Shows
AI WeeklyAI Security Under Fire: Vulnerabilities, Code Quality, and the Fight BackMichael Housch explores the latest AI security threats including Google's GeminiJack vulnerability and PromptPwnd attacks, while examining how AI-generated code quality issues are impacting development teams. Plus, how organizations are fighting back with custom AI security models and what India's copyright proposal means for the future of AI training.
2025-12-2219 min
Daily Cyber BriefingZero-Day Chaos & Browser BluesWe're talking zero-days getting hammered left and right, embedded browsers that are more vintage than secure, and some serious exploitation happening in the wild.
2025-12-1913 minAI Weekly"AI Agents: The Security Paradox - When Your Best Defense Becomes Your Biggest ThreatAI agents are revolutionizing cybersecurity in contradictory ways. This episode explores how the same AI technology that enables companies like Picus Security to validate defenses against new threats in hours, instead of weeks, can also autonomously exploit vulnerabilities for profit. We examine why enterprises are hesitant to deploy AI agents at scale due to identity management challenges, theescalating war between publishers and AI scrapers (with blocking up 336%), practical strategies for identifying truth when AI systems can be manipulated by their owners, and Anthropic's research showing AI can now find and exploit zero-day vulnerabilities in smart contracts autonomously. The bo...
2025-12-1028 minDaily Cyber BriefingAgentic AI, Vishing, and the Critical SAML BypassWe break down the newest frontiers of cyber defense and attack, including how Google is using a new User Alignment Critic to shield Chrome's agentic AI from prompt injection, and why a critical flaw in the Ruby SAML library demands immediate patching,. Plus, a deep dive into the sophisticated vishing campaign that weaponizes Microsoft Teams and QuickAssist to deploy fileless .NET malware,.
2025-12-0910 minDaily Cyber BriefingReact2Shell Fallout: Max-Rated Flaws, The Great Cloudflare Takedown, and the Rise of PasskeysHost Mike Housch dives into the chaotic fallout from the maximum-severity React2Shell vulnerability, which caused a massive Cloudflare outage and rapid exploitation by threat actors. We also analyze another critical 10.0-rated flaw in Apache Tika, the surprising scale of global ransomware payouts, and the strategic shift toward phishing-resistant authentication like Passkeys.
2025-12-0812 minDaily Cyber BriefingTitle: State-Sponsored Threats & Supply Chain Worms: WARP PANDA, React2Shell, and Shai-Hulud 2.0This week, we dive deep into the sophisticated China-nexus threat WARP PANDA, which is relentlessly exploiting VMware vCenter environments with the BRICKSTORM malware, alongside urgent warnings about the actively exploited React2Shell vulnerability. We also analyze the destructive Shai-Hulud 2.0 supply chain attack that compromised thousands of repositories and review the latest defensive strategies unveiled at AWS re:Invent 2025.
2025-12-0513 minDaily Cyber BriefingZero-Days, Botnets, and AI Plagiarism: The Dec. 2025 Cyber RoundupWe break down Google's urgent Android patches, including two actively exploited zero-days, and analyze the appearance of the new ShadowV2 IoT botnet leveraging known flaws. Plus, we look into why an AI-generated recipe card landed Google in hot water over content scraping and monetization.
2025-12-0209 minAI WeeklyThe Misaligned Matrix: AI Cheating, Cloud Debt, and the Rise of BosswareThis week on AI Weekly, we delve into the surprising methods researchers are using to keep AI models honest—including teaching them to cheat—and explore the massive financial risks Oracle is undertaking to fuel the AI cloud goldrush. We also dissect the escalating security and privacy challenges posed by agentic AI, LLM-generated malware, and the booming "bossware" industry surveilling remote workers.
