Daily Cyber Security News

An overview of cybersecurity anomaly detection, focussing on overview

This episode unpacks Apple WebKit zero day exploits bypassing Safari defenses, MacSync data stealer, supply chain compromise of Trust Wallet s Chrome extension, Telegram crypto crime vulnerabilities, and ZachXBT s cross chain wallet drains totaling over 100K.

An overview of cybersecurity Adaptive Multi Factor Authentication, focussing on Adaptive MFA Overview

Kaspersky reveals Stealka stealer in pirated mods, warns of a 2025 financial crime surge, and details Evasive Panda DNS poisoning. We also cover the La Poste DDoS outage, Spotify s 300 TB library scrape, Telegram phishing and infra flaw, plus the Christmas day Trust Wallet Chrome extension supply chain hack.

An overview of cybersecurity homomorphic encryption, focussing on homomorphic encryption overview

Highlights include Amazon s keyboard lag impostor catch, AWS GuardDuty cryptomining and GRU edge campaigns, Kindle eBook and plugin flaws, plus a critical Cisco AsyncOS SEG zero day under active Chinese APT exploitation. Also covered Google Chrome patches and React2Shell abuse, Microsoft OAuth phishing and RC4 deprecation, and the 94 GB ShinyHunters Pornhub Premium data breach.

An overview of cybersecurity extension supply chain attack, focussing on overview of extension supply chain attacks

Apple releases fixes for critical buffer overflows and zero days across macOS, iOS and other platforms. Binance s co CEO WeChat was hijacked to fuel a meme token pump and dump. Over 100 urgent Linux kernel CVEs demand immediate patching and reboots.

An overview of cybersecurity Attack surface discovery, focussing on introduction attack surface

Highlights Cloudflare s record 29.7 Tbps DDoS defense, an emergency React remote code exec flaw that brought down major sites, Telegram s hack and fortify cycle with a fresh zero day, and Ubuntu s sweeping kernel and toolchain patch blitz.

An overview of cybersecurity Deception Technology, focussing on introduction to deception technology

Covers Android malware purge, Antigravity IDE exploit, OAuth and Chrome patch alerts, Mixpanel fallout, AI driven ransomware, Telegram phishing wave, and Upbit s 30M Solana wallet breach.

An overview of cybersecurity MITRE ATT&CK Framework, focussing on framework overview

Anthropic disrupted the first large scale AI driven espionage campaign linked to a China backed group Linux admins race to patch dozens of critical kernel flaws across media, fs, networking and drivers Telegram scrambles to contain malware bots, data leaks and fake update scams.

An overview of cybersecurity Shadow AI, focussing on shadow ai overview

This episode dissects Balancer v2 s 116 128M multi chain exploit via a tiny batch swap rounding bug, then shifts to Cisco s AI driven threat detection demo, urgent UCCX RCE and ASA FTD firewall patches, and the launch of Security Cloud Control.

An overview of cybersecurity Active Directory security, focussing on active directory security fundamentals

CISA has ordered U.S. agencies to immediately patch a VMware Tools zero day under active China linked exploitation, added critical WSUS and ICS flaws to its KEV list, and flagged live attacks on a Linux kernel bug. Meanwhile, Google enforces HTTPS defaults, Microsoft battles fresh zero days and AI powered phishing, and organizations scramble on encrypted DNS, BEC scams and AI defense strategies.

An overview of cybersecurity quantum safe cryptography, focussing on quantum threat

An out of bounds write in the Fireware VPN module lets unauthenticated attackers gain remote code execution on Firebox appliances. Over 75K devices exposed apply the patch now.

An overview of cybersecurity BGP hijacking, focussing on bgp basics

A deep dive into Cisco s critical SNMP Zero Disco flaw CVE 2025 20352 used to deploy stealth Linux rootkits, plus high severity IOS ASA bugs under scrutiny. We also cover Google Workspace M365 phishing, Android 16 s defenses vs. the new Pixnapping timing attack, the EtherHiding crypto theft malware, and Telegram s upgraded 2FA and anti phishing shields.

An overview of cybersecurity deepfake social engineering, focussing on overview of deepfake social engineering

Discord s age verification contractor Zendesk was compromised for 58 hours, exposing up to 70k ID images and user data in a high impact third party breach. Google rushed out emergency Chrome patches for critical WebAssembly and memory bugs, launched an AI only bug bounty for Gemini, and warned of Cl0p exploiting an Oracle EBS zero day CVE 2025 61882 .

