Expert Feross Aboukhadijeh discusses the influx of malicious code in repositories. Topics include Azure misconfigurations, Ivanti exploits, Starlink in Ukraine, and Canada's Flipper Zero crackdown. The podcast delves into the challenges in detecting and blocking malicious packages, cybersecurity trends like crypto attacks, and Discord token theft. A mix of security news and insightful discussions.

Andrew Morris, Greynoise founder, discusses the persistent network of compromised routers despite US actions. Vendors using Greynoise for early warnings, and reversing exploitation attempts. Topics include challenges in dismantling relay networks, fingerprinting techniques, hidden threats in cybersecurity, APT crews' network usage, product security incidents, vulnerability verification, and defensive retaliation.

Eric Goldstein, Executive assistant director for cybersecurity at CISA, discusses Ivanti appliance demands and Volt Typhoon concerns. Trail of Bits' Dan Guido talks bug discovery and their Testing Handbook. Topics include AnyDesk PR, Microsoft 365 security nightmare, Cloudflare blog post hostility, and US gov's 'Disneyland ban' for spyware peddlers.

Australia's assistant foreign minister and cybersecurity enthusiast, Tim Watts, discusses the Ermakov sanctions. Highlights include Microsoft 365 customers impacted by SVR campaign & US govt.'s cyber data purchases. Sublime Security CEO talks QR-code phishing. Discussed topics: Medibank hacker details, Wyden's actions, Ivanti's security missteps, and more.

DHS undersecretary Rob Silvers talks about Cyber Safety Review Board ethics and conflicts. Microsoft and health insurer breaches by Russian hackers discussed. Legal actions and sanctions against cybercriminals highlighted. The importance of managing conflicts of interest on boards emphasized. Collaboration and recommendations for cybersecurity professionals explored, along with simplifying Terraform provisioning for enhanced security measures.

This podcast covers the disappointment over the SEC Twitter hack, China's use of rainbow-tables Airdrop, challenges with enterprise bugs and patching, UEFI flaws, and more. Discussions include Apple AirDrop data leaks, cyber espionage, VPN exploitation, 0-Day RCE vulnerability in Opera browser, and Southeast Asian casino industry cyber fraud.

Scott Kuffer from Nucleus Security joins to discuss patch management nuances. Topics cover SEC Twitter hack affecting Bitcoin, Telco breaches, Israel's Iranian hacks, and more cyber incidents globally. The show also delves into ethical dilemmas, software vulnerabilities, and technical analysis on cracking Tetra Protocol, highlighting the importance of strategic prioritization and communication in security measures.

Haroon Meer from Thinkst Canary discusses APT groups shifting to 'living off the land' techniques. Topics include Russian cyber attack on Ukrainian telco, Apple and Facebook's e2ee push, sketchy 702 reauthorization, USG push notifications request, and 2024 predictions.

Bradon Rogers, specialist in enterprise browsers at Island, discusses the security benefits of using enterprise browsers for corporate applications on unmanaged devices. Topics include challenges faced by CISOs, browser enforcement, access control, telemetry requests, data protection, and secure data handling.

Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, discusses the Iran-linked attacks on US water infrastructure, the ownCloud bug, and the D-Link 0day controversy. The podcast also covers the importance of Okta, ransomware attacks on hospitals and credit unions, and the need for innovative network security approaches