PodGrabber.com
PodGrabber Logo/Mascot - Blue Gorilla with Red Headphones
-30 Sec +30 Sec Spd - Spd + Vol - Vol +

Commercializing space. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 07/04/2026 23:00:00

Commercializing space. [T-Minus: Space-Cyber Briefing] Episode Details

Over the past two decades, the space industry has changed dramatically, evolving from a largely government led effort to one that is now rooted in private enterprises driving growth and innovation. In this week’s episode, host Maria Varmazis sits down with ⁠⁠⁠Damian DiPippa, CEO of Auria Space, to discuss how the commercialization of the space industry is driving new changes. During the conversation, they explore the future of command and control, cyber resilience, and the growing partnership between commercial and national security space. Like what you heard? Be sure to subscribe

Is your enterprise AI strategy delivering ROI yet? [AI Security Brief]

Podcast image

Published: 07/04/2026 01:00:00

Is your enterprise AI strategy delivering ROI yet? [AI Security Brief] Episode Details

While we take a break this 4th of July weekend, please enjoy this encore of AI Security Brief. Your enterprise AI strategy isn’t as far along as you think. The reality for most organizations today is that AI is disrupting existing processes more than it’s delivering outcomes… so far. And according to Dr. Grace Trinidad, Research Director at IDC, that’s how it should be. In this episode, host Johnny Hand sits down with Dr. Grace to discuss how AI adoption follows the same pattern as almost every major digital transformation, and

CyberWire Daily at 10: The vulnerabilities, zero‑days, and hardware flaws over the last decade. [Special Edition]

Podcast image

Published: 07/02/2026 23:00:00

CyberWire Daily at 10: The vulnerabilities, zero-days, and hardware flaws over the last decade. [Special Edition] Episode Details

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss 10 years of vulnerabilities, zero‑days, and hardware flaws. Together they reflect on the last decade of cybersecurity vulnerabilities, exploring key shifts, landmark incidents like WannaCry and Log4Shell, and the evolving landscape shaped by hardware issues and AI. Join Maria and Dave as they discuss how these changes impacted security practices and the importance of vigilance in a rapidly interconnected world. Learn more about your ad choices. Visit megaphone.fm/adchoices

The people's AI?

Podcast image

Published: 07/02/2026 14:30:00

The people's AI? Episode Details

OpenAI considers an equity plan to share AI wealth with the public. Cisco confirms active exploitation of its unified CM platform. Researchers discover autonomous ransomware. The Vect ransomware operation partners with TeamPCP. The FortiBleed credential-harvesting campaign is linked to ransomware attacks. Veil#Drop stealthily deploys the PureLog Stealer. Scammers target small businesses with fake law enforcement emails. Apple’s Hide My Email feature…doesn’t. An alleged Scattered Spider member is extradited to the United States. Our guest is Ben Yelin, Dave's Caveat cohost, on the Supreme Court’s geofence warrants ruling. Microsoft’s quantum claims leave

The AI lock comes off.

Podcast image

Published: 07/01/2026 14:30:00

The AI lock comes off. Episode Details

The US restores exports of Anthropic’s most advanced AI models. Adobe and Citrix rush out critical patches. RustDuck emerges as a fast-evolving DDoS threat. The Gentlemen raise the stakes with a new EDR-killing exploit. Rocket lab bets big on Iridium. Researchers unveil browser-only ransomware. New Zealand faces questions about its cyber readiness. Iran’s long-running cyber espionage campaign is back in the spotlight. Our guest is Donald Codling, CISO and senior advisor to REGO on cybersecurity and data privacy matters, to discuss the importance of tying security by design to psychological safety

The court draws a privacy line.

Podcast image

Published: 06/30/2026 14:30:00

The court draws a privacy line. Episode Details

The Supreme Court limits geofence warrants. DHS moves to expand CISA. The State Department offers $10 million for Russian hackers. A legal theory could reshape EU-U.S. data sharing. Plus, cyberattacks hit D.C. housing, Oracle and SimpleHelp flaws face active exploitation, malware lingers on Japanese military networks, and stolen Apple supplier data surfaces online. John Cannava, CIO at Ping Identity, discusses how identity threats don't go on holiday. The Secret Service dial down the risk on BYOD. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss

AI behind the velvet rope.

Podcast image

Published: 06/29/2026 14:30:00

AI behind the velvet rope. Episode Details

The White House keeps frontier AI models on a short leash. Russian threat actors increasingly target secure messaging platforms. DirtyClone is a high-severity Linux kernel privilege escalation flaw. An investigation claims federal websites are violating privacy rules. Microsoft dismantles a sophisticated malicious browser extension campaign. Setting up a GitHub repository could trick AI coding agents into executing malicious payloads. The DOJ shuts down illegal World Cup streamers. An Anonymous-linked hacker gets 18 months for website defacement. Monday business briefing. Dylan Sandlin, Program Manager for Digital and Cybersecurity Content at the National

Uniting Women in Cyber Podcast: Breaking Barriers in Cybersecurity with Cybersecurity Girl. [Special Edition]

Podcast image

Published: 06/27/2026 23:00:00

Uniting Women in Cyber Podcast: Breaking Barriers in Cybersecurity with Cybersecurity Girl. [Special Edition] Episode Details

In this Special Edition episode, N2K CyberWire's Dave Bittner sits down with Caitlin Sarian, widely known as Cybersecurity Girl, to explore how storytelling, authenticity, and community are reshaping a more human-centered cybersecurity landscape. Recorded live at The Cyber Guild's Uniting Women in Cyber (UWIC) Event last fall, this candid conversation highlights Caitlin’s unconventional path into cybersecurity and her mission to make the industry more accessible and relatable for all. Together, they explore how breaking down technical barriers can unlock new pathways into the field especially for those from nontraditional backgrounds. UWIC

Space supply chain pressures. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 06/27/2026 23:00:00

Space supply chain pressures. [T-Minus: Space-Cyber Briefing] Episode Details

Despite the space sector seeing greater investment and attention year-over-year, the sector still remains bound by an outdated and ineffective supply chain, especially in the United States. In this week’s episode, host Maria Varmazis sits down with Doug Anderson, Partner at PwC, and Steve Jordan-Tomaszewski, Vice President of the Space Systems Division at AIA, to dive into PwC’s recent study looking at the sector’s supply chain limitations. During the conversation, they examine the supply chain’s base risks and bottlenecks, and what strategies can be utilized to address these concerns. Key sources:

More bark than byte. [Research Saturday]

Podcast image

Published: 06/27/2026 01:00:00

More bark than byte. [Research Saturday] Episode Details

This week we are joined by Daniel Schwalbe, Chief Information Security Officer & Head of Investigations at DomainTools, discussing their work on "ZionSiphon OT Malware First Attempts? Psyops? Both?" Researchers at DomainTools take a closer look at ZionSiphon, a purported operational technology malware sample targeting the water sector, and find that despite its alarming appearance, it lacks many of the capabilities needed to function as a credible cyber-physical weapon. They break down the malware's architecture, its operational shortcomings, and why it may be more of a prototype or proof of concept

Factory reset required.