An overview of cybersecurity quantum safe cryptography, focussing on quantum threats

Covers Google s new AI driven ransomware detection in Drive and upcoming Gmail end to end encryption, Telegram s account locks, malware alerts and anti phishing controls, plus Ubuntu s latest kernel and library security patches to harden Linux deployments.

An overview of cybersecurity Non Human Identities NHIs , focussing on Introduction to Non Human Identities

An overview of cybersecurity Over permissioned API Keys, focussing on over permissioned api keys

This episode covers Apple s ChillyHell backdoor and iCloud zero click spyware, Microsoft s AI phishing wave with Patch Tuesday fixes, critical Linux kernel flaws, the massive npm supply chain attack, and Telegram bot data leaks.

An overview of cybersecurity Threat hunting, focussing on threat hunting overview

Unpack Cloudflare s mis issued 1.1.1.1 TLS certs, record 11.5 Tbps DDoS mitigation, Salesloft s Drift supply chain breach leaking hundreds of OAuth tokens, and Telegram s malware, DDoS sieges and Russian government clash.

An overview of cybersecurity fileless threats, focussing on introduction to fileless threats

Cybercriminals weaponize Anthropic Claude for automated phishing, ransomware and real time data extortion. Google removes 77 malicious Play Store apps and patches a critical Chrome zero day. Microsoft RDP AD and Azure endpoints face new exploit waves. Telegram bots deliver spyware. A TransUnion breach exposes 4.4 M consumer records via a third party app flaw.

An overview of cybersecurity Reverse engineering, focussing on reverse engineering overview

Apple released emergency updates for a critical zero click zero day in its ImageIO framework exploited to siphon crypto. The episode also covers Google's AI driven scam lures, Microsoft s CVE 2025 29824 exploits, sweeping Linux kernel fixes and Telegram s new security shields.

An overview of cybersecurity Extended Detection and Response XDR , focussing on xdr overview

Unpack a pre auth FortiSIEM RCE in the wild, brute force SSL VPN sieges, Google and Microsoft s latest security wins and AI injection risks, a Telegram malware surge under Russian crackdowns, and an active WinRAR zero day backdoor campaign.

An overview of cybersecurity Living off the Land LotL attacks, focussing on overview

A prompt injection bug in Google Calendar let attackers embed hidden commands in invites or emails to hijack Gemini AI agents and control smart home devices. Fully patched, it underscores the growing risk of AI promptware and the need to sanitize untrusted inputs.

An overview of cybersecurity Behavioral Fingerprinting, focussing on introduction

Pro Ukraine hacktivists crippled Aeroflot servers, CISA released incident response and Zero Trust guidance, Google patched critical zero days and supply chain flaws, and Telegram rolled out new privacy defenses.

An overview of cybersecurity container security, focussing on container security fundamentals

An overview of cybersecurity LLM jailbreak attacks, focussing on LLM jailbreak attacks overview

This CyberScene episode unpacks the 27M BigONE supply chain crypto hack, Elmo's X account hijack, Google's rapid zero day fixes, and Telegram's Android malware blitz underscoring the critical role of third party controls, strong authentication, and AI driven defenses.

An overview of cybersecurity DNS tunneling, focussing on dns tunneling overview

Highlights include GMX s 40M V1 Arbitrum exploit and white hat bounty, a major Linux kernel patch spree for DoS and privilege bugs, an AI driven Rubio deepfake scam, Microsoft s Patch Tuesday blitz, and Telegram malware scam threats.

An overview of cybersecurity Ransomware as a Service RaaS , focussing on Ransomware as a Service RaaS overview

Covers Cisco s emergency patch for a hard coded SSH root backdoor in UCM CVE 2025 20309 , Qantas s vendor platform breach impacting six million customers, and Telegram s new malware alerts and bot compromise fallout.

An overview of cybersecurity Side Channel Timing Attack, focussing on side channel timing attacks

A sophisticated phishing campaign sidesteps Gmail s MFA and exploits a username recovery flaw to harvest user phone numbers. Also explores Google s AI defenses, Android 16 network protections, Kaspersky s SparkKitty spyware, Telegram data leaks, and critical Ubuntu kernel patches.

An overview of cybersecurity attack surface management, focussing on introduction to attack surface management

This episode dissects Google s Chrome zero day CVE 2025 2783 exploited by TaxOff, Scattered Spider phishing, historic 16B credential breach, Microsoft s Cloud PC security defaults and passkey mandate, Iran s Nobitex exchange hack, Telegram data leaks and malware campaigns, plus Ubuntu s critical privilege escalation and RCE patches.

