Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Total monthly reach
Estimated from 1 chart position in 1 market.
By chart position
- 🇳🇱NL · Technology#1381K to 10K
- Per-Episode Audience
Est. listeners per new episode within ~30 days
500 to 5K🎙 Weekly cadence·410 episodes·Last published 8mo ago - Monthly Reach
Unique listeners across all episodes (30 days)
1K to 10K🇳🇱100% - Active Followers
Loyal subscribers who consistently listen
300 to 3K
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 10 epsHost
Recent guests
No guests detected in recent episodes.
Recent episodes
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
Oct 29, 2025
26m 38s
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
Oct 29, 2025
37m 19s
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
Oct 28, 2025
25m 57s
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
Oct 28, 2025
29m 10s
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
Oct 28, 2025
24m 32s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 10/29/25 |  Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”✨ | smishingcybersecurity+4 | — | Palo Alto NetworksU.S. Postal Service+2 | U.S.Europe+2 | smishing campaignmalicious domains+5 | — | 26m 38s | |
| 10/29/25 |  Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs✨ | cyber-espionagecommercial spyware+3 | — | LeetAgentDante+5 | RussiaBelarus | cyber-espionagespyware+5 | — | 37m 19s | |
| 10/28/25 |  Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025✨ | ransomwarecybersecurity+4 | — | CovewareAkira+1 | — | ransomwareCoveware+8 | — | 25m 57s | |
| 10/28/25 |  Firefox Add-Ons Must Declare Data Collection—or Be Rejected✨ | data collectionprivacy+3 | — | FirefoxFirefox extensions+3 | — | Firefoxdata collection+3 | — | 29m 10s | |
| 10/28/25 |  Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software✨ | cybersecurityinvestment+4 | — | ChainguardGeneral Catalyst | KirklandWashington | ChainguardGeneral Catalyst+6 | — | 24m 32s | |
| 10/28/25 |  $1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”✨ | WhatsApp exploitPwn2Own competition+3 | — | WhatsAppTeam Z3+3 | — | WhatsAppexploit+7 | — | 20m 22s | |
| 10/27/25 |  OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw✨ | AI securityvulnerability+3 | — | OpenAI AtlasOpenAI+1 | — | OpenAI Atlassecurity flaw+3 | — | 35m 17s | |
| 10/27/25 |  Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)✨ | remote code executionWindows Server vulnerabilities+3 | — | Windows Server Update ServiceMicrosoft+3 | — | CVE-2025-59287WSUS+7 | — | 19m 34s | |
| 10/27/25 |  Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam✨ | cybersecurityAI technology+3 | — | Comet AI browserPerplexity+3 | — | PerplexityComet AI browser+5 | — | 23m 37s | |
| 10/27/25 |  Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push✨ | cyber-espionageNorth Korea+4 | — | ScoringMathTeaLazarus Group | North KoreaEurope+4 | Lazarus GroupNorth Korea+6 | — | 27m 23s | |
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 10/25/25 |  Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak | Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting a full-scale cybersecurity investigation and disclosure to privacy regulators. The company’s internal review, conducted in partnership with third-party experts, verified that an unauthorized party accessed and copied portions of the customer database, exfiltrating personal information including names, mailing addresses, email addresses, and phone numbers.Crucially, the company stated that no financial or highly sensitive data—such as account passwords or credit card details—was compromised. The incident began when security researchers discovered a threat actor posting alleged customer data online, forcing Toys “R” Us Canada to act swiftly to validate the claims, contain the threat, and upgrade its IT security infrastructure.Following the confirmation of the breach, the retailer implemented enhanced security measures, improved access controls, and began notifying affected customers and Canadian privacy regulators, as required by national data protection laws. In its communication to customers, Toys “R” Us Canada advised vigilance against phishing and impersonation scams, warning that attackers often exploit such incidents by sending fraudulent emails or calls that appear to come from legitimate sources.While the compromised data is limited to personal contact details, cybersecurity experts note that this type of exposure still carries significant social engineering and identity theft risk, especially if combined with data from other breaches. The incident underscores the growing trend of retail sector data thefts, where customer information is monetized through dark web marketplaces or used to facilitate targeted phishing campaigns.As the investigation continues, Toys “R” Us Canada’s response highlights the importance of rapid incident detection, transparent communication, and proactive customer protection in managing post-breach fallout. The company maintains that it has taken all necessary steps to strengthen its defenses and restore trust following the exposure.#ToysRUsCanada #DataBreach #CyberAttack #DarkWebLeak #CustomerData #PrivacyBreach #CyberSecurity #RetailBreach #Phishing #InformationSecurity #IncidentResponse #CanadaPrivacy #DataProtection #BreachNotification #PersonalDataExposure #CyberThreat | 22m 47s | ||||||
