Security Squawk - The Business of Cybersecurity
by Bryan Hornung Reginald Andre & Randy Bryan
Is this your podcast?Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Est. Listeners
Insufficient chart data. Estimates will improve as the show charts.
- Per-Episode Audience
Est. listeners per new episode within ~30 days
N/A🎙 Daily cadence·268 episodes·Last published today - Monthly Reach
Unique listeners across all episodes (30 days)
N/A - Active Followers
Loyal subscribers who consistently listen
N/A
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 15 epsHosts
Recent guests
No guests detected in recent episodes.
Recent episodes
NSA Gets Secret AI, 3 Million Texans Exposed & 75,000 Firewalls Hit
Jun 24, 2026
43m 26s
The Government Just Switched Off Anthropic's AI — Plus a $1.9B AI Scam and Russia in Your Router
Jun 16, 2026
40m 00s
DentaQuest Breach Exposes 2.6 Million — and Why "Confident" Small Businesses Keep Getting Hit
Jun 9, 2026
34m 47s
The Biggest Cybersecurity Threat Isn't Malware Anymore | NYC Hospitals, Carnival & FBI Warning
Jun 3, 2026
34m 59s
7-Eleven Hacked, 143,000 Immigration Records Exposed, FBI Quietly Takes Over From CISA
May 26, 2026
35m 09s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 6/24/26 | NSA Gets Secret AI, 3 Million Texans Exposed & 75,000 Firewalls Hit | The government just put an AI company inside the NSA. Not to defend networks. To help find ways into them. At the same time, more than 3 million Texans had their driver's license and passport data exposed through a third-party vendor, and attackers harvested credentials from 75,000 Fortinet firewalls around the world, then organized the victims by how much money they were likely worth. Three stories. One uncomfortable reality: *The most powerful security tools are being locked up while your biggest risks are still the basics.* On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down what business owners, executives, IT leaders, and MSPs need to understand about AI, vendor risk, and the growing gap between the tools governments get and the threats businesses still face every day. Story 1: Anthropic Inside the NSA The Financial Times reported that Anthropic, the company behind Claude, embedded engineers inside the NSA to deploy a frontier AI model called Mythos. The same company that was previously flagged as a supply chain risk is now helping deploy one of the most advanced cyber-focused AI systems in government. Anthropic says the model is too dangerous for broad release. That raises a bigger question: If the most capable AI tools are increasingly treated as national-security assets, what happens when the tools your business depends on become tools you can no longer access? Story 2: 3 Million Texans Exposed Through a Vendor The Texas Parks and Wildlife Department disclosed a breach affecting more than 3 million people after attackers compromised a third-party vendor responsible for hunting and fishing license systems. Exposed data reportedly includes: • Driver's license information • Passport numbers • Home addresses • Phone numbers • Email addresses Officials emphasize that Social Security numbers were not exposed. That's missing the point. A driver's license, passport, address, and contact information already provide everything many criminals need for identity theft, fraud, and account takeover. The lesson is simple: Your security is only as strong as the vendors holding your data. Story 3: 75,000 Fortinet Firewalls Compromised Researchers disclosed a campaign that harvested administrator and VPN credentials from roughly 75,000 Fortinet firewalls across 194 countries. The attackers didn't just collect passwords. They categorized victims by: • Country • Industry • Company size • Estimated revenue In other words, they built a target list. Researchers say the infrastructure remains active and continues collecting credentials. If your organization uses Fortinet equipment, this is not a "someday" problem. This is a this-week problem. In This Episode • Why Anthropic's NSA deployment matters to every business using AI • Whether cybersecurity will become the justification for restricting advanced AI capabilities • How a third-party vendor exposed more than 3 million Texans • Why "no Social Security numbers were stolen" is often the wrong question • How attackers harvested credentials from 75,000 Fortinet devices • The immediate actions Fortinet customers should take • Why cybersecurity still comes down to fundamentals, even as AI transforms the battlefield The Bottom Line Most businesses worry about futuristic threats. Meanwhile, attackers are still winning through vendors, passwords, exposed systems, and concentration risk. The technology is changing fast. The fundamentals are not. Security Squawk is a weekly podcast and livestream focused on cybersecurity, business risk, ransomware, AI, vendor risk, and executive decision-making. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #NSA #AI #Claude #Fortinet #DataBreach #VendorRisk #IdentityTheft #BusinessRisk #MSP #Ransomware #AIRegulation | 43m 26s | ||||||
