https://cybersecpods.com The home of cybersecurity podcasts. Curated shows on threat intel, identity, cloud security, red team, blue team, and more — with the latest episodes always at your fingertips. en-us Mon, 25 May 2026 10:32:22 GMT https://cybersecpods.com/podcasts/risky-business-features/how-to-survive-supply-chain-attacks/ https://cybersecpods.com/podcasts/risky-business-features/how-to-survive-supply-chain-attacks/ Mon, 25 May 2026 10:32:22 GMT In this podcast James Wilson chats with Brad Arkin about why software supply chain attacks have gone from rare, once-in-a-while disasters to an operational problem affecting mainstream enterprises almost daily. AI has made attackers faster, and “vibe coding” means the number of environments pulling packages from the internet has gone to the moon. It also means legacy tooling that seeks out the bad packages and cleans them up isn’t enough. Package cooldown windows won’t fix this either. But all hope is not lost! Tune in to this podcast to find out how you can get a grip on the disaster de jour! Risky Business Features https://cybersecpods.com/podcasts/enterprise-security-weekly/visibility-with-edrmdr-is-still-important-the-basics-are-impossible-and-the-news/ https://cybersecpods.com/podcasts/enterprise-security-weekly/visibility-with-edrmdr-is-still-important-the-basics-are-impossible-and-the-news/ Mon, 25 May 2026 09:00:00 GMT Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic: Do the basics, they said. Easier said than done. Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front. The weekly Enterprise Security Weekly (Audio) https://cybersecpods.com/podcasts/cyber-security-headlines/drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ https://cybersecpods.com/podcasts/cyber-security-headlines/drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ Mon, 25 May 2026 07:00:00 GMT CISA adds Drupal Core flaw to KEV Underminr hides malicious connections behind trusted domains Canadian man charged with running KimWolf DDoS botnet Check out your show notes here: https://cisoseries.com/cybersecurity-news-drupal-kev-addition-underminr-revives-domain-fronting-canadian-kimwolf-arrest/ Huge thanks to our sponsor, Guardsquare Mobile app security isn't just a tech issue; it's a revenue issue. A recent global study found that seventy-two percent of organizations experienced a mobile app security incident last year. Even worse? Sixty-five percent saw customer churn or uninstalls as Cybersecurity Headlines https://cybersecpods.com/podcasts/cyberwire-daily/the-code-of-honor-paul-j-maurer-and-ed-skoudis-explore-ethics-in-cybersecurity-w/ https://cybersecpods.com/podcasts/cyberwire-daily/the-code-of-honor-paul-j-maurer-and-ed-skoudis-explore-ethics-in-cybersecurity-w/ Mon, 25 May 2026 05:00:00 GMT Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical framework for ethical practices in contemporary cybersecurity. Listen to Ben's discussion with Paul and Ed as they explore the ethical dimensions of cybersecurity, the influence of AI, and the responsibilities of cyber professionals. Consider joining Paul and Ed in upholding the highest standards of cybersecurity ethics by signing the Cybersecurity Code they share as part of The Code of Honor. Le CyberWire Daily https://cybersecpods.com/podcasts/risky-bulletin/risky-bulletin-mythos-has-found-thousands-of-critical-bugs/ https://cybersecpods.com/podcasts/risky-bulletin/risky-bulletin-mythos-has-found-thousands-of-critical-bugs/ Mon, 25 May 2026 04:28:23 GMT Anthropic says Mythos has found thousands of critical bugs, hackers leak documents from a Russian disinfo group, GitHub rolls out new npm security features, and Dutch police raid two bulletproof hosting providers. Show notes Risky Bulletin: Mythos has found thousands of critical bugs Risky Bulletin https://cybersecpods.com/podcasts/shared-security-podcast/should-ai-have-access-to-your-financial-life/ https://cybersecpods.com/podcasts/shared-security-podcast/should-ai-have-access-to-your-financial-life/ Mon, 25 May 2026 04:00:22 GMT OpenAI is now allowing some ChatGPT users to connect their bank accounts and financial data directly to the platform. In this episode, we discuss the technology behind the feature, the convenience it promises, and the serious privacy and security questions it raises. From AI-generated budgeting advice to the risks of centralized financial profiling, we examine what happens when conversational AI gains visibility into your spending habits, debts, subscriptions, and financial goals. