Join us as we dive into the ever-changing world of digital security, bringing you the latest updates, trends, and expert insights to help you stay one step ahead of cyber threats. So, relax and let our knowledgeable host guide you through the fascinating realm of cybersecurity and technology in a calm, informative, and entertaining way.
Embedded Files
Recent Episodes
To watch all of our episodes please checkout our YouTube channel!
Episode #72
Episode #72
In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and trends. We begin by discussing the actively exploited vulnerabilities in about 50,000 Cisco firewalls that could grant attackers full control over the devices. We also cover a high-severity VMware zero-day, exploited by a Chinese state-sponsored group, which has finally been patched by Broadcom. Additionally, we explore how Microsoft detected and thwarted a phishing campaign that used AI-generated code hidden inside an SVG file to steal credentials. Finally, we examine the new MatrixPDF phishing kit being sold on the dark web that allows criminals to easily turn regular PDF files into malware.
Episode #71
Episode #71
In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and trends. We begin by discussing the "ShadowLeak" vulnerability, a zero-click flaw in ChatGPT's Deep Research agent that allows attackers to steal sensitive data directly from OpenAI's servers without any user interaction. We also cover the discovery of MalTerminal, an AI-powered malware generator that uses GPT-4 to create ransomware and reverse shell code in real time, making it difficult for traditional security tools to detect. Additionally, we explore a breach at a U.S. federal agency where hackers exploited a critical vulnerability in GeoServer to deploy the China Chopper web shell and move across the network. Finally, we examine a ransomware attack on Collins Aerospace's passenger processing system that caused hundreds of flight cancellations and delays at major European airports.
Episode #70
Episode #70
In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and trends. We first explore a major supply-chain attack involving a self-replicating worm named Shai-Hulud, which has compromised at least 187 npm packages to steal developer secrets and spread itself. We then discuss how Chinese users are being targeted by malware like HiddenGh0st and kkRAT through SEO poisoning and spoofed GitHub download pages. Additionally, we cover the hacker group ShinyHunters' claim of stealing 1.5 billion records from 760 companies by breaching Salesloft's GitHub repository to access sensitive Salesforce data. We also examine new research showing that students are responsible for over half of insider cyber attacks in UK schools, often by exploiting weak passwords and poor data protection practices. Finally, we break down how a threat actor dubbed WhiteCobra has been distributing malicious extensions through the Visual Studio Marketplace to deploy the Lumma Stealer infostealer.
Episode #69
Episode #69
In this episode, Cody and Katie dive into this week's most critical cybersecurity incidents and trends. We first explore the "catastrophic" security flaws found across Burger King, Tim Hortons, and Popeyes, where ethical hackers easily accessed systems due to hard-coded and plain-text passwords, exposing internal configurations and employee accounts. We then analyze how hackers are leveraging malicious Scalable Vector Graphics (SVG) files to spoof legitimate websites and deploy malware that bypasses antivirus software, with over 500 such files discovered in one campaign. Additionally, we report on the discovery of 45 previously unknown domains linked to Chinese APT groups like Salt Typhoon, used for stealthy, long-term cyber-espionage dating back five years, and the modular macOS backdoor, ChillyHell, which remained undetected by antivirus for years despite Apple's notarization. We also examine the UK Electoral Commission's arduous three-year, £250,000 recovery from a cyberattack, underscoring the vulnerabilities in democratic systems, even though no evidence of vote tampering was found. Finally, we break down the US Department of Defense's new, more stringent Cybersecurity Maturity Model Certification 2.0 (CMMC) standards, which will officially take effect on November 10, 2025, outlining critical compliance demands for all potential contractors.
Page updated
Google Sites
Report abuse