A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
…
continue reading
Bug Bounty Podcasts
A Podcast about bugs, bounties and its researchers. Hosted by Fisher.
…
continue reading
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
…
continue reading
Behind The Bounty gives you an inside look at the community and people that make bug bounties happen. Hosted by Ben Sadeghipour (NahamSec) and Nathanial Lattimer (d0nut).
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
The Cyber Riddler is a podcast that discusses interesting topics in the field of information security. It explores different areas and situations in real-life cyber security engagements and activities. Episodes feature guests from different backgrounds such as hackers, security analysts, cyber security managers, bug bounty hobbyists and more.
…
continue reading
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
…
continue reading
Hacks, scams, cyber crimes, and other shenanigans explored and explained. Presented by your friendly neighborhood cybersecurity gal Michele Bousquet.
…
continue reading
We’re planting the seeds of fun with the only gardening podcast that’s just for kids! Welcome to Gro-Town where we celebrate the world outside our windows! Join Miss Danielle for growing tips, music, special guests, and a bounty of laughs along the way. Music. Garden. Community. Gro-Town! Continue the fun at https://www.gro-town.com/
…
continue reading
Hack for Fun and Profit is a weekly podcast for anyone who is interested in ethical hacking. The topics include bug bounty hunting, penetration testing, red teaming and many more. Sit back and enjoy stories, tips and tricks that will inspire you. For subscription-only episodes, enroll using this link: https://anchor.fm/thehackerish/subscribe
…
continue reading
On WE’RE IN!, you'll hear from the newsmakers and innovators who are making waves and driving the cyber security industry forward. We talk to them about their stories, the future of the industry, their best practices, and more.
…
continue reading
Welcome to eCommerceAholic, where we help you get more from your eCommerce store.
…
continue reading
Welcome to Smarter Online Safety: Protect, Empower, Transform—your go-to channel for digital security, AI productivity, and digital transformation. As cyber fraud, identity theft, and AI-driven risks grow, Jocelyn King, “The Queen of Online Safety,” is here to help you stay secure and thrive. A Top 10 Woman in Cybersecurity, speaker, and educator, she has been featured on Dr. Phil, prime-time news, international radio, and top podcasts. 💡 What You’ll Learn: ✔️ Protect yourself & your family ...
…
continue reading
Redefining CyberSecurity Podcast Hosted by Sean Martin, CISSP Have you ever thought that we are selling cybersecurity insincerely, buying it indiscriminately, and deploying it ineffectively? For cybersecurity to be genuinely effective, we must make it consumable and usable. We must also bring transparency and honesty to the conversations surrounding the methods, services, and technologies upon which businesses rely. If we are going to protect what matters and bring value to our companies, ou ...
…
continue reading
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer. Hacked & Secured: Pentest Exploits & Mitigations breaks down real-world pentest findings, exposing how vulnerabilities were discovered, exploited, and mitigated. Each episode dives into practical security lessons, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a pentester, security engineer, develop ...
…
continue reading
A podcast about the makers and breakers shaping cybersecurity. New episodes every other Monday! Go to https://hackerculture.fm for more information!
…
continue reading
SecureMac presents The Checklist. Hosted by Ken Ray, each week The Checklist hits security topics for your Mac and iOS devices. From how-to's and safety tips, to security news of the day, The Checklist by SecureMac takes a conversational, solutions oriented approach to security for the average user. Check in each Thursday for a new Checklist!
…
continue reading
Hacker Talk brings you interesting conversation between some of the world best hackers, cyber security professionals and information security people.
…
continue reading
Welcome to Behind the Binary, the podcast that introduces you to the fascinating people, technology, and tools driving the world of reverse engineering. Join your host, Josh Stroschein, a reverse engineer with the FLARE team at Google, and someone passionate about sharing knowledge and shedding light on the art of reverse engineering, as he sits down with intriguing guests to explore the human side of this profession. Behind the Binary goes beyond the code, sharing the stories, motivations, ...
…
continue reading
In "Surfacing Security," we explore a variety of cybersecurity topics relevant to Attack Surface Management and beyond. Your co-hosts are Michael Gianarakis (Assetnote Co-Founder/CEO) and Shubham Shah (Assetnote Co-Founder/CTO).