2025-11-2513 minDaily Cyber BriefingBeyond Hacklore: Exploits, Insider Threats, and the Agentic AI RiskHost Mike Housch dives into the latest major breaches, including 146,000 records stolen from Delta Dental of Virginia, and dissects critical zero-day exploitation confirmed by CISA. We also explore the emerging risks of Agentic AI, and hear from CISO experts aiming to retire cybersecurity myths, or "hacklore," that distract organizations from real threats.
2025-11-2513 minDaily Cyber BriefingCloud Chaos, Router Espionage, and the 7-Zip Time BombToday we dive into Cloudflare's massive outage caused by a database mishap and track the alarming rise of ransomware targeting Amazon S3 misconfigurations. Plus, we uncover a global espionage network hidden inside 50,000 compromised Asus routers.
2025-11-2009 minDaily Cyber BriefingThe AI Phishing Arms Race and the FortiWeb/Ray Zero-Day ExploitsThreat actors are leveraging AI to run sophisticated phishing campaigns that mimic Fortune-500 marketing departments, making identity the most vulnerable target. We also dive into critical zero-day exploits impacting FortiWeb and the Ray AI framework, and explore the necessary shift toward behavior-based security defenses to counter modern threats.
2025-11-1911 minDaily Cyber BriefingChrome Zero-Days, Cloudflare's Big Oops, and Why Gen Z Uses '12345Today, we dive into a massive internet disruption that wasn't a cyberattack, as Cloudflare confirms a service-crashing bug, and we cover the urgent need to patch the seventh Google Chrome zero-day found this year. We also dissect a pervasive WhatsApp screen-sharing scam resulting in major losses and examine why Generation Z has the worst password security habits.
2025-11-1814 minDaily Cyber BriefingLegacy Exploits and Guardrail Failures: Finger Protocol, FortiWeb Zero-Days, and EchoGram TokensToday. I dive into how decades-old tech, like the "Finger" protocol, is being weaponized in modern ClickFix attacks, alongside major zero-day exploitation news affecting FortiWeb and Logitech. We also unpack the sophisticated techniques used by threat actors like Dragon Breath to disable security tools and the concerning new ways researchers are bypassing AI guardrails.
2025-11-1718 minAI WeeklyWhisper Leaks, Agentic Attacks, and Shadow AI in the C-SuiteThis week, we dive into the dangerous 'Whisper Leak' side-channel attack that infers user conversation topics even when encrypted. We also analyze the new reality of AI-powered cyber campaigns and discuss why corporate executives are breaking their own internal AI security rules.
2025-11-1611 minDaily Cyber BriefingAI Hackers, Worms, and Why CISOs Can’t Get Federal Agencies to PatchWe dive into a massive NPM registry attack where a self-replicating worm polluted the software supply chain with over 150,000 packages seeking cryptocurrency rewards. Then, we analyze how state-sponsored threat actors used Anthropic’s Claude AI to automate 90% of a targeted espionage campaign against critical global organizations.
2025-11-1411 minDaily Cyber BriefingHacking Encrypted Chats: The Whisper Leak & The CMMC Compliance ClockToday we expose the 'Whisper Leak' LLM attack that infers sensitive conversation topics from encrypted metadata. Plus, we break down the start of CMMC enforcement and why supply chain risks are soaring, according to the new OWASP Top 10 list.
2025-11-1108 minAI WeeklyAgentic Threats and Trustworthy AI: The Week in ReviewThis week, we dive into critical research from MIT aimed at building safer, faster AI models and modular software, contrasted sharply by alarming reports of successful data exfiltration attacks against major LLMs like Claude and ChatGPT, alongside the emergence of autonomous, adaptive malware. We also look at the governance challenges presented by autonomous "agentic users" entering the enterprise workforce and the profound uncertainty surrounding AI integration in K-12 schools.
2025-11-1015 minDaily Cyber BriefingZero-Day Spies, North Korean Crypto Heists, and Cl0p's Corporate Hit ListAustralia steps up sanctions against North Korean cyber operations funding weapons programs, while the Cl0p gang continues to expose victims of the Oracle EBS hack. Plus, we break down the evolving threat landscape from sophisticated ClickFix scams targeting macOS to mobile zero-day spyware aimed at the Middle East.