| 6/16/26 | The Government Just Switched Off Anthropic's AI — Plus a $1.9B AI Scam and Russia in Your Router | What happens to your business when the AI tool you rely on gets shut off overnight, not by a hacker, but by the U.S. government? Last Friday, Anthropic, the maker of Claude, pulled its two newest AI models offline within hours of a letter from Washington. This is the first time that has ever happened to a leading AI company, and it should change how every owner thinks about the tools they depend on. *Every tool you depend on is a switch someone else can flip.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week's stories for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. First up: Anthropic. The Commerce Department ordered the company to block its newest models, Fable 5 and Mythos 5, for any foreign national, citing national security. Anthropic couldn't separate who was allowed from who wasn't fast enough, so it shut the models off for everyone just six days after launching them. And the trigger reportedly wasn't a foreign spy at all. It was a warning from a competitor, Amazon, which demonstrated a way to bypass the model's safeguards. If your company has wired a critical process to a single AI vendor, you just watched how fast that capability can vanish. Next, the FBI disrupted one of the largest AI-powered scam operations ever seen. A China-based crime ring called "Outsider Enterprise" used artificial intelligence to write flawless scam texts and blasted out 2.5 million of them in two weeks while impersonating brands people trust through AT&T, T-Mobile, and Verizon. Authorities tied more than one million fake web addresses and 3.8 million stolen credit cards to the operation, with an estimated $1.9 billion in losses. The old advice to "watch for typos" is dead. These messages are clean, personal, and look exactly like the real thing. If your brand gets impersonated, your customers pay the price and your reputation takes the hit. Finally, Russia's military intelligence is hiding inside everyday routers. The group known as Fancy Bear has been quietly taking over the inexpensive routers small offices and remote workers buy off the shelf, including MikroTik, TP-Link, and Ubiquiti EdgeRouters, and using them to steal Microsoft 365 logins in transit. They even hide their commands inside normal cloud services so nothing looks suspicious. At its peak, researchers counted more than 18,000 infected connections across 120 countries. The scariest part: they steal the login token, allowing them to bypass multi-factor authentication and remain logged in even after the password is changed. Three stories. One thread. A government order, a billion-dollar scam ring, and a foreign intelligence unit all reached into technology many organizations assumed they controlled. In this episode, we discuss: • Why the government forced Anthropic to pull its newest AI models and what it means for your business • How an AI-powered crime ring scammed people out of an estimated $1.9 billion • Why the router in your closet might be working for Russian intelligence • How "restrict some" quietly becomes "shut it all off" • Why stolen login tokens can bypass your multi-factor authentication • What concentration risk means when you bet your operation on a single vendor • The Monday-morning moves that actually protect your business Security Squawk is a weekly podcast and livestream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #AI #FBI #Phishing #Smishing #FancyBear #VendorRisk #BusinessRisk #SMB #MFA | 40m 00s | ||||||
| 6/9/26 | DentaQuest Breach Exposes 2.6 Million — and Why "Confident" Small Businesses Keep Getting Hit✨ | data breachcybersecurity+4 | — | DentaQuestShinyHunters | America | DentaQuestdata breach+6 | — | 34m 47s | |
| 6/3/26 | The Biggest Cybersecurity Threat Isn't Malware Anymore | NYC Hospitals, Carnival & FBI Warning✨ | cybersecurity breachessocial engineering+4 | — | NYC Health + HospitalsCarnival Corporation+1 | NYC | cybersecuritybreaches+6 | — | 34m 59s | |
| 5/26/26 | 7-Eleven Hacked, 143,000 Immigration Records Exposed, FBI Quietly Takes Over From CISA✨ | cybersecuritydata breach+4 | — | CISAFBI+10 | — | cybersecuritydata breach+7 | — | 35m 09s | |
| 5/19/26 | OpenAI Devices Hacked, Ozempic Supplier Offline & Change Healthcare Lawsuit✨ | cybersecurityransomware+4 | — | OzempicOpenAI+2 | — | OpenAIOzempic+6 | — | 44m 48s | |
| 5/12/26 | AI Built Its First Zero-Day | 275M Student Records Stolen | 90% Hidden Ransomware✨ | cybersecuritydata breach+4 | — | GoogleInstructure+1 | HarvardStanford+3 | cybersecurityAI+8 | — | 58m 53s | |
| 5/5/26 | TSYS Ransomware Attack, Canvas Data Breach & HIPAA Security Failures Explained✨ | ransomwaredata breach+4 | — | TSYSEverest+5 | — | TSYSEverest ransomware+7 | — | 41m 25s | |
| 4/28/26 | Hackers Use Microsoft Teams to Break In - VPN Ransomware Surge - KPMG 2026 Warning✨ | cybersecurityransomware+5 | — | Microsoft TeamsKPMG+3 | — | cyberattackMicrosoft Teams+7 | — | 41m 56s | |