| 10/24/25 |  Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution | A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. Tracked as CVE-2025-61932, this flaw carries a CVSS severity score of 9.8, allowing remote, unauthenticated attackers to execute arbitrary code simply by sending specially crafted packets to a vulnerable system. In effect, it grants full control over enterprise endpoints, turning a trusted management tool into a weapon against its own network.The flaw, caused by improper verification of communication sources, has already been exploited in attacks primarily targeting organizations in Asia — especially Japan, where Lanscope’s adoption is widespread. Japan’s JPCERT/CC confirmed observing potential compromise attempts, and Motex has urged all customers running affected on-premises versions (9.4.7.1 or earlier) to apply emergency patches immediately.As the situation escalated, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took decisive action by adding CVE-2025-61932 to its Known Exploited Vulnerabilities (KEV) list, citing it as a frequent and dangerous attack vector. Under Binding Operational Directive (BOD) 22-01, CISA has mandated all federal agencies patch their systems within three weeks — a clear signal of the vulnerability’s severity. Though the directive is mandatory only for U.S. federal entities, CISA is strongly advising all organizations worldwide to review the KEV list and prioritize patching.The potential consequences of exploitation are devastating. A successful compromise of Lanscope’s management layer could allow attackers to deploy ransomware across thousands of endpoints, steal sensitive corporate data, and maintain long-term access for espionage or persistence. With confirmed exploitation already underway, time is a critical factor.Cybersecurity analysts stress that this incident underscores the growing trend of supply-chain and endpoint management exploits, where centralized administrative systems become high-value targets. Organizations using Lanscope must act immediately — conducting full asset discovery, validating deployments, and applying Motex’s latest patches without delay.#Lanscope #CVE202561932 #Motex #KyoceraCommunications #CISA #KEVList #ZeroDay #ActiveExploitation #EndpointSecurity #RemoteCodeExecution #CyberAttack #PatchNow #JapanCybersecurity #BOD2201 #CVEAlert #Vulnerability #CISAMandate #NetworkSecurity #JPCERT #CyberThreat | 18m 05s | ||||||
| 10/24/25 |  BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws | The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The flaws—tracked as CVE-2025-40780, CVE-2025-40778, and CVE-2025-8677—pose serious threats ranging from cache poisoning to denial-of-service (DoS) attacks. These vulnerabilities collectively endanger one of the internet’s most foundational components: the Domain Name System (DNS).The two most severe issues, both scoring 8.6 on the CVSS scale, expose BIND resolvers to cache poisoning. One of them, CVE-2025-40780, originates from a weakness in the Pseudo Random Number Generator (PRNG) used for DNS queries, allowing attackers to predict critical identifiers like source ports and query IDs. The second, CVE-2025-40778, involves overly lenient acceptance of DNS records, which can enable attackers to inject forged or spoofed entries into the cache. Once poisoned, the resolver could redirect users to malicious domains, enabling phishing, credential theft, and data interception across entire organizations.The third flaw, CVE-2025-8677, rated 7.5 (High), introduces a DoS risk that allows adversaries to overwhelm DNS resolvers by sending specially crafted malformed DNSKEY records, consuming CPU resources until DNS services become unavailable. Because nearly all internet-dependent systems rely on DNS resolution, such attacks can lead to massive service disruptions, cutting off critical applications, communications, and business operations.The ISC emphasizes that no workarounds exist for these vulnerabilities — patching is the only mitigation. Updated versions, including BIND 9.18.41, 9.20.15, and 9.21.14, are now available and must be deployed immediately. Though the consortium reports no confirmed in-the-wild exploitation so far, the public disclosure of technical details drastically increases the likelihood of attackers developing weaponized exploits in the near term.For enterprises, this serves as an urgent reminder that DNS security is infrastructure security. Any delay in applying the ISC’s patches exposes networks to redirection attacks, service outages, and data breaches. Immediate updates are critical to maintaining service integrity, preventing manipulation of DNS traffic, and ensuring business continuity.#BIND9 #DNS #ISCSecurity #CVE202540780 #CVE202540778 #CVE20258677 #CachePoisoning #DNSAttack #PRNGFlaw #DenialOfService #CyberSecurity #Vulnerability #PatchNow #DNSResolver #InternetSecurity #ISCVulnerability #SystemAdmin | 20m 19s | ||||||
| 10/24/25 |  Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms | A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw affects Adobe Commerce and Magento Open Source platforms, allowing attackers to bypass security features and seize control of customer accounts through the Commerce REST API. Despite Adobe releasing emergency hotfixes on September 9, an alarming 62% of Magento sites remain unpatched, leaving tens of thousands of online stores exposed to active exploitation.Security firm Sansec first observed a spike in real-world attacks involving PHP webshell payloads and phpinfo probes used for reconnaissance and persistence. The attacks began almost immediately after the vulnerability was disclosed, accelerated by a premature leak of Adobe’s patch that gave adversaries a head start in developing exploits. Now that exploit code is public, experts warn of an impending surge in automated attacks targeting unpatched systems.Adobe has officially confirmed that the SessionReaper vulnerability is being exploited in the wild, transforming a technical flaw into a full-blown operational crisis for online retailers. Threat actors are using the exploit to hijack customer sessions, manipulate transactions, and exfiltrate sensitive data — threatening both consumer trust and brand integrity.According to Sansec’s telemetry, more than half of all Magento sites remain vulnerable, creating a massive attack surface for opportunistic cybercriminals. The exploit’s simplicity, combined with the widespread use of outdated Commerce installations, means mass compromise events are likely imminent.Cybersecurity professionals emphasize that immediate mitigation is non-negotiable. Administrators must apply Adobe’s September 9 hotfix for all affected versions (2.4.4 through 2.4.7) and monitor for unauthorized API activity or unexpected PHP file uploads. With SessionReaper already tearing through unpatched systems, time is the most critical defense.#AdobeCommerce #Magento #SessionReaper #CVE202554236 #AdobeVulnerability #EcommerceSecurity #Sansec #CyberAttack #Webshell #AccountTakeover #ExploitInTheWild #CVEAlert #PatchNow #RESTAPI #AdobeHotfix #CyberThreats #MagentoSecurity | 29m 23s | ||||||
