Best Omitb Podcasts (2025)

1
The RMM protocol: Remote, risky, and ready to strike. [OMITB] 41:40

13d ago41:40

41:40

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠Selena Larson⁠, ⁠Proofpoint⁠ intelligence analyst and host of their podcast ⁠DISCARDED⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined b…

1
Bear in the network. 40:40

29m ago40:40

40:40

A joint advisory warns of Fancy Bear targeting Western logistics and technology firms. A nonprofit hospital network in Ohio suffers a disruptive ransomware attack. The Consumer Financial Protection Bureau (CFPB) drops plans to subject data brokers to tighter regulations. KrebsOnSecurity and Google block a record breaking DDoS attack. A phishing cam…

1
The Take It Down Act walks a fine line. 35:13

14m ago35:13

35:13

President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A s…

1
OWASP identification and authentication failures (noun) [Word Notes] 5:58

9m ago5:58

5:58

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 20…

1
Redacted realities: Inside the MoJ hack. 33:20

13m ago33:20

33:20

The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows system…

1
Dave Bittner: From puppet shows to podcasts. [Media] [Career Notes] 10:47

1d ago10:47

10:47

Please enjoy this encore of Career Notes. Host of the CyberWire Podcast, Dave Bittner, wanted to work with the Muppets, so naturally he landed in cybersecurity. Dave and his Cookie Monster puppet spent much of his childhood putting on shows for his parents friends. During one of those performances, he was discovered and got his start at the local P…

1
Leveling up their credential phishing tactics. [Research Saturday] 20:46

2d ago20:46

20:46

This week, Dave speaks with Max Gannon of Cofense Intelligence to dive into his team's research on "The Rise of Precision-Validated Credential Theft: A New Challenge for Defenders." Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement count…

1
Preparing for the cyber battlespace. 40:21

3d ago40:21

40:21

NATO hosts the world’s largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabi…

1
Bypassing Bitlocker encryption. 39:08

4d ago39:08

39:08

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers…

1
The band is finally back together. 43:33

4d ago43:33

43:33

And....we're back! This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe star…

1
Get to patching: Patch Tuesday updates. 38:15

5d ago38:15

38:15

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack. A Kosovo national has been extradited to the U.S. for allegedly running a…

1
Jamming in a ban on state AI regulation. 32:51

6d ago32:51

32:51

House Republicans look to limit state regulation of AI. Spain investigates potential cybersecurity weak links in the April 28 power grid collapse. A major security flaw has been found in ASUS mainboards’ automatic update system. A new macOS info-stealing malware uses PyInstaller to evade detection. The U.S. charges 14 North Korean nationals in a re…

1
Log4j vulnerability (noun) [Word Notes] 9:16

6d ago9:16

9:16

Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “⁠CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her …

1
No quick fix for a ClickFix attack. 32:26

7d ago32:26

32:26

A major student engagement platform falls victim to the ClickFix social engineering attack. Google settles privacy allegations with Texas for over one point three billion dollars. Stores across the UK face empty shelves due to an ongoing cyberattack. Ascension Health reports that over 437,000 patients were affected by a third-party data breach. A c…

1
Limor Kessem: Be an upstander. [Security Advisor] [Career Notes] 8:27

8d ago8:27

8:27

Enjoy this encore of Career Notes. Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core sec…

1
Beyond cyber: Securing the next horizon. [Special Edition] 1:03:13

9d ago1:03:13

1:03:13

Cybersecurity is no longer confined to the digital world or just a technical challenge, it’s a global imperative. The NightDragon Innovation Summit convened a group of industry leaders to discuss how public and private entities can work together to address emerging threats and harness the power of AI, cybersecurity, and innovation to strengthen nat…

1
Hijacking wallets with malicious patches. [Research Saturday] 20:09

10d ago20:09

20:09

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly pat…

1
Scrutinizing the security of messaging apps continues. 32:26

10d ago32:26

32:26

The messaging app used by CBP and the White House faces continued security scrutiny. Hacktivists breach the airline used for U.S. deportation flights. The FBI warns that threat actors are exploiting outdated, unsupported routers. Education giant Pearson confirms a cyberattack. Researchers report exploitation of Windows Remote Management (WinRM) for…

1
Targeting schools is not cool. 36:31

11d ago36:31

36:31

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency’s we…

1
AWS in Orbit: Empowering exploration on the Moon, Mars, and more. 26:37

11d ago26:37

26:37

From the N2K CyberWire network T-Minus team, please enjoy this podcast episode recorded at Space Symposium 2025. Find out how AWS for Aerospace and Satellite is empowering exploration on the Moon, Mars, and beyond with Lunar Outpost. You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests on this episode are AJ Gemer, CTO at Lunar O…

1
What’s inside the mystery box? Spoiler: It’s a scam! 46:13

11d ago46:13

46:13

As Dave Bittner is at the RSA Conference this week, our hosts ⁠⁠Maria Varmazis and ⁠⁠Joe Carrigan⁠⁠, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” …