…
continue reading
The Business Security (BizSec) Podcast. Hosts Beau Woods and Dave Kennedy analyze and discuss the latest business news in the information and technology security world, as well as a bigger picture theme each episode. Follow us @bizsecpodcast
…
continue reading
STEM brother Basir Vincent podcast sharing small connect with the Tech bytes to encourage thought about STEM and STEAM engagement. Cover art photo provided by Oliver Pecker on Unsplash: https://unsplash.com/@ollipexxer
…
continue reading
Building better software, one incident at a time. Host Kevin Riggle talks with software engineers about that time they broke production. Whether you're an industry professional, or just curious about what makes the modern Internet run and what happens when it breaks, we bring you stories you haven't heard elsewhere. This is the audio version of the podcast. Watch on YouTube: https://youtube.com/@critical-point Produced by Complex Systems Group (https://complexsystems.group). Part of Critical ...
…
continue reading
Join us as we watch and discuss the entire Star Wars Canon from The Phantom Menace to the Force Awakens and beyond! Co-hosts Mondo, Joe (both from Not the Show) and with Ty (from Geek Fight Club's Chaos Inc.) talk about what they love and hate about The Saga.
…
continue reading
An insanely enjoyable Bitcoin podcast with a strong focus on liberty. Every Thursday, we chat about how Bitcoin sets the world free and share the latest cryptocurrency news and general Bitcoin talk. Guests have included: - Mastering Bitcoin author Andreas Antonopoulos - Liberty.me CLO Jeffrey Tucker - Antiwar.com editor Angela Keaton - Bitcoin/liberty activist Michele Seven - Jason King from Sean's Outpost Homeless Outreach - Drew Phillips from Bitcoin Not Bombs - Numerous other Bitcoin-lovi ...
…
continue reading
1
Episode 155: 2025 Hacker Stats & 2026 Goals
1:32:16
1:32:16
Play later
Play later
Lists
Like
Liked
1:32:16
Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Sho…
…
continue reading
1
Microsoft Bug Bounty, CISA hiring surge, US goes offensive in cyber ops, OWASP Top 10
42:22
42:22
Play later
Play later
Lists
Like
Liked
42:22
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss significant updates in cybersecurity, including Microsoft's overhaul of its bug bounty program, CISA's hiring strategy amidst workforce challenges, the US's shift towards a more aggressive cyber strategy, and insights from the updated OWASP Top 10 vulnerabilities. The…
…
continue reading
1
SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
6:08
6:08
Play later
Play later
Lists
Like
Liked
6:08
Risks of OOB Access via IP KVM Devices Recently, cheap IP KVMs have become popular. But their deployment needs to be secured. https://isc.sans.edu/diary/Risks%20of%20OOB%20Access%20via%20IP%20KVM%20Devices/32598 Tailsnitch Tailsnitch is a tool to review your Tailscale configuration for vulnerabilities https://github.com/Adversis/tailsnitch Net-SNMP…
…
continue reading
1
SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns
6:57
6:57
Play later
Play later
Lists
Like
Liked
6:57
Cryptocurrency Scam Emails and Web Pages As We Enter 2026 Scam emails are directing victims to confidence scams attempting to steal cryptocurrencies. https://isc.sans.edu/diary/Cryptocurrency%20Scam%20Emails%20and%20Web%20Pages%20As%20We%20Enter%202026/32594 Debugging DNS response times with tshark tshark is a powerful tool to debug DNS timing issu…
…
continue reading
1
It Fractured, Then Rebuilt Itself: The CISO Role Changed More in Five Years Than Ever Before, Setting the Stage for 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9 ...
