Best Mycroft Podcasts (2025)

1
Toronto’s Mycroft Raises $3.5M to Bring AI Security Officers to Startups 29:58

Play Pause

4d ago29:58

29:58

Toronto-based cybersecurity startup Mycroft has stepped out of stealth with a bold promise: to give startups and small-to-midsize businesses (SMBs) the kind of enterprise-grade security typically reserved for Fortune 500 companies. Acting as an AI-powered “Security and Compliance Officer,” Mycroft deploys autonomous AI agents that manage an organiz…

1
Steam Game BlockBlasters Turns Malicious, Drains $150K in Crypto 29:37

3d ago29:37

29:37

What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play platformer on Steam that turned from harmless fun into a malicious cryptocurrency-draining scheme. For nearly two months, BlockBlasters appeared safe, even earning “Very Positive” reviews. But in late Augu…

1
Beyond the Inbox: The Rising Threat of Non-Email Phishing Attacks 26:15

3d ago26:15

26:15

Phishing is no longer just an email problem. A new wave of non-email phishing attacks is targeting employees through social media, instant messaging apps, SMS, malicious search engine ads, and even collaboration tools like Slack and Teams. These campaigns are designed to bypass traditional defenses—leaving organizations exposed while attackers expl…

1
Stellantis Data Breach Exposes Contact Info in Third-Party Provider Attack 24:09

3d ago24:09

24:09

Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers compromised a third-party service provider’s platform. While no financial data was exposed, the company acknowledged that customer contact details were stolen, prompting advisories to remain vigilant a…

1
HoundBytes Launches WorkHorse to Eliminate SOC Tier 1 Bottlenecks 20:34

17h ago20:34

20:34

Cybersecurity firm HoundBytes has officially launched WorkHorse, an automated security analyst designed to solve one of the biggest pain points in modern Security Operations Centers (SOCs): the Tier 1 bottleneck. Overwhelmed by a constant flood of raw alerts, Tier 1 analysts often suffer from burnout and slow triage times, putting organizations at …

1
FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims 10:29

4d ago10:29

10:29

The FBI has issued a warning to the public about a cyber campaign impersonating the Internet Crime Complaint Center (IC3), using spoofed websites to trick victims into handing over sensitive information and money. Between December 2023 and February 2025, the agency received more than 100 reports of malicious activity tied to fake IC3 domains. Threa…

1
Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users 22:08

4d ago22:08

22:08

A new cyber campaign is actively targeting macOS users with the Atomic Stealer (AMOS) malware, leveraging fake GitHub repositories disguised as legitimate software downloads. Security researchers tracking the campaign report that the operators are impersonating trusted brands such as LastPass, 1Password, Dropbox, Notion, and Shopify to lure unsuspe…

1
Netskope’s IPO Raises $908M: SASE Leader Surges 18% on First Trading Day 10:50

4d ago10:50

10:50

Netskope, a California-based cybersecurity firm specializing in secure access service edge (SASE) solutions, has officially gone public in one of the largest cybersecurity IPOs of 2025. Trading on the Nasdaq under the ticker symbol NTSK, the company raised more than $908 million by selling shares at $19 each. Investor enthusiasm was evident as the …

1
SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs 24:17

4d ago24:17

24:17

A startling new report from AI security platform SPLX reveals how attackers can bypass the built-in guardrails of AI agents like ChatGPT through a sophisticated exploit involving prompt injection and context poisoning. Traditionally, AI models are programmed to refuse solving CAPTCHAs, one of the most widely deployed tools for distinguishing humans…

1
Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos 23:50

5d ago23:50

23:50

A cyberattack on Collins Aerospace, a U.S.-based provider of passenger check-in and baggage handling software, plunged major European airports into chaos over the weekend. Beginning late Friday, the disruption rippled across hubs in Brussels, Berlin, and London, crippling critical check-in systems and forcing a reversion to manual operations. Bruss…

1
Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed 22:35

7d ago22:35

22:35

A new security report has revealed serious, unpatched vulnerabilities in industrial control system (ICS) products manufactured by Novakon, a Taiwan-based subsidiary of iBASE Technology. Security researchers at CyberDanube identified five categories of flaws affecting Novakon’s Human-Machine Interfaces (HMIs), including an unauthenticated buffer ove…

1
RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign 23:00

7d ago23:00

23:00

The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its tactics with the help of Artificial Intelligence (AI) and a powerful new malware strain, VenomRAT. Active since 2015, RevengeHotels has long targeted hotels, travel agencies, and tourism businesses to s…

