Noam Moshe, Claroty’s Vulnerability Research Team Lead, joins Dave to discuss Team 82's work on "Turning Camera Surveillance on its Axis." Team82 disclosed four vulnerabilities in Axis.Remoting—deserialization, a MiTM “pass-the-challenge” NTLMSSP flaw, and an unauthenticated fallback HTTP endpoint—that enable pre-auth remote code execution against Axis Device Manager and Axis Camera Station.
They found more than 6,500 Axis.Remoting services exposed online (over half in the U.S.), letting attackers enumerate targets, install malicious Axis packages, and hijack, view, or shut down managed camera fleets.Axis published an urgent advisory, issued patches for ADM 5.32, Camera Station 5.58 and Camera Station Pro 6.9, accepted Team82’s disclosure, and organizations are urged to update.
A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp’s missing million-dollar exploit.
On this week's episode of The FAIK Files: Google begins rolling out Gemini 3.0 and other AI updates; We look at new studies showing where AI gets it wrong, from misrepresenting news to writing vulnerable code; The latest on AI-driven job loss, including leaked documents from Amazon; and, a roundup of recent deepfake stories, including a Tory MP and the Irish election.
CISA Layoffs threaten U.S. cyber coordination with states, businesses, and foreign partners. Google issues its second emergency Chrome update in a week, and puts Privacy Sandbox out of its misery. OpenAI’s new browser proves vulnerable to indirect prompt injection. SpaceX disables Starlink devices used by scam compounds. Reddit sues alleged data scrapers. Blue Cross Blue Shield of Montana suffers a data breach. A new Android infostealer abuses termux to exfiltrate data. Iran’s MuddyWater deploys a wide-ranging middle east espionage campaign. We’re joined by Lauren Zabierek and Camille Stewart Gloster discussing the next evolution of #ShareTheMicInCyber. When customer service fails, try human resources.
In this episode of Threat Vector, David Moulton speaks with two cybersecurity leaders from Palo Alto Networks: Sarit Tager, Vice President of Product Management, and Krithivasan Mecheri (Krithi), Senior Director of Product Security. Together, they dive into the urgent challenges of securing modern development in the age of AI. The discussion explores the rise of Application Security Posture Management (ASPM), how organizations can move from reactive patching to proactive prevention, and the growing security crisis fueled by AI-generated code. With decades of combined experience in product security, cloud security, and DevSecOps, Sarit and Krithi share strategies for managing security backlogs, aligning executives and developers, and addressing the economics of technical debt. For decision-makers grappling with the balance between speed and resilience, this episode offers essential insights into securing the future of software development.
In this special policy series, the Caveat team is taking a deep dive into key topic areas that are likely to generate notable conversations and political actions throughout the current administration.
This week, while Dave Bittner is on vacation, hosts Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Users are reporting a potential new Signal scam involving fake in-app messages posing as official support, though Signal confirms it never contacts users first and only communicates via Signal email addresses. Joe’s story is on South Korea targeting Cambodia’s scam industry after reports of kidnappings, torture, and a death, as officials crack down on criminal groups luring citizens into forced online fraud operations across Southeast Asia. Maria has the story on how AI-driven scams like deepfakes and virtual kidnappings are increasingly targeting Gen Z, using fake voices and videos to power extortion schemes that exploit their mobile-first, always-online lives. Listener DarkProphet6 shares a clever phishing attempt disguised as a fake Cloudflare “I’m not a robot” check, which tried to trick users into pasting malicious code into their terminal — a move that could have created a remote shell for attackers.
In this Caveat Policy Deep Dive, our conversation and analysis revolve around North Korean hacking. Throughout this conversation, we break down how North Korea has transformed itself into one of the largest nation-state hackers today. We dive into what types of attacks they perform, how they have evolved these attacks over time, and how they use their ill-gotten gains to support their economy and evade sanctions.
A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft’ warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. When the cloud goes down, beds heat up.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.
They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI’s growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.
What started as two marketers looking for support has grown into a 4,000-member community and CyberMarketingCon, the go-to conference for anyone driving go-to-market in security.
In this replay from Chris Hughes’ Resilient Cyber show, Gianna and Maria share what makes the Society different, why the event feels more like a reunion than a conference, and what’s waiting in Austin this December (or online if that’s easier): hands-on workshops, founder + investor sessions, and this year’s theme — the Marketing Time Machine.
CISA warns a Windows SMB privilege escalation flaw is under Active exploitation. Microsoft issues an out of band fix for a WinRE USB input failure. Nation state hackers had long term access to F5. Envoy Air confirms it was hit by the zero-day in Oracle’s E-Business Suite. A nonprofit hospital system in Massachusetts suffers a cyberattack. Russian’s COLDRiver group rapidly retools its malware arsenal. GlassWorm malware hides malicious logic with invisible Unicode characters. European authorities dismantle a large-scale Latvian SIM farm operation. Myanmar’s military raids a notorious cybercrime hub. Josh Kamdjou, from Sublime Security discusses how teams should get ahead of Scattered Spider's next move. Eagle Scouts are soaring into cyberspace.
Fraud has been a longstanding issue, one that has never been and will never be completely solved. However, like many other things, fraud is evolving as threat actors are leveraging new scams and new technologies.
Entrar