Podcast image

Published: 06/26/2026 14:30:00

Factory reset required. Episode Details

Tata Electronics and Bajaj Auto continue recovery from cyberattacks. FCC tightens undersea cable rules to bolster national security. CISA warns of actively exploited PTC vulnerability. Gamaredon expands toolkit, hides behind legitimate services. Iran-linked hackers turn public warning systems into psychological weapons. Threat actors target critical infrastructure across Southeast Asia. DCloud framework behind global scam economy. Polish police disrupt SIM-swapping gang. French statistics agency reports cyberattack affecting nearly 13,000 staff. Our guest is Michael Fanning, CISO at Splunk, discussing how AI doesn’t create problems, it exposes them. And an open-book exam for

Gone with the command.

Podcast image

Published: 06/25/2026 14:30:00

Gone with the command. Episode Details

International operation disrupts Amadey and StealC malware infrastructure. Australian spy chief warns nation-state hackers are prepositioning for future sabotage. Stealthy new backdoor may be tied to initial access broker. Researchers uncover "Cordyceps" supply chain flaw. Iran-linked MuddyWater disguises espionage as ransomware attack. Cal Water says Handala's hacking claims were overstated. Report says Russia continued using Cellebrite phone-cracking tools after the ban. Chinese cybersecurity firm unveils AI tools to rival Anthropic's Mythos. DraftKings hacker is sentenced to eighteen months. Our guest is Erich Kron, CISO Advisor at KnowBe4, sharing the details of

Klue me in on the breach.

Podcast image

Published: 06/24/2026 14:30:00

Klue me in on the breach. Episode Details

LastPass says Klue breach affected customer information, but passwords remain secure. Attackers begin exploiting Cisco Unified CM vulnerability. CISA flags actively exploited Ubiquiti and Lantronix flaws, urges rapid patching. DifyTap flaws could expose private AI conversations across tenants. Researchers find AI plugin registry let unofficial tools masquerade as trusted software. xpl0itrs launches leak site, signaling shift toward full-service cyber extortion. Ransomware attack hits Indian auto giant Bajaj Auto. U.S. presses Meta to submit AI models for national security reviews. Alleged criminal marketplace administrator extradited to the US. U.S. expands sanctions against

All eyes on AI.

Podcast image

Published: 06/23/2026 14:30:00

All eyes on AI. Episode Details

Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK. Attackers exploit Gravity SMTP flaw to harvest secrets From WordPress sites. Executive Order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Boehm, the Senior Vice President of IoT Strategy & Operations at Keyfactor, to discuss NIST's progress

The Klue is in the data trail.

Podcast image

Published: 06/22/2026 14:30:00

The Klue is in the data trail. Episode Details

Klue supply-chain attack impacts cybersecurity firms. Brand-new Prinz Eugen ransomware is surprisingly polished. ShinyHunters leak exposes sensitive data of 10,000 Council of Europe employees. Security agencies sound alarm over FortiBleed credential harvesting operation. Texas data breach affects hunting and fishing licensees. Microsoft ties Mastra AI supply chain attack to North Korean hackers. Vidar infostealer unveils new technique to defeat Chrome's encryption protections. Brazil investigates suspected hack of emergency alert system. We got your Monday business brief. On today’s Industry Voices, Dave Bittner sits down with Mike Britton, CIO of Abnormal AI,

Navigating the GPS threat landscape, with Brandon Karpf. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 06/20/2026 23:00:00

Navigating the GPS threat landscape, with Brandon Karpf. [T-Minus: Space-Cyber Briefing] Episode Details

Traditionally, GPS jamming attacks have been confined to the ground; however, new data shows that these attacks could be moving to target signals before they even reach the ground. In this week’s episode, host Maria Varmazis sits down with Dave Bittner and Brandon Karpf to discuss recent research that suggests the attack landscape for GPS attacks is expanding. If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology. Key sources: Something is jamming GPS over Europe. Here's what we found. Chasing Lightning:

Vulnerability response: Built for humans, outpaced by machines. [CyberWire-X]

Podcast image

Published: 06/20/2026 23:00:00

Vulnerability response: Built for humans, outpaced by machines. [CyberWire-X] Episode Details

For years, security teams had time between discovery and exploitation. Time to triage. Time to validate. Time to prioritize what to fix first. AI has compressed that window. Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in both directions. In this episode of CyberWire-X, N2K’s ⁠Dave Bittner⁠ and Federico Kirschbaum, Head of XBOW Security Lab, explore what it actually means to run autonomous offensive security, why validation workflows built for quarterly testing cycles struggle to keep

Peeling back Banana RAT. [Research Saturday]

Podcast image

Published: 06/20/2026 01:00:00

Peeling back Banana RAT. [Research Saturday] Episode Details

This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The

CyberWire Daily at 10: A decade of leaks, espionage, and influence operations. [Special Edition]

Podcast image

Published: 06/18/2026 23:00:00

CyberWire Daily at 10: A decade of leaks, espionage, and influence operations. [Special Edition] Episode Details

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss leaks, espionage and influence operations over the past 10 years. Together they reflect on a decade of cybersecurity developments, focusing on the pivotal year 2016 where a shift occurred. Join N2K as we cover the rise of nation-state cyber operations, major leaks like the Panama Papers and DNC email hacks, and the evolving landscape of cyber norms, trust, and threat perception. Learn more about your ad choices. Visit megaphone.fm/adchoices

The botnet browser blues.

Podcast image

Published: 06/18/2026 14:30:00

The botnet browser blues. Episode Details

International law enforcement disrupts the SocGholish botnet. The UK’s cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU’s cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Critical patches land from F5, Atlassian, and Splunk. Agentjacking targets AI coding assistants. And Kodak confirms a breach claimed by ShinyHunters. Our guest is Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on the failure of FISA section 702 to reauthorize. Criminal coders face automation anxiety.

The nominee in limbo.

