You've Already Been Hacked

https://is1-ssl.mzstatic.com/image/thumb/Podcasts124/v4/d4/83/7f/d4837fde-2ae4-220f-e4d9-ed9296f4a5ae/mza_11743321888039662568.jpg/600x600bb.jpg

Professor CyberRisk

97 episodes

3 days ago

A Cybersecurity Podcast for the Rest of Us In a world of evolving cyber threats, You’ve Already Been Hacked breaks down cybersecurity for everyone—from experts to everyday users. Hosted by Professor CyberRisk and Cyber Cowboy, we tackle major cyber attacks, emerging threats, and real-world security strategies. Each episode offers expert analysis, case studies, and actionable tips to help listeners stay ahead of hackers and digital risks.

Technology

RSS

All content for You've Already Been Hacked is the property of Professor CyberRisk and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

Episodes (20/97)

You've Already Been Hacked

Discord ID Photos Leak + AI Governance & Ransomware Hijinks – Cyber Threat Deep Dive

**Title:** Discord ID Photos Leak + AI Governance & Ransomware Hijinks – Cyber Threat Deep Dive

**Hosts:** Professor CyberRisk • Cyber Cowboy Live

**Live Cyber Maps:**

- Bitdefender Threat Map – https://threatmap.bitdefender.com/

- Checkpoint Live Cyber threat map – https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map – https://cybermap.kaspersky.com/

- Talos Intelligence ebc_spam Map – https://talosintelligence.com/ebc_spam

---

## Episode Information

**Title:** Discord ID Photos Leak + AI Governance & Ransomware Hijinks – Cyber Threat Deep Dive

**Episode Number:** 3x27

**Overview:**

In this episode we dissect a high‑profile Discord breach that exposed government ID photos for ~70,000 users, dive into Okta’s new “Identity‑Security Fabric” and its AI governance capabilities, explore NetApp’s next‑gen storage platform for AI resilience, uncover how attackers are hijacking the Velociraptor DFIR tool in ransomware campaigns, and discuss the U.S. Labor Department’s pilot for a national unemployment claims database—an initiative that could create a single point of failure.

**Guest Information:**

None

**Topics Covered:**

- Discord security breach and third‑party vendor risk

- Okta’s AI‑governed Identity‑Security Fabric at Oktane 2025

- NetApp INSIGHT: disaggregated storage for AI workloads and ransomware resilience

- Threat actor reuse of Velociraptor DFIR tool in LockBit/Babuk ransomware

- Labor Department’s national unemployment claims intake pilot and privacy implications

---

## Top Stories

- **Discord Security Breach Exposed Government ID Photos of 70,000 Users** – https://www.cnet.com/tech/services-and-software/discord-security-breach-exposed-government-id-photos-of-70000-users/

---

## Additional Cybersecurity News – Titles and URLs

1. **Three insights you might have missed from theCUBE’s coverage of Okta’s Oktane event** – https://siliconangle.com/2025/10/09/okta-identity-security-fabric-oktaoktane/

2. **What to expect during NetApp INSIGHT: Join theCUBE Oct. 14** – https://siliconangle.com/2025/10/09/next-generation-enterprise-storage-netappinsight/

3. **Hackers now use Velociraptor DFIR tool in ransomware attacks** – https://www.bleepingcomputer.com/news/security/hackers-now-use-velociraptor-dfir-tool-in-ransomware-attacks/

4. **Labor Department looks to pilot intaking unemployment claims for states** – https://www.nextgov.com/digital-government/2025/10/labor-department-looks-pilot-intaking-unemployment-claims-states/408734/

---

## Resources & Links

None this episode

---

### Call to Action

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

---

### Sponsor (if applicable)

No sponsors this episode

---

## Podcast Socials & Website

- **Website:** https://www.youvealreadybeenhacked.com

- **X (Twitter):** @professorcyberrisk

- **YouTube:** https://www.youtube.com/@YABHPodcast

- **Discord/Community Forum:** https://discord.gg/cz3xdsrqAE

4 weeks ago

32 minutes 17 seconds

You've Already Been Hacked

Oracle’s Data is Leaking… And AI Agents Are the New Attack Vectors

**Title:**

🔥 *“Oracle’s Data is Leaking… And AI Agents Are the New Attack Vectors”* — Clop, Pentagon, and the Cybersecurity Apocalypse You Can’t Ignore