| 4/21/26 | Frost & Citizens Bank Ransomware | ShinyHunters Hit Zara, Carnival & 7-Eleven | Vercel Breach✨ | ransomwaredata breaches+4 | — | Frost BankCitizens Bank+5 | — | ransomwaredata breach+5 | — | 40m 00s | |
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 4/14/26 | 80 Banks Breached via Marquis Software Vendor Chain✨ | vendor trust chainransomware attacks+4 | — | UNC6783Adobe+5 | — | ransomwaredata breach+7 | — | 49m 20s | |
| 4/7/26 | FBI Hacked, Chemo Cancelled, 2.5M Hims & Hers Customers Stolen in One Call✨ | cybersecuritythird-party risk+4 | — | FBISalt Typhoon+3 | — | FBI breachSalt Typhoon+7 | — | 37m 53s | |
| 3/31/26 | Cyber Claims Doubled, Sheriff's Office Wiped, Texas School District Offline✨ | cybersecurityransomware+4 | — | CHUBBAlamo Heights ISD+1 | IndianaSan Antonio+1 | cyber claimsransomware+4 | — | 44m 41s | |
| 3/24/26 | 4.8M Cybersecurity Jobs Unfilled + 31% of Businesses w/ Backups Still Lost Their Data Are You Next?✨ | cybersecurity jobsdata recovery+4 | — | At-BaySophos+2 | — | cybersecurityransomware+5 | — | 46m 50s | |
| 3/17/26 | DigitalMint Negotiator Was the Attacker | Stryker Wiper | OT Crisis✨ | ransomwarecybersecurity+3 | — | DigitalMintBlackCat/ALPHV+4 | Iran | ransomwareDigitalMint+7 | — | 46m 43s | |
| 3/10/26 | Cognizant TriZetto 3.4M Patient Breach, AkzoNobel Ransomware & AI Hacked Mexico's Government✨ | cybersecuritydata breach+4 | — | CognizantTriZetto+3 | Mexico | CognizantTriZetto+7 | — | 41m 37s | |
| 3/3/26 | Vendor Failures, Ransomware Leverage, and Legacy Data Risk✨ | vendor riskransomware+3 | — | Marquis Software SolutionsSonicWall+1 | — | ransomwarevendor risk+6 | — | 31m 03s | |
| 2/24/26 | Hospital Shutdown, Ransomware Surge, Fortinet Failures | Hospital Shutdown, Ransomware Surge, Fortinet Failures A hospital doesn't cancel chemotherapy appointments because of a “technical issue.” They cancel them because they've lost operational control. This week, the University of Mississippi Medical Center shut down its entire network after a ransomware attack disrupted systems — including Epic. Clinics closed. Elective procedures paused. Outpatient services halted. Emergency operations activated. Leadership described the shutdown as precautionary. But here's the real question executives should be asking: Why was a full network shutdown necessary? If segmentation is validated… If identity governance is enforced… If lateral movement detection is operationalized… Why does the only safe option become “turn it all off”? In this episode of Security Squawk, we break down what this incident signals about containment confidence, governance maturity, and operational resilience — not just in healthcare, but across every industry that depends on uptime. And we zoom out. Because UMMC isn't happening in isolation. According to TechRadar, ransomware groups have reached an all-time high in 2025. The victim growth rate has doubled. Qilin and other affiliate-driven operators are scaling aggressively. This isn't random chaos. It's industrialization. More fragmentation. More specialization. More execution discipline on the criminal side. Healthcare, public sector, and critical infrastructure are being economically targeted because downtime equals leverage. When systems go dark, negotiation pressure spikes. Then we connect it to something many leaders are still underestimating: Fortinet exploitation patterns. Edge vulnerabilities. VPN credential harvesting. Reinfection cycles months after patches were released. The vulnerability itself isn't the story. The response maturity is. Attackers are repeatedly probing whether organizations: – Patch fast enough – Rotate exposed credentials – Reset trust boundaries after compromise – Validate segmentation integrity – Rebuild identity confidence When those governance steps are skipped, attackers come back. That's not a tooling failure. That's a leadership failure. This episode translates three headlines into one hard truth: Ransomware is no longer just a malware problem. It's a containment confidence problem. For CEOs: If you cannot isolate an intrusion without shutting down revenue operations, your resilience model is fragile. For IT Directors: Active Directory recovery is not a restore-from-backup event. It's a trust re-establishment event. For MSPs: Client environments are operating in a denser criminal ecosystem. Tool stacking without maturity validation will not scale. For Risk Leaders: Financial exposure is no longer limited to ransom. Revenue interruption, regulatory scrutiny, and reputational damage compound quickly — especially in healthcare. We also discuss: • Why attacker communication often signals a second phase • Why affiliate ransomware models are accelerating • Why segmentation validation will become a board-level metric • Why detection speed does not equal governance strength Security Squawk exists to translate cybersecurity chaos into business reality — without vendor spin and without hype. If you value that kind of analysis and want to support independent, executive-focused cybersecurity conversations, you can back the show at: buymeacoffee.com/securitysquawk Your support helps us keep this live, timely, and unfiltered. Because criminals are already running maturity audits. And they invoice in operational shutdown. The question is simple: If it happened to you tomorrow, could you contain it — or would you turn the lights off? | 42m 00s | ||||||
