Podcast•Feb 13, 2026•5 min
SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
The episode dives into a newly discovered SSH worm that can turn a compromised host into a botnet in just four seconds, highlighting its self‑propagation and cryptographically signed command‑and‑control mechanism. It then reviews the latest OpenSSH changes for macOS, emphasizing security improvements and migration considerations. Finally, the hosts discuss how the SimpleHelp remote‑support tool is being abused for employee monitoring and ransomware facilitation, offering detection and mitigation tips. Throughout, the SANS team provides practical guidance for defenders to recognize and respond to these emerging threats.
By SANS Internet StormCast
Podcast•Feb 12, 2026•1h 6m
Love Was the Hook.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan explore the surge in romance and social‑engineering scams, highlighting high‑profile cases like a €3 million "Dubai Crown Prince" fraud and a handyman‑turned‑boyfriend con that inspired an Amazon Prime documentary. They...
By Hacking Humans
Podcast•Feb 11, 2026•56 min
Risky Business #824 -- Microsoft's Secure Future Is Looking a Bit Wobbly
In episode 824 of Risky Business, Patrick Gray and Adam Boileau dissect a wave of cybersecurity headlines, from Microsoft’s unsettling reshuffle of its security leadership and upcoming Secure Boot certificate refresh to aggressive state‑backed campaigns by Russia targeting the Winter...
By Risky Business
Podcast•Feb 10, 2026•7 min
Domain Spoofing (Noun) [Word Notes]
In this concise episode, host Rick Howard explains domain spoofing, a social engineering technique where attackers create malicious domains that closely resemble legitimate ones to deceive users. He outlines how the tactic works, its common vectors, and the potential damage...
By Hacking Humans
Podcast•Feb 10, 2026•26 min
Coalition’s Toomey: Rising Cyber Interconnectedness Pushes Insurers to Boost Detection, Response
In this episode, AM Best’s Toomey discusses how the growing cyber interconnectedness among businesses is forcing insurers to enhance their detection and response capabilities. He highlights the rising frequency and complexity of cyber incidents, the need for real‑time monitoring, and...
By AM Best Audio (AM Best Radio)
Podcast•Feb 9, 2026•29 min
EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security
In this episode, Global CISO Alex Shulman‑Peleg argues that the traditional, centralized security model is obsolete in the cloud‑native and AI‑driven era, advocating for a federated "freedom and responsibility" approach where engineers own security outcomes. He likens security to code...
By Cloud Security Podcast
Podcast•Feb 6, 2026•38 min
The Timewarp Attack: A Long-Term Threat to Bitcoin Consensus W/ Core Dev Antoine Poinsot
In this episode, Bitcoin Core developer Antoine Poinsot explains the “off‑by‑one” Timewarp bug and how it can be exploited to bloat the blockchain, increase validation costs, and give mining cartels a competitive edge. He outlines the Great Consensus Cleanup—a set...
By Bitcoin Magazine Podcast
Podcast•Feb 5, 2026•6 min
SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
In this Stormcast episode, the hosts discuss a multi‑stage malicious script that injects into Chrome, downloads a seemingly benign wallpaper image, and then installs additional payloads like Xworm to evade AV detection. They highlight a critical, unauthenticated web‑admin vulnerability (CVE‑2026‑1633)...
By SANS Internet StormCast
Podcast•Feb 4, 2026•9 min
How the SCAM Act Would Encourage Platforms to Go After Scammers
In this episode, Paul Benda explains the SCAM Act introduced by Senators Ruben Gallego and Bernie Moreno, which would impose new know‑your‑customer and ad‑takedown obligations on major tech platforms that profit from fraudulent advertising. He outlines why current market incentives...
By ABA Banking Journal Podcast
Podcast•Feb 3, 2026•29 min
The Signal: What's New for Platforms & Payments Featuring Matt Downs of Global Payments | Episode 463
In this episode, Matt Downs, President of Integrated and Platforms at Global Payments, discusses the major shifts in platform payments as the industry heads toward 2026, emphasizing that payments have become a growth engine rather than a mere feature. He...
By Leaders in Payments
Podcast•Feb 3, 2026•39 min
When Legit Is the Trick: Phishing’s Sneaky New Moves. [OMITB]
In this episode of Only Malware in the Building, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski explore how attackers are weaponizing legitimate Microsoft services to make phishing campaigns harder to detect. They break down two...
By Hacking Humans
Podcast•Feb 3, 2026•9 min
Secure Web Gateway (Noun) [Word Notes]
In this brief episode, host Rick Howard defines a Secure Web Gateway (SWG) as a layer‑seven firewall positioned at the network perimeter to enforce security policies and conduct detection and prevention tasks. He highlights the SWG’s role in inspecting web...