Podcast image

Published: 06/17/2026 14:30:00

The nominee in limbo. Episode Details

President Trump halts a key intelligence nomination. The FBI warns of a new Microsoft 365 phishing threat. France cuts ties with Palantir. A new Android banking trojan emerges. Fortinet firewalls come under attack. CISA orders emergency Joomla patching. Plus, Madison Square Garden data leaks and malware hidden in Steam wallpapers. Our guest is Christy Wyatt, CEO from Absolute Security, discussing their new ebook. The DOJ claims pollution is mission-critical. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence

No Mythos of escape.

Podcast image

Published: 06/16/2026 14:30:00

No Mythos of escape. Episode Details

Emergency talks fail to free Anthropic’s Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. DragonForce hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA issues a three-day patch deadline, Delta avoids penalties, and researchers show just how easy it is to manipulate AI search. Our guest is Mike Fey, Co-Founder & CEO at Island, discussing the architectural differences between network and modern SASE. Consulting meets confabulation. Remember to leave us a 5-star rating and review in

The fable ends before it begins.

Podcast image

Published: 06/15/2026 14:30:00

The fable ends before it begins. Episode Details

Anthropic pulls Fable 5. OpenAI faces a multistate probe. Handala targets a California water utility. ShinyHunters claims another victim. The FBI and Google take down a major phishing platform. The latest cybersecurity business news. Our guest is Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, discussing a rampant global transportation smishing campaign. A deepfake detective has doubts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And

Securing satellites already in space, with journalist Shaun Waterman. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 06/13/2026 23:00:00

Securing satellites already in space, with journalist Shaun Waterman. [T-Minus: Space-Cyber Briefing] Episode Details

For years, space cybersecurity has been a long sought after goal, but due to operational constraints, it was largely unfeasible. In this week’s episode, host Maria Varmazis sits down with journalist Shaun Waterman to discuss his recent article “The Newest Space Race is Cyber.” As space has increasingly become a critical infrastructure component, industry leaders and security agencies alike have begun to launch new initiatives to improve capabilities both on the ground and in orbit. Key sources: The Newest Space Race is Cyber. DHS Wants Satellite Volunteers to Test New Cyber

Vulnerability management at AI speed. [CyberWire-X]

Podcast image

Published: 06/13/2026 23:00:00

Vulnerability management at AI speed. [CyberWire-X] Episode Details

In large enterprise software companies, vulnerability management teams are facing unprecedented speed and scale as AI accelerates both discovery and exploitation of security issues. In this episode of CyberWire-X, N2K’s Dave Bittner is joined by Adobe’s Daniel Ventura, Senior Manager of the Vulnerability Operations Center, and Sangeeta Arora, Director of Vulnerability Management, to discuss how Adobe is evolving its vulnerability management strategy to keep pace with AI-driven threats. They share real world insights on prioritization, crossteam partnership, and how modern programs can balance speed with meaningful risk reduction. Learn more about

This Sparrow doesn't migrate. [Research Saturday]

Podcast image

Published: 06/13/2026 01:00:00

This Sparrow doesn't migrate. [Research Saturday] Episode Details

Martin Zugec, Technical Solutions Director at Bitdefender, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbaijani oil and gas company, highlighting the growing focus on critical energy infrastructure in the South Caucasus. The attackers repeatedly exploited the same vulnerable Microsoft Exchange server over multiple months, deploying evolving versions of Deed RAT and Terndoor malware through sophisticated DLL sideloading techniques designed to evade detection and maintain persistence. The operation underscores FamousSparrow's adaptability and

Deadline-driven defense.

Podcast image

Published: 06/12/2026 14:30:00

Deadline-driven defense. Episode Details

CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability. FancyBear shifts part of its infrastructure to compromised edge devices. Pundits push for CyberCorps scholarship budgets. Our guest is Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss scams targeting the World Cup. Amazon drivers sweat through a software

The court calls Google’s bluff.

Podcast image

Published: 06/11/2026 14:30:00

The court calls Google's bluff. Episode Details

Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain attacks evolve. And a massive data breach triggers a record fine in South Korea. Our guest is Peter Barker, Chief Product Officer at Ping Identity, sharing how identity increasingly becomes the control plane for how work gets done. AI analyzes the FIFA World cup, one cliché at a time. Remember to leave

The patch pile reaches new heights.

Podcast image

Published: 06/10/2026 14:30:00

The patch pile reaches new heights. Episode Details

Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champions. Our guest is Joe Sykora, CEO from Coro, discussing the MSP space and how to address it. Relentless robocalls retreat. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a

A checkmark for trust, a payload for theft.

Podcast image

Published: 06/09/2026 14:30:00

A checkmark for trust, a payload for theft. Episode Details

Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the FBI launches a Most Wanted Fraudsters list, and a U.S. citizen admits to spying for China. Our guest is Steve Winterfeld, Advisory CISO from Akamai, discussing how AI-powered bots are driving financial services attacks. Unpacking a million dollar hotel fee. Remember to leave us a 5-star rating and review in your

Meta’s recovery plan needed recovery.

Podcast image

Published: 06/08/2026 14:30:00

Meta's recovery plan needed recovery. Episode Details

Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus, allegations against IBM and AT&T, a dark web drug dealer gets 26 years, and the Monday business brief. Tim Starks from CyberScoop discusses the ongoing debate over staffing and budget cuts at CISA. NATO lets Ukraine play the bad guy. Remember to leave us a 5-star

Spoofing ships, jamming drones: how GPS manipulation confuses and compromises. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 06/06/2026 23:00:00

Spoofing ships, jamming drones: how GPS manipulation confuses and compromises. [T-Minus: Space-Cyber Briefing] Episode Details

GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them through techniques such as jamming and spoofing. As these attacks have become more effective, they are becoming increasingly common, especially in conflict zones where disruption and confusion can prove exceedingly valuable. Key sources: Information about GPS Jamming What is GPS Spoofing? GPS jamming: The invisible battle in the Middle

You've been muted...permanently. [Research Saturday]

Podcast image

Published: 06/06/2026 01:00:00

You've been muted...permanently. [Research Saturday] Episode Details

Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside

The NSA gets an AI upgrade.

Podcast image

Published: 06/05/2026 14:30:00

The NSA gets an AI upgrade. Episode Details

Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an

Not every headhunter is hiring.

Podcast image

Published: 06/04/2026 14:30:00

Not every headhunter is hiring. Episode Details

The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerability in its Unified Communications Manager platform. Anthropic maps AI-enabled cyber activity to the MITRE ATT&CK framework. Authorities dismantle an online counterfeit identity marketplace. Our guest is Jason Kikta, CTO from Automox, discussing AI vulnerabilities, real risk, and the speed problem. An extortion crew is forced to open a customer support

The AI race gets a referee.