| 2/17/26 | From FanDuel Fraud to Google AI Abuse The Real Risk in 2026 | Google has confirmed that state-backed threat actors are operationally using Gemini across the intrusion lifecycle — not experimentally, but strategically. In this episode of Security Squawk, we break down how AI is being integrated into reconnaissance, phishing refinement, vulnerability research, and even dynamic malware generation. According to Google's Threat Intelligence Group, multiple clusters — including DPRK-linked actors — are using Gemini to synthesize OSINT, map organizational structures, refine recruiter impersonation campaigns, and research exploit paths. In one case, malware known as HONESTCUE leveraged Gemini's API to dynamically generate C# code for stage-two payload behavior, compile it in memory using legitimate .NET tooling, and execute filelessly. This isn't a zero-day story. It's a friction story. At the same time, two individuals in Connecticut were charged for allegedly using thousands of stolen identities to exploit FanDuel's onboarding and promotional systems. No exotic exploit. No advanced intrusion chain. Just automated workflow abuse at scale. The pattern is clear: AI is compressing attacker timelines, and identity-driven fraud is industrializing predictable processes. We examine: How AI-enhanced phishing eliminates traditional grammar-based red flags Why trusted SaaS domains (Gemini share links, Discord CDNs, Cloudflare fronting, Supabase backends) are weakening reputation-based defenses What model distillation attempts (100,000+ structured prompts) signal about API abuse and intellectual property risk How fileless malware compiled with legitimate developer tooling challenges signature-based detection Why onboarding workflows and recruiting processes are now primary attack surfaces For CEOs, this is about erosion of trust anchors and shifting insurability expectations. For IT Directors and SOC leaders, this means reevaluating fileless execution visibility, API anomaly detection, and the reliability of reputation filtering models. For MSPs and risk managers, breaches will increasingly originate from workflow exploitation rather than perimeter misconfiguration. AI didn't invent new attack types. It removed friction from existing ones. And when friction disappears, scale compounds. If your recruiting, onboarding, verification, or AI product interfaces can be scripted — they can be weaponized. This episode is about operational clarity in a rapidly compressing threat landscape. Keywords: Google Gemini, HONESTCUE malware, AI phishing, state-backed threat actors, DPRK cyber operations, model distillation attacks, API abuse detection, fileless malware, .NET in-memory compilation, identity fraud, FanDuel fraud case, workflow exploitation, SaaS infrastructure abuse, Cloudflare phishing, Discord CDN payloads, Supabase backend abuse. Support the show https://buymeacoffee.com/securitysquawk | 36m 04s | ||||||
| 2/10/26 | SolarWinds, BridgePay, and the Ransomware Shift No One’s Ready For | In this episode of Security Squawk, Bryan Hornung, Reginald Ande, & Randy Bryan break down three stories that should change how executives think about cyber risk. This is not about tools, alerts, or vendor promises. It is about operational dependency, leadership accountability, and financial exposure when systems fail. Story one focuses on active exploitation of SolarWinds Web Help Desk vulnerabilities being used as an entry point for ransomware staging. Researchers are seeing attackers move fast after initial access, blending in by using legitimate remote management and incident response tools. That is the point. When attackers use normal looking admin utilities, many organizations do not detect the intrusion until the business impact is already locked in. If you run Web Help Desk or you have not verified your patch posture, this is a governance issue, not an IT debate. Patch timelines and exposure management are leadership decisions because they directly affect business interruption risk. Story two is a warning about the ransomware market adapting. As more organizations refuse to pay for data theft only extortion, threat actors are expected to pivot back toward encryption. Encryption creates urgency because it disrupts operations. The financial exposure shifts toward downtime, recovery labor, lost revenue, and customer churn. Executives should treat restore capability like a business continuity requirement. If your recovery plan has not been tested under pressure, it is not a plan. Story three covers the BridgePay ransomware incident and the downstream impact on merchants and local government services. Even when payment card data is not confirmed compromised, availability failures still create real harm. Customers do not care which vendor was hit. They only see that your business cannot process transactions. This is a clear reminder to revisit vendor criticality, SLAs, outage communications, and contingency processing options. Security Squawk is built for business owners, executives, board members, and IT leaders who want the real world impact without the fear marketing. Subscribe, share, and support the show at https://buymeacoffee.com/securitysquawk | 43m 59s | ||||||