2025-11-1008 minDaily Cyber BriefingAI Slop, Chrome Flaws, and the Geopolitical Sovereignty ShowdownWe dive into how AI is complicating the threat landscape, covering an "AI Slop" ransomware test sneaked onto the VS Code marketplace and novel prompt injection hacks against ChatGPT memories. We also break down critical high-severity browser flaws in Chrome 142 and the escalating geopolitical tension around US hyperscalers and European data sovereignty.
2025-11-0708 minDaily Cyber BriefingState Spies, Autonomous Malware, and Why Your Password is Still '123456'Today we dive into alarming new reports, including how state-sponsored hackers stole firewall backups and how AI is enabling malware to mutate autonomously during execution. We also cover the costly Nevada ransomware recovery, critical Cisco patches, and the perennial problem of weak passwords.
2025-11-0609 minDaily Cyber BriefingDigital Pirates, AI Backdoors, and the Critical Android RCEToday, we expose a sophisticated campaign where hackers use Remote Monitoring and Management tools to hijack physical cargo, leading to billions in losses, and analyze the dangerous new trend of malware like SesameOp abusing trusted AI APIs for stealthy command-and-control operations. Plus, we cover the major patches released by both Apple and Google, including a critical Android Remote Code Execution flaw that requires zero user interaction.
2025-11-0408 minDaily Cyber BriefingAirstalk, AI Hijacks, and Cargo Theft in the Supply ChainToday, we dissect how a suspected Chinese APT used the new 'Airstalk' malware to compromise BPOs in targeted supply chain attacks, and why the Claude AI model was successfully tricked into exfiltrating user data. Plus, we look at the rising threat of cybercriminals exploiting legitimate RMM tools to steal physical cargo from logistics networks.
2025-11-0308 minDaily Cyber BriefingKEV Alert: China-Linked Zero-Days, WSUS Exploits, and the Diplomats' Digital WoesCISA issued urgent warnings, adding exploited VMware and XWiki flaws to the KEV catalog and requiring federal agencies to patch immediately. We break down the Chinese threat actor exploiting an unpatched Windows shortcut vulnerability targeting European diplomats and examine the active exploitation of the critical Windows WSUS flaw.
2025-10-3107 minDaily Cyber BriefingPhantomRaven, Supply Chain Bombs, and the $35 Million Insider Threat We dive into two major software supply chain campaigns, including the "PhantomRaven" operation, which delivered infostealers via 136 malicious NPM packages downloaded 100,000 times. Then, we look at why vetting dependencies is no longer enough and examine the shocking case of a US defense contractor executive who sold $35 million in cyber trade secrets to a Russian exploit broker.
2025-10-3009 minDaily Cyber BriefingDELMIA Exploits, Copilot Confusion, and Qilin's Evasive ManeuversToday we dive into critical industrial cyber threats as CISA warns of active exploitation in DELMIA factory software. We also examine Google's move to make HTTPS the default for all public sites and review the massive lawsuit alleging Microsoft tricked millions of users into pricey Copilot subscriptions.
2025-10-2910 minAI WeeklyMeltdown: Spoofing, Jailbreaks, and the Ghost of ClippyThis week, we dive deep into major AI security flaws, including browser sidebar spoofing and the jailbreaking of OpenAI's Atlas omnibox, while also analyzing the increasing risks found in mobile AI usage. We also discuss Microsoft's attempt to give AI personality with Mico and explore OpenAI's new governance structure and significant efforts to improve ChatGPT's responses in sensitive mental health conversations.
