SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout
In this 7‑minute Stormcast episode, Johannes Ulrich reviews Apple’s latest patch cycle—85 vulnerabilities across iOS, macOS, and watchOS—emphasizing the importance of timely updates even though none are known to be actively exploited. He then provides an update on the LiteLLM supply‑chain issue, urging organizations to automate credential rotation and improve secrets management after revelations that Team PCP holds hundreds of gigabytes of compromised credentials. Finally, he discusses Google’s accelerated push to adopt quantum‑safe cryptography by 2029, noting the broader industry impact as operating systems like Android and Chrome begin to integrate these algorithms.
Bastille Presents: The Wireless Threat Series Podcast, Smartglasses
In this episode of the Wireless Threat Series, Adrian Sanabria and John Bundy examine the security and privacy implications of modern smart glasses, tracing their evolution from Google Glass to today's Meta Ray‑Ban and Oakley models. They categorize smart glasses...
#276 Why Information Security Is Now a CFO Responsibility, Howard Francioni, Lead Auditor, Akton Boundrie Group
In this episode, host Kevin Appleby talks with Howard Francioni, a lead auditor at Akton Boundrie Group, about why information security is now a core responsibility for CFOs. They discuss the real‑world impact of cyber incidents—such as the Jaguar Land...
SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks
In this episode, Johannes Ulrich reviews a bash-based malware analysis by Xavier that exploits the GSocket backdoor to maintain persistence via a ground job and employs time‑stomping to hide file modifications. He also highlights a critical Oracle security alert for...
From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson
In this episode, Darren “Doc” Robinson, a long‑time Microsoft MVP and identity‑governance expert, walks through the evolution of identity management from legacy systems like Novell and FIM/MIM to today’s cloud‑first approach with Azure AD, Entra ID, and Cloud Sync. He...
Bastille Wireless Threat Detection Podcast Series, Smartwatches
In this inaugural episode of the Wireless Threat Detection series, Adrian Sanabria and John Bundy examine the security implications of smartwatches, highlighting how Wi‑Fi, Bluetooth, cellular, NFC and built‑in sensors expand the attack surface for both consumers and enterprises. They...
When AI Wears a Suit and Tie.
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis discuss recent social‑engineering attacks, focusing on a data breach at Ericsson’s U.S. subsidiary caused by a vishing attack on a third‑party vendor. They explain the concept...
The Fate of Agentic Commerce Hinges on an Elusive Resource: Trust
In this episode, Rima Katz and experts from FinScan and Javelin Strategy discuss how trust in payments is shifting from post‑transaction reassurance to real‑time verification, especially as agentic AI begins to act on behalf of consumers. They explore the technical...
The 350 Million Problem: Securing the Businesses No One Else Will
In this episode of the Resilient Cyber Show, Sophos CEO Joe Levi discusses the massive gap in cybersecurity leadership, noting that only about 32,000 CISOs exist for roughly 359 million global businesses. He explains how Sophos addresses the underserved SMB market...
Keeping the Lights on for Open Source
In this episode, host Ryan Donovan talks with Dan Lurink, CEO of ChainGuard, about the sustainability challenges facing open‑source projects, especially maintainer burnout and funding gaps. Lurink explains ChainGuard’s “Keeping the Lights On” program, which adopts archived or “done” repositories,...
EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty
In this episode, Tim Peacock and Anton Chuvakian interview SIEM veteran Raffy Marty about the evolving landscape of security information and event management (SIEM) versus emerging AI‑SOC solutions. Marty argues that traditional SIEMs aren’t dead but are under pressure to...
How to Migrate From Legacy VPNs to Entra Private Access (Real Strategies From a Veteran)
In this episode, veteran enterprise consultant Richard Hicks walks through the evolution from legacy Microsoft remote access solutions—DirectAccess and Always On VPN—to Microsoft Entra Private Access, a zero‑trust, identity‑centric alternative. He explains how DirectAccess introduced seamless, machine‑level connectivity but was...