Podcast image

Published: 06/03/2026 14:30:00

The AI race gets a referee. Episode Details

AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Britain's military chooses Starshield. Spain’s infamous hacker gets sentenced. Our guest is Benjamin Morrell, Vice President, Security Strategy at Coro Cybersecurity, discussing the role of MSPs. Meta’s productivity panopticon pauses for personal pitstops. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up

The bugs are piling up faster than the fixes.

Podcast image

Published: 06/02/2026 14:30:00

The bugs are piling up faster than the fixes. Episode Details

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat’s npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta’s AI support bot proves a bit

AI joins the chain of command.

Podcast image

Published: 06/01/2026 14:40:00

AI joins the chain of command. Episode Details

Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today’s business update. Our guest is Heather Ceylan, CISO at Box, discussing how governed AI starts with solving the unstructured data problem. Microsoft hits refresh on research relations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,

GPS: A backbone for critical infrastructure. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 05/30/2026 23:00:00

GPS: A backbone for critical infrastructure. [T-Minus: Space-Cyber Briefing] Episode Details

Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society. After the removal of selective availability for civilians in 2000, GPS’s value has significantly expanded. In the past two decades, nearly every critical infrastructure sector–telecommunications, transportation, energy, agriculture, emergency services, and financial services–relies on GPS constellations to ensure that timing and location accuracy are precise. Though many do not see its utility in day-to-day efforts, GPS has become entrenched in modern networks and services. Key sources: Removal

CyberWire Daily at 10: The evolution of ransomware. [Special Edition]

Podcast image

Published: 05/30/2026 23:00:00

CyberWire Daily at 10: The evolution of ransomware. [Special Edition] Episode Details

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape over the last decade of ransomware. Ransomware has evolved from small-scale extortion and opportunistic attacks to sprawling, sophisticated, organized crime and state-sponsored attacks. Cryptocurrency plays a pivotal role in enabling ransomware's growth by providing untraceable payment methods. Join us as we explore key incidents like WannaCry and NotPetya, the shift from street crime to organized and nation-state cyber threats, and AI's impact

The skills pay the bills. [Research Saturday]

Podcast image

Published: 05/30/2026 01:00:00

The skills pay the bills. [Research Saturday] Episode Details

Today we are joined by Marco Giuliani, Vice President & Head of Research at ThreatDown, discussing their work on "GachiLoader adopts AI skill lure." Threat actors are now using fake AI agent “skills” as highly convincing social engineering lures, with a new campaign disguising the GachiLoader malware as a legitimate OpenClaw tool for automated Polymarket betting. Victims are tricked through fake installation guides and polished Electron apps into downloading malware that deploys the Rhadamanthys infostealer using fileless injection and blockchain-based command-and-control infrastructure. Researchers say the campaign marks an evolution in cybercrime,

Mind the gap between IT and OT.

Podcast image

Published: 05/29/2026 14:30:00

Mind the gap between IT and OT. Episode Details

Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic prepares its Mythos model for release. Chrome patches 22 critical bugs. Zapier fixes a dangerous vulnerability chain. ShinyHunters claims a Charter breach. A data broker who fueled scams against millions of seniors heads to prison. Maria Varmazis joins Dave Bittner for a look back at a decade of ransomware. A Google insider allegedly went from threat hunting to bet hunting. Remember to leave us

The military wants to move at cyber speed.

Podcast image

Published: 05/28/2026 14:30:00

The military wants to move at cyber speed. Episode Details

Cyber Command’s new chief pushes modernization as lawmakers warn commercial location data is exposing U.S. troops. A third-party UK visa site leaks passports and selfies. Microsoft slams unpatched zero-day disclosures. Researchers uncover a new macOS malware campaign targeting crypto developers, while SEO poisoning and AI chatbots spread cryptojacking malware. Carnival confirms a massive breach tied to ShinyHunters. Plus, the alleged VenomRAT developer is extradited to France, and a Romanian hacker is sentenced for breaching Oregon state systems. Our guest is Courtney Guss, Crisis Management Director at Semperis, discussing crisis response planning.

Breaking the GlassWorm.

Podcast image

Published: 05/27/2026 14:30:00

Breaking the GlassWorm. Episode Details

A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech extremism. GCHQ warns Russia is targeting UK infrastructure. Researchers uncover stealthy new malware, AI coding agent supply chain risks, and in-person extortion tactics targeting U.S. law firms. Europe grabs satellite spectrum. Ben Yelin joins us to discuss the bipartisan push for more support of CISA. Hacking your way to the main stage. Remember to leave us a 5-star rating and

Attackers found a new way around MFA.

Podcast image

Published: 05/26/2026 14:30:00

Attackers found a new way around MFA. Episode Details

The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic’s AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels supply-chain attacks hitting thousands of GitHub repos. Plus, a new LMS zero-day, bulletproof hosting arrests in the Netherlands, FTC action over bogus “active listening” claims, and another busy week for cyber funding and M&A. Our guest is Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life

The Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin. [Special Edition]

Podcast image

Published: 05/24/2026 23:00:00

The Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin. [Special Edition] Episode Details

Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical framework for ethical practices in contemporary cybersecurity. Listen to Ben's discussion with Paul and Ed as they explore the ethical dimensions of cybersecurity, the influence of AI, and the responsibilities of cyber professionals. Consider joining Paul and Ed in upholding the highest standards of cybersecurity ethics by signing the Cybersecurity Code they share as part of The

The current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 05/23/2026 23:00:00

The current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz. [T-Minus: Space-Cyber Briefing] Episode Details

Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with Dr. Sean Gorman, CEO of Zephr.xyz, to discuss the current state of GPS. For decades, GPS has been a cornerstone technology for private, public, and military entities; however, through new technological advancements, companies and governments are looking to modernize this technology. Key sources: Next Generation Operational Control Systems. Why GPS III, and what comes after it, still falls short in modern war. Like what

Ghosted by Grafana [Research Saturday]

Podcast image

Published: 05/23/2026 01:00:00

Ghosted by Grafana [Research Saturday] Episode Details

Today we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers

Too many cooks in the algorithm.

Podcast image

Published: 05/22/2026 14:30:00

Too many cooks in the algorithm. Episode Details

Trump hits pause on an AI executive order. Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams. Ubiquiti patches critical UniFi flaws. The U.S. pours billions into quantum computing. Researchers uncover delayed Google API key revocation. Canadian authorities arrest the alleged Kimwolf botnet operator. Two Americans plead guilty in a global tech support fraud scheme. Our guest is Ankit Kumar Honey, Senior Engineering Manager for Dependabot at GitHub, discussing closing the agentic gap between alert and patch at a global scale. AI generated

That shield has cracks in it.