2025-10-2916 minDaily Cyber BriefingAgentic AI Risks, Industrial Hacks, and the Death of the Privacy LightToday we dive into the inevitability of prompt injection as agentic AI takes over enterprise functions, and reviews massive credential theft data circulating online. Plus, learn why industrial giants are falling victim to Oracle EBS exploits and how a $60 mod is killing privacy protections on smart glasses.
2025-10-2808 minDaily Cyber BriefingAI Jailbreaks, Hacking Team Spyware, and the Million-Dollar Exploit That Wasn'tToday, we dive into critical AI browser vulnerabilities, including a trick that weaponizes the OpenAI Atlas omnibox, and analyze the spectacular flop of a promised $1 million WhatsApp exploit at Pwn2Own. Plus, we cover active exploitation of a critical Windows Server WSUS vulnerability and the shifting economics of ransomware.
2025-10-2712 minDaily Cyber BriefingHigh-Severity Zero-Days, Cache Poisoning, and the AI Code Judgment CrisisToday we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe coding" and AI-generated code's lack of judgment. We also examine Verizon’s latest Mobile Security Index, highlighting soaring mobile device attacks and the alarming rise of AI-powered threats like deepfakes and SMS phishing.
2025-10-2309 minDaily Cyber BriefingPatch Wars: Russian APT Evasions, Chinese Espionage, and the Critical Windows SMB FlawCISA is ringing the alarm on actively exploited Windows SMB flaws while Chinese threat actors leverage a recently patched SharePoint vulnerability for espionage. We also detail how the Russian APT Star Blizzard rapidly changed tactics after researchers exposed their prior malware, and review critical vulnerabilities affecting TP-Link Omada Gateways.
2025-10-2208 minDaily Cyber BriefingPatch Panic, Deceptive AI, and Unsinkable C&C: CISA confirms multiple zero-day exploits, including a critical Oracle EBS vulnerability being leveraged by groups tied to Cl0p, necessitating immediate action from federal agencies and private enterprises. Meanwhile, we examine how threat actors are distributing global malware disguised as legitimate AI productivity tools and explore a highly sophisticated supply chain attack using the Solana blockchain for an untakeable command-and-control infrastructure.
2025-10-2109 minAI Weekly2025 AI Index: The Year AI Entered Daily Life & The Race TightenedThis week, we dives into the key takeaways from the Stanford HAI 2025 AI Index Report, revealing record global investment, the sharp increase in AI performance, and the deepening integration of the technology into our daily lives. We examine the uneven evolution of responsible AI practices, the growing government regulatory response, and the fiercely competitive, rapidly accelerating industry frontier.
2025-10-2010 minDaily Cyber BriefingHacking the Skies, Time, and Messaging: NSO Gets Banned & The AI EscalationToday. we unpack the fallout from a massive Oracle E-Business Suite hack that targeted American Airlines subsidiary Envoy Air, exposing business information from the regional carrier. We also dive into high-stakes cyberwarfare, covering China's accusation that the US attacked its critical National Time Center and Microsoft's report on how foreign adversaries are weaponizing AI.
2025-10-2010 minDaily Cyber Briefing$15 Billion Scams, CentreStack Zero-Days, and the 17 Million Account Breach FalloutToday we dive into the industrial scale of cybercrime, discussing the seizure of $15 billion in crypto assets linked to forced-labor scam networks and the staggering 17.6 million accounts impacted by the Prosper data breach. Plus, we analyze urgent patches for exploited zero-days in CentreStack and critical DoS flaws in industrial UPS devices.
2025-10-1708 minDaily Cyber BriefingRootkits, State Spies, and the $14 Billion Bitcoin BustToday, we dive into Operation ZeroDisco, where threat actors deployed rootkits onto older Cisco routers by exploiting a recent zero-day. We also analyze the consequences of the Discord breach, F5's revelation of a nation-state attack that stole source code, and the massive crypto "pig butchering" scam that led to the seizure of over $14 billion in Bitcoin.
