In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we’re honest, it’s not really Zero Trust. So, how and why did we get here?

A change in iOS is deleting-clues of old spyware infections, Starlink disables 2,500 terminals at scam compounds, a Caribbean hospital is still down 5 months after a ransomware attack, and officials are charged in Poland’s Pegasus spyware scandal.

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense. They also talk about how the ransomware ecosystem is splintering, and one operator’s relatively quick journey from being an affiliate to a platform operator. This episode is also available on Youtube.

A worm hits VS Code users, F5 was breached via its own devices back in 2023, Korea Telecom’s CEO says he’ll resign following a recent security breach, and the Boy Scouts will award cybersecurity merit badges.

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King’s College London, all about India’s missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn’t shown the motivation. This episode is also available on Youtube.

A Romanian inmate hacks his prison’s IT system, hackers leak the data of DHS and DOJ employees, classified material was stolen from John Bolton’s AOL account and authorities seize a SIM farm in Latvia.

In this sponsor interview, Edward Wu, CEO and founder of Dropzone AI talks to Tom Uren about a study that measured how AI practically helps SOC analysts triage real-world problems. Analysts were faster, more accurate and got less tired with AI assistance. Edward thinks the technology won’t replace human analysts, but will speed their skill development.

An APT stole source code and vulnerability reports from F5, a European MP files a criminal hacking complaint against Hungary’s Prime Minister, airport PA systems are hijacked in Canada and the US, and the PowerSchool hacker gets prison time.

Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren’t afraid of selling to sketchy customers. They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests. This episode is also available on Youtube.

Windows 10 reaches End-of-Life, CISA cyber personnel avoided last week’s layoffs, the US seizes $15 billion dollars from a cyber-scam-compound operator, and a Secure Boot bypass impacts 200,000 Framework computers.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how different cybercriminal groups are after insiders to provide network access. This episode is available on Youtube.

Microsoft revamps Edge-IE-Mode after zero-day attacks, the FBI seizes the extortion site targeting Salesforce, a new round of layoffs hits CISA, and Apple doubles its bug bounty rewards.

In this Risky Business sponsored interview, Tom Uren talks to Damien Lewke, CEO and founder of Nebulock about countering adversary use of AI… with AI. They talk about how threat actors are rapidly adopting AI and what defenders should be doing in response.

The EU scraps its upcoming vote on Chat Control, Ukraine establishes a Cyber Force, CISA workers are reassigned to immigration enforcement, and two teens are arrested over the UK nursery hacks.

Tom Uren and Amberleigh Jack talk about the Clop ransomware gang. It is interesting because the group has arrived at a strategy that rinses a whole lot of enterprises at once and comes with a decent pay day, But it’s actually the least damaging kind of ransomware. Tom wonders why can’t more gangs be like Clop? They also discuss the US government having second thoughts about ignoring foreign influence operations. Its adversaries run them all the time, so perhaps just sticking its head in the sand isn’t the best strategy. This episode is also available on Youtube.

Redis patches a remote code execution vulnerability, Oracle out-of-band-fixes a zero-day used in a recent extortion campaign, Medusa ransomware group was behind a recent Fortra zero-day, and India fixes a tax filing system flaw;

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the 0day mass exploitation of SharePoint and Exchange. This type of widespread hacking appears to be increasingly common… but is it? This episode is also available on YouTube.

Microsoft tells users to uninstall games affected by a Unity bug, Discord discloses a data breach, Google rolls out end-to-end encryption for Gmail, and Apple and Google block an ICE tracking app.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Ashish Malpani, Head of Product Marketing at Corelight. The discussion looks at how NDRs might evolve, such as expanding to protect inter-cloud networks and complementing EDRs.

China sentences 11 scam compound operators to death, the UK makes another request for Apple user data, an Iranian APT gets doxxed again, and Microsoft launches a Security Store.