| 2/3/26 | Ransomware Turns Violent, AI Agents Leak Data, Extortion Still Works | Cyber risk is escalating fast, and most business leaders are still operating with outdated assumptions. This episode of Security Squawk confronts that reality head on. Ransomware is no longer limited to encrypted files and downtime calculations. Threat actors are escalating pressure tactics into the physical world, including intimidation and direct threats against employees and executives. That shift fundamentally changes the risk profile for organizations. Once physical safety enters the equation, cybersecurity stops being a technical issue and becomes a leadership, legal, and duty of care problem. Companies that are unprepared for this escalation expose themselves to serious liability, regulatory scrutiny, and reputational damage that insurance alone cannot fix. At the same time, businesses are quietly introducing new risks through personal AI agents and automation tools. These tools are often adopted without security review, legal oversight, or compliance consideration. Marketed as productivity enhancers, personal AI agents frequently operate with broad access to email, files, customer data, and internal systems. When these agents mishandle or leak data, responsibility does not fall on the software vendor or the employee experimenting with automation. It falls squarely on the business. Regulators, insurers, and courts do not accept ignorance or convenience as a defense. We also examine why extortion groups like ShinyHunters continue to succeed even as companies invest heavily in security controls. This is not about sophisticated hacking techniques. It is about business pressure. Attackers understand deadlines, brand risk, customer trust, and executive fear. They exploit supply chains, third party vendors, and disclosure obligations to force decisions under time constraints. Paying extortion may feel like resolution, but it often increases long term risk, invites repeat targeting, and complicates regulatory reporting. Throughout this episode, the focus is not on tools, vendors, or technical jargon. It is on decision making. Who owns cyber risk inside the organization? How prepared is leadership to respond when incidents move beyond IT into legal, HR, and physical security territory? And how does a board defend its actions when regulators or plaintiffs start asking questions after an incident? This conversation is designed for CEOs, business owners, board members, and senior leaders who understand that cybersecurity is inseparable from operational risk, financial exposure, and executive accountability. If your strategy relies on cyber insurance, compliance checklists, or the belief that serious incidents only happen to larger companies, this episode will challenge that thinking. Security Squawk cuts through vendor noise and fear driven messaging to focus on what actually matters to businesses making real decisions. Support the show at https://buymeacoffee.com/securitysquawk | 30m 58s | ||||||
| 1/27/26 | Big Brands Exposed And Why Silence After Breaches Keeps Failing | This episode of Security Squawk breaks down a familiar and dangerous pattern in cybersecurity. Major brands are losing data. Attackers are moving fast. And companies are still relying on silence and delay as a response strategy. We cover hackers auctioning stolen source code from a major retailer, an unprotected database exposing millions of Gmail and Instagram records, ransomware claims involving Nike and Under Armour, and a gas station breach that exposed Social Security numbers. This is not about advanced hacking techniques or rare exploits. It is about basic security failures, weak response decisions, and the real business impact of hesitation after data exposure. If you are a business owner, executive, or IT leader, this episode explains why modern breaches cause damage long before confirmation and why waiting to respond often shifts risk onto customers and employees | 41m 21s | ||||||