By Hacking Humans
Podcast•Feb 2, 2026•29 min
EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents
In this episode, Dennis Chow, Director of Detection Engineering at UKG, discusses the shift from static LLM chatbots to autonomous AI agents within a modern SOC, outlining a three‑tier model that treats agents as application‑level logic requiring robust identity, authorization,...
By Cloud Security Podcast
Podcast•Feb 2, 2026•1h 12m
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
In this episode, Alex Gaynor and Paul Kehrer discuss the Python cryptography library’s decision to move away from OpenSSL as its primary backend, citing long‑standing maintenance headaches and architectural constraints. They explain the technical challenges they faced with OpenSSL’s API...
By Security Cryptography Whatever
Podcast•Jan 29, 2026•14 min
Why the Future of Financial Fraud Prevention Is Passwordless
In this episode, Dr. Adam Lowe of CompoSecure/Arculus and fraud analyst Suzanne Sando discuss the surge in AI‑driven financial fraud and why traditional passwords are no longer sufficient. They highlight how retailers like eBay and Amazon are moving to password‑less...
By PaymentsJournal
Podcast•Jan 29, 2026•46 min
Cold Weather, Hot Scams.
In this episode, the hosts dissect recent social‑engineering attacks, covering a Verizon outage‑related credit scam, a rare case where a victim recovered nearly $1 million after a cyber fraud, and a surge of Ozembic/GLP‑1 weight‑loss drug scams targeting Wisconsin consumers with...
By Hacking Humans
Podcast•Jan 28, 2026•1h
The Future of Hardware and Software Integration - Rand Hindi | ATC #596
In this episode, Stephen Sargeant interviews Rand Hindi, CEO of Zama, about the company's work on Fully Homomorphic Encryption (FHE) for Web3. They explore how FHE enables confidential transactions on public blockchains such as Ethereum and Solana without sacrificing security...
By Around the Coin
Podcast•Jan 28, 2026•1h 4m
Risky Business #822 -- France Will Ditch American Tech over Security Risks
In this episode Patrick Gray and Adam Boileau review a week of cybersecurity headlines, highlighting France’s decision to replace US collaboration tools like Microsoft Teams and Zoom with a sovereign platform, and China’s alleged “Salt Typhoon” operation that spied on...
By Risky Business
Podcast•Jan 28, 2026•7 min
SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion
The episode covers four security topics: the early tactics of romance scams as detailed in a guest diary, a newly released denial‑of‑service fix for React Server Components, critical OpenSSL updates that patch a remote‑code‑execution flaw, and a Kubernetes Helm chart...
By SANS Internet StormCast
Podcast•Jan 25, 2026•2h 14m
The Future of Everything: What CEOs of Circle, CrowdStrike & More See Coming in 2026
In this episode, the All‑In hosts interview four CEOs about the landscape they expect in 2026. Jeremy Allaire of Circle discusses the post‑GENIUS Act stablecoin environment, interest‑rate pressures and how AI will reshape money. George Kurtz of CrowdStrike warns that...
By All-In Podcast
Podcast•Jan 22, 2026•47 min
Scammers Gonna Scam.
In this episode, hosts Dave Bittner, Joe Carrigan, and Maria Varmazis dissect recent social‑engineering threats, from politically‑charged SendGrid phishing campaigns to a crackdown on Southeast Asian scam networks after the arrest of alleged kingpin Chen Zhi. They share real‑world anecdotes,...
By Hacking Humans
Podcast•Jan 22, 2026•6 min
SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS...
In this episode, Johannes Ullrich highlights four critical security issues: the risk of automatic script execution in Visual Studio Code via tasks.json files, a critical remote code execution flaw in Cisco Unified Communications products, a high‑severity command‑injection vulnerability in Zoom's...
By SANS Internet StormCast
Podcast•Jan 21, 2026•1h 4m
Risky Business #821 -- Wiz Researchers Could Have Owned Every AWS Customer
In episode #821 of Risky Business, hosts Patrick Gray and Adam Boileau, joined by BBC World Cyber Correspondent Joe Tidy, dissect a week of cyber news ranging from alleged U.S. attacks on Venezuela’s power grid to a major AWS console...
By Risky Business
Podcast•Jan 20, 2026•7 min
Intrusion Detection System (Noun) [Word Notes]
In this episode, host Rick Howard explains what an Intrusion Detection System (IDS) is—a technology that monitors network traffic for malicious activity and either alerts administrators or blocks threats. He highlights the dual roles of detection and prevention, emphasizing how...