15:42
15:42
Play later
Play later
Lists
Like
Liked
15:42
Across dozens of conversations centered on the CISO experience, one reality keeps surfacing: the role no longer exists to protect systems in isolation. It exists to protect the business itself. Today’s CISO operates at the intersection of operational risk, executive decision-making, and organizational trust. The responsibility is not just to identi…
…
continue reading
1
Five Patterns From 152 Episodes That Reshaped How I Think About Security, Technology, and Work Heading into 2026 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9
13:26
13:26
Play later
Play later
Lists
Like
Liked
13:26
Across 152 conversations this year, a set of recurring patterns kept surfacing, regardless of whether the discussion focused on application security, software supply chain risk, AI systems, or creative work. The industries varied. The roles varied. The challenges did not. One theme rises above the rest: visibility remains the foundation of everythi…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss key cybersecurity predictions for 2026, focusing on the rise of agentic AI, quantum computing threats, deepfakes, the expanding attack surface due to IoT, the evolution of cybercrime into corporate structures, and the necessity for cybersecurity to be viewed as a stra…
…
continue reading
AI is undoubtedly the technology of the year for hacks and scams. While scammers are busy using AI to make scams more convincing, scam baiters are fighting back with ingenious grandma-style AIs that keep scammers busy for hours on end. There have also been some spectacular busts of scam centers. What’s next, AI scammers chatting with AI scam baiter…
…
continue reading
1
SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
5:50
5:50
Play later
Play later
Lists
Like
Liked
5:50
MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847 Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977 https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5…
…
continue reading
1
Episode 154: Starting a Pentesting Company on Top of Bug Bounty
41:28
41:28
Play later
Play later
Lists
Like
Liked
41:28
Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting world Follow us on twitter at: https://x.com…
…
continue reading
1
Introducing the BSP Maturity Model for Identity
40:46
40:46
Play later
Play later
Lists
Like
Liked
40:46
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the Security Maturity Model, focusing on identity security. They explore the current state of security practices, identifying areas where organizations may be behind the curve, on track, or ahead of the curve in their security measures. Key topics include the importan…
…
continue reading
1
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
6:00
6:00
Play later
Play later
Lists
Like
Liked
6:00
DLLs & TLS Callbacks As a follow-up to last week's diary about DLL Entrypoints, Didier is looking at TLS ( Thread Local Storage ) and how it can be abused. https://isc.sans.edu/diary/DLLs%20%26%20TLS%20Callbacks/32580 FreeBSD Remote code execution via ND6 Router Advertisements A critical vulnerability in FreeBSD allows for remote code execution. Bu…
…
continue reading
1
Parenting in the Digital Jungle: Keeping Kids Safe Online
29:05
29:05
Play later
Play later
Lists
Like
Liked
29:05
How can parents keep kids safe online without fear or constant conflict? 📱👨👩👧👦 In this episode of Smarter Online Safety, host Jocelyn King sits down with internationally recognized parenting expert Sue Atkins to talk about raising confident, safe kids in today’s digital world. They cover age-appropriate screen time, how to spot early signs of cy…
…
continue reading
1
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog finds JWTs
4:37
4:37
Play later
Play later
Lists
Like
Liked
4:37
Positive trends related to public IP range from the year 2025 Fewer ICS systems, as well as fewer systems with outdated SSL versions, are exposed to the internet than before. The trend isn t quite clean for ISC, but SSL2 and SSL3 systems have been cut down by about half. https://isc.sans.edu/diary/Positive%20trends%20related%20to%20public%20IP%20ra…
…
continue reading
1
Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
1:16:50
1:16:50
Play later
Play later
Lists
Like
Liked
1:16:50
Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout …
…
continue reading
1
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
6:10
6:10
Play later
Play later
Lists
Like
Liked
6:10
Maybe a Little Bit More Interesting React2Shell Exploit Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed. https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Intere…
…
continue reading
1
SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited;
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38
Beyond RC4 for Windows authentication Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change. https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication FortiCloud SSO Login Vuln Exploited Arctic Wolf observed exploit attemp…
…
continue reading
1
The Hidden Risk Inside Your Build Pipeline: When Open Source Becomes an Attack Vector | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin
40:14
40:14
Play later
Play later
Lists
Like
Liked
40:14
⬥EPISODE NOTES⬥ Modern application development depends on open source packages moving at extraordinary speed. Paul McCarty, Offensive Security Specialist focused on software supply chain threats, explains why that speed has quietly reshaped risk across development pipelines, developer laptops, and CI environments. JavaScript dominates modern softwa…
…
continue reading
1
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch;
5:45
5:45
Play later
Play later
Lists
Like
Liked
5:45
More React2Shell Exploits CVE-2025-55182 Our honeypots continue to detect numerous React2Shell variants. Some using slightly modified exploits https://isc.sans.edu/diary/More%20React2Shell%20Exploits%20CVE-2025-55182/32572 The Fragile Lock: Novel Bypasses For SAML Authentication SAML is a tricky protocol to implement correctly, in particular if dif…