Catholic Health’s Duemling Says Cybersecurity Should Be Managed Like a Chronic Condition
In this episode of the Health System CIO Show, CISO Keith Dumling discusses his first year at Catholic Health, emphasizing the importance of listening to the organization’s culture before acting and integrating quick wins into a longer‑term cybersecurity roadmap. He...
Scaling Remote Support in Education and Government: The Nash County Playbook
In this episode, Nash County Public Schools’ CTO Tremaine McQueen and Senior Network Engineer J.R. Williams discuss how they evaluated, selected, and rolled out a new remote support platform from BeyondTrust to serve over 3,000 endpoints across 24 schools. They...
SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing
In this 7‑minute Stormcast episode, Johannes Ulrich and guest Xavier dissect a new XWorm sample, tracing its infection chain from a phishing email with a 7‑zip attachment through JavaScript, PowerShell, and a .NET DLL loader to the final payload. They...
AI Agents Need Logins Too: Identity, Security, and the Future of AI | Greg Keller, CTO, JumpCloud
In this episode, JumpCloud CTO Greg Keller explains the evolving role of a CTO and how JumpCloud reimagines identity and access management (IAM) for modern, heterogeneous IT environments, contrasting it with legacy solutions like Microsoft AD and Okta's SSO focus....
SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse
In this 5‑minute Stormcast, Johannes Ulrich covers three security topics: a credential‑guessing campaign targeting CrushFTP admin accounts using default usernames and passwords, the latest Android Patch Tuesday which includes a critical Qualcomm display driver flaw already being exploited, and a...
🛑STOP Installing OpenClaw on Your Computer
The episode warns against installing OpenClaw, an autonomous AI coding agent, directly on personal computers, likening it to leaving a front door open. It explains that such agents can read and modify files, execute terminal commands, and access sensitive data,...
No Need for Ctrl+C when You Have MCP
In this episode, Ryan Donovan interviews David Soria Parra, co‑creator of the Model Context Protocol (MCP) and a technical staff member at Anthropic. They discuss the origin of MCP as a solution to the copy‑paste friction when using LLMs, its evolution...
7MS #711: How to Secure Your Community
In this inaugural episode of the "How to Secure Your Community" series, host Brian Johnson recounts his personal experience with Operation Metro Surge, a massive federal ICE deployment in the Twin Cities that began in December 2025. He describes the...
Risky Business #826 -- A Week of AI Mishaps and Skulduggery
In this episode of Risky Business, host Patrick Gray and panelists James Wilson and Adam Wallow dissect a wave of AI-driven cyber incidents, from a threat actor leveraging AI to mass‑compromise Fortinet devices to Chinese labs attempting large‑scale model distillation...
SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; Telnetd Issues
In this episode, Johannes Ulrich discusses a surge in scans targeting open redirects, explaining how these vulnerabilities can be exploited in OAuth 2 flows and phishing attacks, and notes that many originate from a bullet‑proof hosting IP. He then introduces...
Unifying Federal Data Management and Security with Hitachi VSP One
In this episode, Hitachi Vantara Federal’s Guy Garwich and Todd Hansen explain how the Virtual Storage Platform One (VSP1) unifies block, file, object, and mainframe storage into a single data plane with a unified control plane, delivering high‑performance file services,...
EP264 Measuring Your (Agentic) SOC: Two Security Leaders Walk Into a Podcast
In this episode, Tim Peacock and Anton Chuvakian host Alex Pabst, Deputy CISO at Allianz, and Mike Sinnoh, Director of Detection & Response at Google, to discuss evolving SOC metrics in the age of AI and automation. They critique traditional...
SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing
In this episode, Johannes Ulrich highlights three emerging threats: Japanese-language phishing campaigns that bypass English‑centric defenses, AI agents that ignore security guardrails and inadvertently expose data or make unauthorized changes, and the Starkiller phishing framework which proxies real login pages...