| 10/24/25 |  AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces | Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sophisticated attack uses malicious browser extensions to create visually identical replicas of legitimate AI sidebars, tricking users into believing they are interacting with trusted AI assistants like ChatGPT Atlas, Perplexity’s Comet, or integrated browser agents such as Copilot in Edge and Gemini in Chrome. Once installed, these extensions inject JavaScript that seamlessly imitates the real AI interface, intercepting and altering prompts and responses.The result? A user unknowingly follows manipulated AI instructions that can lead to phishing scams, credential theft, or the execution of malicious commands directly on their own device. This form of attack weaponizes trust—exploiting not software vulnerabilities, but human behavior. SquareX’s analysis shows that these spoofed sidebars can guide users to install malware, grant remote access, or visit fraudulent websites, all while maintaining the illusion of legitimate AI guidance.The systemic flaw lies in how browsers permit extensions to inject and manipulate on-page content, making this threat platform-agnostic and dangerously widespread. Even though providers like OpenAI enforce strict sandboxing in ChatGPT’s Atlas browser, these safeguards do not protect users from themselves—particularly when deception is this seamless.Cybersecurity experts now warn that AI Sidebar Spoofing represents the next evolution in social engineering attacks, combining psychological manipulation with technical precision. To defend against it, organizations must enforce strict extension controls, retrain users to question AI-provided instructions, and recognize that as AI becomes a daily tool, the human trust layer is the new battlefield in cybersecurity.#AISidebarSpoofing #SquareX #ChatGPTAtlas #PerplexityComet #BrowserSecurity #SocialEngineering #Malware #CyberThreat #AITrust #ExtensionExploits #Cybersecurity #OpenAI #Phishing #AIinSecurity | 21m 40s | ||||||
| 10/24/25 |  Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft | Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double-extortion ransomware attack on October 15, 2025, in an incident that disrupted operations and exposed sensitive corporate data. The attackers infiltrated the company’s IT network, deploying encryption and monitoring software, which temporarily halted key business functions and prevented access to core systems.According to an internal memorandum from company leadership, the attackers not only encrypted systems but also stole sensitive data, including financial information intended for an upcoming SEC filing and even images captured from internal video meetings. The stolen material is now being leveraged in a classic double-extortion scheme, with the attackers demanding a ransom to prevent public release of the data.While Jewett-Cameron reports that its cybersecurity insurance is expected to cover the costs of incident response and system recovery, the company acknowledges that the attack has caused significant operational disruptions that could have a material impact on business performance and regulatory timelines. Specifically, the company warns that the downtime could delay its Form 10-K filing and affect investor confidence if sensitive financial data is leaked prematurely.The company’s initial investigation indicates that while the breach affected corporate IT systems, no personal information belonging to employees, customers, or suppliers appears to have been compromised. This limits the potential exposure of third-party data but does not diminish the strategic and reputational risks of the event.Jewett-Cameron has engaged external cybersecurity counsel and forensic specialists to contain the breach, investigate the attack, and restore operations. The company has since contained the intrusion and is working to rebuild systems while evaluating whether to comply with the ransom demand — a complex decision balancing reputational risk, investor relations, and the ethical implications of paying threat actors.The ransomware group behind the attack remains unidentified publicly, but their tactics — combining data encryption with exfiltration and public pressure — align with the growing trend of double-extortion operations that target small and mid-sized manufacturing and supply chain organizations.This incident underscores the escalating risks facing manufacturers and public companies that handle sensitive financial disclosures. The attack on Jewett-Cameron highlights the intersection of operational technology (OT) and corporate IT vulnerabilities, and the increasing tendency for threat actors to weaponize stolen financial data to pressure organizations into ransom payments.As of now, Jewett-Cameron maintains that the intrusion is contained, and system restoration is underway. However, the company warns that even with insurance coverage, the broader consequences — including market volatility, regulatory scrutiny, and reputational damage — could be felt long after the systems come back online.#JewettCameron #Ransomware #Cyberattack #DoubleExtortion #DataBreach #Oregon #ManufacturingSecurity #CyberExtortion #IncidentResponse #CISO #CyberInsurance #OperationalDisruption #DataExfiltration #SEC #Form10K #CyberThreat #BusinessRisk #CyberForensics #EncryptionAttack #SupplyChainSecurity #InformationSecurity #RansomDemand #CyberResilience | 22m 53s | ||||||