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application securit Shared Security Podcast https://cybersecpods.com/podcasts/decipher-security-podcast/lessons-in-resilience-perseverance-and-leadership-with-matt-eversmann/ https://cybersecpods.com/podcasts/decipher-security-podcast/lessons-in-resilience-perseverance-and-leadership-with-matt-eversmann/ Mon, 25 May 2026 04:00:00 GMT After being caught in one of the more notorious battles in modern American history, Matt Eversmann's military career has become the stuff of legend. The Battle of Mogadishu, immortalized in the book and movie Black Hawk Down, was a pivotal event in U.S. history and in the lives of Matt and his fellow soldiers. Now retired from the army and focusing on training the next generation of leaders, Matt joins Dennis Fisher to talk about his career, what he's learned from his failures and successes, and how vital resilience and perseverance are for success in any field. Matt's biography: https://thaye Decipher Security Podcast https://cybersecpods.com/podcasts/nexus-claroty/ric-derbyshire-on-living-off-the-plant-ot-cyberattacks/ https://cybersecpods.com/podcasts/nexus-claroty/ric-derbyshire-on-living-off-the-plant-ot-cyberattacks/ Mon, 25 May 2026 04:00:00 GMT Ric Derbyshire, a Principal Security Researcher at Orange Cyberdefense and an Honorary Researcher at Imperial College London, joins the Nexus Podcast to discuss how attackers are able to gain lateral movement across operational technology (OT) assets through a tactic known as Living Off the Plant. Similar to Living-off-the-Land attacks, Living-Off-the-Plant TTPs leverage native functionality specific to OT, with a potential negative impact on physical assets and safety concerns. Subscribe and listen to the Nexus Podcast here . Nexus: A Claroty Podcast https://cybersecpods.com/podcasts/open-source-security/vulnerability-disclosure-with-casey-ellis/ https://cybersecpods.com/podcasts/open-source-security/vulnerability-disclosure-with-casey-ellis/ Mon, 25 May 2026 00:00:00 GMT Josh talks to Casey Ellis about why vulnerability disclosure is so hard, and also so important. Casey is one of the best in this space having been a Bugcrowd founder. There are few people with more experience and insight into how a security vulnerability should be handled, and why the explosion of AI is making all this much harder than it's ever been before. While finding vulnerabilities is easy, reporting them is still a lot of work. Casey is working on helping everyone better understand all this with his disclose.io project. The show notes and blog post for this episode can be found at https Open Source Security https://cybersecpods.com/podcasts/defensive-security/defensive-security-podcast-episode-348/ https://cybersecpods.com/podcasts/defensive-security/defensive-security-podcast-episode-348/ Sun, 24 May 2026 23:10:41 GMT Please consider supporting the DefSec podcast here . Links to this week’s stories: https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/ https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799 https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799 Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec https://cybersecpods.com/podcasts/risky-bulletin/sponsored-teaching-ai-agents-the-rules-of-the-road/ https://cybersecpods.com/podcasts/risky-bulletin/sponsored-teaching-ai-agents-the-rules-of-the-road/ Sun, 24 May 2026 20:24:50 GMT In this sponsored interview James Wilson chats with Sondera CEO Josh Devon about why guardrails and instruction files aren’t enough to keep AI agents from going haywire. EDR, DLP and other traditional controls can’t and won’t prevent agents from going rogue. Josh explains Sondera’s “principle of least autonomy” for agents: let them do useful work, but put them in a deterministic policy harness so they can’t leak secrets, abuse tools or wander off-task. Show notes Risky Bulletin https://cybersecpods.com/podcasts/three-buddy-problem/jordan-wiens-on-ai-offense-vs-defense-and-the-dying-ctf-pipeline/ https://cybersecpods.com/podcasts/three-buddy-problem/jordan-wiens-on-ai-offense-vs-defense-and-the-dying-ctf-pipeline/ Sun, 24 May 2026 17:00:00 GMT ( Presented by TLPBLACK : A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals. ) Three Buddy Problem x Ekoparty Miami : Jordan Wiens, co-founder of Vector 35 and creator of Binary Ninja, talks about a decade spent building a decompiler in a market everyone told him not to enter. He walks through why accessibility drove the whole project, how Binja's intermediate-language system stacks up against IDA, Ghidra, and Radare, and why language-specific decompilation