Product-Market Fit: From Edtech Vitamin to $100M Painkiller
In this episode, Adam Markowitz recounts his transition from a decade‑long edtech venture to building Drata, a compliance automation platform that quickly proved its product‑market fit as a painkiller rather than a vitamin. He explains how rigorous validation—dog‑fooding the product...
Why Stack Overflow and Cloudflare Launched a Pay-per-Crawl Model
In this episode, Stack Overflow’s Janice Manningham and Josh Zhang chat with Cloudflare VP Will Allen about the newly launched pay‑per‑crawl model that lets publishers charge crawlers for access. They explain how AI‑driven content scraping has upended the traditional open‑versus‑block...
The Voice on the Other End.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan examine a wave of social engineering attacks, including a sophisticated phishing campaign that dupes Apple Pay users via fake emails and voice calls, Australia’s ClickFit initiative exposing romance scams,...
Risky Business #825 -- Palo Alto Networks Blames It on the Boogie
In this episode, Patrick Gray, Adam Boileau, and James Wilson dissect a week of cybersecurity headlines, from Palo Alto Networks’ decision to avoid publicly attributing a Chinese‑linked hacking campaign to geopolitical concerns, to the rise of data‑only extortion as ransomware...
The Signal: The Real "Payment Meets Fraud" Journey with Brian Rust at Worldpay | Episode 467
In this episode, Brian Rust, SVP and Deputy CISO at Worldpay, explains how fraudsters now target SaaS platforms and ISVs by exploiting weak onboarding, transaction logic, and refund processes. He outlines the fraud kill‑chain—from synthetic business creation and card‑testing spikes...
Security Service Edge (SSE) (Noun) [Word Notes]
In this brief episode, host Rick Howard defines Security Service Edge (SSE) as a cloud‑centric security architecture that blends the shared responsibility model, vendor‑provided security stacks, and direct network peering with major content providers and their fiber networks. He highlights...
Resilience’s Long: 2026 Cyberthreat Landscape Poses New Challenges for Insurers
The episode examines the evolving cyber‑threat landscape of 2026 and its implications for insurance carriers, focusing on rising ransomware, supply‑chain attacks, and AI‑driven exploits. It highlights how insurers must adapt underwriting criteria, pricing models, and claims handling to address more...
EP263 SOC Refurbishing: Why New Tools Won’t Fix Broken Processes (Even With AI)
In this episode, Daniel Lyman, VP of Threat Detection and Response at Fiserv, discusses why simply adding new security tools— even AI‑driven ones—cannot repair broken SOC processes. He explains the concept of "process gravity," showing how entrenched workflows and cultural...
Episode 12 - Domain OSINT, Building Methods, and Turning Intelligence Into Products
In Episode 12, host Jake Creps breaks down Domain OSINT, demonstrating how a single URL can reveal ownership, infrastructure, intent, and related activity using free tools like WHOIS, DNS enumeration, and reverse IP searches. He illustrates the process with a...
SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
The episode dives into a newly discovered SSH worm that can turn a compromised host into a botnet in just four seconds, highlighting its self‑propagation and cryptographically signed command‑and‑control mechanism. It then reviews the latest OpenSSH changes for macOS, emphasizing...
Love Was the Hook.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan explore the surge in romance and social‑engineering scams, highlighting high‑profile cases like a €3 million "Dubai Crown Prince" fraud and a handyman‑turned‑boyfriend con that inspired an Amazon Prime documentary. They...
Risky Business #824 -- Microsoft's Secure Future Is Looking a Bit Wobbly
In episode 824 of Risky Business, Patrick Gray and Adam Boileau dissect a wave of cybersecurity headlines, from Microsoft’s unsettling reshuffle of its security leadership and upcoming Secure Boot certificate refresh to aggressive state‑backed campaigns by Russia targeting the Winter...
