Join us as we dive into the ever-changing world of digital security, bringing you the latest updates, trends, and expert insights to help you stay one step ahead of cyber threats. So, relax and let our knowledgeable host guide you through the fascinating realm of cybersecurity and technology in a calm, informative, and entertaining way.

Recent Episodes

To watch all of our episodes please checkout our YouTube channel!

Episode #78

In this episode, Cody and Katie analyze a startling range of security failures this week, from critical national infrastructure attacks to massive global phishing campaigns. We first examine the shocking discovery of malicious NuGet packages containing "time bomb" sabotage payloads, specifically targeting industrial control devices like Siemens S7 PLCs, which are designed to randomly crash host processes and corrupt commands between August 2027 and November 2028. Next, we dissect two major credential theft operations: the 'Payroll Pirates' campaign, which utilized upgraded phishing kits to bypass multi-factor authentication and tricked an estimated half a million users via fake search ads for HR portals, and the ClickFix phishing attacks that are compromising hotel reservation accounts to steal guest credit card data and spread the PureRAT malware. We also address two significant institutional security lapses, including the Louvre's severe security criticism for running obsolete systems like Windows 2000 and Windows Server 2003, and previously using "LOUVRE" as the surveillance server password, alongside the modular DanaBot banking trojan's resurgence with version 669 and rebuilt command-and-control infrastructure capable of stealing various cryptocurrencies. Finally, we cover the critical short-term Congressional stop-gap deal that secured funding for the Federal Cybersecurity Enhancement Act (FCEA) and the Cybersecurity Information Sharing Act (CISA Act), temporarily pausing the longest US government shutdown, though the threat of its lapse remains in January 2026.

Episode #77

In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and operational failures across the globe. We begin by examining the serious accusations that former cybersecurity professionals and a ransomware negotiator allegedly worked as affiliates for the ALPHV (BlackCat) ransomware gang, deploying encryptors and demanding cryptocurrency ransoms from multiple US organizations. We then turn to critical infrastructure, analyzing reports that hackers have disrupted UK drinking water facilities on five occasions since January 2024, highlighting risks stemming from geopolitical instability and financially motivated attacks. We investigate the dangerous expansion of AI threats, covering Google’s warning about a growing black market for illicit, purpose-built AI crime tools that lower the barrier for complex cyberattacks, as well as Microsoft's discovery of the SesameOp malware abusing the OpenAI Assistants API as a covert command-and-control channel for espionage and persistent access. Finally, we cover two major vulnerability warnings: the critical, unauthenticated OS command injection flaw (CVE-2025-11953) found in the popular React Native npm package affecting millions of developers, and CISA's urgent alert that the high-severity Linux kernel flaw (CVE-2024-1086) is now being actively exploited in ransomware campaigns for local privilege escalation.

Episode #76

In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and widespread operational failures across the globe. We dissect the operational chaos at Alaska Airlines after a failure at its primary data center forced a systemwide ground stop, affecting over 50,000 passengers for the second time in 2025, an incident the company explicitly denied was a cyberattack. We pivot to state-level and espionage threats, investigating the nation-state cyberattack against telco supplier Ribbon Communications, whose customers include the US Defense Department, and analyzing the use of Dante commercial spyware via a Google Chrome zero-day targeting Russian media and financial institutions. We explore major vulnerabilities, covering CISA's mandate for federal agencies to patch the critical Windows Server WSUS flaw, CVE-2025-59287, which allows for unauthenticated remote code execution, and examining the confirmed ransomware attack by the Russian-speaking Everest group on Sweden’s national power grid operator. Finally, we discuss supply chain risks, highlighting how the Collins Aerospace data breach exposed the booking reference, Frequent Flyer Number, and contact details of potentially millions of passengers who traveled through Dublin and Cork airports in August 2025.

Episode #75

In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and operational failures across the globe. We begin with a high-severity Windows SMB vulnerability (CVE-2025-33073) that CISA has added to its Known Exploited Vulnerabilities list, urging users to immediately apply the June 2025 patch to prevent potential system-level privilege escalation. We investigate the fallout from the F5 breach, noting that the theft of BIG-IP source code has left over 266,000 F5 BIG-IP instances exposed online and prompted CISA to issue emergency patching deadlines for federal networks to mitigate risk. We also examine the supply chain vulnerabilities exposed when the Japanese retailer Muji was forced to halt online sales and browsing after a ransomware attack targeted its logistics partner, Askul. Finally, we analyze the major AWS operational issue in the US-EAST-1 Region that disrupted numerous global services, and we cover NordVPN's development of a new Linux-based VPN app for Amazon's latest Fire TV Stick 4K Select.

Page updated

Google Sites

Report abuse