| 10/23/25 |  Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot | The Russian state-sponsored hacking group Star Blizzard — also tracked as ColdRiver, Seaborgium, and UNC4057 — has undergone a major transformation in its operations following public exposure earlier this year. After researchers at Google detailed its LostKeys malware and PowerShell-based infection chain in June 2025, the group swiftly abandoned those tools, pivoting to a completely rebuilt attack framework that emphasizes simplicity, flexibility, and stealth.Between May and September 2025, Star Blizzard replaced its previous malware suite with a streamlined infection chain built around three new components: NoRobot, YesRobot, and MaybeRobot. This tactical shift underscores the group’s ability to adapt rapidly under pressure — a defining hallmark of nation-state APTs.The evolution began with the introduction of NoRobot (also called BaitSwitch), a malicious DLL loader that initiates the infection chain via a technique known as ClickFix — malicious lure pages that trick victims into executing harmful commands. Once established, NoRobot retrieves a second-stage payload from attacker-controlled servers. Initially, this payload was YesRobot, a Python-based backdoor with limited functionality. But within weeks, Star Blizzard replaced it with MaybeRobot (aka SimpleFix), a far more agile operator-controlled backdoor capable of executing arbitrary files, shell commands, and PowerShell code directly from the attacker’s console.Unlike traditional automated implants, MaybeRobot favors hands-on-keyboard operations, giving human operators granular control for post-exploitation activities. This move marks a deliberate shift toward manual precision attacks, allowing Star Blizzard to minimize detection risk while maintaining strategic flexibility.The group’s technical evolution also extends to its evasion tactics. Star Blizzard has begun rotating its command-and-control infrastructure, altering file paths and DLL export names, and frequently rebranding binaries — all to undermine defenders’ reliance on static indicators of compromise (IOCs). These measures highlight a growing emphasis on anti-signature resilience, making behavioral and heuristic detection the only effective defense strategy.This transformation reveals a disciplined, reactive adversary capable of rebuilding its toolset within months of public disclosure. The operation’s new structure reflects a broader trend among state-backed actors: fewer automated frameworks, more adaptable operator-driven campaigns, and simplified yet hardened delivery mechanisms.For defenders, the implications are clear — signature-based detection is no longer enough. Monitoring behavioral patterns such as rundll32 misuse, command execution anomalies, and short-lived infrastructure is now essential to identifying and mitigating Star Blizzard’s evolving campaigns.#StarBlizzard #ColdRiver #Seaborgium #APT #Russia #CyberEspionage #NoRobot #MaybeRobot #LostKeys #BaitSwitch #ClickFix #MalwareEvolution #ThreatIntelligence #APTUNC4057 #CyberThreat #NationStateHacking #Cybersecurity #MalwareAnalysis #ThreatDetection #Rundll32 #HandsOnKeyboard #EvasionTactics #Infosec #APTActivity #GoogleThreatAnalysis #AdvancedPersistentThreat | 32m 49s | ||||||
| 10/23/25 |  Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents | San Francisco-based Keycard has officially emerged from stealth mode, announcing $38 million in funding across seed and Series A rounds to build what may become one of the most critical infrastructure layers of the AI era — identity and access management (IAM) for AI agents. Founded in 2025 by former senior executives from Snyk and Okta, Keycard is taking on the monumental task of securing how autonomous AI systems authenticate, access data, and execute tasks across production environments.The company’s founding thesis is clear: as enterprises move beyond AI experimentation and begin deploying autonomous agents into real-world applications, they face a major security gap. These agents often require direct access to internal systems, APIs, and sensitive data — yet existing IAM systems were designed for humans, not autonomous entities. Keycard’s platform fills this void by introducing a cryptographically verifiable identity layer for non-human actors, enabling organizations to deploy agents safely and confidently.At the heart of Keycard’s approach is a set of groundbreaking architectural features:Cryptographic identity verification ensures that every agent has a provable, tamper-proof identity, making impersonation or spoofing virtually impossible.Dynamic, task-scoped tokens replace static credentials like API keys. These ephemeral tokens are generated in real time, scoped to a specific agent, and valid only for the duration of a given task—dramatically reducing exposure to credential theft and misuse.Runtime contextual access controls allow organizations to enforce adaptive security policies based on live conditions, enabling granular governance over what each agent can access or perform at any given time.Keycard’s $38 million raise includes a $30 million Series A led by Acrew Capital and an $8 million seed round co-led by Andreessen Horowitz (a16z) and Boldstart Ventures, with additional participation from Essence Ventures, Exceptional Capital, Mantis VC, Modern Technical Fund, Tapestry Ventures, and Vermillion Cliffs Ventures. This investor mix underscores broad confidence that Keycard is addressing a foundational problem for the emerging agent economy—the security and governance of autonomous AI systems.According to CEO Ian Livingstone, Keycard’s mission is to unlock the enterprise potential of AI agents by ensuring they operate with the same trust, control, and accountability as human users:“You can’t run AI agents in production until you can trust them — and trust starts with identity and access.”Keycard’s founding team brings together the developer-centric security expertise of Snyk with the identity and governance experience of Okta, creating a unique advantage in building security infrastructure that developers can easily adopt and enterprises can trust at scale. The company plans to use its funding to expand its research and development team, advance its IAM platform, and strengthen its integration with enterprise ecosystems.As the world transitions toward an AI-driven operational model, Keycard is emerging as a pioneer in defining identity for machines. Its platform offers the missing trust layer needed for enterprises to deploy autonomous systems responsibly — combining cryptography, adaptive security, and enterprise-scale architecture to secure the next generation of digital actors.#Keycard #AIIdentity #IAM #AIInfrastructure #AgentSecurity #AIAgents #Cybersecurity #AndreessenHorowitz #AcrewCapital #BoldstartVentures #AITrust #TaskScopedTokens #CryptographicIdentity #Snyk #Okta #AgentEconomy #AIAuthentication #MachineIdentity #AccessControl #AIinEnterprise #AIInnovation #StealthStartup #TechFunding #IdentitySecurity #AICompliance #AIgovernance | 19m 17s | ||||||