An overview of cybersecurity Agentic AI vulnerabilities, focussing on prompt injection

Episode covers Apple s iMessage zero click exploit patch that exposed Secure Enclave keys, Google OAuth consent flow abuse for stealthy malware delivery, Microsoft s zero click AI hack fix, Interpol s massive info stealer takedown, and Telegram s new anti scam defenses.

An overview of cybersecurity DNS over HTTPS DoH , focussing on introduction to doh

Dissecting Coinbase s 70K user KYC data leak and 400M response, the FBI s latest phishing, botnet BADBOX 2.0 and ransomware Play warnings, Google s emergency Chrome zero day patches and email safeguards, Microsoft s threat tracking patches, and Telegram malware privacy issues.

An overview of cybersecurity Security Orchestration, Automation, and Response SOAR , focussing on SOAR fundamentals

This episode delves into the ViciousTrap backdoor compromise of over 9,000 ASUS routers, the latest Debian security advisories including kernel and app patches, and emerging threats and defenses in the Telegram ecosystem.

A packed episode covering the 230M Cetus DEX oracle exploit, CISA s new advisories and ICS alerts, Coinbase s insider driven breach of 69K users, and Microsoft s Lumma stealer takedown and critical patches plus the heated DeFi centralization debate on Sui.

An overview of cybersecurity zero knowledge proof, focussing on zero knowledge proof basics

Explore Coinbase s bribed insider breach and 20M extortion, Google s Android 16 security enhancements and emergency Chrome Gmail fixes, and the DragonForce ransomware attack on Marks & Spencer exposing customer data. We unpack attack vectors, mitigation strategies, and lessons for preventing insider threats, hardening mobile browser platforms, and defending retail networks.

An overview of cybersecurity confidential computing, focussing on confidential computing overview

Cisco s Q1 phishing surge and critical IOS SD WAN patches, LockBit s dark web breach exposing 60k Bitcoin wallets, and Telegram s new anti scam malware security controls.

Covers Cisco s critical IOS XE and ASA patches, Talos AI threat research, the LockBit RaaS database leak exposing 60k BTC addresses and insider tools, and Telegram s malware scams and new defenses.

An overview of cybersecurity SBOM, focussing on introduction to sbom

Researchers at Oligo uncovered 23 flaws in Apple s AirPlay allowing unauthenticated code pushes to third party devices. While iOS 18.4 devices are patched, billions of accessories remain exposed. The episode also dives into Apple s mercenary spyware alerts, Telegram s new anti phishing suite, and the DragonForce ransomware breach at the UK Co op.

A technical deep dive into Apple s mercenary spyware alerts and the 23 AirBorne AirPlay flaws risking zero click code execution, Telegram s new anti phishing filters and crypto upgrades, and the Co op s showdown with DragonForce ransomware.

Oligo discovered 23 zero click, wormable remote code exec flaws in Apple s AirPlay protocol SDK. While iOS, macOS and first party devices are patched, millions of third party units remain vulnerable update firmware or disable AirPlay until fixes arrive.

Podcast covers Apple s Pegasus alerts, critical AirPlay AirBorne zero click RCE, Telegram anti spam and phishing defenses, TikTok s 530M GDPR fine, and the Co op s data breach plus key mitigation steps.

An overview of cybersecurity Shift Left, focussing on shift left security overview

This episode covers the FBI s 10M Salt Typhoon hunt and a record breaking 16.6B in internet crime losses Google s MiraclePtr zero day defenses, Android auto reboot, and News plugin CSRF Telegram s encryption upgrades and urgent Ubuntu kernel and package patches.

An overview of cybersecurity attack graphs, focussing on attack graphs overview

An overview of cybersecurity LLM vulnerabilities, focussing on prompt injection

A flawed access control in KiloEx s cross chain price oracle let attackers drain 7M across BNB Chain, Base and Taiko, forcing emergency patches and a 750K bounty to retrieve stolen funds.

Dive into Android 16 s auto restart safeguard, sophisticated Google OAuth phishing, 4chan s record breach, KiloEx s 7M cross chain oracle exploit & full recovery, and MITRE s CVE funding lifeline.

An overview of cybersecurity threat research automation, focussing on cybersecurity automation

Explore key security challenges facing tech giants like Apple, Google, Microsoft, Telegram, and WhatsApp. Delve into vulnerabilities in iOS, Android, and Windows, and learn about critical security updates, privacy issues, and regulatory tensions. Understand the role of AI in enhancing cybersecurity measures and the importance of staying vigilant against evolving threats.