---

**Episode Number:** 3x26

**Overview:**

In this explosive episode of *You’ve Already Been Hacked*, Professor CyberRisk and Cyber Cowboy dive into a perfect storm of cyber chaos: Clop-linked hackers are weaponizing Oracle E-Business Suite to extort Fortune 500s, the Pentagon is gutting cyber training like it’s a body fat test, Google confirms executives are being targeted with fake data theft threats—and underneath it all, AI agents are quietly becoming the most dangerous insider threats you didn’t know you had. Mary Ann Davidson (ex-Oracle CSO) drops the bombshell: *“You’re never going to have enough cybersecurity people to defend what was never built to be defensible.”* We break down why traditional defenses are dead, how AI is rewriting the rules of attack and defense, and what you MUST do before your company becomes next week’s headline.

**Topics Covered:**

- 🚨 Clop ransomware group’s Oracle E-Business Suite data theft extortion campaign (unconfirmed breach, real-world panic)

- ⚔️ Pentagon’s dangerous de-prioritization of cybersecurity training — equating it to beard length?

- 🤖 Agentic Security: How AI agents are becoming autonomous attack vectors (behavioral monitoring, zero-trust for bots)

- 💬 Google’s confirmation: Executives targeted with fake Oracle data theft emails — sophisticated social engineering at scale

- 🧠 The “security-by-design” revolution: Why humans can’t keep up, and AI-powered detection is now non-negotiable

**Top Stories:**

1. **Clop-linked hackers claim Oracle E-Business Suite data theft** — Extortion emails flooding corporations.

→ https://siliconangle.com/2025/10/02/clop-linked-hackers-claim-oracle-e-business-suite-data-theft-high-stakes-extortion-push/

2. **Pentagon says warfighters don’t need “frequent” cybersecurity training** — Policy downgrade raises alarms.

→ https://www.theregister.com/2025/10/02/pentagon_relaxes_military_cybersecurity_training/

3. **Google confirms extortion emails targeting executives via fake Oracle breaches** — Supply chain fearmongering in action.

→ https://www.yahoo.com/news/articles/google-says-hackers-sending-extortion-215459772.html

4. **Agentic Security: AI agents as new attack surfaces** — Defending autonomous systems before they go rogue.

→ https://siliconangle.com/2025/10/02/ai-agents-need-agentic-security-keep-safe-cyberdefense/

5. **Mary Ann Davidson’s warning: “You’re never going to have enough people to defend what was never built to be defensible.”**

→ https://securityweeklytv.libsyn.com/ai-the-new-trigger-word-or-is-it-robots-psw-894

**Additional Cybersecurity News – Titles and URLs:**

- **Bitdefender Threat Map (Live):** https://threatmap.bitdefender.com/

- **Checkpoint Live Cyber Threat Map:** https://threatmap.checkpoint.com/

- **Kaspersky Cyber Threat Map:** https://cybermap.kaspersky.com/

- **Talos Intelligence Spam Map (ebc_spam):** https://talosintelligence.com/ebc_spam

**Call to Action:**

✅ **Subscribe** — Stay ahead of the next cyber apocalypse.

⭐ **Leave a Review** — Help others find us before their company gets hacked.

💬 **Join the Conversation** — Ask questions, share war stories, and debate AI threats in our community:

https://discord.gg/cz3xdsrqAE

**Sponsor:**

None this episode — because *you* are the sponsor of your own security.

**Podcast Socials & Website:**

🌐 **Website:** https://www.youvealreadybeenhacked.com

🐦 **X (Twitter):** @professorcyberrisk

📺 **YouTube:** https://www.youtube.com/@YABHPodcast

💬 **Discord/Community Forum :** https://discord.gg/cz3xdsrqAE

---

*Hosts:*

Professor CyberRisk | Cyber Cowboy

*Live Threat Maps Featured:*

Bitdefender • Checkpoint • Kaspersky • Talos Intelligence

1 month ago

33 minutes 35 seconds

You've Already Been Hacked

$115M Ransom Raid: Teen Gang, SIM‑Swaps & AI Breach – What’s Next?

