Enjoying the content? Let us know your feedback! This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains. We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to compl...

Enjoying the content? Let us know your feedback! Picture this: You're at London Heathrow, Europe's busiest airport, ready to check in for your flight. But the kiosks aren't working. The screens are blank. Airport staff are scrambling with iPads and even pen and paper to manually check passengers in. Your flight is delayed, maybe canceled. And you're stuck in a long line with thousands of other frustrated travelers. Today we're diving into something that disrupted the travel plans of thousand...

Enjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. I am your host Ibrahim Yusuf... This is part 2 of where we will continue covering the debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are...

Enjoying the content? Let us know your feedback! We're tackling a debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it? Well, stay tuned because this is exactly what you will find out in today's episode. -...

Enjoying the content? Let us know your feedback! In this week's episode I am joined by my good old friend Shakel Ahmed a cyber security practitioner with over 20 years of experience. We discussing how the cybersecurity landscape is at a tipping point as AI revolutionizes both defenses and threat capabilities. While tools like ML/LLM boost defender and developer efficiency, they're simultaneously empowering attackers with unprecedented advantages—operating without the ethical constraints that ...

Enjoying the content? Let us know your feedback! Today we're unpacking one of the most significant supply chain attacks of 2025 - the Salesloft-Drift OAuth breach that sent shockwaves through the enterprise software world. We'll explore how a compromise at one marketing company led to data theft at some of the biggest names in cybersecurity and technology. We'll break down the technology at the heart of it all - i.e. those digital keys that let applications talk to each other - and exa...

Enjoying the content? Let us know your feedback! Today’s episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We’ll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you’ll und...

Enjoying the content? Let us know your feedback! This week, the cybersecurity landscape delivers two major stories that demand attention. Microsoft’s August Patch Tuesday brought a wave of critical updates and exposed gaps, challenging defenders to reassess their priorities and protections. Meanwhile, Google’s Project Zero team is changing the rules on how and when the world learns about new vulnerabilities—speeding up transparency and raising fresh questions for vendors and users alike. - ht...

Enjoying the content? Let us know your feedback! In this episode, we’re diving into how companies are working to secure Generative AI—the technology behind chatbots, image creators, and code-writing assistants. We’ll break down how it’s different from traditional enterprise security, look at real-world attack examples, bust some myths, and explore what the future holds. - https://owaspai.org: AI Security Overview - https://artificialintelligenceact.eu: The EU AI Act Be sure to subscribe! Y...

Enjoying the content? Let us know your feedback! Today we’re tackling a critical subject that causes countless data breaches yet often gets misunderstood: misconfiguration — what it is, why it’s different from a software vulnerability, and why it remains one of the biggest security risks organizations face. One quick reminder before we dive into the main topic:Microsoft reminds of Windows 10 support ending in two months Windows 10 Sunset Alert: What You Need to Know Before October 2025- ht...

Enjoying the content? Let us know your feedback! Today, we focus on a critical and rapidly evolving Microsoft SharePoint vulnerability that’s rocked the security world in July 2025. We’ll walk you through what it is, why it matters, how attackers exploit it, and most importantly, what you and your organization can do to defend against it. For those new to cybersecurity, we’ll also explain the tricky technical jargon around this vulnerability, so you can follow along confidently, whether you’...

Enjoying the content? Let us know your feedback! The world of cybersecurity isn’t just about defending laptops and servers—it’s also about safeguarding the “invisible” corners of our networks: those printers, cameras, routers, and dozens of other devices that quietly power our organizations. But what do you do when you can’t install security software or agents on these endpoints? In this episode of YusufOnSecurity, we’re digging into the art and science of protecting infrastructure you can’t ...

Enjoying the content? Let us know your feedback! In this week's episode, we talk through the technical details of CI/CD (Continuous Integration/Continuous Development) pipelines: what they are, how they work, the jargon around them, and the potential security risks organizations need to be aware of. Finally, we’ll bust a persistent myth in software development that you might find surprising. - https://www.cisco.com: What is CI/CD? Be sure to subscribe! You can also stream from https://yusufo...

Enjoying the content? Let us know your feedback! Today’s episode takes you through three intersecting stories revealing how technology shapes both our vulnerabilities and our digital identity—from the sprawling and adaptable threat of AsyncRAT malware, to critical Bluetooth vulnerabilities threatening millions of vehicles globally, and finally to a thought-provoking glimpse into how AI models create intimate profiles of their users. - https://simonwillison.net/2025: Simon's ChatGPT doss...

Enjoying the content? Let us know your feedback! Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed systems, the real story lies in what this incident revealed about the way we build, secure, and rely on digital infrastructure. This episode isn’t just about a faulty update—it’s about the cascading im...

Enjoying the content? Let us know your feedback! This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors and connected cars, IoT devices are now woven into the fabric of our daily lives and business operations. They promise greater convenience, efficiency, and innovation—but they also introduce new ris...

Enjoying the content? Let us know your feedback! In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic solutions we use are truly secure? That’s where standards like FIPS 140-3 come in. - https://csrc.nist.gov: FIPS-140-40-3 Be sure to subscribe! You can also stream from https://yusufonsecurity.com I...

Enjoying the content? Let us know your feedback! In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research reveals. We will also look at the latest news that some are calling "The mother of all breaches". We have all that coming up next, in this week's podcast! - https://www.bleepingcomputer.com: No, t...

Enjoying the content? Let us know your feedback! Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common cybersecurity myth. Before we dive into our main topic, let’s take a quick look at a major tech update making headlines: The emergence of AI powered malware is becoming more real- https://en.wikipe...

Enjoying the content? Let us know your feedback! In this week's episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we have together, we’ll unravel what this malware is, how it works, why it’s so dangerous, and most importantly what businesses can do to defend themselves. Along the way, we’ll break down technical terms an...