An overview of cybersecurity lateral movement attacks, focussing on lateral movement attacks

Today's podcast explores cybersecurity strategies from Google, Microsoft, Oracle, Ivanti, and Ubuntu. Google addresses North Korean infiltration and enhances Chrome with new security patches. Microsoft tackles phishing threats with AI and passwordless solutions. Oracle faces scrutiny over data breaches. Ivanti patches critical VPN vulnerabilities. Ubuntu releases crucial security updates for Linux systems.

An overview of cybersecurity heap based overflow vulnerability, focussing on heap based overflow vulnerability

The episode delves into critical zero day vulnerabilities affecting Google's Chrome browser, with a focus on Russian organizations and journalists. It discusses Google's quick patching efforts and acquisition of Wiz to enhance security measures.

An overview of cybersecurity Steganographic malware, focussing on steganographic malware

Explore critical vulnerabilities impacting Apple OS, including iOS, macOS, iPadOS, and others. Learn about risks in AirDrop and Web Content Handler, phishing scams targeting Mac users, and Apple's response with security patches and encryption efforts.

An overview of cybersecurity adversarial input, focussing on adversarial input

Exploration of Apple's response to zero day vulnerabilities, focusing on urgent updates for Safari, WebKit, and broader product security enhancements. The podcast delves into the integration of end to end encryption for RCS messages, challenges with malware targeting bank data, and other cybersecurity threats, including critiques on Apple's notification clarity and protection measures.

An overview of cybersecurity hypervolumetric DDoS attacks, focussing on hypervolumetric DDoS attacks

Bybit, a major crypto trading platform, suffered a historic 1.4 billion theft by North Korean hackers exploiting platform vulnerabilities. The incident underscores the need for robust cybersecurity in centralized exchanges.

An overview of cybersecurity Man in the Middle Attack MITM , focussing on Man in the Middle Attack

Exploring the evolving cybersecurity landscape with Apple's data protection controversies, critical vulnerabilities in the Find My network, Microsoft's fight against AI driven cyber threats, Bybit's response to a massive crypto heist, and the need for prompt updates against Linux kernel vulnerabilities.

An overview of cybersecurity MITRE ATT&CK, focussing on MITRE ATT&CK Framework

This podcast episode delves into pressing cybersecurity issues, including Apple's mandate to disable iCloud encryption in the UK, Microsoft's battle with malware targeting Xcode, and Google's push for AI driven defenses. The episode also explores emerging threats against Palo Alto Networks and hacking incidents affecting cryptocurrency exchange Bybit. These discussions highlight regulatory tensions, advances in security technology, and the importance of vigilance and timely updates in today's digital landscape.

An overview of cybersecurity Deep Packet Inspection, focussing on deep packet inspection

Explore how tech giants are addressing cybersecurity. Apple's urgent patches against zero day flaws, Google's AI driven defenses, Intel's vulnerability fixes, Microsoft's efforts against Russian cyber threats, and challenges in Musk's DOGE initiative underscore the need for vigilance in digital security.

An overview of cybersecurity Adaptive attacks, focussing on adaptive attacks

Explore Apple's response to security threats urgent updates for critical vulnerabilities, risks from the 'SparkCat' campaign and North Korean hackers, privacy debates with the UK government, and innovations like Advanced Data Protection and PCC.

An overview of cybersecurity cybercrime forums, focussing on cybercrime forums

The episode discusses multiple security vulnerabilities and zero day exploits affecting Apple devices, focusing on recent updates for iPhone, iPad, and Mac systems to mitigate threats like side channel attacks on A and M series chips. It highlights Apple's updates for iOS and macOS Ventura to improve data protection and addresses speculative execution threats such as 'Son of Spectre.' The podcast emphasizes the importance of user updates to safeguard against these evolving cyber threats.

An overview of cybersecurity OSINT, focussing on Introduction to OSINT

In this podcast episode, we explore the recent cybersecurity developments from industry giants like Cloudflare and Google. Cloudflare has successfully mitigated the largest recorded DDoS attack and addressed critical vulnerabilities in its services, demonstrating an increase in the frequency and severity of DDoS attacks. Concurrently, Google is countering a malware campaign targeting Mac users through its ad network and addressing security loopholes in Android and Chrome. Additionally, Google is improving security features and handling ethical dilemmas regarding the use of its technology. Other tech leaders like IBM, Microsoft, and Oracle are also addressing various challenges from privilege escalation to phishing...

An overview of cybersecurity API security, focussing on API security