Hosts

Professor CyberRisk
Cyber Cowboy

Live Cyber Maps – Bitdefender Threat Map: https://threatmap.bitdefender.com/
Live Cyber threat map – Checkpoint: https://threatmap.checkpoint.com/
Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/
Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

Episode Information
Title: $115M Ransom Raid: Teen Gang, SIM‑Swaps & AI Breach – What’s Next?
Episode Number: 3x25

Overview:
In today’s episode we dissect the explosive case of Scattered Spider, a multi‑nation, multi‑tech gang that has pulled in over $115 million in ransomware payouts from UK retailers, London transit and US healthcare systems. We’ll explore how teenage operatives can be prosecuted under U.S./U.K. law, why SIM‑swap attacks remain a critical vulnerability, and what a recent AI chatbot breach means for your cloud tokens. Finally we’ll look at the rise of self‑replicating open‑source worms and how online gambling scams create new channels for credential theft.

Guest Information: None – this is an in‑house deep dive.

Topics Covered

Scattered Spider ransomware & teen gang enforcement
SIM‑swap attacks & mobile security
AI chatbot breach and token exfiltration
Self‑replicating open‑source worm (Shai‑Hulud)
Online gambling scam ecosystems

Top Story
Feds Tie “Scattered Spider” Duo to $115 M in Ransoms

Additional Cybersecurity News – Titles and URLs

SIM‑Swapper, Scattered Spider Hacker Gets 10 Years –
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft –
Self‑Replicating Worm Hits 180+ Software Packages –
Affiliates Flock to ‘Soulless’ Scam Gambling Machine –

Resources & Links
None this episode.

Call to Action
Subscribe: Stay updated on cybersecurity threats.
Leave a Review: Let us know what you think.
Join the Conversation: Follow our community and ask questions.

Sponsor
No sponsors this episode.

Podcast Socials & Website
Website: https://www.youvealreadybeenhacked.com
X (Twitter): @professorcyberrisk
Youtube: https://www.youtube.com/@YABHPodcast

Discord/Community Forum: https://discord.gg/cz3xdsrqAE (copy‑and‑paste it as plain text)

1 month ago

30 minutes 59 seconds

You've Already Been Hacked

Agents, Exploits, and NanoCoder: Building Modular AI with Will Lamerton

**Hosts**

- Professor CyberRisk

- Cyber Cowboy

**Live Cyber Maps**

Bitdefender Threat Map – https://threatmap.bitdefender.com/

Live Cyber Threat Map – https://threatmap.checkpoint.com/

Kaspersky Cyber Threat Map – https://cybermap.kaspersky.com/

Talos Intelligence – ebc_spam Map – https://talosintelligence.com/ebc_spam

---

## **Episode Information**

**Title:** _Agents, Exploits, and NanoCoder: Building Modular AI with Will Lamerton_

**Episode Number:** 3x24

**Overview:**

In this special interview episode, we step away from the headlines and dive deep into the mind of Will Lamerton — creator of [NanoCoder](https://github.com/Mote-Software/nanocoder), a modular agentic framework that’s reshaping how developers build AI workflows. From the architecture of autonomous agents to the cybersecurity implications of automation, we explore how tools like NanoCoder can empower defenders… and potentially arm adversaries.

**Guest Information:**

**Will Lamerton**

- Creator of NanoCoder

- Developer at Mote Software

- LinkedIn: https://www.linkedin.com/in/will-lamerton-b16ab915b/

- GitHub: https://github.com/Mote-Software/nanocoder

---

## **Topics Covered**

- The origin story of NanoCoder and Will’s journey into agentic automation

- How NanoCoder differs from LangChain, CrewAI, and other frameworks

- Modular agents, memory, and orchestration philosophy

- Real-world use cases: devops, creative workflows, and beyond

- Cybersecurity implications — how defenders and attackers might use agentic tools