By Hacking Humans
Podcast•Jan 19, 2026•29 min
EP259 Why Google Built a Security LLM and How It Beats the Generalists
In EP259, Distinguished Scientist Elie Burstein from Google DeepMind explains why Google built a security‑focused large language model (SecLLM) and how it outperforms generic LLMs for threat detection, code review, and incident response. He details the model’s specialized training data,...
By Cloud Security Podcast
Podcast•Jan 19, 2026•29 min
The Future of Risk: Integrating AI and Human Intelligence for Proactive Mitigation with Garry Singh
In this 29‑minute episode, Garry Singh, President of IIRIS Consulting, explains how AI can shift risk management from a reactive to a predictive discipline. He outlines practical steps for leaders to embed machine learning into risk identification, while emphasizing the...
By The Risk Management Show
Podcast•Jan 15, 2026•51 min
When a Scammer Meets the Force.
The episode reviews the latest social engineering threats, highlighting CrowdStrike's 2025 Global Threat Report which notes faster breach times, a rise in vishing and account abuse, and a shift toward malware‑free intrusions. It then examines the industrialization of "pig‑butchering" romance...
By Hacking Humans
Podcast•Jan 14, 2026•7 min
SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix
The episode reviews Microsoft’s January Patch Tuesday (113 fixes, including one actively exploited and eight critical bugs), Adobe’s updates for ColdFusion and Acrobat Reader, and two Fortinet advisories covering an unauthenticated heap overflow and an SSRF issue. It also highlights...
By SANS Internet StormCast
Podcast•Jan 13, 2026•6 min
MFA Prompt Bombing (Noun) [Word Notes]
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this...
By Hacking Humans
Podcast•Jan 10, 2026•20 min
7MS #709: Second Impressions of Twingate
In this episode the host revisits Twingate, focusing on the new Twingate LXC connector and how it’s been deployed to replace most remote access to datacenter servers and pentest dropboxes. He shares practical observations on performance, security benefits, and the...
By 7 Minute Security
Podcast•Jan 8, 2026•53 min
It's Just Too Good to Be True.
The episode covers a wave of social‑engineering threats targeting holiday travelers, charitable donors, and taxpayers, highlighting fake booking sites, fraudulent cancer‑research crowdfunding, and IRS‑impersonation scams that promise "too‑good‑to‑be‑true" refunds. Hosts share real‑world examples—a suspicious nonprofit chair email, a BBC investigation...
By Hacking Humans
Podcast•Jan 8, 2026•7 min
SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; N8n Vulnerability; Powerbank Feature Creep
The episode highlights three emerging security concerns: attackers are embedding QR codes as HTML tables to bypass email filters and lure victims to mobile phishing sites; multiple critical vulnerabilities in the automation platform n8n, including an unauthenticated remote code execution...
By SANS Internet StormCast
Podcast•Jan 7, 2026•5 min
SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln
The episode reviews TailSnitch, an open‑source Go tool that audits TailScale VPN configurations, highlighting its ease of use, sensible severity ratings, and optional auto‑fix feature. It then warns about a actively‑exploited command‑injection flaw in legacy D‑Link DSL modems via an...
By SANS Internet StormCast
Podcast•Jan 6, 2026•1h 3m
How the World Got Owned Episode 1: The 1980s
In Episode 1, hosts Patrick Gray and Amberleigh Jack explore the formative era of 1980s hacking, recounting life on ARPANET, the rise of the 414s, the infamous Morris Worm, and the parallel hunt for German hackers alongside Clifford Stoll’s Cuckoo’s...
By Risky Business
Podcast•Jan 6, 2026•35 min
IQT The Quantum Dragon Podcast Episode 78 – “Open a Secure Channel.”
In this episode, Ryan Lafler of Quantum Corridor and Terry Cronin of Toshiba discuss their landmark demonstration of cross‑state Quantum Key Distribution (QKD) over a live commercial metro fiber network, highlighting its significance for scaling secure communications across state lines....
By Inside Quantum Technology
Podcast•Jan 6, 2026•44 min
Poisoned at the Source. [OMITB]
In this episode, Selena Larson, Keith Mularski, and Dave Bittner examine supply‑chain attacks, focusing on a large‑scale Android malware campaign that embeds malicious code in firmware and reseller‑installed system images before devices reach consumers. They compare this threat to other...
