Join us as we dive into the ever-changing world of digital security, bringing you the latest updates, trends, and expert insights to help you stay one step ahead of cyber threats. So, relax and let our knowledgeable host guide you through the fascinating realm of cybersecurity and technology in a calm, informative, and entertaining way.
Embedded Files
Recent Episodes
Episode #50
Episode #50
In this episode, Cody and Katie tackle the latest cybersecurity concerns highlighted this week. We report on recent data breaches, including a ransomware attack at Frederick Health Medical Group that affected the sensitive data of almost a million patients. We dive into actively exploited critical vulnerabilities found in SAP NetWeaver Visual Composer, potentially putting over 1200 servers at risk of hijacking, and zero-day flaws in Craft CMS that have already compromised hundreds of servers. We examine evolving threat tactics such as the DragonForce ransomware group's new "cartel" business model offering white-label services, and the concerning finding that almost a quarter of HTML email attachments are malicious. We also look at the impact of geopolitical tensions on cybersecurity strategies, highlighting the growing importance of geopolitical awareness and cyber deterrence, and the complex implications of the UK government's ban on public sector ransomware payments. These various incidents, from widespread data loss and exploited software weaknesses to innovative criminal models and geopolitical influences, demonstrate the broad range of threats facing organizations today.
Episode #49
Episode #49
In this episode, Cody and Katie tackle the latest cybersecurity concerns this week. We begin by examining alarming new findings, like a massive online fraud operation called Scallywag hijacking WordPress sites using malicious plugins to send out 1.4 billion fraudulent ad requests daily. We also explore how cybercriminals are successfully compromising popular YouTube and Instagram accounts, exploiting trending topics and using tactics like fake livestreams and malicious sponsorships to scam millions of viewers and followers and steal crypto. Shifting to government security, we look into the resignation of two senior CISA officials, raising concerns about a potential "brain drain" at the agency amidst possible staff reductions. We cover the increasing threat of hackers targeting network edge devices like firewalls and VPNs, which now account for nearly 30% of initial business compromises, with ransomware remaining prevalent. Additionally, we examine a recent campaign by the Chinese state-sponsored threat actor Lotus Panda, who used bespoke hacking tools and never-before-seen malware to compromise government and critical infrastructure organizations in Southeast Asia. Finally, we highlight critical data leaks, from the employee monitoring app WorkComposer leaking over 21 million screenshots from an unsecured cloud bucket, alongside hackers abusing Zoom's remote control feature to steal cryptocurrency by impersonating journalists.
Episode #48
Episode #48
In this episode, Cody and Katie tackle the latest cybersecurity concerns highlighted this week. We begin by examining the disappearance of a cybersecurity professor from Indiana University following a review of unreported research funding from China and an FBI search of his homes. We then dive into the plans of Elon Musk’s DOGE group to stage a hackathon at the IRS with the aim of creating a "mega API" that could lead to easier access to sensitive taxpayer data, raising potential privacy concerns. Furthermore, we discuss the looming threat of the "quantum apocalypse," where the development of quantum computers could crack current encryption methods, putting a vast amount of digital information at risk. We also touch upon the ongoing FTC trial against Meta, where the argument is that its acquisitions of Instagram and WhatsApp suppressed competition and harmed consumers through issues like reduced privacy. Finally, we explore the uncertainty surrounding the funding for the CVE Program, a critical project for tracking software vulnerabilities, which faced a near contract expiration.
Episode #47
Episode #47
In this episode, Cody and Katie tackle the latest cybersecurity concerns highlighted this week. We dive into the discovery of AkiraBot, a new spam framework leveraging AI to bypass CAPTCHAs and successfully spam over 80,000 websites with dubious SEO advertisements. Furthermore, we discuss the detection of three malicious Python packages on the PyPI repository, collectively downloaded thousands of times, which were designed to steal data from bitcoin developers and WooCommerce stores. We then cover Oracle's quiet confirmation of a public cloud data breach, where a hacker stole a database containing roughly six million customer records, including sensitive information like security keys. Additionally, we analyze the PoisonSeed campaign, where hackers are hijacking business CRM and email accounts to steal mailing lists and then trick recipients into setting up compromised cryptocurrency wallets with attacker-provided seed phrases. Finally, we explore the Mirai botnet operators actively scanning for vulnerable DVRs to recruit them into their network, and the US Office of the Comptroller of the Currency (OCC)'s notification to US Congress about a major information security incident in February 2025.
Page updated
Google Sites
Report abuse