2025-10-1611 minDaily Cyber BriefingPatch Tuesday Mayhem: Zero-Days, Critical ICS Flaws, and Why Synced Passkeys are a Digital ShenaniganToday, we unpack the massive October 2025 Patch Tuesday, covering exploited Windows zero-days, critical vulnerabilities in Adobe Connect and major ICS vendors like Red Lion, Siemens, and Rockwell. Plus, a deep dive into why enterprise organizations must ditch synced passkeys for device-bound credentials to prevent sophisticated authentication downgrade attacks.
2025-10-1511 minDaily Cyber BriefingHacking Harvard, Pixels, and Patches: The Cl0p, Pixnapping, and RMPocalypse RundownThis morning, we dive deep into major zero-day exploitation, including the Cl0p campaign targeting Oracle EBS, which has claimed Harvard University as a victim. We also dissect the new Pixnapping attack stealing 2FA codes from Android phones and examine the urgent implications of the RMPocalypse flaw affecting AMD's confidential computing.
2025-10-1411 minDaily Cyber BriefingApple's $2 Million Bounty, Payroll Pirates, and the Takedown of GXC TeamHost Mike Housch dissects Apple's massive $2 million bug bounty expansion, focusing on incentives for finding zero-click RCEs, and analyzes the high-stakes Salesforce customer data leaks claimed by the Scattered LAPSUS$ Hunters extortion group. We also cover critical warnings about the "Payroll Pirate" university salary attacks and the dismantling of the global GXC Team Crime-as-a-Service operation.
2025-10-1311 minAI WeeklyThe Current State of AI: Security, Cognition, and Enterprisehis week, we examine the cutting edge of cybersecurity innovation, where new startups are focused on securing AI agents and models. We also dive into the enterprise adoption gap, the rise of "shadow AI," and a fascinating MIT study revealing the cognitive toll that continuous reliance on large language models might be taking on the human brain.
2025-10-1112 minDaily Cyber BriefingMS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & MoreToday we dive into the staggering 2 billion cryptocurrency heist linked to North Korea and explore how sophisticated threat groups are abusing trusted corporate platforms like Microsoft Teams for financial extortion. We also look at the massive pushback against the E.U.'s controversial "Chat Control" proposal and unveil a new, almost unbelievable attack that turns your standard optical mouse into a covert listening device.
2025-10-1009 min
Daily Cyber BriefingCredential Stuffing, Oracle Zero-Days, and Attacking Public SafetyThis week on Cyber Scoops & Digital Shenanigans, host Mike Housch delves into the recent credential stuffing campaign targeting DraftKings users and the sophisticated exploitation of a critical Oracle E-Business Suite zero-day flaw. We also examine breaches at military radio manufacturer BK Technologies and beer giant Asahi, emphasizing how even essential and everyday businesses are prime targets for skilled threat actors.
2025-10-0809 minDaily Cyber BriefingDigital Dominoes: The New Chain Reaction of Cyber ChaosIn this episode of Cyber Scoops & Digital Shenanigans, host Mike Housch unpacks the week’s most critical cyber incidents shaking enterprises worldwide, from SharePoint zero-days and AI-powered phishing campaigns to rising healthcare ransomware, industrial control system breaches, and mobile malware stealing bank credentials. With billions in crypto losses and attackers outpacing EDR defenses, Mike dives into how state-sponsored actors, misconfigured containers, and compromised supply chains are forming a perfect storm in cybersecurity. Tune in for sharp insights, real-world examples, and the strategies organizations must deploy now to survive the evolving digital battlefield.
2025-10-0708 minDaily Cyber BriefingBreaches, Bugs, and Blind Spots: Cyber Chaos UnfoldsMike and Angela break down a massive Motility dealership software breach impacting 766,000 people, a wiretap-style attack that cracks Intel’s SGX, hackers raiding Oracle ERP customers, and a critical Red Hat OpenShift AI bug. They also dig into cybercriminals bragging about 28,000 new victims and why detection gaps still leave organizations blind. Real stories, real impact, and a few laughs along the way.