1
ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research 26:15

7d ago26:15

26:15

A groundbreaking new cyberattack dubbed ShadowLeak has been uncovered targeting ChatGPT’s Deep Research capability, marking a dangerous escalation in AI-related threats. Unlike prior exploits such as AgentFlayer and EchoLeak, which operated on the client side, ShadowLeak weaponized OpenAI’s own cloud infrastructure to silently exfiltrate sensitive …

1
WatchGuard Firebox Vulnerability Could Let Hackers Take Over Networks 28:50

7d ago28:50

28:50

A new critical vulnerability, CVE-2025-9242, has been discovered in WatchGuard Firebox firewalls, putting thousands of networks worldwide at risk. The flaw stems from an out-of-bounds write bug in the Fireware OS’s iked process, which could allow a remote, unauthenticated attacker to execute arbitrary code. If exploited, this would grant full contr…

1
How SystemBC’s 1,500 Infected VPS Servers Fuel Ransomware and Fraud 32:02

8d ago32:02

32:02

The SystemBC proxy botnet has quietly become one of the most persistent pillars of the cybercrime ecosystem. First detected in 2019, SystemBC is less about stealth and more about scale. It maintains an average of 1,500 compromised commercial virtual private servers (VPS) around the world, providing a powerful, high-bandwidth proxy network for cyber…

1
Tiffany & Co. Data Breach Exposes Gift Card Details of 2,500+ Customers 12:33

8d ago12:33

12:33

Tiffany and Company, the iconic luxury jeweler under the LVMH umbrella, has confirmed a serious data breach impacting over 2,500 customers across the United States and Canada. On or around May 12, 2025, hackers infiltrated Tiffany’s internal systems, compromising sensitive customer data tied to gift cards. Exposed information includes names, email …

1
Lakera’s Gandalf Network Joins Check Point in $300M AI Security Deal 24:33

9d ago24:33

24:33

In a major strategic move, Check Point Software Technologies has announced the acquisition of Lakera, a Zurich and San Francisco–based AI security firm founded by former Google and Meta AI researchers. Valued at around $300 million, the acquisition will close in late 2025 and serve as the foundation for Check Point’s new Global Center of Excellence…

1
Shai-Hulud Exposes Fragility of the Open-Source Software Supply Chain 34:50

9d ago34:50

34:50

A major supply chain attack is underway in the npm ecosystem. Dubbed Shai-Hulud, this worm-style campaign began with the compromise of the popular @ctrl/tinycolor package and has since infected at least 187 npm packages, including some published under CrowdStrike’s official account. The malware, designed to spread automatically, abuses the legitima…

1
ChatGPT Calendar Vulnerability Exposes User Emails in New AI Attack 20:27

9d ago20:27

20:27

A critical vulnerability has been uncovered in ChatGPT’s new calendar integration, exposing how attackers could exfiltrate sensitive user data—particularly emails—through a deceptively simple exploit. Security researchers at EdisonWatch, led by Eito Miyamura, demonstrated how a malicious calendar invitation could contain hidden instructions that Ch…

1
CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR) 22:03

9d ago22:03

22:03

At Fal.Con 2025, CrowdStrike announced one of its boldest moves yet: the acquisition of AI security startup Pangea. The deal signals CrowdStrike’s intent to redefine the future of cybersecurity by protecting not just endpoints and networks, but the entire AI lifecycle. Pangea, founded in 2021, is known for cutting-edge tools like AI Guard, which pr…

1
RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down 27:03

7d ago27:03

27:03

Microsoft and Cloudflare have successfully dismantled RaccoonO365, a global phishing-as-a-service (PhaaS) operation that had been running for over a year. This criminal platform, marketed on Telegram and used by up to 200 subscribers, enabled attackers to craft realistic Microsoft 365 phishing campaigns, complete with fake login pages, email lures,…

1
AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks 1:01:18

10d ago1:01:18

1:01:18

Social engineering has reclaimed center stage as today’s most reliable intrusion vector—and it’s not just email anymore. Recent warnings from law enforcement and national cyber centers underscore how adversaries exploit human psychology to “log in, not hack in,” bypassing hardened perimeters with phishing, vishing (voice phishing) against IT help d…

1
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds 41:45

10d ago41:45

41:45

The infamous Rowhammer vulnerability, long thought to be contained by new DRAM protections, has resurfaced with devastating force. Academic researchers, working with Google, have unveiled the Phoenix attack, a breakthrough Rowhammer variant that shatters the defenses of DDR5 memory chips. Despite the industry’s investment in Target Row Refresh (TRR…

