

Cyber Security Headlines
CISO Series
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episodes
Mentioned books

Oct 8, 2025 • 8min
North Korean attackers steal crypto. Who's sending UK phones to China? Avnet confirms data breach
North Korean hackers have escalated their operations, reportedly stealing over $2 billion in cryptocurrency. A troubling investigation reveals a gang smuggling thousands of stolen UK phones to China. Avnet has confirmed a significant data breach, but claims the stolen information is mostly unreadable. Hospitals face risks too, with patient data exposed from a Florida medical facility. Meanwhile, a Redis vulnerability threatens around 60,000 servers, prompting urgent security patches.

8 snips
Oct 7, 2025 • 9min
Unity vulnerability, Oracle zero-day patched, Discord user info exposed
A high-severity vulnerability in Unity is endangering popular games, prompting swift action from Microsoft and Steam. Meanwhile, a critical Oracle zero-day exploit has been patched after being targeted by cybercriminals. In another alarming incident, a third-party breach has exposed user data from Discord. The podcast also discusses a malicious WhatsApp campaign and a new scheme offering bounties for harassment aimed at executives. Additionally, a significant cloud bug bounty has been announced, offering $4.5 million for exploits.

16 snips
Oct 6, 2025 • 8min
ParkMobile breach settlement, UK schools vulnerable, Zimbra calendar attacks
A major settlement from the ParkMobile data breach offers affected users just $1 in-app credit. A UK study reveals that secondary schools are increasingly targeted by cyberattacks, outpacing businesses in vulnerability. Meanwhile, a cross-site scripting flaw in the Zimbra Collaboration Suite is exploited for malicious attacks through calendar invites. In other news, LinkedIn takes legal action against data scraping, and WhatsApp malware spreads in Brazil, posing risks to enterprises.

30 snips
Oct 3, 2025 • 30min
Week in Review: Shutdown furloughs CISA, DoD risk framework, Oracle extortion problem
This week, Steve Zalewski, a cybersecurity expert and co-host of Defense in Depth, dives into pivotal topics shaping the digital landscape. He discusses the implications of CISA's furloughs on incident response and long-term staffing risks. The shift of the DOD to a Continuous Cyber Risk Management framework is explored, emphasizing resiliency and AI in defense. Additionally, they analyze the recent Oracle data extortion, highlighting vendor responsibility, and touch on the impact of ransomware on Asahi's operations, posing serious questions about supply chain vulnerabilities.

23 snips
Oct 3, 2025 • 8min
Shutdown furloughs CISA, Defender BIOS bug, Motilily dealership cyberattack
A significant reduction in CISA staff due to the government shutdown raises cybersecurity concerns. Microsoft is addressing a bug in Defender that incorrectly flags BIOS updates. Motility RV faces a serious ransomware attack, affecting over 760,000 individuals. Meanwhile, a breach at Red Hat has led to the potential exposure of sensitive data. In other news, spyware targeted users of a UAE messaging app, revealing new threats in the digital landscape.

9 snips
Oct 2, 2025 • 8min
Breaches set for North America, Outlook bug needs Microsoft support, Air Force admits SharePoint issue
North America braces for a flood of breach notifications affecting millions. A critical bug in Classic Outlook is causing crashes that only Microsoft support can fix. Meanwhile, the Air Force investigates a SharePoint privacy concern linked to potential service blocks. On the malware front, the Clopatra trojan is stealing credentials while disguised as an IPTV/VPN app. Also, Google Drive introduces AI detection to combat ransomware threats. Discover the complexities of data governance in the AI era.

16 snips
Oct 1, 2025 • 8min
China-linked group linked to new malware, 2024 VMware zero-day still exploited, iOS fixes a bevy of glitches
Chinese hackers are stealthily targeting governments with new NetStar malware, raising alarms about long-term intelligence threats. Meanwhile, a VMware zero-day vulnerability has been actively exploited since October 2024, prompting crucial patches. Apple has rolled out fixes for 26 iOS issues, including a dangerous font parser flaw. The Asahi Group faces production halts due to a cyber attack, and nearly 50,000 Cisco firewalls remain vulnerable to remote code execution threats, underscoring the pressing need for cybersecurity vigilance.

16 snips
Sep 30, 2025 • 8min
Microsoft blocks AI code, Breach hits WestJet, Harrods suffers new data incident
Microsoft successfully blocked AI-generated code used in a phishing scheme, a sign of escalating cyber threats. WestJet informed US customers about a breach, revealing unauthorized access to reservation documents. Ukrainian police were targeted in innovative fileless phishing attacks. Harrods faced data exposure affecting 430,000 customer records due to a third-party supplier compromise. Additionally, researchers warned about Tile trackers leaking location data, raising concerns about privacy and security.

20 snips
Sep 29, 2025 • 8min
Dutch espionage arrest, DOD risk management framework, Oyster malvertising
Two Dutch teenagers face arrest for attempting to spy for Russia near key locations. The Department of Defense unveils a new Cybersecurity Risk Management Construct aimed at continuous assessments. Cybercriminals are distributing Oyster malware through fake Microsoft Teams installers, posing significant threats. The recent data breach in Union County exposes sensitive information of 45,000 residents, highlighting ongoing security challenges.

38 snips
Sep 26, 2025 • 27min
Week in Review: Jaguar Land Rover attack, indirect prompt injections, card farms in NYC
This week, Brett Conlon, CISO at American Century Investments, and TC Niedzialkowski, Head of Security & IT at Opendoor, delve into the recent Jaguar Land Rover ransomware attack and its implications for legacy systems. They discuss the risks associated with consolidation in industries and the ethical concerns surrounding AI prompt injections and CAPTCHA vulnerabilities. The duo also explores the alarming rise of SIM card farms and their potential for coordinated cyber threats, shedding light on the industry's evolving security landscape.