for Rust, C++, and Go is the next real f Three Buddy Problem https://cybersecpods.com/podcasts/cyber-crime-junkies/ais-innocent-or-your-cyber-flaws-steal-the-show/ https://cybersecpods.com/podcasts/cyber-crime-junkies/ais-innocent-or-your-cyber-flaws-steal-the-show/ Sun, 24 May 2026 16:00:00 GMT Have you ever noticed how we keep telling ourselves cyber risk is a “future problem” right up until it walks in the front door wearing a name badge? Because in this episode, we’re not talking about Hollywood hackers or hoodie clichés. We’re talking about how attacks actually happen now. We interview global vCISO Dan Elliott from Recorded Future all about it. Questions? Text our Studio direct. We read these and when helpful we give a special shout out for those to contact us. I wrote Moving Target because overconfidence is the enemy. Hardcover, paperback, Kindle, and audiobook . Amazon , Barnes Cyber Crime Junkies https://cybersecpods.com/podcasts/cyberwire-daily/the-current-state-of-gps-following-ocx-with-dr-sean-gorman-ceo-of-zephrxyz-t-min/ https://cybersecpods.com/podcasts/cyberwire-daily/the-current-state-of-gps-following-ocx-with-dr-sean-gorman-ceo-of-zephrxyz-t-min/ Sun, 24 May 2026 05:00:00 GMT Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with Dr. Sean Gorman , CEO of Zephr.xyz , to discuss the current state of GPS. For decades, GPS has been a cornerstone technology for private, public, and military entities; however, through new technological advancements, companies and governments are looking to modernize this technology. Key sources: Next Generation Operational Control Systems. Why GPS III, and what comes after it, still falls short in modern war. Lik CyberWire Daily https://cybersecpods.com/podcasts/cyber-crime-junkies/higher-education-under-cyber-attack-clemson-ciso-john-hoyt/ https://cybersecpods.com/podcasts/cyber-crime-junkies/higher-education-under-cyber-attack-clemson-ciso-john-hoyt/ Sat, 23 May 2026 16:00:00 GMT John Hoyt, the CISO of Clemson University, shares his journey into cybersecurity and discusses the top cyber risks in higher education. He recounts his first experience with an ethical hacker and how it sparked his interest in the field. Hoyt emphasizes the importance of cyber resiliency and preparedness in the face of evolving threats. We discuss topics including how is higher education targeted for cyber crime, top tactics used in social engineering, cost effective practices to limit cyber liability, how intelligence gathering is critical to security, Importance of visibility into operationa Cyber Crime Junkies https://cybersecpods.com/podcasts/7-minute-security/7ms-723-cartp-cloud-red-team-tactics-for-attacking-and-defending-azure-part-1/ https://cybersecpods.com/podcasts/7-minute-security/7ms-723-cartp-cloud-red-team-tactics-for-attacking-and-defending-azure-part-1/ Sat, 23 May 2026 15:48:00 GMT Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren't your thing! The security part: starting CARTP I've started the Certified Azure Red Team Professional course from Altered Security ( enterprisesecurity.io ). It's the Azure follow-up to CRTP , which I took a few years back. Quick notes: Why now: Active Directory and internal pentests will always be my first love, but more and more of our customers are shifting to hyb 7 Minute Security https://cybersecpods.com/podcasts/entra-chat/the-new-control-plane-for-microsoft-entra-tenant-governance/ https://cybersecpods.com/podcasts/entra-chat/the-new-control-plane-for-microsoft-entra-tenant-governance/ Sat, 23 May 2026 11:54:39 GMT Microsoft had 7 million internal tenants and almost lost control of their environment and your org might be facing the same problem at a smaller scale. In this episode, we sit down with Jeff Staiman , PM Area Lead for Tenant Governance at Microsoft, to break down the feature born from the Midnight Blizzard attack. We cover discovery, drift detection, governance relationships, secure tenant creation, licensing, and exactly where admins should start. What Can Your AI Applications Access? Organizations are investing heavily in AI-powered applications and agents, but many are discovering they lack Entra.Chat https://cybersecpods.com/podcasts/inside-darknet/118-shadow-brokers/ https://cybersecpods.com/podcasts/inside-darknet/118-shadow-brokers/ Sat, 23 May 2026 08:00:00 GMT 2016 taucht ein mysteriöser GitHub-Post auf. Angeblich wurden die geheimen Cyberwaffen der NSA gestohlen. Wenige Monate später werden Krankenhäuser, Konzerne und Behörden durch WannaCry und EternalBlue gehackt. Inside Darknet