| 10/23/25 |  Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover | Security researchers are urging immediate action after TP-Link disclosed multiple critical vulnerabilities in its Omada gateway line, affecting a wide range of ER, G, and FR series devices. The flaws—now patched by TP-Link—expose organizations to remote code execution, privilege escalation, and full network compromise, making them among the most severe threats to network infrastructure this year.The most dangerous vulnerability, CVE-2025-6542, carries a CVSS score of 9.3 and allows remote, unauthenticated attackers to execute arbitrary operating system commands. In simple terms, it gives hackers the ability to take full control of affected gateways without needing any credentials. Once exploited, this flaw can be used to manipulate traffic, install malware, or pivot into internal systems, effectively neutralizing perimeter defenses and exposing entire networks.Another critical flaw, CVE-2025-7850, is a command injection vulnerability that requires an attacker to already have administrative access to the web management portal. Although it’s an authenticated exploit, it becomes extremely dangerous in scenarios involving compromised credentials, insider threats, or password reuse—turning a single admin account into a complete network breach vector.Two additional high-severity issues, CVE-2025-7851 and CVE-2025-6541, further elevate the risk. One allows an attacker to gain root access, while the other enables OS command execution by an authenticated user. Together, these vulnerabilities create a chainable attack path—where even limited access can rapidly escalate to total control over the gateway and, by extension, the entire network.The consequences of leaving these devices unpatched are severe:Full network compromise: Attackers can monitor or redirect all network traffic, bypass firewalls, and infiltrate internal systems.Data exfiltration: Sensitive data—including PII, financial records, and intellectual property—can be intercepted in transit.Operational disruption: Attackers could disable or corrupt routing functionality, leading to downtime and loss of connectivity.Persistent access: Once inside, attackers could establish stealthy footholds, allowing long-term espionage or follow-on ransomware attacks.TP-Link has released firmware updates to address these flaws and strongly advises all users to apply the patches immediately. Administrators are also urged to change all device passwords after patching to ensure that any previously compromised credentials cannot be reused.These vulnerabilities are part of a growing pattern of attacks against network gateway devices, which have become high-value targets for threat actors seeking to bypass traditional perimeter defenses. Because gateways sit at the heart of enterprise and SMB networks, their compromise often results in total network visibility and control for the attacker.For organizations relying on TP-Link Omada gateways, the message is clear: patch now or risk full compromise. The combination of unauthenticated remote code execution and privilege escalation flaws makes these vulnerabilities critical priority items for immediate remediation.#TPLINK #Omada #CVE20256542 #CVE20257850 #CVE20257851 #CVE20256541 #RemoteCodeExecution #RCE #CommandInjection #NetworkSecurity #FirmwareUpdate #Cybersecurity #RouterVulnerability #GatewayExploit #IoTSecurity #CriticalVulnerabilities #SupplyChainRisk #PatchNow #SecurityAdvisory #CyberThreat #NetworkCompromise #PrivilegeEscalation #DataExfiltration #PerimeterSecurity #CVE #VulnerabilityDisclosure | 22m 07s | ||||||
| 10/23/25 |  TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution | A critical new vulnerability known as TARmageddon (CVE-2025-62518) has sent shockwaves through the Rust developer community and the broader cybersecurity world. This high-severity desynchronization flaw, discovered in the Async-tar and Tokio-tar libraries, exposes millions of downstream applications to the risk of remote code execution and supply chain compromise. The flaw arises when these TAR parsers process nested archives with mismatched PAX and ustar headers, allowing attackers to smuggle unauthorized file entries that can overwrite critical files on a target system.The discovery was made by Edera, a security research firm, which issued an urgent advisory after identifying that both Async-tar and its popular fork, Tokio-tar, had been abandoned and left unmaintained. With no maintainers to coordinate a fix, Edera initiated a decentralized disclosure process—a rare move in vulnerability response—encouraging downstream developers to patch or migrate independently. This decentralized approach led to quick action by some projects, such as Astral-tokio-tar (patched in version 0.5.6) and Krata-tokio-tar, but others, including Testcontainers and Liboxen, remain exposed pending updates.At its core, TARmageddon’s exploitability comes from how the vulnerable parsers misinterpret archive structure. When encountering a nested TAR file where the ustar header incorrectly specifies a zero-byte file, the parser skips over critical content and begins interpreting the nested TAR’s internal headers as legitimate entries in the parent archive. This allows attackers to inject arbitrary files—a technique that can lead to arbitrary file overwrites and remote code execution. In real-world attacks, this could be leveraged to replace binaries, modify authentication keys, or compromise build pipelines, making it a potent weapon for software supply chain attacks.The incident reveals deeper truths about the modern open-source ecosystem. Despite Rust’s reputation for memory safety, TARmageddon shows that logic flaws—not memory errors—can still produce catastrophic results. Moreover, the widespread use of abandoned dependencies like Async-tar highlights a systemic challenge: critical libraries often go unmaintained while remaining deeply embedded in production systems. This “vulnerable lineage” problem—where one unpatched project infects countless forks and derivatives—poses a significant and growing risk to software supply chains.Edera’s report calls for urgent remediation steps:Migrate to patched forks such as Astral-tokio-tar ≥ 0.5.6 or the updated Krata-tokio-tar.Manually harden TAR parsers by prioritizing PAX headers, validating header consistency, and adding strict boundary checks to prevent desynchronization.Audit dependencies proactively to identify abandoned codebases before vulnerabilities surface.With a CVSS score of 8.1, TARmageddon is more than just another open-source vulnerability—it’s a cautionary tale about the fragility of dependency-driven software ecosystems. It underscores that memory-safe languages do not guarantee security, and that maintaining supply chain visibility is as important as patching the code itself.