…
continue reading
Ever get your hair cut and wonder, "Is my barber part of an international scammer ring?" In November 2025, the FBI arrested Victor Marion, the owner of Mecca Barber Shop in San Diego, and eighteen of his buddies for scamming elderly victims out of $40 million with the classic tech support and refund scams, and for laundering the funds through the s…
…
continue reading
1
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
6:45
6:45
Play later
Play later
Lists
Like
Liked
6:45
Abusing DLLs EntryPoint for the Fun DLLs will not just execute code when some of their functions are called, but also as they are loaded. https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for%20the%20Fun/32562 Apple Patches Everything: December 2025 Edition Apple released patches for all of its operating systems, fixing two already exploited…
…
continue reading
In this powerful episode of Smarter Online Safety, Jocelyn King talks with Roger Canaff — former New York City special victims prosecutor, survivor advocate, and legal thriller author — about how predators operate online, the rise of AI “nudify” tools, and concrete steps parents and caregivers can take to protect kids and support survivors. What yo…
…
continue reading
1
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
Using AI Gemma 3 Locally with a Single CPU Installing AI models on modes hardware is possible and can be useful to experiment with these models on premise https://isc.sans.edu/diary/Using%20AI%20Gemma%203%20Locally%20with%20a%20Single%20CPU%20/32556 Mystery Google Chrome 0-Day Vulnerability Google released an update for Google Chrome fixing a vulne…
…
continue reading
1
Episode 152: GeminiJack and Agentic Security with Sasi Levi
1:21:36
1:21:36
Play later
Play later
Lists
Like
Liked
1:21:36
Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to s…
…
continue reading
1
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
6:58
6:58
Play later
Play later
Lists
Like
Liked
6:58
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on. https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Comma…
…
continue reading
1
EP20 Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich
1:10:25
1:10:25
Play later
Play later
Lists
Like
Liked
1:10:25
In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows Internals series, and why he describes himself as a developer who "hates security." The convers…
…
continue reading
1
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
8:04
8:04
Play later
Play later
Lists
Like
Liked
8:04
Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. h…
…
continue reading
1
Rethinking Public Health Workflows Through Automation and Governance: Why Data Modernization May Be The Key | A Conversation with Jim St. Clair | Redefining CyberSecurity with Sean Martin
44:06
44:06
Play later
Play later
Lists
Like
Liked
44:06
⬥EPISODE NOTES⬥ Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal,…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam delve into the growing cybersecurity threat posed by the Chinese state-sponsored group, Salt Typhoon. They discuss the group's tactics, motivations, and the implications for global security. The conversation highlights China's strategic focus on economic power as a means of n…
…
continue reading
1
SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory
6:26
6:26
Play later
Play later
Lists
Like
Liked
6:26
nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in…
…
continue reading
1
SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
5:34
5:34
Play later
Play later
Lists
Like
Liked
5:34
AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable syst…
…
continue reading
1
Understanding risk, behavior & smart online practices with David Cruz
38:29
38:29
Play later
Play later
Lists
Like
Liked
38:29
Protect what matters — not everything. In this episode David Cruz (El Maestro) breaks cybersecurity down into a simple, practical model: Risk → Behavior → Practice. Perfect for CEOs, small business owners, parents — anyone who wants real protection without the tech overwhelm. Episode highlights 1. A simple framework to decide what to protect and ho…
…
continue reading
1
SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks
4:35
4:35
Play later
Play later
Lists
Like
Liked
4:35
Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are n…
…
continue reading
1
Responsible Disclosure and Bug Bounty Programs: Webinar
24:38
24:38
Play later
Play later
Lists
Like
Liked
24:38
Adam Logue, Independent Security Researcher and Synack Red Teamer, discusses his experiences with responsible disclosure and bug bounty programs, and provides a fascinating technical deep dive into a vulnerability he found in Microsoft 365 Copilot during a client-facing engagement. Timestamps: 00:49 - Adam's background with responsible disclosure a…
…
continue reading
1
Episode 151: Client-side Advanced Topics
1:07:26
1:07:26
Play later
Play later
Lists
Like
Liked
1:07:26
Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criti…
…
continue reading
1
SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch
6:44
6:44
Play later
Play later
Lists
Like
Liked
6:44
Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-se…
…
continue reading
If Facebook has seemed scammy for the past few years, it's not your imagination. A leaked internal document shows that Facebook, and its parent company Meta, are well aware that many of their ads and posts are scams, but they make too much money off of them to do anything about it. Get all the details on this scathing report from Reuters that has r…
…
continue reading
1
SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability
6:06
6:06
Play later
Play later
Lists
Like
Liked
6:06
SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gas…
…
continue reading
1
AI, Quantum, and the Changing Role of Cybersecurity | ISC2 Security Congress 2025 Coverage with Jon France, Chief Information Security Officer at ISC2 | On Location with Sean Martin and Marco Ciappelli ...