Podcast image

Published: 05/21/2026 14:30:00

That shield has cracks in it. Episode Details

Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly critical SQL injection flaw. Android malware quietly signs victims up for premium SMS scams. Webworm upgrades its espionage toolkit with Discord and Microsoft Graph backdoors. Plus, China and Russia deepen cooperation on AI, cybersecurity, and satellite systems. Our guest is Jake Moore, Global Cybersecurity Advisor for ESET, sharing a glimpse into

The cost of trusting the extension ecosystem.

Podcast image

Published: 05/20/2026 14:30:00

The cost of trusting the extension ecosystem. Episode Details

GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance’s “AI Vulnerability Storm” report.

CISA secrets left sitting on GitHub.

Podcast image

Published: 05/19/2026 14:30:00

CISA secrets left sitting on GitHub. Episode Details

A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthier SHub macOS infostealer emerges. Universal Robots fixes a critical vulnerability. A Dark Web marketplace dumps millions of stolen payment cards. Echo Protocol loses $76 million in a synthetic Bitcoin breach. Our guest is Chris Cochran, Field CISO & Vice President of AI Security at SANS, discussing their AI maturity model. Nathan Detroit

The M5 just met its memory problem.

Podcast image

Published: 05/18/2026 14:30:00

The M5 just met its memory problem. Episode Details

Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Eleven confirms a breach, and chained OpenClaw AI flaws could enable full host compromise. Santa Clara County sues Meta over alleged scam ads on Facebook and Instagram. Monday business breakdown. Our guest is Jason Madigan, Director of Commercial Cloud Security at Booz Allen, discussing the tension between resilience and data residency laws.

From cyberspace to space-cyber. [T-Minus: Space-Cyber Briefing]

Podcast image

Published: 05/16/2026 23:00:00

From cyberspace to space-cyber. [T-Minus: Space-Cyber Briefing] Episode Details

For years, in-space internet capabilities were rarely worth the hassle. Now, that’s changing. In today’s episode, Maria Varmazis and Ethan Cook sit down to discuss how internet data moves through space systems and its recent advancements. For decades, GEO satellites made up most of the marketplace; however, LEO satellites are changing the landscape improving connectivity and speeds. Key sources: In-space relay and WiFi services. Space Development Agency On Orbit. Like what you heard? Be sure to subscribe to our free Signals and Space Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, our Sunday newsletter covering the intersection of

Scam papers served. [Research Saturday]

Podcast image

Published: 05/16/2026 01:00:00

Scam papers served. [Research Saturday] Episode Details

⁠⁠⁠Thomas Elkins⁠⁠⁠, SOC L3 Analyst from ⁠⁠⁠BlueVoyant⁠⁠⁠, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by a Brazil-linked threat group targeting Spanish-speaking users across Latin America and Europe, using fake judicial summons emails, WhatsApp attacks, ClickFix tactics, and email phishing to spread the Casbaneiro banking trojan through the Horabot malware framework. The campaign uses sophisticated evasion methods including password-protected PDFs, dynamically generated ZIP filenames, anti-sandbox checks, fileless execution, and customized phishing lures to bypass security tools while turning infected systems into self-propagating botnets that

One email could be all it takes.

Podcast image

Published: 05/15/2026 14:30:00

One email could be all it takes. Episode Details

Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through ClickFix scams, healthcare braces for major HIPAA security changes, and hackers cash in big at Pwn2Own Berlin after burning through two dozen zero-days. Maria Varmazis joins us with the latest from the T-Minus space cyber podcast. Researchers roll their eyes at ransomware reassurances. Remember to leave us a 5-star rating and review

The era of AI-powered attacks is here.

Podcast image

Published: 05/14/2026 14:30:00

The era of AI-powered attacks is here. Episode Details

Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSparrow targets Azerbaijan’s energy sector. Cisco announces layoffs despite record revenue. An alleged Dream Market administrator faces cryptocurrency money laundering charges. Our guest is Cynthia Kaiser, SVP of Ransomware Research Center at Halcyon, discussing "Akira Ransomware Attacks in Under an Hour." The surveillance will continue until employee sentiment improves. Remember to leave us

Every layer needs a patch now.

Podcast image

Published: 05/13/2026 16:55:00

Every layer needs a patch now. Episode Details

Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A lawmaker questions surveillance pricing. Brandon Karpf, friend of the show, is talking with Dave about "Japan’s space systems face growing cybersecurity threats." Robotic lawnmowers on the cutting edge. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing,

China’s hackers aren’t invincible.

Podcast image

Published: 05/12/2026 14:30:00

China's hackers aren't invincible. Episode Details

Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launches an AI-driven cyber review. Texas sues Netflix over data practices. And Harvard experts debate the future of agentic AI security. On our Threat Vector segment David Moulton welcomes, Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines. Our guest is Tim Starks from

Foreign routers get a longer lifeline.

Podcast image

Published: 05/11/2026 14:30:00

Foreign routers get a longer lifeline. Episode Details

The FCC eases restrictions on foreign-made routers. Shiny Hunters hit Canvas and Zara. SailPoint discloses unauthorized access to its GitHub repositories. TrickMo Android banking malware has more tricks up its sleeve. Polish officials warn of increased targeting of ICS and public infrastructure. A federal judge orders $10 million in restitution for stolen zero days. German authorities takedown the Crimenetwork marketplace, again. Monday business breakdown. Dan Lorenc, Chainguard CEO and co-founder, is talking about a recent wave of supply chain attacks. Malware gets signed, sealed and delivered. Remember to leave us a

Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes]

Podcast image

Published: 05/10/2026 01:00:00

Payal Chakravarty: Overcoming bias in the workplace. [Security and Risk] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Payal Chakravarty, Head of Product for Security and Risk from Coalition, sits down to share her story of working at several different organizations, including interning for IBM and Microsoft. After obtaining her master's degree, she worked with IBM a bit more closely and fell in love with one of the projects she was working on. Payal had a very interesting career path going from physical to virtual, virtual to cloud now, cloud to containers. She says that there is still some bias she has

CyberWire Daily at 10: The evolution of geopolitics and warfare. [Special Edition]

Podcast image

Published: 05/10/2026 00:00:00

CyberWire Daily at 10: The evolution of geopolitics and warfare. [Special Edition] Episode Details

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. We begin our conversation around the supply chain malware from the destructive NotPetya campaign out of Russia, then Maria and Dave highlight: Olympic Destroyer disrupting the Pyeongchang Games, CozyBear's SolarWinds espionage campaign, the Colonial Pipeline ransomware disruption, Russia’s full invasion of Ukraine paired with Viasat hack, Iranian hackers attacking ICS devices at water treatment plants in Israel, and

The spy who logged me in. [Research Saturday]

Podcast image

Published: 05/09/2026 01:00:00

The spy who logged me in. [Research Saturday] Episode Details

Mark Kelly, Staff Threat Researcher at Proofpoint, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities following the outbreak of conflict in Iran. The group has continually evolved its tactics between mid-2025 and early 2026, using techniques like fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized

The four-day race you don’t want to be in.