1
When spyware backfires. 33:40

12d ago33:40

33:40

A jury orders NSO Group to pay $167 millions dollars to Meta over spyware allegations. CISA warns of hacktivists targeting U.S. ICS and SCADA systems. Researcher Micah Lee documents serious privacy risks in the TM SGNL app used by high level Trump officials. The NSA plans significant workforce cuts. Nations look for alternatives to U.S. cloud provi…

1
No hocus pocus—MagicINFO flaw is the real threat. 37:01

13d ago37:01

37:01

A critical flaw in a Samsung’s CMS is being actively exploited. President Trump’s proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux …

1
OWASP broken access control (noun) [Word Notes] 7:30

13d ago7:30

7:30

Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.By N2K Networks

1
Hardcoded credentials and hard lessons. 29:46

14d ago29:46

29:46

Researchers uncover serious vulnerabilities in the Signal fork reportedly used by top government officials. CISA adds a second Commvault flaw to its Known Exploited Vulnerabilities catalog. xAI exposed a private API key on GitHub for nearly two months. FortiGuard uncovers a cyber-espionage campaign targeting critical national infrastructure in the …

1
Joe Bradley: A bit of a winding road. [Chief Scientist] [Career Notes] 7:29

15d ago7:29

7:29

Please enjoy this encore of Career Notes. Chief Scientist at LivePerson Joe Bradley takes us down his circuitous career journey that led him back to math. Joe had many ambitions from opera singer to middle school teacher, spent some time at two national labs and went back to his first love of math and physics. He notes that many of the most mathema…

1
When AI gets a to-do list. [Research Saturday] 24:22

16d ago24:22

24:22

This week, we are joined by ⁠Shaked Reiner⁠, Security Principal Security Researcher at ⁠CyberArk⁠, who is discussing their research on"Agents Under Attack: Threat Modeling Agentic AI." Agentic AI empowers LLMs to take autonomous actions, like browsing the web or executing code, making them more useful—but also more dangerous. Threats like prompt in…

1
Wired, but not fired. 35:46

17d ago35:46

35:46

RSAC 2025 comes to an end. Canadian power company hit by cyberattack. Ascension Health discloses another breach. UK luxury department store Harrods discloses attempted cyberattack. Microsoft fixes bug flagging Gmail as spam. An unofficial version of the Signal app shared in photo. EU fines TikTok for violating GDPR with China data transfer. US Trea…

1
AI on the offensive. 33:08

18d ago33:08

33:08

Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France ac…

1
How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives] 41:47

18d ago41:47

41:47

We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber car…

1
The prince, the pretender, and the PSA. 28:35

18d ago28:35

28:35

As Maria is on vacation this week, our hosts ⁠Dave Bittner⁠ and ⁠Joe Carrigan⁠, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cybe…

1
Less CISA, more private sector power? 36:06

19d ago36:06

36:06

DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chi…

1
Trends shaping the future at RSAC. 33:18

20d ago33:18

33:18

RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal’s massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today’s Threat Vector, …

1
OWASP security misconfiguration (noun) [Word Notes] 7:03

20d ago7:03

7:03

Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-security-misconfiguration⁠ Audio reference link: ⁠“What Is the Elvish Word for Friend?”⁠ Quora, 2021.…

1
Lights out, lines down. 30:38

21d ago30:38

30:38

A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a b…

1
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes] 8:04

22d ago8:04

8:04

Please enjoy this encore episode of Career Notes. CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her requir…

1
Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition] 1:15:15

23d ago1:15:15

1:15:15

Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft fo…

1
China’s new cyber arsenal revealed. [Research Saturday] 25:33

23d ago25:33

25:33

Today we are joined by Crystal Morin, Cybersecurity Strategist from Sysdig, as she is sharing their work on "UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, includin…

1
Pentagon hits fast-forward on software certs. 32:44

24d ago32:44

32:44

The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack.…

1
Lessons from the latest breach reports. 28:57

25d ago28:57

28:57

Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from …

1
Are we a trade or a profession? [CISO Perspectives] 47:03

25d ago47:03

47:03

We're sharing a episode from another N2K show we thought you might like. It's the second episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives…

1
When AI lies, hackers rise. 42:37

26d ago42:37

42:37

This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are inc…

1
States struggle with cyber shift. 34:49

26d ago34:49

34:49

The White House’s shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A n…

1
Proton66’s malware highway. 42:36

27d ago42:36

42:36

The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia…

1
OWASP insecure design (noun) [Word Notes] 8:19

27d ago8:19

8:19

Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 Nove…

1
When fake fixes hide real attacks. 31:36

28d ago31:36

31:36

Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator…

1
Rich Hale: Understanding the data. [CTO] [Career Notes] 7:49

30d ago7:49

7:49

Please enjoy this encore episode of Career Notes. Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data. During his time in the Air Force, Rich was fo…

1
Crafting malware with modern metals. [Research Saturday] 20:03

1M ago20:03

20:03

This week, we are joined by Nick Cerne, Security Consultant from Bishop Fox, to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges. The author …

1
SSH-attered trust. 33:01

1M ago33:01

33:01

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There’s a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ sh…

1
Microsoft squashes windows server bug. 36:06

1M ago36:06

36:06

Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local…

Podcasts Worth a Listen

Omitb Podcasts

Podcasts Worth a Listen