Best VMware User Group Podcasts (2025)

1
$7 Million in Crypto Stolen from Trust Wallet Users 5:29

Play Pause

6h ago5:29

5:29

The holiday season is a rather expensive time of year, not just with gift buying but with scams that take advantage of the season. One thing rather unexpected however, was a Christmas Eve update that drained the wallets of some TrustWallet users. Sources: https://pastebin.com/NHqAjqzMBy Chloe Thonus

1
The Return of Prince of Persia 6:05

3d ago6:05

6:05

Most threat actors come and go with the times, not lasting more than a couple years. Prince of Persia was assumed to be one such group, but it turns out they not only returned but never left in the first place. Sources: https://pastebin.com/9yJ1fxP3By Chloe Thonus

1
DroidLock Ransomware Targets Pirates 6:56

10d ago6:56

6:56

Usually ransomware targets large entities, but as always no one is truly safe online. This specific malware targets individual android users sideloading apps from illegitimate sources. Sources: https://pastebin.com/3J3uAVHtBy Chloe Thonus

1
BRICKSTORM Backdoor Targetting VMWare VSphere Servers 6:18

17d ago6:18

6:18

CIS recently released an advisory warning of a stealthy backdoor that has been targeting VMWare shots and stealing data from snapshots of virtual machines. These are the details of that backdoor Sources: https://pastebin.com/ppt9V3b1By Chloe Thonus

1
HashJack: An AI Browser Attack 6:48

24d ago6:48

6:48

In the security world it is becoming more and more necessarily to invest in controls around AI and the web browser. This attack targets both and often leaves absolutely no trace on your end, as the attack never leaves the browser. Sources: https://pastebin.com/rz744p1bBy Chloe Thonus

1
Cloudflare Internal Error Causes Massive Outage 8:26

1M ago8:26

8:26

Cloudflare had a massive outage on Tuesday morning that many suspected was some kind of big attack by nation state hackers, however it turns out to have been a lot more simple than that. A little internal error caused a domino effect that took out much of the web for several hours. Sources: https://pastebin.com/ftmYtFv7…

1
First Fully Autonomous AI Attacks Used Claude 5:57

1M ago5:57

5:57

We have our fears of AI taking over the world and killing all the humans, which we are still rather far from, however a more urgent worry is the use of AI automomous agents taking the place of hackers themselves. Once such group managed to offload 80% of the technical hacking work to Claude Code. Sources: https://pastebin.com/PzTM7dZT…

1
UPenn Data Stolen in Breach 6:21

2M ago6:21

6:21

Last week we discussed a weird email sent to students, staff, alumni, or basically anyone associated with the University of Pennsylvania. This week some new developments in the case occurred that could leave data at risk, but the attacker's motivations and actions seem odd. Sources: https://pastebin.com/GDKhPmrE…

1
UPenn Got Hacked 8:10

2M ago8:10

8:10

I learned how to generate censorship bleeps! But also a strange and vulgar email was sent out to alumni, donors, clients, staff, and current students from the University of Pennsylvania warning that a data leak was inevitable. But is there any substance? Sources: https://pastebin.com/MbJwdrYABy Chloe Thonus

1
Lazarus Group Steal Drone Data via Fake Job Offers 5:54

2M ago5:54

5:54

We've talked about North Korean threat actors being hired for jobs in order to steal data, but what about North Korean threat actors hiring people to steal data? Seems backwards, but it's been going on for years and recently teh defense sector has become a target of these attacks. Sources: https://pastebin.com/yrWK4K20…

1
Government ID Breached From Discord Support 7:39

2M ago7:39

7:39

Discord is a popular chat app used by gamers, technologists, and even local communities. Recently however, it potentially had a very serious data breach involving the government identification of its users. Sources: https://pastebin.com/1QJdNW5bBy Chloe Thonus

1
Did AI Try To Blackmail An Executive? 10:53

3M ago10:53

10:53

In many doomsday scenarios AI become sentient and try to kill mankind, but has this already started to happen? Many sensational headlines would lead you to believe so, but the answer is a little more complicated than that... Sources: https://pastebin.com/sgjfdr8jBy Chloe Thonus