#TARmageddon #CVE202562518 #Rust #AsyncTar #TokioTar #SupplyChainSecurity #OpenSourceVulnerability #RemoteCodeExecution #Desynchronization #PAXHeaders #Ustar #RustSecurity #DependencyRisk #EderaSecurity #SoftwareSupplyChain #CyberRisk #CVE #AppSec #VulnerabilityDisclosure #AstralTokioTar #KrataTokioTar #PatchNow #SecurityAlert #MemorySafe #SoftwareSecurity | 29m 58s | ||||||
| 10/23/25 |  Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market | A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The release of Vidar 2.0 represents a complete transformation of the long-running Vidar infostealer, which has been rewritten entirely in C and equipped with multi-threading and advanced anti-analysis mechanisms. This overhaul not only boosts performance but makes detection exponentially more difficult, setting the stage for a potential new era in cybercrime operations.Security researchers warn that infections from Vidar 2.0 are expected to surge through Q4 2025, as this reengineered variant fills the vacuum left by the decline of Lumma Stealer. The developer behind Vidar — active and trusted in underground markets since 2018 — has released a product that combines speed, stealth, and resilience into a single, deadly package.The most alarming innovation is Vidar 2.0’s ability to bypass Chrome’s App-Bound encryption, a defense mechanism introduced in 2024 to protect browser-stored credentials. Instead of attempting to decrypt protected data on disk, Vidar 2.0 sidesteps these controls entirely by injecting malicious code directly into live Chrome processes and extracting encryption keys straight from memory. This in-memory attack vector effectively neutralizes one of the browser’s most advanced security protections.Other major technical upgrades include:A C-language rewrite, reducing dependencies and shrinking the malware’s footprint to evade signature detection.Multi-threaded data collection, allowing it to steal multiple data types—passwords, cookies, cryptocurrency wallets, and cloud credentials—simultaneously, minimizing its dwell time on infected machines.A polymorphic builder that automatically alters each build’s structure, producing unique, detection-resistant variants.Robust anti-analysis defenses, from debugger and sandbox detection to hardware and timing checks that allow Vidar 2.0 to shut down in controlled environments.Vidar 2.0’s operational flow reflects a professional-grade architecture. Once inside a victim’s system, it rapidly harvests data from browsers, crypto wallets, communication apps like Telegram and Discord, and even Steam accounts. After data collection, it captures screenshots and packages everything for exfiltration via Telegram bots or Steam-hosted URLs, cleverly leveraging legitimate services to conceal its communications.From a market perspective, Vidar 2.0 is emerging as a clear successor to Lumma Stealer, offering superior capabilities at competitive prices. Its developer’s reputation, combined with its advanced architecture, ensures strong adoption within the Malware-as-a-Service (MaaS) economy. Trend Micro analysts predict Vidar 2.0 could become the dominant stealer in circulation by late 2025, reshaping the threat landscape for credential theft and data exfiltration.For defenders, Vidar 2.0 underscores a broader trend in the cybercrime ecosystem: malware that’s not just faster and stealthier, but smarter and more adaptive. With its in-memory attacks and polymorphic evasion, this stealer exemplifies the next generation of threats that blend speed, sophistication, and commercial viability — a dangerous combination for enterprises and individuals alike.#Vidar2 #Infostealer #Cybercrime #Malware #CredentialTheft #LummaStealer #TrendMicro #DataExfiltration #ChromeBypass #CyberThreat #InformationSecurity #ThreatIntelligence #MalwareAnalysis #CyberAttack #PolymorphicMalware #CyberDefense #MalwareAsAService #CProgramming #AIThreats #BrowserSecurity #EncryptionBypass #MemoryInjection #CyberSecurity #ThreatLandscape #Q42025 | 31m 42s | ||||||
| 10/22/25 |  Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence | Dataminr, the AI powerhouse known for its real-time risk and event detection platform, has announced plans to acquire ThreatConnect, a cybersecurity firm specializing in threat intelligence aggregation and response, for $290 million in cash and equity. This strategic move marks a major milestone in the ongoing consolidation of the threat intelligence sector and signals a bold shift toward the next generation of Client-Tailored intelligence—highly contextualized, AI-driven insights designed to bridge the gap between awareness and action.With over $1 billion in total investment, Dataminr has long been recognized for its ability to process vast amounts of public data—ranging from social media posts to cyber threat disclosures—to provide real-time situational awareness. Meanwhile, ThreatConnect, based in Arlington, Virginia, has built a strong reputation as a platform that enables security teams to aggregate, analyze, and act upon threat data, serving over 250 enterprises and government clients, including Nike, Wells Fargo, and multiple national agencies across the U.S., U.K., and Australia.The combination of these two entities represents a synergistic fusion of external and internal intelligence. Dataminr’s global reach in public signal processing meets ThreatConnect’s internal telemetry and contextual depth, forming a unified system capable of producing highly personalized threat intelligence