1
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform 48:07

10d ago48:07

48:07

Cybercriminals aren’t just breaking in—they’re borrowing your brand to do it. This episode dives into the critical intersection of brand protection, threat intelligence, and external attack surface management (EASM) and lays out a practical, intelligence-driven blueprint you can start applying today. We begin with the state of brand abuse: a sharp …

1
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law 31:38

10d ago31:38

31:38

California’s Assembly Bill 566 (AB 566) has become one of the most hotly contested pieces of privacy legislation in the country. The bill would require universal “opt-out preference signals” in web browsers and mobile operating systems, allowing consumers to automatically block the sale and sharing of their personal data across the internet. Propon…

1
FinWise Bank Data Breach Exposes 700K Customers Amid Predatory Lending Allegations 33:04

11d ago33:04

33:04

FinWise Bank is facing a double crisis—one of data security and another of public trust. Nearly 700,000 customers of American First Finance (AFF), a FinWise partner, were impacted by a massive data breach after a former employee improperly accessed sensitive records. The bank has responded with offers of free credit monitoring, but the damage to co…

1
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories 38:48

18d ago38:48

38:48

In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” The incident began when attackers exploited a flaw in GitHub Actions workflows for the Nx repository, stealing an NPM publishing token and using it to release malicious versions of Nx packages. These packa…

1
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise 34:24

18d ago34:24

34:24

Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than 1% of its three million clients. The incident, detected on August 30, 2025, originated from a supply chain attack: a trusted third-party vendor’s compromised software package served as the entry point f…

1
FireCompass Raises $20M to Scale AI-Powered Offensive Security 38:48

18d ago38:48

38:48

In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven cybersecurity innovators. The startup, founded in 2019, just secured $20 million in new funding—bringing its total raised to nearly $30 million. Backed in part by EC-Council’s Cybersecurity Innovation Fu…

1
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems 32:04

18d ago32:04

32:04

A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP S/4HANA deployments, both on-premise and in private cloud environments, this ABAP code injection flaw carries a near-maximum CVSS score of 9.9. What makes it especially dangerous is its low complexity…

1
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto 30:21

19d ago30:21

30:21

North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cryptocurrency and decentralized finance (DeFi) organizations. At the center of these operations is the “Contagious Interview” campaign, where hackers impersonate recruiters and trick job seekers into do…

1
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE 51:24

22d ago51:24

51:24

Cato Networks, a leader in Secure Access Service Edge (SASE), has made its first acquisition, purchasing Aim Security, an AI security startup founded in 2022. The acquisition, valued at an estimated $300–350 million, represents a major step in addressing the growing risks tied to generative AI adoption in enterprises. As organizations increasingly …

1
Tidal Cyber Secures $10M to Advance Threat-Informed Defense 48:00

22d ago48:00

48:00

Cybersecurity startup Tidal Cyber, founded in 2022 by three former MITRE experts, has raised $10 million in Series A funding, bringing its total capital to $15 million. The funding will accelerate the company’s product innovation and expansion, advancing its mission to operationalize the MITRE ATT&CK framework and empower organizations with threat-…

1
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube 36:38

22d ago36:38

36:38

Disney has reached a $10 million settlement with the U.S. Federal Trade Commission (FTC) after being found in violation of the Children’s Online Privacy Protection Act (COPPA). At the heart of the case is Disney’s failure to properly label child-directed content on YouTube as “Made for Kids” (MFK). Instead, many videos — including clips from Frozen…

1
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack 30:17

22d ago30:17

30:17

Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited zero-day flaws that are already being used in targeted attacks. These zero-days — CVE-2025-38352, a Linux kernel race condition, and CVE-2025-48543, a flaw in the Android Runtime — allow attackers to …

1
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire 56:06

23d ago56:06

56:06

A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience Platform (XP) systems deployed with outdated ASP.NET machine keys. Google and Microsoft threat intelligence teams have confirmed that attackers are leveraging ViewState deserialization attacks to achi…

1
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta 29:20

24d ago29:20

29:20

A new and highly sophisticated Android malware campaign, dubbed Brokewell, has emerged as one of the most dangerous mobile threats of 2024–2025. First spotted in April 2024 disguised as fake browser updates, Brokewell has since evolved into a fully featured spyware and remote access trojan (RAT), delivered through deceptive Meta (Facebook) advertis…

1
Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare 34:15

24d ago34:15

34:15

Aviation safety and geopolitics collided when multiple flights carrying high-ranking European and UK officials were hit by suspected Russian GPS jamming. European Commission President Ursula von der Leyen’s flight to Bulgaria experienced a severe GPS outage, forcing a manual landing. EU officials immediately pointed the finger at Moscow, calling th…