1
3 Hacker Groups Team Up to Form Salesforce Extortion Site 6:24

3M ago6:24

6:24

By Chloe Thonus

1
How A Bad Password Killed A Decades Old Firm 11:09

3M ago11:09

11:09

Oh how the mighty have fallen. It takes a lot for a business to survive even 5 years after an attack, let alone 158. So what could kill such a strong business that clearly has it figured out? It turns out the Achilles heel is often just a single bad password. Sources: https://pastebin.com/7M6vKycyBy Chloe Thonus

1
Spear Phishing Using AI Generate South Korean Military Documents 6:28

3M ago6:28

6:28

Spear phishing can potentially get even more realistic with the use of generative AI. Recently North Korean threat actors leveraged prompt injection to create surprisingly realistic South Korean military documents Sources: https://pastebin.com/H4qH2YuKBy Chloe Thonus

1
Biggest Yet Most Anticlimactic Supply Chain Attack 7:03

4M ago7:03

7:03

Supply chain attacks are one of the most devastating if done right, and one of the biggest in the history of NPM just occurred. However it was probably less fruitful than the attackers were hoping... Sources: https://pastebin.com/GfquiVgZBy Chloe Thonus

1
France Fines Google For Cookie Violations 6:13

4M ago6:13

6:13

Tech giants have been collecting a lot of data on us for years with the use of cookies, and though efforts have been made to reduce this they have been futile. France recently fined Google hundreds of millions for cookie consent violations, but it may only be a minor cost of business to them. Sources: https://pastebin.com/GkPf9W1c…

1
Victims Email Phishers First in Zipline Campaign 7:32

4M ago7:32

7:32

Usually in phishing cases, you are emailed by the attackers first, but can attackers lie in wait for you to email them first? Surprisingly, yes. How is this even possible? Find out today! Sources: https://pastebin.com/4b2vsrwHBy Chloe Thonus

1
Former Dev Gets 4 Years for Sabotaging Workplace 6:11

4M ago6:11

6:11

Everyone may get elaborate revenge fantasies but few follow through due to the bad outweighing the satisfaction. One man, sensing he was to be terminated soon, however, decided if he were to go he would try to take the whole company down with him. Last week he was sentenced to 4 years in prison. Sources: https://pastebin.com/Pi0YSFUt…

1
Hydroelectric Dam in Norwary Hacked 6:57

4M ago6:57

6:57

Water and energy are both critical resources to society. In a display of fear, pro-Russia hacktivists compromised a dam in Norway remotely, demonstrating that cyberattacks can have very physical implications. Sources: https://pastebin.com/mwwrPwtRBy Chloe Thonus

1
UK To Ban Public Sector from Paying Ransomware 7:40

5M ago7:40

7:40

The UK recently proposed the banning of public sector organizations from paying ransomware ransoms, in an effort to discourage cybercriminals from targeting them. How may this end up working out though? Sources: https://pastebin.com/37jGGd9XBy Chloe Thonus

1
CISA Opens Thorium Tool to Public 6:54

5M ago6:54

6:54

CISA has developed many interesting and powerful tools over the year for cybersecurity, but recently they made one of malware analysis and automation open source and available for the public to use. Thorium. Let's talk about what this tool can do. Sources: https://pastebin.com/zhmAvguEBy Chloe Thonus

1
Inside a North Korean Laptop Farm Scheme 5:27

5M ago5:27

5:27

An Arizona woman was arrested for running a North Korean IT worker laptop farm out of her home, and this gave us a little look into the strange world of how these threat actors are able to infiltrate US organizations. Sources: https://pastebin.com/qvrWirYaBy Chloe Thonus

1
New FIDO MFA Downgrade Attack Exploited 6:14

5M ago6:14

6:14

FIDO is the passwordless authentication set of protocols of the future, however that doesn't mean it's perfect and as cyber defenders attack, so do attackers. This novel exploit isn't a flaw within FIDO exploit but does threaten improperly implemented versions of it. Sources: https://pastebin.com/fmUZEBAM…

1
PerfektBlue Vulnerabilities Impacts Vehicle Bluetooth 6:35

6M ago6:35

6:35

With cars becoming just another type of computer, and having rather complicated implementations, vulnerabilities in one system are major. A recent series of vulnerabilities discovered in OpenSynergy's BlueSDK could prove dangerous. Sources: https://pastebin.com/5JHAyuAVBy Chloe Thonus