https://cybersecpods.com/podcasts/cyberwire-daily/ghosted-by-grafana-research-saturday/ https://cybersecpods.com/podcasts/cyberwire-daily/ghosted-by-grafana-research-saturday/ Sat, 23 May 2026 07:00:00 GMT Today we are joined by ⁠Sasi Levi⁠ , Security Research Lead at ⁠Noma Security⁠ , sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researc CyberWire Daily https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-23-24-2026-weekend-update-wcyb-digital-radio/ https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-23-24-2026-weekend-update-wcyb-digital-radio/ Sat, 23 May 2026 05:45:01 GMT The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we’re following. If there’s a cyberattack, hack, or data breach you should know about, then we’re on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/defensive-security/defensive-security-podcast-episode-347/ https://cybersecpods.com/podcasts/defensive-security/defensive-security-podcast-episode-347/ Fri, 22 May 2026 22:06:10 GMT Please consider supporting the DefSec podcast here . Links to this week’s stories: https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/ https://www.theregister.com/security/2026/05/06/1-in-8-workers-say-selling-company-logins-is-justifiable/5231104 https://www.theregister.com/security/2026/05/02/ai-digs-up-decades-of-code-debt-patch-up/5219734 https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111 https://www.securityweek.com/cyber-insurance-data-gives Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec https://cybersecpods.com/podcasts/cyber-security-headlines/the-department-of-know-googles-codemender-cisas-big-leak-torvalds-open-source-wa/ https://cybersecpods.com/podcasts/cyber-security-headlines/the-department-of-know-googles-codemender-cisas-big-leak-torvalds-open-source-wa/ Fri, 22 May 2026 21:16:00 GMT This week's Department of Know is hosted by Rich Stroffolino , with guests Kathleen Mullin , former CISO, MyCareGorithm, and Nick Espinosa , host, Deep Dive Radio Show . Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com . Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the r Cybersecurity Headlines https://cybersecpods.com/podcasts/security-weekly-news-audio/tvs-old-york-flipper-one-ubiquity-underminr-cisos-github-josh-marpet-swn-583/ https://cybersecpods.com/podcasts/security-weekly-news-audio/tvs-old-york-flipper-one-ubiquity-underminr-cisos-github-josh-marpet-swn-583/ Fri, 22 May 2026 21:00:00 GMT TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-583 Security Weekly News (Audio) https://cybersecpods.com/podcasts/cyberwire-daily/too-many-cooks-in-the-algorithm/ https://cybersecpods.com/podcasts/cyberwire-daily/too-many-cooks-in-the-algorithm/ Fri, 22 May 2026 20:30:00 GMT Trump hits pause on an AI executive order. Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams. Ubiquiti patches critical UniFi flaws. The U.S. pours billions into quantum computing. Researchers uncover delayed Google API key revocation. Canadian authorities arrest the alleged Kimwolf botnet operator. Two Americans plead guilty in a global tech support fraud scheme. Our guest is Ankit Kumar Honey, Senior Engineering Manager for Dependabot at GitHub, discussing closing the agentic gap between alert and patch at a global scale. AI gene CyberWire Daily https://cybersecpods.com/podcasts/cybersecurity-defenders/how-analysts-use-cognitive-reasoning-in-investigations-with-chris-sanders-defend/ https://cybersecpods.com/podcasts/cybersecurity-defenders/how-analysts-use-cognitive-reasoning-in-investigations-with-chris-sanders-defend/ Fri, 22 May 2026 16:20:25 GMT Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. What We'll Discuss In this episode, Chris Sanders draws on his b The Cybersecurity Defenders Podcast https://cybersecpods.com/podcasts/infosec-decoded/jim-crow/ https://cybersecpods.com/podcasts/infosec-decoded/jim-crow/ Fri, 22 May 2026 16:03:11 GMT Infosec Decoded Season 6 #37: Jim Crow With sambowne@infosec.exchange and Doug Spindler Links: https://samsclass.info/news/news_052226.html Recorded Fri, May 22, 2026 Infosec Decoded https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-news-for-may-22-2026-dollar3m-cyberattack-on-arkansas-school-disrict-/ https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-news-for-may-22-2026-dollar3m-cyberattack-on-arkansas-school-disrict-/ Fri, 22 May 2026 15:13:20 GMT The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop marke Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-22-2026-german-hospitals-targeted-in-cyberattack-wcyb-di/ https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-22-2026-german-hospitals-targeted-in-cyberattack-wcyb-di/ Fri, 22 May 2026 15:07:40 GMT The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we’re following. If there’s a cyberattack, hack, or data breach you should know about, then we’re on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/cybercrime-magazine/culture-shapes-security-team-resilience-max-boedder-the-mosaic-company-and-flavi/ https://cybersecpods.com/podcasts/cybercrime-magazine/culture-shapes-security-team-resilience-max-boedder-the-mosaic-company-and-flavi/ Fri, 22 May 2026 14:00:11 GMT Max Boedder is the Senior Director of IT Cybersecurity and Technical Services at The Mosaic Company. In this episode, he joins host Scott Schober and Flavius Plesu, CEO at OutThink, to discuss large organizations, their teams, and why it's so important to build a consist security culture across them. Culture Shapes Security is a Cybercrime Magazine podcast series brought to you by OutThink. To learn more about our sponsor, visit https://outthink.io. Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/decipher-security-podcast/chain-chain-chain-of-compromises/ https://cybersecpods.com/podcasts/decipher-security-podcast/chain-chain-chain-of-compromises/ Fri, 22 May 2026 13:46:23 GMT In the spring, a young attacker's fancy turns to supply chain compromises, and this season's crop includes the GitHub breach and the Grafana intrusion, which are connected and trace back to the TanStack supply chain attack and...TeamPCP. Links Grafana attack: https://decipher.sc/2026/05/17/grafana-investigating-token-compromise-and-extortion-attempt/ GitHub breach: https://decipher.sc/2026/05/20/github-confirms-internal-breach/ Decipher Security Podcast https://cybersecpods.com/podcasts/click-here/miracles-and-wonder/ https://cybersecpods.com/podcasts/click-here/miracles-and-wonder/ Fri, 22 May 2026 07:00:00 GMT Somewhere right now, a camera is scanning a face. A license plate reader is logging a car. And most of us barely notice anymore. We sit down with NYU law professor Barry Friedman to talk about how surveillance became the background noise of modern life — and what it’s doing to democracy. Learn about your ad choices: dovetail.prx.org/ad-choices Click Here https://cybersecpods.com/podcasts/cyber-security-headlines/ciscos-100-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ https://cybersecpods.com/podcasts/cyber-security-headlines/ciscos-100-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Fri, 22 May 2026 07:00:00 GMT Cisco issues 10.0 Secure Workload admin flaw warning Spammers abuse internal Microsoftonline account Google's surge in Chrome vulnerability announcements Get the show notes here: https://cisoseries.com/cybersecurity-news-ciscos-10-0-vulnerability-microsoft-email-spammed-chrome-vulnerability-surge/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions Cybersecurity Headlines https://cybersecpods.com/podcasts/sans-internet-stormcenter-daily-cyber-security-podcast-stormcast/sans-stormcast-friday-may-22nd-2026-selective-http-proxying-more-github-repo-tro/ https://cybersecpods.com/podcasts/sans-internet-stormcenter-daily-cyber-security-podcast-stormcast/sans-stormcast-friday-may-22nd-2026-selective-http-proxying-more-github-repo-tro/ Fri, 22 May 2026 02:00:02 GMT Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) https://cybersecpods.com/podcasts/risky-bulletin/risky-bulletin-microsoft-ends-sms-mfa-for-personal-accounts/ https://cybersecpods.com/podcasts/risky-bulletin/risky-bulletin-microsoft-ends-sms-mfa-for-personal-accounts/ Fri, 22 May 2026 00:48:57 GMT Microsoft ends support for SMS MFA on personal accounts, GitHub was hacked via a malicious VS Code extension, CISA will let researchers submit new KEV entries, and an SMS blaster was detained at Eurovision. Show notes Risky Bulletin: Microsoft ends SMS MFA for personal accounts Risky Bulletin https://cybersecpods.com/podcasts/paul-s-security-weekly/fcc-github-minishai-hulud-stated-of-supply-chain-itron-cra-nis2-and-more-psw-927/ https://cybersecpods.com/podcasts/paul-s-security-weekly/fcc-github-minishai-hulud-stated-of-supply-chain-itron-cra-nis2-and-more-psw-927/ Thu, 21 May 2026 21:00:00 GMT In the security news this week: FCC router bans and the hidden firmware update problem Why extending support timelines actually improves security Github supply chain concerns and the evolving SBOM ecosystem CRA and NIS2 compliance deadlines are getting very real The EU Cyber Resilience Act's 24-hour vulnerability disclosure requirement Security regulation: vertical vs horizontal compliance models