2025-10-0212 minDaily Cyber BriefingThe $50 Hack That Broke Intel & Why AI Still Needs its Meatbags Autonomous AI is crashing against the rocks of reality, stalled by a massive trust crisis and fears over governance, while chip giants brush off a $50 hardware hack that breaks their confidential computing promises. We also dissect Broadcom's zero-day silence and the never-ending nightmare of identity theft for major corporations like WestJet.
2025-10-0110 minDaily Cyber BriefingPolicy Lapses, Sudo Root, and the Ransom of the RyesThe feds are nuking essential threat sharing programs just as core security legislation lapses, leaving state and local governments scrambling for defenses and exposed to novel threats. Plus, we explore a critical Sudo flaw exploited in the wild, and ask why international brewing giant Asahi couldn't keep its production lines—and its delicious beer—safe from digital shenanigans.
2025-09-3008 minDaily Cyber BriefingEpisode 23 (9/29/2025Today we dissect the new wave of low-profile, high-impact cybercrime, starting with Akira ransomware operators leveraging legitimate IT tools to blend in, giving defenders only hours to respond. Then, we scrutinize the UK government's massive financial intervention following the JLR attack, asking: Did that £1.5 billion bailout just paint a giant target on the UK?
2025-09-2906 min
AI WeeklyAI Weekly Episode 1 (9/27/2025)This week, I expose the shocking energy demands behind the AI boom, revealing how OpenAI’s $100 billion plan needs the power of 10 nuclear reactors just to keep the lights on. Plus, we dig into the creepy new era of AI personalization, from chatbots acting as spiritual advisors to agents tracking your calendar and email, all while Silicon Valley laughs its way to the cloud bank.
2025-09-2810 minDaily Cyber BriefingEpisode 22 (9/26/2025)Today, we expose nation-state spies playing the 400-day waiting game and the pure negligence of major vendors dragging their feet while zero-days rip through critical infrastructure. Plus, we talk North Korean identity theft rings recruiting Western devs and how a $5 domain hijacked Salesforce's high-tech AI agents.
2025-09-2611 minDaily Cyber BriefingEpisode 21 (9/25/2025)Forget your exotic zero-days; today, we break down how basic security failures are wiping centuries-old businesses off the map because of one weak password. We also dig into the massive, hidden telecom network in New York City that could have crippled 911 services right when world leaders gathered for the U.N. General Assembly.
2025-09-2509 minDaily Cyber BriefingEpisode 20 (9/23/2025)Today, we break down the latest cyber chaos, from a massive ransomware attack crippling major European airports into a manual check-in nightmare, to the systemic risks of relying on outsourced trust in the Stellantis data breach. Plus, Host Mike Housch dives into the silent epidemic of ‘digital ghosts’—the rogue AI agents and non-human identities taking over your company’s attack surface
2025-09-2305 minDaily Cyber BriefingEpisode 19 (9/19/2025)This week on Cyber Scoops & Digital Shenanigans, we expose the "One Token to Rule Them All" Microsoft flaw that could have unlocked nearly every tenant worldwide. Plus, we dive into how AI is solving CAPTCHAs and leaking secrets from your Gmail via hidden, white-on-white text instructions.
2025-09-1905 minDaily Cyber BriefingEpisode 18 (9/18/2025)This episode of Cyber Scoops & Digital Shenanigans covers significant cybersecurity incidents, including Google Chrome patching its sixth zero-day vulnerability of 2025, a ransomware attack impacting over 12,000 individuals at venture capital firm Insight Partners, and data breaches at Tiffany & Company and Medical Associates of Brevard affecting thousands of customers and nearly 250,000 individuals, respectively. Furthermore, the episode discusses SonicWall prompting password resets after hackers obtained backup firewall configurations via brute force attacks and highlights the alarming development of threat actors like RevengeHotels using AI to generate malware for attacks on hotels.