Podcast image

Published: 05/08/2026 14:30:00

The four-day race you don't want to be in. Episode Details

CISA orders rapid patching of actively exploited Ivanti zero-day. Canvas gets hacked during finals week. Dirty Frag is a new Linux zero-day. Researchers document a serious Claude Chrome extension bug. Meta ends Instagram encryption. PCPJack malware clean house before moving in. A new report highlights quantum-era cryptographic threats. Cloudflare announces layoffs amidst AI deployment. Sri Lankan police shut down a scam center. Maria Varmazis joins me to look back at ten years of geopolitics in cyber. Vibe coding reveals valuable data. Remember to leave us a 5-star rating and review in

The backup plan needs a backup plan.

Podcast image

Published: 05/07/2026 14:30:00

The backup plan needs a backup plan. Episode Details

CISA pushes critical infrastructure to prepare for offline operations during cyberattacks. Questions grow over a shared U.S.-China AI threat. A Russian university is accused of feeding talent into GRU cyber units. Researchers warn poisoned data could quietly corrupt enterprise AI. LinkedIn faces a GDPR fight over monetizing user data. Millions downloaded fake Android call-history apps before Google pulled them. Dragos reports AI-assisted targeting of OT systems. A California man is sentenced in a $250 million crypto theft ring. Our guest is Asdrúbal Pichardo, CEO of Squalify, who wonders if banks are

The exploit that writes its own story.

Podcast image

Published: 05/06/2026 14:30:00

The exploit that writes its own story. Episode Details

CISA warns CopyFail is under active exploitation. Attackers compromise installers for a widely used disk imaging utility. MuddyWater masks cyberespionage as ransomware. Attackers spread malware through a fake OpenClaw plugin. Researchers ID a new Linux RAT. Vimeo blames a third party provider for a recent breach. Palo Alto’s Captive Portal is under attack. The FTC settles with a data broker over location sharing. A former Conti gang member gets jail time. Our guest is Dov Yoran, CEO of Command Zero, discussing how cybersecurity teams are fighting AI with AI. Geotargeting turns

The fixes keep coming.

Podcast image

Published: 05/05/2026 14:30:00

The fixes keep coming. Episode Details

Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing suspect faces U.S. charges. Our guest is Markus Rauschecker, Executive Director for the University of Maryland Center for Cyber, Health and Hazard Strategies (CHHS), on the importance of the non-technical aspects of good cybersecurity preparedness and response. Our Threat Vector segment focuses on incident response. If you think UK

Security without a login screen.

Podcast image

Published: 05/04/2026 14:30:00

Security without a login screen. Episode Details

Progress Software urges customers to patch a critical MOVEit authentication bypass. Washington worries about limited access to advanced AI tools. Paid influencers promote pro-American AI. CISA warns Copy Fail is under active exploitation. The Canvas educational platform suffers a data breach. The Lazarus Group uses ClickFix to target high-value enterprise users. U.S. and Chinese authorities raid scam centers in Dubai. Monday Business Brief. On Afternoon Cyber Tea with Ann Johnson: Tony Sager, Senior VP & Chief Evangelist, Center for Internet Security, joins Ann to discuss the accelerating pace of technology, AI,

Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes]

Podcast image

Published: 05/03/2026 01:00:00

Kayla Williams: Not everything related to cybersecurity is a fire drill. [CISO] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Kayla Williams, CISO of Devo, sits down to share her story, from graduating with a finance degree to rising to where she is now. She quickly learned that finance was not for her and changed paths, working towards gaining an information security certificate. From there she was able to excel and was offered the opportunity to move to England which changed her life. Working in her new role, she really enjoys thriving with her team. She says "We really try to be the department

Double-edged threat. [Research Saturday]

Podcast image

Published: 05/02/2026 01:00:00

Double-edged threat. [Research Saturday] Episode Details

Today we are joined by Justin Albrecht, Principal Researcher at Lookout, discussing "Attackers Wielding DarkSword Threaten iOS Users." DarkSword is a highly sophisticated iOS exploit chain discovered by Lookout that targets iPhones (iOS 18.4–18.6.2), enabling near zero-click compromise and rapid theft of sensitive data, including credentials and cryptocurrency wallet information. Likely deployed by a Russia-linked threat actor (UNC6353) against Ukrainian users, it uses watering hole attacks on compromised websites and operates in a “hit-and-run” fashion—exfiltrating data within minutes before wiping traces. The campaign highlights a growing secondary market for advanced exploits,

Think before you deploy the agent.

Podcast image

Published: 05/01/2026 14:30:00

Think before you deploy the agent. Episode Details

Five Eyes agencies issue agentic AI guidance. A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber-enabled cargo theft. Officials flag likely election interference as security programs face cuts. Researchers uncover a covert Python backdoor. Ubuntu’s site takes Iranian-linked DDoS fire. Cyber pros are sentenced in a ransomware case. Our guest is Andrew Carr, Global Head of Threat Management at Booz Allen, discussing how AI is accelerating cyberattacks. OpenAI joins the

One copy too many.

Podcast image

Published: 04/30/2026 14:30:00

One copy too many. Episode Details

A critical Linux flaw dubbed “Copy Fail” raises alarm. The House moves to extend Section 702. The White House pushes back on expanded Mythos access. cPanel and SonicWall rush out security patches. Researchers warn AI agents may leak credentials. Smishing targets key industries. Ukrainian police arrest suspects in a massive Roblox account theft scheme. Our guest is Jamie Moles, technical manager at ExtraHop, discussing how the pace of vibe coding is creating major AI blind spots. Honeypot hijinks get halted by curious clicks. Remember to leave us a 5-star rating and

A wake-up call on frontier AI.

Podcast image

Published: 04/29/2026 14:30:00

A wake-up call on frontier AI. Episode Details

OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploited Windows zero-day. Researchers uncover ransomware that destroys data instead of encrypting it. State CISOs report falling confidence. Neurodivergent cyber pros cite inclusion gaps. Police arrest a 19-year-old alleged Scattered Spider member. Our guest is Chris Boehm, Zero Networks’ Field Chief Technology Officer, on minimizing your blast radius. AI lowers the bar and lengthens the line in the courtroom. Remember to

War hits where it hurts.