- Threat modeling for autonomous systems

- Human interest: Will’s coding rituals, rabbit holes, and creative inspirations

- The future of agentic ecosystems and modular AI stacks

---

## **Call to Action**

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

---

## **Sponsor (if applicable)**

No sponsors this episode

---

## **Podcast Socials & Website**

- Website: https://www.youvealreadybeenhacked.com

- X: @professorcyberrisk

- YouTube: https://www.youtube.com/@YABHPodcast

- Discord/Community Forum: https://discord.gg/cz3xdsrqAE

1 month ago

49 minutes 46 seconds

You've Already Been Hacked

BulletProof Hosting Lives on: Stark's Rebrand and 4 Cyber Flashpoints

**Hosts:**

- Professor CyberRisk

- Cyber Cowboy

**Live Cyber Maps & Resources**

- Bitdefender Threat Map: https://threatmap.bitdefender.com/

- Checkpoint Live Cyber Threat Map: https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

---

## Episode Information

**Title:** Bulletproof Hosting Lives On: Stark’s Rebrand & 4 Cyber Flashpoints

**Episode Number:** 3x23

---

### Overview

In this episode we unpack the latest headline: European sanctions hit Stark Industries Solutions Ltd., yet the firm slipped into a new shell, keeping its “bullet‑proof” hosting services running. We dive into why that matters for defenders, and we explore four additional headlines: a supply‑chain attack on npm libraries, the fallout from Salesloft’s token breach, Microsoft’s critical Patch Tuesday, and a new Russian gambling‑scam network. Get the details on how to spot, block, and remediate each threat.

---

### Guest Information

*None for this episode (solid 5‑story deep dive).*

---

### Topics Covered

- How “bullet‑proof” hosting evades EU sanctions

- 18 npm packages hijacked to steal crypto funds

- Salesloft token breach exposes corporate data across Slack, Google Workspace & AWS

- Microsoft Patch Tuesday – 80+ fixes (incl. remote code exec, SMB flaws)

- Russian “Soulless” gambling‑scam affiliate network

---

## Top Stories

**1. Bulletproof Host Stark Industries Evades EU Sanctions**

*Summary:* The EU slapped sanctions on Stark Industries Solutions Ltd. in May 2025 for fueling Kremlin‑linked DDoS, malware, and disinformation campaigns. New research shows Stark swiftly rebranded to “thehosting”, moved assets to a Dutch shell (WorkTitans BV), and shifted IP space to a new Moldovan entity, PQ Hosting Plus SRL. The core infrastructure—IP ranges, servers and the notorious MIRhosting partner—remained operational, allowing Russian‑backed attacks to continue almost unchanged.

*Why it Matters:* This is a textbook example of how “bullet‑proof” hosting providers dodge regulation by shifting names and ownership while keeping the same malicious traffic lanes open. It shows that sanctions alone are insufficient; attackers simply reorganize and keep the same services running, continuing to supply state‑level cyberwarfare.

*What you should do:* Monitor the domain and IP space associated with Stark and its partners (thehosting.com, PQ Hosting Plus SRL, MIRhosting). Use threat‑intel feeds to detect changes in ownership or DNS records. Block traffic from these IP ranges at your perimeter firewalls, especially if you run a web‑services or cloud platform. Keep an eye on EU sanctions lists and immediately flag any new entities that appear in your infrastructure logs.

---

## Additional Cybersecurity News – Titles & URLs

| # | Title | URL |

|---|-------|-----|

| 2 | *18 Popular Code Packages Hacked, Rigged to Steal Crypto*

| 3 | *The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft*

| 4 | *Microsoft Patch Tuesday, September 2025 Edition* |

| 5 | *Affiliates Flock to ‘Soulless’ Scam Gambling Machine* |

---

### Resources & Links

*None this episode.*

---

## Call to Action

- **Subscribe** – Stay updated on the latest cybersecurity threats.

- **Leave a Review** – Let us know what you think.

- **Join the Conversation** – Follow our community and ask questions.

---

### Sponsor

*No sponsors this episode.*

---

## Podcast Socials & Website

- **Website:** https://www.youvealreadybeenhacked.com

- **X (Twitter):** @professorcyberrisk

- **YouTube:** https://www.youtube.com/@YABHPodcast

- **Discord/Community Forum:** https://discord.gg/cz3xdsrqAE

1 month ago

24 minutes 25 seconds

You've Already Been Hacked

Citrix Cracked, WhatsApp Whacked, and Linux Under Attack

## 🎙️ Episode Information

**Title:** _Citrix Cracked, WhatsApp Whacked, and Linux Under Attack: This Week in Cyber Mayhem_ **Episode Number:**3x22

## 🧠 Overview

This week, Professor CyberRisk and Cyber Cowboy break down the latest cybersecurity chaos—from a Citrix zero-day that’s been exploited for months, to a stealthy Linux dropper campaign targeting desktop shortcuts. Whether you're defending enterprise infrastructure or just trying to keep your devices clean, this episode delivers actionable insights and threat intelligence you can’t afford to miss.