feeds. This merger aims to give organizations not only faster insights but actionable intelligence tailored to their specific environments.As Dataminr CEO Ted Bailey explains, “By uniting our AI platform with the capabilities of ThreatConnect, we will fuse external public data signals and internal client data to pioneer the first-ever real-time Client-Tailored intelligence.” This approach leverages agentic AI systems—autonomous, goal-oriented models designed to interpret both global events and enterprise-specific risks—to deliver precise, context-aware alerts and recommended responses in real time.For Dataminr, the acquisition fills a key gap: while the company has long excelled in detecting events and emerging risks, ThreatConnect provides the internal visibility that turns detection into decisive action. For ThreatConnect, the merger extends its reach beyond cyber-only contexts into the broader multi-domain threat landscape, empowering customers to anticipate both digital and physical risks before they escalate.This acquisition also reflects a wider trend of cybersecurity consolidation. In 2025 alone, more than 330 M&A deals have been announced across the cybersecurity space, with seven specifically focused on threat intelligence firms. The rapid pace of these transactions highlights growing demand for integrated solutions that eliminate silos between external monitoring, internal analytics, and automated response.The Dataminr-ThreatConnect union signals a shift from traditional threat intelligence toward contextual, adaptive intelligence ecosystems that serve as decision-support systems rather than passive data providers. By combining Dataminr’s external AI-driven detection with ThreatConnect’s actionable internal intelligence, the new entity stands poised to redefine how organizations perceive, prioritize, and respond to emerging risks across both the cyber and physical domains.This deal is more than an acquisition—it’s a statement about the future of AI in security operations: an era where real-time, client-specific intelligence will enable enterprises to not just understand what’s happening, but to know exactly what it means for them and how to respond.#Dataminr #ThreatConnect #Cybersecurity #ThreatIntelligence #AI #AgenticAI #MergersAndAcquisitions #ClientTailoredIntelligence #RiskIntelligence #CyberRisk #RealTimeIntelligence #TedBailey #CyberOperations #ThreatDetection #DataFusion #SecurityAutomation #AIinSecurity #ContextualIntelligence #SOAR #SIEM #CyberInnovation #DigitalTransformation #SecurityConsolidation | 23m 01s | ||||||
| 10/22/25 |  Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI | In one of the largest cybersecurity acquisitions of 2025, Veeam Software has announced plans to acquire Securiti AI for $1.725 billion in cash and stock, signaling a fundamental shift in how enterprises will secure, manage, and govern their data in the age of artificial intelligence. The deal, expected to close in the fourth quarter, will bring together two industry powerhouses: Veeam, the global leader in data resilience and recovery, and Securiti AI, a pioneer in data security posture management (DSPM) and governance.Veeam’s move is not just a product expansion—it’s a bold repositioning. The company is evolving from a data protection vendor into a strategic enabler of trusted AI, addressing one of the most pressing challenges facing modern enterprises: fragmented, ungoverned data. By combining Securiti AI’s data intelligence and governance capabilities with Veeam’s robust backup and recovery infrastructure, the unified platform will enable organizations to understand, secure, recover, and ultimately leverage their data to power AI safely and transparently.As Veeam CEO Anand Eswaran explains, “We’ve entered a new era for data. It’s no longer just about protecting data from threats—it’s about ensuring it’s governed and trusted to power AI transparently.” This vision captures the emerging consensus across industries that the success of enterprise AI initiatives depends not on more models, but on better-managed, compliant, and trustworthy data.At the core of this acquisition is Rehan Jalil, founder and CEO of Securiti AI, who will join Veeam as President of Security and AI. Jalil’s track record speaks volumes: his previous ventures include Elastica, acquired by Blue Coat (later part of Symantec for $4.7B), and WiChorus, acquired by Tellabs for $180M. His leadership brings deep expertise in building scalable, security-driven platforms—positioning Veeam to execute this integration with both speed and precision.The combined entity aims to deliver a unified data control solution capable of eliminating silos between backup, governance, and security—a convergence that reflects a broader market trend. In 2025 alone, over 330 cybersecurity M&A deals have been announced, with nearly 15% targeting the data security sector, underscoring how the battle for control of the data layer has become the defining frontier of enterprise cybersecurity.Veeam’s acquisition of Securiti AI is thus more than a merger—it’s a declaration of intent. It signals the end of fragmented data management and the beginning of a new era where resilience, governance, and AI readiness converge under a single platform. The move redefines how organizations will approach both cybersecurity and artificial intelligence, setting a new industry standard for trusted, governed data ecosystems capable of powering the next generation of intelligent business operations.#Veeam #SecuritiAI #Cybersecurity #MergersAndAcquisitions #DataSecurity #AI #DSPM #DataGovernance #AnandEswaran #RehanJalil #DataResilience #DataManagement #TrustedAI #EnterpriseAI #CloudSecurity #DataProtection #BackupAndRecovery #SecurityConsolidation #TechAcquisition #GovernedData #CyberInnovation #AIEnablement #UnifiedSecurity #DigitalTransformation #SecurityPosture | 28m 44s | ||||||