Vehicle-to-load EV systems powering homes during outages Solar, batteries, AI farms, and the future economics of electricity Data centers consuming regional power grids BitLocker "Yellow Key" fallout Paul's Security Weekly (Audio) https://cybersecpods.com/podcasts/cyberwire-daily/that-shield-has-cracks-in-it/ https://cybersecpods.com/podcasts/cyberwire-daily/that-shield-has-cracks-in-it/ Thu, 21 May 2026 20:30:00 GMT Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly critical SQL injection flaw. Android malware quietly signs victims up for premium SMS scams. Webworm upgrades its espionage toolkit with Discord and Microsoft Graph backdoors. Plus, China and Russia deepen cooperation on AI, cybersecurity, and satellite systems. Our guest is Jake Moore, Global Cybersecurity Advisor for ESE CyberWire Daily https://cybersecpods.com/podcasts/cybercrime-magazine/online-exploitation-of-teen-athletes-the-matt-weiss-scandal-and-beyond-dan-wetze/ https://cybersecpods.com/podcasts/cybercrime-magazine/online-exploitation-of-teen-athletes-the-matt-weiss-scandal-and-beyond-dan-wetze/ Thu, 21 May 2026 16:04:04 GMT Dan Wetzel, ESPN journalist and host of the ESPN College GameDay podcast, is an expert in sports scandals & court reporting. He has extensively covered the computer crimes committed by Matt Weiss, former NFL Baltimore Ravens assistant coach and Quarterback Coach for the University of Michigan football team, which he joined host Heather Engel to discuss in this episode. Together, they dive into the vast landscape of online exploitation against teenage athletes, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/cybercrime-magazine/trafficking-victim-to-cybercrime-whistleblower-his-story-mohammad-muzahir-scam-c/ https://cybersecpods.com/podcasts/cybercrime-magazine/trafficking-victim-to-cybercrime-whistleblower-his-story-mohammad-muzahir-scam-c/ Thu, 21 May 2026 14:30:10 GMT Mohammad Muzahir, also known as Redbull, is a scam compound survivor, independent researcher, and whistleblower. He documented and shared firsthand experiences related to scam compounds and online fraud networks in collaboration with journalists to ensure accurate reporting, which contributed to an investigative story published by WIRED. In this episode, Muzahir joins host Scott Schober to discuss his experience. • For more on cybersecurity, visit us at https://cybersecurityventures.com Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-21-2026-github-says-hackers-stole-internal-data-wcyb-dig/ https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-wire-for-may-21-2026-github-says-hackers-stole-internal-data-wcyb-dig/ Thu, 21 May 2026 13:51:31 GMT The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we’re following. If there’s a cyberattack, hack, or data breach you should know about, then we’re on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-news-for-may-21-2026-antv-hit-by-npm-supply-chain-attack-wcyb-digital/ https://cybersecpods.com/podcasts/cybercrime-magazine/cybercrime-news-for-may-21-2026-antv-hit-by-npm-supply-chain-attack-wcyb-digital/ Thu, 21 May 2026 13:04:07 GMT The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop marke Cybercrime Magazine Podcast https://cybersecpods.com/podcasts/risky-business-features/how-the-copyfail-disclosure-went-sideways/ https://cybersecpods.com/podcasts/risky-business-features/how-the-copyfail-disclosure-went-sideways/ Thu, 21 May 2026 10:13:17 GMT In this episode, Theori’s Brian Pak and Andrew Wesie join James Wilson to discuss why the CopyFail exploit was publicly disclosed before Linux distributions had their patches ready. As you’ll hear in this episode, mistakes were made and lessons learned. It’s worth a podcast, too, because in our opinion this incident foreshadows the inevitable problems that open source software will face in the unfolding vulnpocalypse. Show notes Risky Business Features https://cybersecpods.com/podcasts/defense-in-depth/the-dangers-of-picking-the-wrong-vendor/ https://cybersecpods.com/podcasts/defense-in-depth/the-dangers-of-picking-the-wrong-vendor/ Thu, 21 May 2026 10:00:00 GMT All links and images can be found on CISO Series . Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark , the producer of CISO Series , and Steve Zalewski . Joining us is our guest, Paul Guerra. In this episode: Read the contract How vendors win before the evaluation ends The fallout The real cost A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is def Defense in Depth https://cybersecpods.com/podcasts/cyber-security-headlines/github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huaweiluxembou/ https://cybersecpods.com/podcasts/cyber-security-headlines/github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huaweiluxembou/ Thu, 21 May 2026 07:00:00 GMT GitHub breach via VS Code extension Shai-Hulud wave compromises 600 npm packages Huawei attack behind Luxembourg telecom crash Get the show notes here: https://cisoseries.com/cybersecurity-news-github-vs-code-extension-breach-shai-hulud-npm-package-compromise-huawei-luxembourg-telecom-link/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Becau Cybersecurity Headlines https://cybersecpods.com/podcasts/risky-bulletin/srsly-risky-biz-politicians-ditch-signal-for-homegrown-apps/ https://cybersecpods.com/podcasts/risky-bulletin/srsly-risky-biz-politicians-ditch-signal-for-homegrown-apps/ Thu, 21 May 2026 06:16:56 GMT Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can’t be filled with sovereign capability. They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran’s nuclear weapons program that included the infamous Stuxnet worm. This epi Risky Bulletin https://cybersecpods.com/podcasts/threat-vector/follow-the-crypto/ https://cybersecpods.com/podcasts/threat-vector/follow-the-crypto/ Thu, 21 May 2026 06:00:00 GMT Every threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. Jackie Burns Koven leads cyber threat intelligence at Chainalysis, where she tracks how criminal and nation-state actors use cryptocurrency to fund attacks, launder proceeds, and pay for the tools and infrastructure that power the underground economy. Before Chainalysis, she worked in the U.S. Intelligence Community on nuclear proliferation. She also serves on the Ransomware Task Force, the cross-s Threat Vector by Palo Alto Networks https://cybersecpods.com/podcasts/hacking-humans/the-friendly-skies-arent-friendly/ https://cybersecpods.com/podcasts/hacking-humans/the-friendly-skies-arent-friendly/ Thu, 21 May 2026 05:00:00 GMT This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on a phishing scam targeting people tied to Japan’s pension system, with listener Don Roley warning that Hacking Humans https://cybersecpods.com/podcasts/sans-internet-stormcenter-daily-cyber-security-podcast-stormcast/sans-stormcast-thursday-may-21st-2026-github-breach-agentic-threat-intel-feed-ng/ https://cybersecpods.com/podcasts/sans-internet-stormcenter-daily-cyber-security-podcast-stormcast/sans-stormcast-thursday-may-21st-2026-github-breach-agentic-threat-intel-feed-ng/ Thu, 21 May 2026 02:00:03 GMT GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001 SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) https://cybersecpods.com/podcasts/smashing-security/high-speed-train-hacks-and-homicidal-lawnmowers/ https://cybersecpods.com/podcasts/smashing-security/high-speed-train-hacks-and-homicidal-lawnmowers/ Wed, 20 May 2026 23:00:52 GMT A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over the internet, redirected at journalists who foolishly lie down in front of it, and used to harvest Wi-Fi passwords, email addresses, and GPS coordinates. Change the default password? Sure - until the next firmware update silently resets it back. Plus - don't miss our fe Smashing Security https://cybersecpods.com/podcasts/cyberwire-daily/the-cost-of-trusting-the-extension-ecosystem/ https://cybersecpods.com/podcasts/cyberwire-daily/the-cost-of-trusting-the-extension-ecosystem/ Wed, 20 May 2026 20:30:00 GMT GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing safeguards, Microsoft cracks down on malware-signing services, and China says foreign spies hijacked domestic routers for phishing operations. Wireless carriers collaborate to kill dead zones. Our guest is Rob T. Lee, Chief AI Officer, Chief of Research, SANS Institute, discussing The Cloud Security Alliance’s “AI Vul CyberWire Daily https://cybersecpods.com/podcasts/the-cyber-threat-perspective/replay-episode-159-how-to-break-into-cybersecurity-what-actually-works/ https://cybersecpods.com/podcasts/the-cyber-threat-perspective/replay-episode-159-how-to-break-into-cybersecurity-what-actually-works/ Wed, 20 May 2026 15:00:00 GMT We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show. Brad and Spencer share no-fluff advice for breaking into cybersecurity, whether you're switching careers, starting from scratch, or leveling up from a general IT role. They cover what employers actually look for, the fastest paths in, and what to skip. If you're exploring a cybersecurity career, or know someone who is, this one's for you. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: h The Cyber Threat Perspective