## 👤 Guest Information

None this episode

## 🧵 Topics Covered

- Citrix NetScaler zero-day exploited since May

- WhatsApp vulnerability chaining with Apple zero-days

- Farmers Insurance breach affecting 1M+ customers

- Sindoor Dropper malware targeting Linux users

- U.S. government crackdown on fake ID marketplaces

## 🔥 Top Stories

**Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed** **Summary:** CVE-2025-6543 in Citrix NetScaler has been exploited for months, allowing remote code execution and authentication bypass. **Why it Matters:** Long dwell time means attackers may already have persistent access to sensitive systems. **What can / should you be doing because of it:**

- Patch immediately

- Audit logs back to May

- Monitor for lateral movement **Cited link:** Cybersecurity News coverage

## 🧷 Additional Cybersecurity News – Titles and URLs

**WhatsApp Zero-Day Exploit Targets iOS and macOS Users** The Hacker News report

**Farmers Insurance Breach Impacts Over 1 Million Customers** Cybernews coverage

**Sindoor Dropper Malware Targets Linux via Weaponized .desktop Files** Cybersecurity News report

**U.S. Government Seizes Domains Selling Fake Identity Documents** Cybersecurity News coverage

## 🗺️ Live Cyber Maps

- Bitdefender Threat Map: https://threatmap.bitdefender.com/

- Checkpoint Threat Map: https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

## 📚 Resources & Links

None this episode

## 📣 Call to Action

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

## 💼 Sponsor (if applicable)

No sponsors this episode

## 🌐 Podcast Socials & Website

- **Website:** https://www.youvealreadybeenhacked.com

- **X:** @professorcyberrisk

- **YouTube:** https://www.youtube.com/@YABHPodcast

- **Discord/Community Forum:** https://discord.gg/cz3xdsrqAE

2 months ago

29 minutes 22 seconds

You've Already Been Hacked

Hijacked by Design: OAuth Breach, AI Agents, and the Global Cybercrime Crackdown

**Hosts**

- Professor CyberRisk

- Cyber Cowboy

**Live Cyber Maps**

- Bitdefender Threat Map: https://threatmap.bitdefender.com/

- Checkpoint Threat Map: https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

**Episode Information** **Title:** _Hijacked by Design: OAuth Breach, AI Agents, and the Global Cybercrime Crackdown

_**Episode Number:** 3x21

**Overview:** This week, Professor CyberRisk and Cyber Cowboy dissect the latest cybersecurity chaos—from a stealthy OAuth breach that compromised Salesforce data to the vulnerabilities lurking in autonomous AI agents. Plus, we spotlight Interpol’s massive takedown of global cybercrime infrastructure and the budget-driven pivot toward AI-powered defense. If you think your workflows are safe, think again.

**Guest Information** None this episode

**Topics Covered**

- OAuth token abuse and AI chat agent exploitation

- NIST’s new AI cybersecurity control overlays

- Prompt injection and hijacking risks in autonomous agents

- Operation Serengeti’s global infrastructure takedown

- Shrinking cybersecurity budgets and the rise of AI defense

**Top Stories**

1. **OAuth Breach via Drift AI Chat Agent Exposes Salesforce Data** The Hacker News coverage

**Additional Cybersecurity News – Titles and URLs**

2. **NIST Releases AI Cybersecurity Control Overlays** Google News summary

3. **AI Agents Vulnerable to Hijacking Attacks** Google News summary

4. **Operation Serengeti Dismantles 11,500 Malicious Infrastructures** CyberScoop coverage