1
Ransomware Negociator Received Payments from Ransomware Groups 7:10

6M ago7:10

7:10

Ransomware negotiators may be called in to save some financial burden on organizations suffering from one of the worst cyberattacks they can. However, they seem like the natural people for ransomware groups to corrupt, and allegedly one such group did corrupt one such person. Sources: https://pastebin.com/fANnhtTj…

1
Brother Printers Affected by Unpatchable Critical Vulnerability 6:14

6M ago6:14

6:14

Printers are the bane of many's existence, but they may have just gotten worse for security professionals. Rapid7 discovered 8 new vulnerabilities mostly impacting Brother branded printers, one of which cannot be patched by the vendor and leaks the admin password of the device. Sources: https://pastebin.com/vNDbrwsU…

1
Were 16 Billion Passwords Just Leaked? 7:54

6M ago7:54

7:54

News has hit the mainstream media that all your passwords have been leaked yet again, in a massive password leak including Google, Meta, and Apple. But how much of that sensationalized story is true? Sources: https://pastebin.com/Xi1MPpFgBy Chloe Thonus

1
I Got Scammed 7:50

7M ago7:50

7:50

And it could happen to you too. On this week's episode of Bite Size Cyber Crime I detail an actual scam I fell for and emphasize that anyone can be a victim of a scam anywhere on the internet.By Chloe Thonus

1
Malwareception: SakuraRAT is a Backdoor to Trick Script Kiddies 6:32

7M ago6:32

6:32

Malware is everywhere, even inside of other malware. One tool advertising itself as an advanced remote access trojan ended up being much more, a backdoor infecting novice hackers. This was not just a one off, however, and lead to the discovery of a massive backdoored malware campaign infecting other hackers and gaming cheaters. Sources: https://pas…

1
MSP Customers Face Ransomware after Remote Assist Tool Compromised 6:07

7M ago6:07

6:07

Using an MSP can be handy for getting your IT set up or managing technical support without hiring a lot of full time staff, but there are risks that can come with outsourcing your IT to a third party. One MSP was compromised, leading to many customers having ransomware headaches. Sources: https://pastebin.com/hLKSqRaS…

1
Malware Spread via fake TikTok Piracy Tutorials 6:51

7M ago6:51

6:51

Piracy and accidentally getting malware go hand in hand for many, and though the days of Limewire viruses on your Linkin Park albums are mostly over, modern problems require modern solutions so attackers have moved to modern platforms to spread malware to those not interested in paying for software. Sources: https://pastebin.com/i7yriZXy…

1
Coinbase Insiders Bribed to Hand Over Data to Scammers 6:02

8M ago6:02

6:02

Coinbase is one of the largest crypto exchanges, but when corrupt employees are compromised into handing over data to scammers, a series of social engineering attacks took place. The scammers demanded a ransom, but Coinbase fired back. Sources: https://pastebin.com/dTZR6hKwBy Chloe Thonus

1
Pearson Breached Via Exposed GitLab Token 5:30

8M ago5:30

5:30

Pearson is an education giant, providing learning tools and standardized assessments across many fields, schools, and organizations. Recently they were breached by what was likely a series of relatively minor mistakes. Sources: https://pastebin.com/YemUE0XiBy Chloe Thonus

1
Security Firm CEO Installs Malware on Hospital Computer 9:05

8M ago9:05

9:05

This is one of the craziest stories I've ever covered in my 3 years of this podcast, and hearing both sides somehow makes the situation even less clear. Cybersecurity firm CEO Jeff Bowie accessed hospital computers and wrote malicious scripts on them intended to steal data. But why? Sources: https://pastebin.com/qqLMem11…

1
SuperCardX Steals Payment Data via NFC 6:51

8M ago6:51

6:51

NFC has allowed for payments to be easier than ever, but it was only a matter of time before this method was exploited by threat actors. A bold, new real time malware that leverages NFC has been making rounds. Sources: https://pastebin.com/QgquMLj8By Chloe Thonus

1
What's Going on With CVE? 6:08

8M ago6:08

6:08

The CVE program is essential for tracking vulnerabilities all across the technology industry, but what happens when funding is cut? Let's talk about what's been going on with the CVE program. Sources: https://pastebin.com/QPVXe6kDBy Chloe Thonus

1
USB Drive Drops Infostealer Malware on Military Devices 6:29

9M ago6:29

6:29

You're always told to never plug in a random flash drive because it may have malware on it, but is that really a thing? The answer is yes, and it can potentially compromise a military mission. Sources: https://pastebin.com/LURNpcH5By Chloe Thonus

