Cybersecurity Today

Coverage of Google taking down a massive residential proxy network and what that disrupted. A misconfigured AI agent platform that exposed keys and enabled takeovers. How single sign-on and MFA are being abused via vishing and configuration mistakes. A coordinated destructive campaign against Poland's energy infrastructure. Compromised antivirus updates used to distribute malware.

David Shipley, CEO of Beauceron Security and phishing researcher, discusses large-scale research into phishing, training, and security culture. They cover why simulations can mislead, how psychology and AI boost phishing, why small companies sometimes win, and how management tone and reporting nudges reshape organizational security.

A fast look at emerging AI agents from major labs and a breakout open-source tool shaking up developer workflows. Coverage of features like autonomous actions, local memory, and a booming skills ecosystem. Discussion of branding chaos, scams and exposed configs. A focus on security risks from delegated control, credential leaks and real-world misuse.

A class-action claim that a major messaging app misled users about message privacy. How AI-built personal profiles could expose sensitive behavioral and relationship data. A payment card skimmer at a retail chain and the consequences of delayed breach response. A massive dump of 149 million stolen credentials and why reused passwords are so dangerous.

Active exploits of a Fortinet SAML SSO flaw and partial fixes still in play. Windows 11 January updates causing unbootable systems on some devices. A failed Sandworm wiper attack aimed at Poland's energy infrastructure. A sophisticated phishing AITM campaign stealing session cookies and bypassing MFA. A near-miss AWS CodeBuild regex bug that could have compromised SDK supply chains.

Pedro Drimmel, team leader at Check Point researching emerging threats, and Sven Rott, Check Point security researcher and malware hunter, discuss VoidLink. They talk about its AI-assisted creation, modular cloud and container focus, evidence pointing to a single agent-driven developer, rapid feature development, and how AI changes detection, tooling and future risks for Linux and cloud environments.

A significant breach involving Fortinet firewalls is making headlines as automated attacks are on the rise. An alarming 11-year-old Linux vulnerability is exposed, allowing for root access. In a rare turn of events, a ransomware boss pleads guilty, with serious repercussions ahead. Additionally, a report reveals a troubling trend of exposed retail credentials, posing risks for security across supply chains. Tune in for the latest insights and developments in the world of cybersecurity!

Microsoft has patched a critical vulnerability in the Azure Windows Admin Center. The resurgence of Goot Loader malware is highlighted, showcasing its evolving evasion techniques. Meanwhile, Anthropic has addressed serious vulnerabilities in their Git MCP server. The podcast introduces Void Link, a sophisticated AI-generated malware targeting Linux systems, emphasizing its rapid development and original design. This packs a punch for cybersecurity, prompting important defenses and discussions on the implications of AI in malware creation.

Critical security flaws have been patched by Cisco, addressing a severe zero-day vulnerability exploited by a Chinese state-linked group. Fortinet also resolved a critical issue in its software actively targeted by hackers. The Dutch National Police face challenges recovering from a significant breach, highlighting the urgency for modern infrastructure. A spear-phishing campaign is on the rise, using Venezuela-themed tactics to deceive U.S. organizations. Finally, a recent study warns about the dangers of training AI to generate insecure code, leading to broader cybersecurity risks.

In this enlightening chat, Tanya Janca, a Canadian application security expert and advocate known as She Hacks Purple, shares her odyssey from software development to penetration testing. She addresses the critical need for secure coding education in academia and highlights her initiatives, WOsec and We Hack Purple, aimed at empowering women in cybersecurity. Tanya dives into the role of AI in enhancing secure code, the economics of open-source security, and the importance of integrating security practices throughout the software development lifecycle.