Best CVE Program Podcasts (2025)

1
European airports restore services, CISA deals with GeoServer exploit, Jaguar Land Rover extends shutdown 6:51

Play Pause

2h ago6:51

6:51

European airports restoring services after system breach CISA deals with GeoServer exploit App for outing Charlie Kirk’s critics leaks personal data Huge thanks to our sponsor, Conveyor Have you been personally victimized by a questionnaire this week? The queue never ends. But Conveyor can change that story. With AI that answers questionnaires of a…

1
Espionage in the airwaves. 25:40

12h ago25:40

25:40

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. L…

1
Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure 33:14

14h ago33:14

33:14

Dark Reading Confidential Episode 10: It’s past time for a cohesive plan to protect vital US systems from nation-state cyberattacks, and increasingly, that responsibility is falling to cybersecurity professionals and asset owners across a vast swath of organizations, who likely never bargained for a full-blown international conflict landing in thei…

1
The existing state of regulation. [CISO Perspectives] 39:30

1d ago39:30

39:30

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episo…

1
EDR-Freeze, DeepMind persuasion, vendors exit ATT&CK 7:46

1d ago7:46

7:46

EDR-Freeze tool suspends security software DeepMind updates Frontier Safety Framework Major vendors withdraw from MITRE EDR Evaluations Huge thanks to our sponsor, Conveyor Security reviews don’t have to feel like a hurricane. Most teams are buried in back-and-forth emails and never-ending customer requests for documentation or answers. But Conveyo…

1
Grounded by ransomware. 28:57

1d ago28:57

28:57

A major ransomware attack disrupts airport operations across Europe. Congress is on the verge of letting major cyber legislation expire. A critical flaw nearly allowed total compromise of every Entra ID tenant. Automaker Stellantis confirms a data breach. Fortra patches a critical flaw in its GoAnywhere MFT software. Europol leads a major operation…

1
European airport cyberattack, SMS celltower scam, GPT4-powered ransomware 8:26

2d ago8:26

8:26

European airport disruption due to cyberattack check-in and baggage software SMS scammers now using mobile fake cell towers GPT-4-powered MalTerminal malware creates ransomware and Reverse Shell Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you’re drowning in chaos, you’re not alone. Endless spreadsheets, portal…

1
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes] 8:37

3d ago8:37

8:37

Please enjoy this encore of Career Notes. CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring mana…

1
Browser attacks without downloads. [Research Saturday] 21:45

4d ago21:45

21:45

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pa…

1
Week in Review: Student hackers increase, CISA wants CVE, Microsoft called hypocritical 35:56

4d ago35:56

35:56

Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Jack Kufahl, CISO, Michigan Medicine, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust C…

1
The email that tricked an AI. 27:35

5d ago27:35

27:35

OpenAI patches a ChatGPT flaw that could have exposed Gmail data. CISA documents malware exploiting two Ivanti Endpoint Manager Mobile (EPMM) flaws. WatchGuard patches a critical flaw in its Firebox firewalls. MI6 launches a dark web snitch site. The DoD looks to cut its cybersecurity job hiring time just 25 days. Researchers trick ChatGPT agents i…

1
Google patches zero-day, Copilot’s forced installation, Scattered Spider arrests 8:07

5d ago8:07

8:07

Google patches sixth Chrome zero-day exploited in attacks this year Microsoft to force install the Microsoft 365 Copilot app in October Two more Scattered Spider teen suspects arrested Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your secu…

1
Brute force break-in. 28:31

6d ago28:31

28:31

SonicWall confirms a breach in its cloud backup platform. Google patches a high-severity zero-day in Chrome. Updates on the Shai-Hulud worm. Chinese phishing emails impersonate the chair of the House China Committee. The UK’s NCA takes the reins of the Five Eyes Law Enforcement Group. RevengeHotels uses AI to deliver VenomRAT to Windows systems. A …

1
Insight Partners warns thousands, Scattered Spider feigns retirement, Consumer Reports calls Microsoft 'hypocritical' 7:58

6d ago7:58

7:58

Insight Partners warns thousands after ransomware breach Scattered Spider gang feigns retirement, breaks into bank instead Consumer Reports calls Microsoft 'hypocritical' Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture i…

1
Code beneath the sand. 31:44

7d ago31:44

31:44

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November…

1
Cyber programs extended, older Apple devices attacked, chatbots aid phishing scams 7:16

7d ago7:16

7:16

House lawmakers move to extend two key cyber programs Apple 0-day likely used in spy attacks affected older devices Reuters crafts phishing scam with AI chatbot help Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one…