| 1/21/26 | Ireland Cyberattack Exposes a Bigger Truth & Businesses Still Aren’t Ready | Cybersecurity failures are no longer just IT problems. They are legal, financial, and leadership failures. In this episode of Security Squawk, we break down how a ransomware attack on Ireland's Office of the Ombudsman delayed justice for citizens and what that incident reveals about preparedness, accountability, and real-world consequences of cyber risk. We start with the Ireland cyberattack that forced a key public watchdog agency to halt case processing for months. This was not a minor disruption. Systems were taken offline, legal action was required to prevent potential data leaks, and people relying on the system became collateral damage. The story highlights a hard truth. When cybersecurity fails, mission failure follows. Government or private sector, the outcome is the same. From there, we zoom out to the private sector where the warning signs are flashing red. New survey data shows cybersecurity litigation risk is rising faster than any other legal exposure for U.S. businesses. Corporate legal teams expect cyber and data privacy disputes to intensify, yet fewer of them feel prepared compared to last year. That gap tells us everything we need to know. Companies understand the risk is growing, but they are not investing or aligning fast enough to reduce it. We also examine the dangerous confidence gap in middle market firms. Nearly one in five experienced a cyber incident, yet almost all executives still believe their security posture is strong. Confidence without controls is not resilience. It is exposure. This disconnect raises serious questions about leadership accountability and how security decisions are being made at the executive level. The episode also dives into research showing that many top U.S. companies still fail basic cybersecurity hygiene. Reused passwords, outdated software, poor configuration, and unpatched systems remain common in 2025. These are not advanced threats. These are fundamentals. When organizations cannot execute the basics, the issue is not technical skill. It is culture, discipline, and leadership priority. We discuss the ongoing wave of data breaches affecting insurance, healthcare, and business services organizations, exposing millions of records. These incidents are proof that many companies remain reactive instead of proactive. Third-party risk, weak internal controls, and poor governance continue to amplify the damage. Finally, we tackle a growing blind spot. AI security governance. As businesses rapidly adopt AI tools, many still lack formal rules, oversight, or risk frameworks. Without governance, innovation turns into liability. Attackers move faster than policy, and organizations are left exposed. This episode is a wake-up call for business leaders, MSPs, IT professionals, and security decision-makers. Cybersecurity is no longer about compliance checklists or technology spend. It is about reducing real risk, protecting trust, and leading responsibly. If you want to understand why cyberattacks now lead to lawsuits, why confidence is not the same as security, and why leadership decisions matter more than ever, this episode delivers the insight you need. Subscribe, follow, and share Security Squawk. And if you want to support the show, you can always buy me a coffee at buymeacoffee.com/securitysquawk. | 35m 50s | ||||||
| 1/13/26 | Three Breaches, Same Problem Government Data Exposure and Ransomware Reality | Today on Security Squawk we are breaking down three different incidents that all point to the same underlying issue. Basic security failures with real consequences. An Oregon state agency exposes personal information tied to environmental complaints. Nissan suffers a ransomware incident that leaks nearly 900 gigabytes of internal data. And an Illinois government agency exposes sensitive information connected to more than 700,000 individuals. Randy Bryan, Reginald Andre, and Bryan Hornung walk through what actually happened, why these incidents keep repeating across industries, and what they mean for businesses that assume they are too small or too quiet to be targeted. If government agencies and global manufacturers are struggling with access control, monitoring, and accountability, the real question is what that means for your organization. Join us live to understand the risks and what to do next. Join Randy Bryan, Reginald Andre, and Bryan Hornung live and be part of the conversation. | 35m 04s | ||||||
| 1/9/26 | University Breach Hits 3.5M | Legacy Medical Devices in Danger | 50 Firms Breached Without MFA | University of Phoenix confirms a massive data breach affecting almost 3.5 million current and former students, staff, and partners after attackers exploited a zero-day in Oracle E-Business Suite. We break down the implications for identity theft risk and breach response. Next, Andre explains why most existing medical devices would fail the FDA's new cybersecurity standards and how healthcare organizations can manage legacy device risk in critical environments. Finally, Bryan breaks down a cloud breach spree that hit 50 global organizations because multi-factor authentication wasn't enforced. Learn why MFA is no longer optional and how basic security failures lead to major breaches. Tune in for expert insights, practical advice, and what every IT leader needs to know today. | 33m 33s | ||||||
Showing 25 of 278
Sponsor Intelligence
Sign in to see which brands sponsor this podcast, their ad offers, and promo codes.