5. **Cybersecurity Budgets Shrinking, AI Defense Rising** Google News summary

**Resources & Links** None this episode

**Call to Action**

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

**Sponsor (if applicable)** No sponsors this episode

**Podcast Socials & Website**

- Website: https://www.youvealreadybeenhacked.com

- X: @professorcyberrisk

- YouTube: https://www.youtube.com/@YABHPodcast

- Discord/Community Forum: https://discord.gg/cz3xdsrqAE

2 months ago

31 minutes 22 seconds

You've Already Been Hacked

Legacy Exploits, Poisoned Packages, and Password Hijacks

## 🎙️ Hosts

- Professor CyberRisk

- Cyber Cowboy

---

## 🌐 Live Cyber Maps

- Bitdefender Threat Map: https://threatmap.bitdefender.com/

- Check Point Threat Map: https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

---

## 📢 Episode Information

**Title:** _Legacy Exploits, Poisoned Packages, and Password Hijacks

**Episode Number:** 3x20

---

## 🧠 Overview

This week, Professor CyberRisk and Cyber Cowboy dissect the latest wave of cyber threats—from Russian espionage campaigns targeting unpatched Cisco gear to stealthy clickjacking attacks on password managers. Whether you're an enterprise defender or a solo dev, these stories will make you rethink your patching strategy, supply chain hygiene, and user awareness training.

---

## 🎤 Guest Information

None this episode

---

## 🧵 Topics Covered

- Russian state-sponsored exploitation of legacy Cisco vulnerabilities

- DOM-based clickjacking targeting browser password managers

- Apple’s emergency patch for zero-day CVE-2025-43300

- Malicious PyPI packages infiltrating developer environments

- AsyncRAT delivered via fake verification prompts

---

## 🚨 Top Stories

**FBI Warns of Russian Espionage via Unpatched Cisco Devices**

Summary: Russian group Static Tundra exploits CVE-2018-0171 in Cisco IOS/IOS XE.

Why it Matters: Legacy vulnerabilities still pose major risks.

What You Should Be Doing: Audit Cisco gear, patch or disable Smart Install, monitor traffic.

Cited link: [The Hacker News](https://thehackernews.com/)

---

## 🧩 Additional Cybersecurity News – Titles and URLs

**DOM-Based Clickjacking Targets Password Managers**

https://thehackernews.com/

**Apple Patches Zero-Day CVE-2025-43300**

https://thehackernews.com/

**Weaponized PyPI Packages Target Developers**

https://cybersecuritynews.com/weekly-cybersecurity-news-recap/

**AsyncRAT Delivered via Fake Verification Prompts**

https://cybersecuritynews.com/weekly-cybersecurity-news-recap/

---

## 📚 Resources & Links

None this episode

---

## 📣 Call to Action

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

---

## 💼 Sponsor (if applicable)

No sponsors this episode

---

## 🌐 Podcast Socials & Website

- Website: https://www.youvealreadybeenhacked.com

- X: [@professorcyberrisk](https://twitter.com/professorcyberrisk)

- YouTube: https://www.youtube.com/@YABHPodcast

- Discord/Community: https://discord.gg/cz3xdsrqAE

2 months ago

24 minutes 48 seconds

You've Already Been Hacked

DEF CON 33: Agents, Extensions, and Ghosts in the Machine

### Hosts

- Professor CyberRisk

- Cyber Cowboy

### 🔥 Live Cyber Maps

- Bitdefender Threat Map

- Checkpoint Threat Map

- Kaspersky Cyber Threat Map

- Talos Intelligence Spam Map

### 🎧 Episode Information

**Title:** _DEF CON 33: Agents, Extensions, and Ghosts in the Machine_ **Episode Number:** 3x19

### 🗒️ Overview

This episode dives deep into DEF CON 33’s most provocative cybersecurity talks—from AI-powered SOC assistants to browser-based identity theft, counter-surveillance tactics, and prompt injection warfare. Professor CyberRisk and Cyber Cowboy break down what defenders need to know, what attackers are already doing, and how the future of cybersecurity is being shaped by autonomous agents and invisible threats.