2025-09-1809 minDaily Cyber BriefingEpisode 17 (9/17/2025)Today I discuss the persistent threat of the decade-old Pixie Dust Wi-Fi hack, the widespread impact of the self-replicating Shai-Hulud supply chain worm on NPM packages, and the successful disruption of the RaccoonO365 phishing-as-a-service operation. The episode also touches on Apple's recent security patches, a novel Rowhammer attack on DDR5 memory, and new vulnerabilities in ChatGPT's calendar integration.
2025-09-1711 minDaily Cyber BriefingEpisode 16 (9/16/2025)Today’s episode covers Apple's extensive backports and new OS releases to patch over 50 vulnerabilities, including a critical ImageIO flaw (CVE-2025-43300) exploited in targeted spyware attacks against WhatsApp users. Another significant concern is the "FileFix" social engineering campaign, which leverages deceptive Facebook security alerts to trick victims worldwide into executing StealC information-stealing malware via malicious images downloaded from legitimate platforms like BitBucket. Furthermore, researchers have demonstrated "Phoenix," a novel Rowhammer attack (CVE-2025-6202) capable of achieving root access on DDR5 memory systems in under two minutes, despite advanced in-DRAM refresh mechanisms. Finally, an emerging threat involves ChatGPT's calendar in...
2025-09-1609 minDaily Cyber BriefingEpisode 15 (9/15/2025)his episode of Cyber Scoops & Digital Shenanigans highlights the escalating threat of browser-based attacks, encompassing advanced phishing, malicious copy-paste techniques like "ClickFix", dangerous OAuth integrations, and pervasive browser extensions targeting business apps and data. We also examine the critical need for proper data destruction of old hardware to avoid multi-million dollar liabilities, referencing NIST 800-88 guidelines for data sanitization and instances like Morgan Stanley Smith Barney's $155 million in fines. Additionally, the episode covers actively exploited zero-day vulnerabilities in Samsung Android (CVE-2025-21043) and DELMIA Apriso factory software (CVE-2025-5086), the North Korean Kimsuky gang's weaponization of AI for fake...
2025-09-1514 minDaily Cyber BriefingEpisode 14 (9/12/2025)Today's podcast we discuss current cybersecurity landscape threats, ranging from large-scale data breaches, such as the one impacting over 100,000 individuals at Cornwell Quality Tools, to critical vulnerabilities in payment systems that take over a year to patch and silent code execution risks in AI-powered code editors. These challenges are compounded by a booming US investment in surveillanceware that undermines government efforts to regulate the market, and new cloud isolation-breaking Spectre attacks devised by academic researchers
2025-09-1210 minDaily Cyber BriefingNew Episode 9/11/2025, 8:17:01 AMThis episode includes:•LNER, the British rail operator, suffering a data breach through a third-party supplier, compromising customer contact and journey details. Jaguar Land Rover's admission of a data breach following a cyberattack that caused global factory shutdowns, with the Scattered Spider group claiming responsibility.A critical weakness in the Cursor AI editor, which disables VS Code's "Workspace Trust" feature, allowing automatic execution of malicious code from repositories—a behavior its developers intend to maintain.A remote CarPlay hack that puts millions of drivers at risk of distraction and surveillance due to u...
2025-09-1107 minDaily Cyber BriefingEpisode 12 (9/10/2025)This morning, we've got an awesome lineup of stories that prove the internet is less like a friendly neighborhood and more like a lawless frontier. We're talking about Apple fighting off state-sponsored snoops, China-backed hackers playing dirty tricks, a Ukrainian ransomware kingpin with an $11 million bounty on his head, and the terrifying rise of 2FA-bypassing phishing kits.