Domain Spoofing (Noun) [Word Notes]
In this concise episode, host Rick Howard explains domain spoofing, a social engineering technique where attackers create malicious domains that closely resemble legitimate ones to deceive users. He outlines how the tactic works, its common vectors, and the potential damage...
Coalition’s Toomey: Rising Cyber Interconnectedness Pushes Insurers to Boost Detection, Response
In this episode, AM Best’s Toomey discusses how the growing cyber interconnectedness among businesses is forcing insurers to enhance their detection and response capabilities. He highlights the rising frequency and complexity of cyber incidents, the need for real‑time monitoring, and...
EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security
In this episode, Global CISO Alex Shulman‑Peleg argues that the traditional, centralized security model is obsolete in the cloud‑native and AI‑driven era, advocating for a federated "freedom and responsibility" approach where engineers own security outcomes. He likens security to code...
The Timewarp Attack: A Long-Term Threat to Bitcoin Consensus W/ Core Dev Antoine Poinsot
In this episode, Bitcoin Core developer Antoine Poinsot explains the “off‑by‑one” Timewarp bug and how it can be exploited to bloat the blockchain, increase validation costs, and give mining cartels a competitive edge. He outlines the Great Consensus Cleanup—a set...
SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
In this Stormcast episode, the hosts discuss a multi‑stage malicious script that injects into Chrome, downloads a seemingly benign wallpaper image, and then installs additional payloads like Xworm to evade AV detection. They highlight a critical, unauthenticated web‑admin vulnerability (CVE‑2026‑1633)...
How the SCAM Act Would Encourage Platforms to Go After Scammers
In this episode, Paul Benda explains the SCAM Act introduced by Senators Ruben Gallego and Bernie Moreno, which would impose new know‑your‑customer and ad‑takedown obligations on major tech platforms that profit from fraudulent advertising. He outlines why current market incentives...
The Signal: What's New for Platforms & Payments Featuring Matt Downs of Global Payments | Episode 463
In this episode, Matt Downs, President of Integrated and Platforms at Global Payments, discusses the major shifts in platform payments as the industry heads toward 2026, emphasizing that payments have become a growth engine rather than a mere feature. He...
When Legit Is the Trick: Phishing’s Sneaky New Moves. [OMITB]
In this episode of Only Malware in the Building, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski explore how attackers are weaponizing legitimate Microsoft services to make phishing campaigns harder to detect. They break down two...
Secure Web Gateway (Noun) [Word Notes]
In this brief episode, host Rick Howard defines a Secure Web Gateway (SWG) as a layer‑seven firewall positioned at the network perimeter to enforce security policies and conduct detection and prevention tasks. He highlights the SWG’s role in inspecting web...
EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents
In this episode, Dennis Chow, Director of Detection Engineering at UKG, discusses the shift from static LLM chatbots to autonomous AI agents within a modern SOC, outlining a three‑tier model that treats agents as application‑level logic requiring robust identity, authorization,...
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
In this episode, Alex Gaynor and Paul Kehrer discuss the Python cryptography library’s decision to move away from OpenSSL as its primary backend, citing long‑standing maintenance headaches and architectural constraints. They explain the technical challenges they faced with OpenSSL’s API...
Why the Future of Financial Fraud Prevention Is Passwordless
In this episode, Dr. Adam Lowe of CompoSecure/Arculus and fraud analyst Suzanne Sando discuss the surge in AI‑driven financial fraud and why traditional passwords are no longer sufficient. They highlight how retailers like eBay and Amazon are moving to password‑less...
Cold Weather, Hot Scams.
In this episode, the hosts dissect recent social‑engineering attacks, covering a Verizon outage‑related credit scam, a rare case where a victim recovered nearly $1 million after a cyber fraud, and a surge of Ozembic/GLP‑1 weight‑loss drug scams targeting Wisconsin consumers with...