### 🎙️ Guest Information

None this episode

### 🧠 Topics Covered

- Microsoft Security Copilot and AI-augmented SOC workflows

- Autonomous AI evaluation in cyber ranges

- Ghost Mode counter-surveillance tactics

- COPYCAT browser extension identity attacks

- MPIT prompt injection tool and ShinoLLMApps testbed

- General Paul Nakasone’s DEF CON insights on AI and national security

- DEF CON 33 meta-trends and community tooling

### 🧨 Top Stories

- **Microsoft Security Copilot Fireside Chat** – AI-driven incident response, plugin customization, and SOC acceleration

- **AI Security Institute Evaluation Framework** – Realistic cyber ranges for autonomous agent testing

- **Ghost Mode** – OSINT-powered counter-surveillance for everyday users

- **COPYCAT Extension** – Ten browser-based identity attacks that bypass traditional defenses

- **MPIT Prompt Injection Tool** – Genetic algorithm–optimized payloads for LLM exploitation

- **General Nakasone’s Talk** – NSA’s evolving role in AI defense and collaboration

- **DEF CON 33 Themes** – Agent-based red teaming, invisible threats, and open-source community power

### 📣 Call to Action

- **Subscribe**: Stay updated on cybersecurity threats.

- **Leave a Review**: Let us know what you think.

- **Join the Conversation**: Follow our community and ask questions.

### 💼 Sponsor (if applicable)

No sponsors this episode

### 🌐 Podcast Socials & Website

- Website: youvealreadybeenhacked.com

- X: @professorcyberrisk

- YouTube: @YABHPodcast

- Discord – The Neural Network: - https://discord.gg/cz3xdsrqAE

2 months ago

36 minutes 1 second

You've Already Been Hacked

Ransomware, Romance, and Recon: The Week Cybersecurity Got Personal

## 🎙️ Hosts

- **Professor CyberRisk**

- **Cyber Cowboy**

---

## 🌐 Live Cyber Maps

- [Bitdefender Threat Map](https://threatmap.bitdefender.com/)

- [Checkpoint Threat Map](https://threatmap.checkpoint.com/)

- [Kaspersky Cyber Threat Map](https://cybermap.kaspersky.com/)

- [Talos Intelligence – EBC Spam Map](https://talosintelligence.com/ebc_spam)

---

## 📣 Episode Information

**Title:** _Ransomware, Romance, and Recon: The Week Cybersecurity Got Personal_

**Episode Number:** 3x18

**Overview:**

This week, Professor CyberRisk and Cyber Cowboy break down the latest cybersecurity headlines—from a ransomware strike on Mailchimp to a dating app exposing private messages. We also dive into a billion-dollar acquisition that could reshape identity security, and a mysterious breach involving U.S. spy satellite contractors. If you thought your inbox, your dating life, or your government were safe… think again.

---

## 🎤 Guest Information

None this episode

---

## 🧠 Topics Covered

- Ransomware targeting SaaS platforms

- Identity security consolidation

- Data privacy in consumer apps

- Third-party risk in government systems

- Regulatory pressure on social platforms

---

## 🔥 Top Stories

**Mailchimp Targeted in Ransomware Attack—Data Exposure Downplayed**

Mailchimp was hit by ransomware this week, with potential exposure of customer data. The company claims minimal impact, but experts warn of phishing and impersonation risks.

🔗 [Read more](https://cybernews.com/news/)

---

## 🧩 Additional Cybersecurity News – Titles and URLs

**Palo Alto Networks to Acquire CyberArk**

A $20B merger that could redefine identity and access management.

🔗 [Read more](https://cybernews.com/news/)

**Dating App Tea Suffers Second Major Data Leak**

Over 1M messages and 72K images exposed—again.

🔗 [Read more](https://cybernews.com/news/)

**US Spy Satellite Agency Investigates Contracting Site Incident**

NRO confirms breach of contractor portal, law enforcement involved.

🔗 [Read more](https://cybernews.com/news/)

**UK's Age Verification Law Puts X (formerly Twitter) Under Scrutiny**

Regulators call out weak enforcement of age checks.

🔗 [Read more](https://cybernews.com/news/)

---

## 📚 Resources & Links

None this episode

---

## 📢 Call to Action

- **Subscribe:** Stay updated on cybersecurity threats.

- **Leave a Review:** Let us know what you think.

- **Join the Conversation:** Follow our community and ask questions.

