnite and the FTC: How Epic Games Misled Players into Unwanted Purchases
54:56
54:56
Play later
Play later
Lists
Like
Liked
54:56
In a landmark case that reshapes the conversation around digital ethics, the Federal Trade Commission’s $520 million settlement with Epic Games over its Fortnite monetization tactics highlights a critical issue facing the modern digital economy: the weaponization of interface design to manipulate users. Central to the case is the use of “dark patte…
…
continue reading
1
Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489
31:28
31:28
Play later
Play later
Lists
Like
Liked
31:28
Broadcom is coming for you, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-489
…
continue reading
1
Microsoft 365 Direct Send Exploited: How Phishing Emails Masquerade as Internal Messages
41:44
41:44
Play later
Play later
Lists
Like
Liked
41:44
Phishing has long been a favored weapon of cybercriminals, but a recent revelation about Microsoft 365’s Direct Send feature has elevated the threat to a new level—from inside the firewall. Designed for internal systems to send notifications without authentication, Direct Send can be abused by malicious actors to spoof emails that appear to origina…
…
continue reading