26:22
26:22
Play later
Play later
Lists
Like
Liked
26:22
What Security Congress Reveals About the State of Cybersecurity This discussion focuses on what ISC2 Security Congress represents for practitioners, leaders, and organizations navigating constant technological change. Jon France, Chief Information Security Officer at ISC2, shares how the event brings together thousands of cybersecurity practitioner…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss vulnerabilities in popular chat applications, particularly focusing on Line and WhatsApp. They explore the implications of these vulnerabilities for user privacy and security, emphasizing the importance of API security and rate limiting. The conversation then shifts t…
…
continue reading
1
SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.
5:49
5:49
Play later
Play later
Lists
Like
Liked
5:49
Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 20…
…
continue reading
1
SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity
5:42
5:42
Play later
Play later
Lists
Like
Liked
5:42
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death. https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/ B2B Guest Access Cre…
…
continue reading
Smarter Online Safety — Jocelyn King with Daphne Ng A frank, non-technical conversation about how AI (voice cloning & deepfakes) is changing scams — including a $25M corporate fraud case — and what everyday people and teams can do right now to protect themselves. 🔔 Subscribe for weekly, simple online-safety tips 🎧 Listen on Apple/Spotify/Google Key…
…
continue reading
1
Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration
57:20
57:20
Play later
Play later
Lists
Like
Liked
57:20
Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@critica…
…
continue reading
1
Checklist 451 - Safe Holiday Shopping 2025
19:08
19:08
Play later
Play later
Lists
Like
Liked
19:08
We're going a day early this week because Friday might be too late. The holiday shopping season kicks off in earnest this Friday. We're looking at tips for safe shopping both online and in lines this holiday season. Plus - a look back at nine years of this show. It's all ahead on Checklist No. 451, brought to you by SecureMac. Check out our show no…
…
continue reading
1
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications. https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-targ…
…
continue reading
1
A Practical Look at Incident Handling: How a Sunday Night Bug Bounty Email Triggered a Full Investigation | A Screenly Brand Spotlight Conversation with Co-founder of Screenly, Viktor Petersson
17:48
17:48
Play later
Play later
Lists
Like
Liked
17:48
This episode focuses on a security incident that prompts an honest discussion about transparency, preparedness, and the importance of strong processes. Sean Martin speaks with Viktor Petersson, Founder and CEO of Screenly, who shares how his team approaches digital signage security and how a recent alert from their bug bounty program helped validat…
…
continue reading
1
Inside the Economics That Shape Modern Cybersecurity Innovations: How the Cybersecurity Startup Engine Really Works | A Conversation with Investor and Author, Ross Haleliuk | Redefining CyberSecurity with ...
47:10
47:10
Play later
Play later
Lists
Like
Liked
47:10
⬥EPISODE NOTES⬥ Understanding the Startup Engine Behind Cybersecurity This episode brings Sean Martin together with Ross Haleliuk, author, investor, product leader, and creator of Venture Insecurity, for a candid look at the forces shaping cybersecurity startups today. Ross shares how his decade of product leadership and long involvement in the sec…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the major announcements from Microsoft Ignite, focusing on the introduction of Security Copilot for Microsoft 365 E5 customers, innovations in identity management through Entra, and the integration of Defender for Cloud with GitHub. They also explore the new capabilit…
…
continue reading