1
Salesforce and Google Workspace Compromised in Largest SaaS Breach 43:38

22d ago43:38

43:38

In August 2025, the largest SaaS breach of the year shook the enterprise world when a newly identified threat actor, UNC6395, orchestrated a supply-chain attack through compromised Salesloft Drift and Drift Email applications. By stealing OAuth tokens, the attackers gained unauthorized access to Salesforce and Google Workspace environments of more …

1
Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks 26:10

24d ago26:10

26:10

A pair of newly discovered zero-day vulnerabilities—CVE-2025-43300 in Apple’s ImageIO framework and CVE-2025-55177 in WhatsApp—have been confirmed as part of a sophisticated spyware campaign targeting both iPhone and Android users. Security researchers revealed that attackers chained these flaws together in seamless zero-click exploits, requiring n…

1
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike 52:07

29d ago52:07

52:07

Sweden is reeling from one of the largest public sector cyber incidents in its history. A ransomware attack on Miljödata, an IT services provider supporting nearly 80% of Sweden’s municipalities and several regions, has left critical systems inaccessible and raised fears of a massive leak of sensitive personal data. The stolen information could inc…

1
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime 44:37

29d ago44:37

44:37

The cybersecurity world has entered a new era: AI-powered ransomware. Researchers recently uncovered PromptLock, a proof-of-concept malware that uses OpenAI’s gpt-oss:20b model and Lua scripting to autonomously generate malicious code, encrypt data, and exfiltrate files across Windows, Linux, and macOS. While still experimental, PromptLock demonstr…

1
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware 40:34

29d ago40:34

40:34

The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Directory (AD) and Entra ID environments has plummeted to just 61%—a failing grade and an 11-point decline since 2023. This troubling trend underscores the persistent challenges organizations face in protecti…

1
AI-Powered Polymorphic Phishing: The New Era of Social Engineering 1:10:14

29d ago1:10:14

1:10:14

Cybercrime is entering a new phase—one marked by AI-powered phishing attacks, the weaponization of legitimate remote access tools, and the rise of professionalized underground markets. Recent reports highlight the alarming growth of AI-driven polymorphic phishing, where malicious emails are automatically tailored, randomized, and adapted in real ti…

1
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations 40:17

29d ago40:17

40:17

The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August 8–18, 2025, attackers from the group UNC6395 exploited compromised OAuth tokens from the Salesloft Drift AI chat integration, systematically exporting data from hundr…

1
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats 40:33

1M ago40:33

40:33

A new and highly sophisticated cyber espionage campaign attributed to Silk Typhoon—also known as Mustang Panda, TEMP.Hex, or UNC6384—has been uncovered, targeting diplomats and government entities across Southeast Asia. Researchers from Google’s Threat Intelligence Group (GTIG) revealed that the attackers deployed Adversary-in-the-Middle (AitM) tec…

1
FTC Warns Tech Giants: Don’t Weaken Encryption for Foreign Governments 37:13

1M ago37:13

37:13

The fight over encryption has entered a new phase. The Federal Trade Commission (FTC), led by Chairman Andrew Ferguson, has issued a strong warning to major U.S. technology companies: resist foreign government demands to weaken encryption. At stake is nothing less than the security of millions of Americans’ private communications, financial data, a…

1
Invisible Prompts: How Image Scaling Attacks Break AI Security 23:03

1M ago23:03

23:03

Researchers have uncovered a new form of indirect prompt injection that leverages a simple but powerful trick: image scaling. This novel attack involves hiding malicious instructions inside high-resolution images, invisible to the human eye. When AI systems automatically downscale these images during preprocessing, the hidden prompt becomes visible…

1
Healthcare Services Group Breach Exposes 624,000 Individuals’ Sensitive Data 1:04:53

1M ago1:04:53

1:04:53

The healthcare sector has been rocked yet again by a massive cybersecurity incident. Healthcare Services Group (HCSG), a provider of dining and laundry services to healthcare facilities, disclosed a data breach that compromised the personal information of over 624,000 individuals. Between late September and early October 2024, hackers gained unauth…

1
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised 40:09

1M ago40:09

40:09

French retail giant Auchan has confirmed a massive data breach that compromised the personal details of hundreds of thousands of customers. The stolen data includes names, addresses, phone numbers, email addresses, and loyalty card numbers—though banking details, passwords, and PINs were reportedly not affected. Despite this, the breach is serious …