2025-09-1005 minDaily Cyber BriefingEpisode 11 (9/9/2025)Today we're diving into the chilling reality that your digital life is under siege from every direction imaginable; from the geopolitical chessboard to the very tools designed to keep you safe. Buckle up, because what you don't know can and will hurt you.
2025-09-0906 minDaily Cyber BriefingEpisode 10 (9/8/2025)The so-called “AI ransomware” turns out the story is not what it seems and last weeks recap, which reads like the apocalypse bingo card for security teams.
2025-09-0806 minDaily Cyber BriefingEpisode 9 (9/5/2025)Today’s lineup includes school data breaches, misconfigured CMS keys, an AI tool that’s actually useful, malware boosting gambling sites on Google, Microsoft charging rent for Windows 10, and even a $10 million bounty on some very busy Russian hackers.
2025-09-0507 minDaily Cyber BriefingEpisode 7 (9/4/2025)Welcome back to Cyber Scoops & Digital Shenanigans! I’m your host, Mike Housch, and today we’re diving headfirst into a whirlwind of cyber stories — from false alarms that rattled billions to AI-fueled battles shaping the future, and even a dash of academic espionage. Buckle up. This ride through cybersecurity is going to be equal parts thrilling and exasperating.
2025-09-0405 min
Daily Cyber BriefingEpisode 6 (9/3/2025)Cyber Scoops & Digital Shenanigans dives into a whirlwind of cyber drama—from false Gmail hack rumors and record-breaking DDoS attacks to state-sponsored espionage, phishing campaigns, and major supply chain breaches. Host Mike Housch breaks down the stories shaping today’s digital battlefield and reminds listeners why cyber resilience is more critical than ever.
2025-09-0310 minDaily Cyber BriefingEpisode 5 (9/2/2025)Compromise of the NX build system infects 1000 developers' popular enterprise web content management systems let attackers remotely execute code. Amazon disrupts a sophisticated multi-factor authentication device code campaign. Salesforce data theft attacks gets worse.
2025-09-0206 minDaily Cyber BriefingEpisode 4 (8/29/2025)This episode covers the critical cyber events of the last 24 hours. We analyze the cascading impact of the supply chain attack on a Swedish IT provider and discuss the massive data breach at TransUnion. We also dive into a new joint intelligence advisory on the China-linked APT group "Salt Typhoon" and its targeting of critical infrastructure.
2025-08-2916 minDaily Cyber BriefingEpisode 3 (8/28/2025)Today’s podcast will cover critical vulnerabilities like the Git arbitrary file write (CVE-2025-48384) and an exploited Citrix NetScaler zero-day (CVE-2025-7775), which can lead to remote code execution. These are compounded by widespread data breaches affecting entities such as Farmers Insurance and Salesforce customers, supply chain attacks like the Nx NPM package poisoning, and the emergence of AI-powered ransomware.
2025-08-2815 minDaily Cyber BriefingEpisode 2 (8/27/2025)Recent security reports reveal several critical vulnerabilities, including a Docker Desktop flaw (CVE-2025-9074), a Git arbitrary file write (CVE-2025-48384), and an exploited zero-day in Citrix NetScaler (CVE-2025-7775), all requiring urgent patching. Furthermore, AI systems are susceptible to prompt injection via image scaling attacks, and real-world incidents encompass a Salesforce data theft campaign (UNC6395), AI-powered ransomware (PromptLock), and disruptive ransomware attacks against public services in Maryland and state offices in Nevada.
2025-08-2717 minDaily Cyber BriefingEpisode 1 (8/26/2025)This episode includes a major data breach at Farmers Insurance affecting 1.1 million customers due to a Salesforce-targeted hack, a global phishing campaign spreading UpCrypter malware, and a Pakistan-linked group targeting Indian government agencies with malware. It also covers a critical Docker Desktop vulnerability, espionage involving hijacked Wi-Fi logins, and the emergence of AI injection attacks using steganography, alongside a significant Interpol cybercrime operation in Africa.
2025-08-2616 min