Podcast image

Published: 04/28/2026 14:30:00

War hits where it hurts. Episode Details

Conflict in the Middle East disrupts the circuit board supply chain. The Supreme Court considers arguments on geofence searches. A new report highlights Chinese digital transnational repression. The NCSC protects HDMI and DisplayPort links. Tennessee bans cryptocurrency ATMs. Researchers expose a financially motivated subgroup of North Korea’s Lazarus Group. Medtronic confirms a ShinyHunters data breach. Tim Starks, from CyberScoop discusses telecom vulnerabilities. A helpful AI deletes everything. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily

The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik [Data Security Decoded] and Amit Malik

Podcast image

Published: 04/28/2026 01:00:00

The Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik [Data Security Decoded] and Amit Malik Episode Details

The race for AI dominance has created a dangerous imbalance between business velocity and cyber resilience. In this episode, host Caleb Tolin is joined by Joe Hladik, Head of Rubrik Zero Labs, and Staff Security Researcher Amit Malik to break down the findings of their latest report on agentic adoption. The discussion centers on the Agentic Paradox. This is the technical reality that tools designed to automate high-level tasks are inherently built to find the most efficient path around obstacles, including existing security policies. A primary focus is implementing a three-layer

The Supreme Court sits on the geofence.

Podcast image

Published: 04/27/2026 14:30:00

The Supreme Court sits on the geofence. Episode Details

The Supreme Court weighs geofence warrants. Iran leans toward quieter cyber ops. Researchers unpack Fast16 sabotage malware. Microsoft tracks an Outlook outage. Snow malware moves deep inside networks. Itron reports a breach. SMS blasters hit Canada. Italy extradites an accused hacker to the U.S. Monday business brief. Our guest is Mick Coady, Field CTO of Elisity, on how hospitals can best defend against ransomware attacks. Meta’s relentlessly watchful eye turns inward. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our

Adam Marrè: Learning to be a leader. [CISO] [Career Notes]

Podcast image

Published: 04/26/2026 01:00:00

Adam Marr�: Learning to be a leader. [CISO] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Adam Marrè, CISO from Arctic Wolf, sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world, and so he chose to go into the FBI. There he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved, which was working with computers while gaining more knowledge on cybersecurity, and he became computer forensic certified. Ultimately,

A QRazy clever scam. [Research Saturday]

Podcast image

Published: 04/25/2026 01:00:00

A QRazy clever scam. [Research Saturday] Episode Details

This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign

A digital battlefield in practice.

Podcast image

Published: 04/24/2026 14:30:00

A digital battlefield in practice. Episode Details

Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a patch. Researchers downplay OT malware hype, while NIST pushes for better OT visibility. Our guest is Eric Russo, Director, SOC Defensive Security at Barracuda, discussing the risks posed by employees downloading pirated software. Con artists charge crypto for counterfeit clearance. Remember to leave us a 5-star rating and review in your favorite

Your signal is showing.

Podcast image

Published: 04/23/2026 14:30:00

Your signal is showing. Episode Details

Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attackers poison AI with hidden web prompts. Apple patches lingering notification data. macOS admin tools become attacker pathways. CISA orders urgent fixes for a Microsoft Defender zero-day, and their Director nominee withdraws. Our guests today are Johnny Hand and Dustin Childs, hosts of TrendAI's AI Security Brief podcast. A meteorological mystery meets market manipulation. Remember to leave

The leak was only a matter of time.

Podcast image

Published: 04/22/2026 14:30:00

The leak was only a matter of time. Episode Details

Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vulnerability. The Harvester APT group deploys a new Linux version of its GoGra backdoor. A new LOTUSLITE backdoor targets India’s banking sector. The Mirai botnet exploits discontinued routers. Our guest is Brian Vecci, Field CTO at Varonis, discussing how organizations can safely adopt AI and autonomous agents. A satirical startup sells

Trust lags behind technology.

Podcast image

Published: 04/21/2026 14:30:00

Trust lags behind technology. Episode Details

Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CISA adds eight flaws to its KEV list. Progress patches MOVEit and LoadMaster bugs. Attackers impersonate IT staff over Microsoft Teams. A ransomware negotiator admits working with BlackCat. Google Gemini asks, “May we see your photos please?” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an

When one weak link is enough.

Podcast image

Published: 04/20/2026 14:30:00

When one weak link is enough. Episode Details

Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notification system. A Scattered Spider member pleads guilty to SMS phishing and cryptocurrency theft. Monday business brief. Our guest is Melissa K. Smith, SVP, Global Strategic Partnerships and Initiatives at SentinelOne, discussing building a unified defense through strategic partnerships. A budget beacon briefly betrays a boat’s bearing. Remember to leave us a 5-star

Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes]

Podcast image

Published: 04/19/2026 01:00:00

Jaya Baloo: Don't be afraid to bounce ideas off your teammates. [CISO] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She

A new breed of RAT. [Research Saturday]

Podcast image

Published: 04/18/2026 01:00:00

A new breed of RAT. [Research Saturday] Episode Details

Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platform that combines remote access, credential theft, surveillance, and ransomware deployment through a single browser-based dashboard. Unlike traditional cybercrime toolchains, it merges data exfiltration and ransomware capabilities into one interface, with automated credential harvesting beginning as soon as a victim is infected. The tool signals a growing

Temporary fix for Section 702.

Podcast image

Published: 04/17/2026 14:30:00

Temporary fix for Section 702. Episode Details

The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain attacks spread. China tests deep-sea cable-cutting tech. Our guest is Arvind Nithrakashyap, CTO and Co-Founder of Rubrik, discussing AI as the next frontier. Tim Starks from CyberScoop takes us Inside the FBI’s recent router takedown. A DraftKings data dealer meets his downfall. Remember to leave us a 5-star rating and review in

Too many flaws, not enough time.

Podcast image

Published: 04/16/2026 14:30:00

Too many flaws, not enough time. Episode Details

NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sentenced in a North Korean fake-IT-worker scheme. Our guest is Rob Allen, Chief Product Officer at ThreatLocker, describing security gaps addressed by zero trust. OpenAI lets security teams take off the training wheels. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode?

A heavy patch Tuesday lands.

Podcast image

Published: 04/15/2026 14:30:00

A heavy patch Tuesday lands. Episode Details

Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant operations. A fake app in Apple’s App Store drains crypto wallets. Virginia bans the sale of precise geolocation data. Our guest is Johnny Hand, VP for AI Excellence at TrendAI, discussing AI operational discipline. Do you need to buy a separate seat for your AI agent? Remember to leave us a 5-star

France builds its own digital future.

