Join us as we dive into the ever-changing world of digital security, bringing you the latest updates, trends, and expert insights to help you stay one step ahead of cyber threats. So, relax and let our knowledgeable host guide you through the fascinating realm of cybersecurity and technology in a calm, informative, and entertaining way.
Embedded Files
Recent Episodes
To watch all of our episodes please checkout our YouTube channel!
Episode #57
Episode #57
In this episode, Cody and Katie discuss the latest cybersecurity developments, from major breaches to novel attack methods. We dive into the alarming cyberattack on car-sharing firm Zoomcar, which saw sensitive personal information of approximately 8.4 million users stolen, a breach the company learned about directly from the threat actors. We also examine the alleged leak of 176,000 lines of data from VirtualMacOSX.com, including passwords and banking information, though the free distribution of such sensitive data is unusual and could indicate it's recycled or fake. We explore significant software vulnerabilities, such as the three critical flaws in the Sitecore Experience Platform that, when chained, could lead to full server takeover on thousands of publicly exposed instances, and the dangerous misconfigurations in GitHub Actions workflows that could allow attackers to steal secrets or control repositories from major projects like MITRE and Splunk due to elevated privileges. Furthermore, we look at an insidious new malware that hijacks checkout pages using legitimate Google OAuth URLs to bypass antivirus defenses and covertly steal payment data by activating only under specific conditions. We also cover the ongoing investigation into a cybersecurity incident impacting Canadian airline WestJet's internal systems, website, and mobile app, causing service disruptions indicative of a potential ransomware attack. Finally, we touch upon the theoretical "SmartAttack" that proposes exfiltrating data from air-gapped systems using compromised smartwatches via ultrasonic signals, and note the positive step of AWS achieving 100% MFA coverage for root users as part of CISA's Secure By Design initiative, significantly enhancing cloud security.
Episode #56
Episode #56
In this episode, Cody and Katie talk about the newest stories this week. We dive into a major cyberattack campaign by Chinese-linked threat actors that has compromised at least 75 organizations globally across critical sectors. We also discuss the severe risks to individuals, including how popular video games like Grand Theft Auto V and Minecraft are being used to distribute malware to millions of gamers through fake content, and how a new malware campaign leverages a fake DeepSeek website to reroute web traffic and steal sensitive data via BrowserVenom. We then explore significant infrastructure threats, such as the cyberattack on United Natural Foods, a key supplier for Whole Foods, which caused temporary disruptions and potential delivery delays by forcing IT systems offline, and how a year-old vulnerability in TBK DVR devices is actively expanding the Mirai botnet for DDoS attacks. We also cover recent security successes, like the Interpol-led "Operation Secure" that resulted in 32 arrests and the takedown of over 20,000 malicious IP addresses linked to infostealers. Additionally, we examine a critical "zero-click" vulnerability, EchoLeak, discovered in Microsoft 365 Copilot, which could have allowed silent exfiltration of sensitive corporate data, and the ongoing supply chain risk posed by 17 popular NPM packages compromised with a Remote Access Trojan. Finally, we highlight the persistent issue of poor cyber-hygiene in healthcare organizations, where weak password practices are dangerously common, putting millions of patients at risk due to a lack of proper policies and staff training.
Episode #55
Episode #55
In this episode, Cody and Katie talk about the newest stories this week. We dive into the significant increase in AI-fueled cyberattacks, noting the dramatic rise in automated scanning activity and the flood of stolen credentials available on the dark web. We explore how threat actors are exploiting typos and name confusion in supply chain attacks to distribute stealthy malware through fake packages on platforms like PyPI and NPM. We cover the discovery of critical race condition vulnerabilities in key Linux system components found in Ubuntu, Fedora, and Red Hat, which could allow attackers to gain access to sensitive information like passwords from core dumps. We discuss a major data exposure incident involving a top US dental marketing firm that left millions of user files and appointment records unprotected online. We also examine the growing concern over biometric data becoming more valuable than money, leading to a black market for stolen fingerprints and facial scans that pose unique, permanent privacy risks.
Episode #54
Episode #54
In this episode, Cody and Katie talk about the newest stories this week. We dive into significant incidents, including a zero-day vulnerability in Commvault's Metallic data protection platform exploited by nation-state hackers, which could put SaaS companies globally at risk by potentially accessing Microsoft 365 backup client secrets. We also explore policy debates, specifically the deep concerns voiced by experts regarding the EU's ProtectEU strategy and its approach to encryption, which aims to find technical ways to create backdoors into encrypted communications, a move critics argue undermines security and privacy. We cover novel distribution methods for malicious software, such as a new campaign on TikTok using AI-generated fake videos to trick users into running PowerShell commands that download infostealers like Vidar and StealC, and the discovery of 60 malicious packages on NPM using typosquatting to steal sensitive data like hostnames and internal IP addresses. We discuss the continued threat from vulnerable infrastructure, highlighted by thousands of older Cisco and Asus routers being hacked to create new botnets through the exploitation of vulnerabilities and brute force attacks. We also examine consumer risks, including a report identifying over 7 million compromised streaming service accounts (like Netflix, Prime Video, and Disney+) leaked online in 2024.
Page updated
Google Sites
Report abuse