---

## 💼 Sponsor (if applicable)

No sponsors this episode

---

## 🌐 Podcast Socials & Website

- **Website:** [https://www.youvealreadybeenhacked.com](https://www.youvealreadybeenhacked.com/)

- **X:** [@professorcyberrisk](https://twitter.com/professorcyberrisk)

- **YouTube:** [https://www.youtube.com/@YABHPodcast](https://www.youtube.com/@YABHPodcast)

- **Discord/Community Forum:** coming soon

3 months ago

32 minutes 18 seconds

You've Already Been Hacked

Zero-Days, VPN Leaks & Listener Qs: Cyber Threats That Just Got Real_

### Hosts

- Professor CyberRisk

- Cyber Cowboy

---

### Live Cyber Maps

- Bitdefender Threat Map: https://threatmap.bitdefender.com/

- Checkpoint Threat Map: https://threatmap.checkpoint.com/

- Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

- Talos Intelligence – ebc_spam Map: https://talosintelligence.com/ebc_spam

---

### Episode Information

**Title:** _Zero-Days, VPN Leaks & Listener Qs: Cyber Threats That Just Got Real_

**Episode Number:** 3x17

---

### Overview

Professor CyberRisk and Cyber Cowboy break down a wave of fresh exploits targeting enterprise systems, open-source platforms, and consumer devices — all backed by active threat intel. They kick things off with powerful questions from a listener in military/law enforcement, cover recent zero-days and VPN bugs, and dissect the cybercriminal playbook now exploiting accessibility APIs and fashion brands alike.

---

### Guest Information

None this episode

---

### Topics Covered

- Essential cyber hygiene for defense and law enforcement professionals

- Real-world deterrence: what it takes to punish threat actors

- SharePoint zero-day hits public sector

- Arch Linux packages laced with Chaos RAT

- Dior breach via third-party vendor

- ExpressVPN leak and RDP exposure

- Banking trojan weaponizes Windows UI Automation

---

### Top Stories

**🧨 Widespread SharePoint Zero-Day Exploitation Hits U.S. Agencies**

Hackers exploit CVEs 2025-49704/49706 to deploy Warlock ransomware via malicious web shells.

📎 [Daily Security Review coverage](https://dailysecurityreview.com/)

---

### Additional Cybersecurity News – Titles and URLs

**🧪 Arch Linux AUR Packages Deliver Chaos RAT**

📎 [DSR Report](https://dailysecurityreview.com/)

**🕵️‍♂️ Dior Confirms Customer Data Breach via Vendor Compromise**

📎 [DSR Article](https://dailysecurityreview.com/)

**🧱 ExpressVPN Bug Exposed Real IPs During RDP Use**

📎 [DSR Coverage](https://dailysecurityreview.com/)

**🐍 Coyote Malware Variant Exploits Windows UI Automation for Credential Theft**

📎 [The Hacker News report](https://thehackernews.com/)

---

### Resources & Links

None this episode

---

### Call to Action

- Subscribe: Stay updated on cybersecurity threats.

- Leave a Review: Let us know what you think.

- Join the Conversation: Follow our community and ask questions.

---

### Sponsor

No sponsors this episode

---

### Podcast Socials & Website

- Website: https://www.youvealreadybeenhacked.com

- X: @professorcyberrisk

- YouTube: https://www.youtube.com/@YABHPodcast

- Discord/Community Forum: coming soon

3 months ago

31 minutes 19 seconds

You've Already Been Hacked

🔐 “Zero Trust, Zero Sleep: Threats You Didn't Patch in Time

Hosts

* Professor CyberRisk

* Cyber Cowboy

Live Cyber Maps

Bitdefender Threat Map: https://threatmap.bitdefender.com/

Live Cyber threat map: https://threatmap.checkpoint.com/

Kaspersky Cyber Threat Map: https://cybermap.kaspersky.com/

Talos Intelligence - ebc_spam Map: https://talosintelligence.com/ebc_spam

Episode Information

Title: 🔐 “Zero Trust, Zero Sleep: Threats You Didn't Patch in Time”

Episode Number: 3x16

Overview

This week, Professor CyberRisk and Cyber Cowboy ride through the blazing terrain of unpatched APIs, firmware-level betrayals, and malware hiding in plain sight. From Cisco’s critical ISE flaw to Europol’s real-life takedown of pro-Russian DDoS mercenaries — we break down what’s urgent, what’s systemic, and what’s just plain terrifying. No guests, just gas.

Guest Information

No Guest this week