Podcast image

Published: 04/14/2026 14:30:00

France builds its own digital future. Episode Details

France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer tools. Researchers dissect Predator spyware’s kernel engine. A lawsuit challenges AI transcription in hospitals. Ted Shorter from Keyfactor unpacks quantum computing at scale. On our Threat Vector segment, David Moulton and ⁠Elad Koren⁠ pull back the curtain on agentic-first security. Preparing for post-quantum perils. Remember to leave us a 5-star rating and review in

W3LL runs dry.

Podcast image

Published: 04/13/2026 14:30:00

W3LL runs dry. Episode Details

The FBI disrupts a multi-million-dollar phishing ring. A North Korea-linked supply chain attack hits OpenAI. Developers face a Slack phishing campaign. A critical Python notebook flaw is exploited in hours. ShinyHunters target Rockstar Games. A Japanese shipping firm reports a breach. Tracking the cybersecurity winners and losers in Trump’s 2027 budget, plus a claimed cyberattack on UAE infrastructure. Business breakdown. Our guest is Justin Kohler, Chief Product Officer at SpecterOps, discussing Identity Attack Path Management. Crackdowns at home push scam networks abroad. Remember to leave us a 5-star rating and review

Mark Logan: March towards your goals. [CEO] [Career Notes]

Podcast image

Published: 04/12/2026 01:00:00

Mark Logan: March towards your goals. [CEO] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Mark Logan, CEO of One Identity, sits down to share his story, explaining how he fit into different roles growing up in different companies. Mark has nearly two decades of C-Suite experience at an array of different organizations, finally landing on his current position as the CEO at One Identity. Sharing his different roles, he also gives a quote from Steve Jobs, saying "it's not what I say yes to, it's what I say no to." He believes that's a key area for his

Walking through the anatomy of a cyberattack. [CyberWire-X]

Podcast image

Published: 04/11/2026 23:00:00

Walking through the anatomy of a cyberattack. [CyberWire-X] Episode Details

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and,

A wolf in admin clothing. [Research Saturday]

Podcast image

Published: 04/11/2026 01:00:00

A wolf in admin clothing. [Research Saturday] Episode Details

Today we are joined by Selena Larson, Threat Researcher from Proofpoint research team and co-host of Only Malware in the Building, talking about their work on "(Don't) TrustConnect: It's a RAT in an RMM hat." Proofpoint uncovered TrustConnect, a malware-as-a-service platform posing as a legitimate remote monitoring and management (RMM) tool, but actually functioning as a remote access trojan (RAT) sold to cybercriminals for $300/month. The operation used a fake business website, legitimate-looking certificates, and branded installers (like fake Microsoft Teams or Zoom apps) to trick victims, while providing attackers with

The AI arms race hits finance.

Podcast image

Published: 04/10/2026 14:30:00

The AI arms race hits finance. Episode Details

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China’s National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year’s RSAC Innovation Sandbox. FCC floats firmer filters for fraudulent phone calls. Remember to

Hackers ignore the ceasefire.

Podcast image

Published: 04/09/2026 14:30:00

Hackers ignore the ceasefire. Episode Details

Iran-linked hackers signal cyberattacks will continue despite the cease-fire. Microsoft restores access after suspending open-source developer accounts. John Deere settles its right-to-repair fight. A suspected Adobe Reader zero-day surfaces. Palo Alto Networks and SonicWall patch high-severity flaws. New macOS malware targets crypto wallets. A threat cluster abuses live chat to bypass MFA. CISA orders urgent Ivanti patching. Researchers track a stealthy DDoS-for-hire botnet. Our guest is Edgard Capdevielle, CEO of Nozomi Networks, sharing insights on threats posed by nation-states and AI on OT security. macOS has a 49 day time limit.

CyberAv3ngers unleashed.

Podcast image

Published: 04/08/2026 14:30:00

CyberAv3ngers unleashed. Episode Details

Federal agencies warn Iranian-linked hackers are probing U.S. critical infrastructure, while the DOJ disrupts a Russian router hijacking campaign. Cyberattacks hit Minnesota government systems and force a Massachusetts hospital to divert ambulances. Anthropic limits access to its new AI bug-hunting model, hackers leak terabytes of LAPD data, and researchers warn of a rise in AI recommendation poisoning. Our guest is Benny Czarny, Founder and CEO of OPSWAT, discussing his book "Cybersecurity Upside Down: Rethink Your Cybersecurity Strategy." Japan trades red tape for training data. Remember to leave us a 5-star rating

Proposed cuts put CISA in focus.

Podcast image

Published: 04/07/2026 14:30:00

Proposed cuts put CISA in focus. Episode Details

CISA faces a $700 million budget cut. Russian and Iranian cyber cooperation raises concerns. New BPFDoor variants emerge. Cybercrime losses climb again. Researchers advance a GPU Rowhammer attack. Northern Ireland schools go offline after a breach. An alleged hacker-for-hire faces U.S. charges. And German police name the suspected REvil mastermind. Our guest is John Anthony Smith, Founder and Chief Security Officer at Fenix24, explaining why more technology hasn't made us more secure. A frustrated researcher drops the hammer. Remember to leave us a 5-star rating and review in your favorite podcast

Patching can't wait.

Podcast image

Published: 04/06/2026 14:40:00

Patching can't wait. Episode Details

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book

Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes]

Podcast image

Published: 04/05/2026 01:00:00

Anjali Hansen: Cross team collaboration works best. [Privacy Counsel] [Career Notes] Episode Details

Please enjoy this encore of Career Notes. Anjali Hansen, a Senior Privacy Counselor from Noname Security shares her story as she climbed through the ranks to get to where she is today. When Anjali started, she wanted to do international law. She started working for the International Trade Commission after law school, where she was able to gain most of her experience and real world abilities. Working with online fraud and abuse, she shares, concerned her, because it felt like governments could not protect organizations from threats occurring, which is how

Startup surge sparks spy interest. [Research Saturday]

Podcast image

Published: 04/04/2026 01:00:00

Startup surge sparks spy interest. [Research Saturday] Episode Details

This week, we are joined by Santiago Pontiroli, Threat Intelligence Research Lead from Acronis TRU team, discussing their work on "New year, new sector: Transparent Tribe targets India’s startup ecosystem." The Acronis Threat Research Unit uncovered a new campaign by Transparent Tribe showing the group has expanded beyond traditional government and defense targets to India’s startup ecosystem, especially cybersecurity and OSINT-focused firms. The attackers use startup-themed lures delivered via ISO files and malicious shortcuts to deploy Crimson RAT, a highly obfuscated tool capable of surveillance, data theft, and system control. Despite