1
AI chips flow east. 26:07

8d ago26:07

26:07

A controversial Trump administration deal gives the U.A.E. access to cutting-edge U.S. AI chips. FlowiseAI warns of a critical account takeover vulnerability. A new social engineering campaign impersonates Meta account suspension notices. A macOS Spotlight 0-day flaw bypasses Apple’s Transparency, Consent, and Control (TCC) protections. Are cost sa…

1
Android security changes, CISA incentive audit, LLM usage 7:38

8d ago7:38

7:38

Android moving to “risk-based” security updates CISA accused of Cyber Incentive mismanagement How security practitioners use LLMs Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giv…

1
The return of CISO Perspectives. [CISO Perspectives] 3:21

8d ago3:21

3:21

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen yo…

1
FBI botnet cleanup backfires. 29:11

9d ago29:11

29:11

FBI botnet disruption leaves cybercriminals scrambling to pick up the pieces. Notorious ransomware gangs announce their retirement, but don’t hold your breath. Hacktivists leak data tied to China’s Great Firewall. A new report says DHS mishandled a key program designed to retain cyber talent at CISA. GPUGate malware cleverly evades analysis. WhiteC…

1
ShinyHunters hits Vietnam, Petya-NotPetya copycat appears, CISA wants CVE 8:44

9d ago8:44

8:44

ShinyHunters hits Vietnam National Credit Information Center HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass CISA seeks control over CVE Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure,…

1
Helen Patton: A platform to talk about security. [CISO] [Career Notes] 10:45

10d ago10:45

10:45

Please enjoy this encore of Career Notes. Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only per…

1
Data leak without a click. [Research Saturday] 22:02

11d ago22:02

22:02

Today we are joined by Amanda Rousseau, Principal AI Security Researcher from Straiker, discussing their work on "The Silent Exfiltration: Zero‑Click Agentic AI Hack That Can Leak Your Google Drive with One Email." Straiker’s research found that enterprise AI agents can be silently manipulated to leak sensitive data, even without user clicks or ale…

1
Week in Review: Qantas penalizes executives, UK cyberlegislation delayed, SonicWall VPN flaws 37:26

11d ago37:26

37:26

Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critic…

1
WhatsAppened to Samsung? 27:36

12d ago27:36

27:36

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how…

1
SonicWall VPM exploits, Fed cyberchief’s priorities, U.S spyware investment triples 8:18

12d ago8:18

8:18

SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it…

1
Cyber and AI take center stage. 25:32

13d ago25:32

25:32

The House passes a defense policy bill that includes new provisions on cybersecurity and artificial intelligence. Senator Wyden accuses Microsoft of “gross cybersecurity negligence” after a 2024 ransomware attack crippled healthcare giant Ascension. The White House shelves plans to split U.S. Cyber Command and the NSA. The Pentagon finalizes its lo…

1
npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack? 8:03

13d ago8:03

8:03

The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but w…

1
86 reasons to update. 27:59

14d ago27:59

27:59

Patch Tuesday. A data leak sheds light on North Korean APT Kimsuky. Apple introduces Memory Integrity Enforcement. Ransomware payments have dropped sharply in the education sector in 2025. A top NCS official warns ICS security lags behind, and a senator calls U.S. cybersecurity a “hellscape”. A Ukrainian national faces federal charges and an $11 mi…

1
Blood center attack details emerge, Electoral Commission recovers, Plex suffers password breach 7:23

14d ago7:23

7:23

Thousands had data leaked in blood center ransomware attack UK Electoral Commission recovers, 3 years after China hack Npm packages with 2 billion weekly downloads targeted in supply chain attack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is cri…

1
Chalk one up for defenders. 26:20

15d ago26:20

26:20

The open source community heads off a major npm supply chain attack. The Treasury Department sanctions cyber scam centers in Myanmar and Cambodia. Scammers abuse iCloud Calendar invites to send callback phishing emails. Researchers discover a new malware variant exploiting exposed Docker APIs. Phishing attacks abuse the Axios user agent and Microso…

1
GhostAction campaign, scam centers grow, GPUGate hits IT 7:44

15d ago7:44

7:44

GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But …

1
Big tech, bigger fines. 30:06

16d ago30:06

30:06

The EU fines Google $3.5 billion over adtech abuses. Cloudflare blocks record-breaking Distributed Denial of Service (DDoS) attacks. The Salesforce-Salesloft breach began months earlier with GitHub access. Researchers say the new TAG-150 cybercriminal group has been active since March. Hackers use stolen secrets to leak more than 6,700 Nx private r…

1
SVG phishing campaign, Anthropic piracy lawsuit, Qantas penalizes executives 8:45

16d ago8:45

8:45

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC…

1
Andrew Maloney: Never-ending thirst for knowledge. [COO] [Career Notes] 9:35

17d ago9:35

9:35

Please enjoy this encore of Career Notes. COO and Co-Founder of Query. AI, Andrew Maloney, shares how the building blocks he learned in the military helped him get where he is today. Coming from a blue collar family with a minimal knowledge of computers, Andrew went into computer operations in the Air Force. While deployed to Oman just after the st…