1
Tax Season and Scams 6:07

9M ago6:07

6:07

Tax season is a stressful time for many in the US, and this creates the perfect opportunity for a number of scams against virtually anyone living in the US. Be aware of fake documents, fake filing services, and unusual emails. Sources: https://pastebin.com/zJQGMndkBy Chloe Thonus

1
Oracle Denies Data Breach, Evidence Suggests Otherwise 8:24

9M ago8:24

8:24

A hacker claimed to have stolen 6 million lines of data from Oracle, which Oracle swiftly denied. However when security firms received data samples and showed them to customers, the data was confirmed to be real. Sources: https://pastebin.com/6WnaeYZsBy Chloe Thonus

1
Google Aquires Wiz for $32 Billion 5:44

9M ago5:44

5:44

Google, though a tech giant, has lagged behind Amazon and Microsoft when it comes to cloud computing, but this bold new acquisition could bridge that gap... or introduce legal troubles. Sources: https://pastebin.com/004Wu6hvBy Chloe Thonus

1
X DDoSed Multiple Times 7:10

10M ago7:10

7:10

Elon Musk has become a controversial political figure, leaving little surprise that one of his projects, the X platform, became a target for a hacktivist group, leaving the major social media platform down from a DDoS attack. Sources: https://pastebin.com/Pa6b0nrmBy Chloe Thonus

1
Ransomware Group Bypasses EDR using Webcam 6:45

10M ago6:45

6:45

Ransomware groups sometimes run into issues, like being blocked by security tools, and often have to pivot. Some techniques are less conventional than others, but are just as destructive. Here's how a webcam led to ransomware being deployed org wide. Sources: https://pastebin.com/FHxVYgBgBy Chloe Thonus

1
Access Management Systems Exposed on Internet 7:19

10M ago7:19

7:19

Building access management is an important part of physical security that has only become more intelligent. However, with all the data on these systems that exist on employees it is important that they are properly secured. Recently, 49,000 systems were found unsecured on the open internet with data viewable, and sometimes modifiable. Sources: http…

1
HNFS Pays $11 Million Settlement for False Security Certifications 9:30

10M ago9:30

9:30

Government contractors are expected to follow certain compliance policies, so what happens when a company lies about compliance? Hefty fines tend to follow. Sources: https://pastebin.com/vJPEikD9By Chloe Thonus

1
Serial SWATter Sentenced to 4 Years in Prison 8:11

11M ago8:11

8:11

SWATting is a dangerous crime that involves making extreme police reports against people to illicit a response from the SWAT team. This has resulted in innocent people being killed or injured. One teen turned making these reports into a business and was recently sentenced to 4 years in prison for it. Learn about his crimes and methodology today. So…

1
Crypto Stealer Searches Gallery for Wallet Passphrases 9:59

11M ago9:59

9:59

Recently a new crypto stealing malware was found in apps on both the Google Play, and the famously restrictive Apple App Store, but it seems not to be its own app, but rather something inserted into existing apps at a later time to steal passphrases for crypto wallets from images on devices. Sources: https://pastebin.com/fHgDP4fg…

1
What's the Deal with Deepseek? 10:35

11M ago10:35

10:35

Recently a brand new generative AI model came out of nowhere and blew up overnight. There are a lot of controversies and concerns surrounding this model, providing more efficient AI but also bringing a lot of data sensitivity risks and topics of government censorship to the forefront. Sources: https://pastebin.com/WRGERYCE…

1
EV Chargers Hacked in Pwn2Own Automotive 6:49

11M ago6:49

6:49

Pwn2Own by TrendMicro's Zero Day Initiative is a hacking contest where people try to hack "up to date" products to discover zero day vulnerabilities in them and win cash prizes for doing so. The automotive version of this contest not only involved cars themselves, but chargers for electric vehicles. Sources: https://pastebin.com/4siwYEYK…

1
Crowdstrike Phishing Email Installs Crypto Miner 9:15

12M ago9:15

9:15

Job offer scams are sadly rather common, but most of the time it's a waste of time or an identity theft scam rather than a scam that installs unauthorized crypto miners on your devices. A new scam email impersonating Crowdstrike that is targeting developers does just that. Sources: https://pastebin.com/Lpg673yh…