| 10/22/25 |  Defakto Raises $30.75 Million to Redefine Machine Identity Security | California-based cybersecurity firm Defakto has raised $30.75 million in Series B funding, led by XYZ Venture Capital, bringing its total investment to roughly $50 million. The new capital will power the company’s rapid expansion in product development and global market reach for its identity and access management (IAM) platform—one specifically designed to secure non-human identities like AI agents, services, and workloads.In a world where automated systems now outnumber human users, enterprises are facing an identity crisis. Traditional IAM tools—built for people, not machines—have left a dangerous gap filled with static credentials and overprivileged service accounts. These outdated security mechanisms create massive attack surfaces, leaving organizations vulnerable to credential theft, supply chain compromise, and insider risk.Founded by Danny Oliveri and Eli Nesterov, Defakto’s mission is nothing short of transformative: to eradicate secrets entirely. Instead of managing hard-coded credentials or tokens, the company’s platform replaces them with dynamic, just-in-time identities that grant access only when and where it’s needed. This shift fundamentally changes how machine-to-machine authentication operates—turning identity from a liability into an adaptive, policy-driven control mechanism.Defakto’s technology integrates seamlessly across AWS, Azure, Google Cloud, and hybrid environments, enabling unified control over identity lifecycles regardless of platform. The company’s approach provides a comprehensive control plane for non-human identities, handling their creation, use, and retirement with precision and automation.The Series B investor lineup reads like a strategic dream team: alongside lead investor XYZ Venture Capital are The General Partnership, Bloomberg Beta, WndrCo, Adverb Ventures, J.P. Morgan, and Michael Coates, former CISO of Twitter. J.P. Morgan’s participation signals strong enterprise demand from regulated sectors like finance, while Coates’ involvement provides crucial technical validation from the CISO community.CEO Danny Oliveri captures the vision succinctly:“We didn’t build another tool to give you more visibility or manage secrets. We built a platform to eradicate them—to eliminate overprivileged access and give enterprises the same foundation for machines and AI that IAM gave them for people.”With this fresh injection of capital, Defakto is doubling down on product innovation and go-to-market execution. Its roadmap centers on supporting new classes of AI agents and automation pipelines while accelerating enterprise adoption through strategic integrations and customer-driven enhancements.As organizations grapple with the explosion of non-human users, Defakto’s platform is poised to become a cornerstone of modern cybersecurity architecture. By tackling one of the fastest-growing risks in enterprise IT—machine identity sprawl—Defakto’s Series B round positions it to lead a new category in IAM: dynamic, AI-ready identity security for the automated age.#Defakto #Cybersecurity #IAM #IdentitySecurity #SeriesB #AI #MachineIdentity #NonHumanIdentities #CloudSecurity #Automation #AWS #Azure #GoogleCloud #SecretsManagement #ZeroTrust #FundingNews #XYZVentureCapital #StartupFunding #AccessManagement #CyberInnovation #SecurityArchitecture | 34m 01s | ||||||
| 10/22/25 |  Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security | In a landmark move for the cybersecurity industry, Dr. Allan Friedman — often called the Father of SBOMs — has joined supply chain security firm NetRise as a strategic advisor. Friedman’s transition from his influential role at CISA marks a pivotal moment where public policy meets private innovation. His mission: to push the Software Bill of Materials (SBOM) initiative beyond regulatory mandates and into AI-powered operational reality.At CISA, Friedman spearheaded the global conversation around SBOMs — the machine-readable inventories that give organizations visibility into what’s inside their software. Now, by joining forces with NetRise, a leader in AI-driven supply chain risk analysis, Friedman aims to transform SBOMs from compliance artifacts into living data streams that power intelligent threat detection and response.This partnership comes at a crucial time. Although President Biden’s Executive Order 14028 mandates SBOMs for federal software procurement, the broader private sector has yet to fully operationalize them. Together, Friedman and NetRise plan to change that by marrying SBOM data with artificial intelligence to provide actionable, context-aware insight into software vulnerabilities.Friedman argues that AI doesn’t replace SBOMs—it depends on them. “AI is only as good as the data it consumes,” he notes, “and the SBOM provides that data.” NetRise CEO Thomas Pace agrees, emphasizing that AI cannot yet solve the supply chain problem alone—it needs the visibility SBOMs deliver. Their collaboration promises to bridge that gap, turning static inventories into dynamic intelligence pipelines.The implications reach far beyond one company. As defense and enterprise leaders like Kirsten Davies, the nominee for DoD CIO, advocate for integrating SBOM analysis with automated tools and continuous monitoring, this alliance sets the tone for the next evolution in cybersecurity: the fusion of policy-driven transparency and AI-driven risk management.By bringing together the originator of SBOMs and a company built to operationalize them, this partnership signals the start of a new era for software assurance—one where visibility, automation, and intelligence converge to defend the global supply chain.#SBOM #AllanFriedman #NetRise #SupplyChainSecurity #Cybersecurity #AI #SoftwareSecurity #ExecutiveOrder14028 #CISA #RiskManagement #VulnerabilityIntelligence #ThomasPace #DevSecOps #ZeroTrust #SoftwareSupplyChain #ArtificialIntelligence #FederalCybersecurity #Compliance #SecurityInnovation | 24m 24s | ||||||
Showing 25 of 410
Pitch Fit is a Pro feature
See how bookable this show is for guests, which brands already advertise, the per-episode ad value, and the best-fit guest and sponsor profile. The numbers are blurred on the free plan.
How readily this show books outside guests like you.
How proven this show is for host-read sponsorships.
For Guests
ProFor Advertisers
ProUpgrade to Pro to unlock guest cadence, sponsor categories, fit scores, and per-episode ad value for this show.
Chart Positions
1 placement across 1 market.
Chart Positions
1 placement across 1 market.