By Hacking Humans
Podcast•Jan 6, 2026•6 min
SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
The episode highlights three emerging security concerns: the growing use of inexpensive IP KVM devices that often expose out‑of‑band access to the internet, the release of TailSnitch—a tool that audits TailScale configurations for misconfigurations, and a critical buffer‑overflow vulnerability (CVSS 9.8) in...
By SANS Internet StormCast
Podcast•Jan 5, 2026•29 min
EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?
In this episode, Chris Sistrunk explains that the biggest OT risks now stem from routine IT‑style attacks—often “living‑off‑the‑land” exploits on engineering workstations—rather than dramatic malware like Stuxnet, as organizations connect industrial systems to the cloud for telemetry and AI. He...
By Cloud Security Podcast
Podcast•Jan 5, 2026•6 min
SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns
The episode recaps recent security news, highlighting ongoing activity of the React2Shell exploit and the need to patch and isolate MongoDB servers against the MongoBleed vulnerability. It warns about classic advance‑fee cryptocurrency scams promising large payouts, and shares a practical...
By SANS Internet StormCast
Podcast•Jan 2, 2026•25 min
7MS #708: Tales of Pentest Fail – Part 6
In this episode, the host recounts a recent web application penetration test that went disastrously wrong, highlighting the missteps and unexpected challenges that can arise during a pentest. The story underscores the importance of thorough planning, clear communication with clients,...
By 7 Minute Security
Podcast•Jan 1, 2026•36 min
Hot Sauce and Hot Takes: An Only Malware in the Building Special.
In this special in‑studio episode, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski tackle a hot‑wings challenge while fielding personal and career‑focused questions, offering listeners a candid look at their backgrounds and the moments that shaped...
By Hacking Humans
Podcast•Dec 31, 2025•56 min
The IACR Can't Decrypt with Matt Bernhard
The episode examines the IACR's botched Helios election, where a key management failure forced the organization to discard the vote and schedule a new election. Guest Matt Bernhard, an expert in secure voting systems, explains how Helios' homomorphic encryption works,...
By Security Cryptography Whatever
Podcast•Dec 29, 2025•51 min
AI Surveillance: Unmasking Flock Safety’s Insecurities
The episode examines the security and privacy flaws of Flock Safety’s AI‑driven license‑plate readers and gunshot‑detection cameras, which are now installed in thousands of U.S. communities. Independent researcher Jon Gaines and activist‑musician Benn Jordan reveal dozens of software vulnerabilities—including outdated...
By Security Ledger
Podcast•Dec 28, 2025•5 min
SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
The episode warns that a critical MongoDB memory‑disclosure vulnerability (CVE‑2025‑14847), likened to Heartbleed, was patched on December 24 but is already being exploited in the wild. The flaw lets attackers manipulate BSON length fields to retrieve arbitrary memory, potentially exposing...
By SANS Internet StormCast
Podcast•Dec 25, 2025•46 min
Scammers Are Recruiting.
The episode spotlights a surge in social engineering threats, beginning with a conference scam warning and a retired federal investigator's "Scammer Psychological Kill Chain" framework for detecting attacks. It highlights a 1,000% rise in job scams targeting desperate job seekers,...
By Hacking Humans
Podcast•Dec 22, 2025•6 min
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
The episode covers three security topics: TLS callbacks (Thread Local Storage) used by malware to execute code before a program's main function, a critical FreeBSD remote code execution flaw in the rtsold daemon that parses unsanitized DNS search lists from...
By SANS Internet StormCast
Podcast•Dec 19, 2025•4 min
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog Finds JWTs
The episode highlights a positive trend of fewer publicly exposed industrial control system devices and a roughly 50% drop in SSL 2.0/3.0 exposure, indicating improved server hygiene. It warns about a critical, unauthenticated remote‑code‑execution flaw in Hewlett‑Packard Enterprise OneView (CVSS 10.0) that...
By SANS Internet StormCast
Podcast•Dec 18, 2025•52 min
Trust No Link, My Darling.
The episode covers the latest social engineering threats, from AI‑driven virtual kidnapping extortion and celebrity impersonation scams to Google’s dual strategy of suing phishing operations while supporting new anti‑scam legislation and AI tools. It offers practical home‑network advice, emphasizing IoT...
By Hacking Humans
Podcast•Dec 18, 2025•6 min
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
The episode highlights evolving React2Shell attacks that now target less‑common endpoints and non‑Next.js applications, urging operators to assume compromise if systems remain unpatched. It also covers active exploits in Cisco Secure Email Gateway (UAT‑9686) and a SonicWall SMA1000 local privilege...
By SANS Internet StormCast
Podcast•Dec 16, 2025•6 min
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
By Hacking Humans