1
Don’t trust that app! [Research Saturday] 20:41

18d ago20:41

20:41

Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth a…

1
Week in Review: Baltimore’s expensive gaffe, ransomware takedown outcomes, Workiva Salesforce breach 27:47

19d ago27:47

27:47

Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ray Espinoza, vp of information security, Elite Technology Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day …

1
Wheels left spinning after cyber incident. 29:42

19d ago29:42

29:42

A cyberattack disrupts Bridgestone’s manufacturing operations. CISA warns of critical vulnerabilities in products used across multiple sectors. Additional cybersecurity firms confirm data exposure in the recent Salesforce–Salesloft Drift attack. A configuration vulnerability in Sitecore products leads to remote code execution. HHS promises stricter…

1
France cookie fines, CISA TP-Link KEV, sports piracy takedown 8:43

19d ago8:43

8:43

France fines Google and Shein over cookie misconduct CISA adds more TP-Link routers flaws to its KEV catalog World’s largest sports piracy site shut down Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomwar…

1
China’s cyberstorm goes global. 27:10

20d ago27:10

27:10

Salt Typhoon marks China’s most ambitious campaign yet. A major Google outage hit Southeastern Europe. A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pa…

1
Vocational Services for Veterans with Monnie Rebecca Waltz, BS, MRC, VE, CRC, Christopher Briggman, MRC, CRC, CVE, LCMHC, LPC, and Keith Hosey 1:10:38

20d ago1:10:38

1:10:38

An increasing amount of research is exploring the connection between work and wellness. This includes mental wellness and physical health, both of which can be positively impacted by having employment, particularly for those navigating a disability. Simply put, work is more than just a means to earn a living or spend a significant portion of your w…

1
Fintech foils bank heist, NotDoor backdoor, Salesloft-Drift impact continues drifting 8:02

20d ago8:02

8:02

Fintech foils bank heist NotDoor backdoor Salesloft-Drift impact continues drifting Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the at…

1
Ransomware in the rearview. 30:10

21d ago30:10

30:10

Jaguar Land Rover suffers a major cyberattack. ICE gains access to a powerful spyware tool. Researchers find Fancy Bear snuffling around a new Outlook backdoor. Cloudflare and Palo Alto Networks confirm compromised Salesforce data. A researcher discovers an unsecured Navy Federal Credit Union (NFCU) server. A new ClickFix scam spreads MetaStealer m…

1
Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign 6:55

21d ago6:55

6:55

'2.5 billion Gmail users at risk'? Entirely false, says Google Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Jaguar Land Rover says cyberattack ‘severely disrupted’ production Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect bu…

1
Blizzard warning: Amazon freezes midnight hack. 32:11

22d ago32:11

32:11

Researchers disrupt a cyber campaign by Russia’s Midnight Blizzard. The Salesloft Drift breach continues to ripple outward. WhatsApp patches a critical flaw in its iOS and Mac apps. A fake PDF editing tool delivers the TamperChef infostealer. A hacker finds crash data Tesla claimed not to have. Spain cancels a €10 million contract with Huawei. A fr…

1
LLM legalese prompts, Maryland Transit cyberattack, hacking into university 8:04

22d ago8:04

8:04

LegalPwn technique hides LLMs prompts inside contract legalese Maryland Transit investigating cyberattack Hacker attempts to forge his way into Spanish university Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and …

1
Hot sauce and hot takes: An Only Malware in the Building special. [OMITB] 36:37

22d ago36:37

36:37

Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss. For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their po…

1
Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI [Microsoft Threat Intelligence Podcast] 43:56

23d ago43:56

43:56

While our team is observing the Labor Day holiday in the US, we hope you will enjoy this episode of The Microsoft Threat Intelligence Podcast . New episodes airs on the N2K CyberWIre network every other Wednesday. In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is live from Black Hat 2025 with a special lineup…

1
The labor behind the labor. [Special Edition] 35:26

23d ago35:26

35:26

This Labor Day, we’re celebrating more than just a holiday. Join us in celebrating not just the work, but the people who make it possible — the labor behind the labor.We’re honoring the people who bring their creativity, dedication, and passion to every corner of N2K. The work you hear, read, and see from us doesn’t happen by accident. It’s the res…

1
Velociraptor C2 tunnel, Baltimore’s expensive con, ransomware gangs multiply 8:11

23d ago8:11

8:11

Velociraptor forensic tool used for C2 tunneling City of Baltimore gets socially engineered to the tune of $1.5 million Ransomware gang takedowns create more smaller groups Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day at…