YusufOnSecurity.com
This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!
Episodes
271 episodes
271 - $21 Billion Lost to Cybercrime — FBI's 2025 Report and Microsoft's Massive April Patch Tuesday
We have got two big stories to get through today. First, the FBI just released its 2025 Internet Crime Report — and the numbers are not just record-breaking, they are genuinely alarming. We are talking about over twenty billion dollars in repor...
270 - Securing AI - The 3 Frameworks Every Defender Must Know
If you've been watching the cybersecurity space for the last two years, you've noticed something. Almost every breach report, every vendor pitch, every board meeting — AI is in the conversation. Sometimes as the hero, sometimes as the villain, ...
269 - Cyber Resilience in 2026 - The Skills Gap, Team Readiness, and What Security Leaders Must Do Now
In this week's episode, I am joined by my good old friend Shakel Ahmed, a cybersecurity practitioner with over 20 years of experience across some of the most demanding environments in the industry. We are covering the importance of skills and c...
268 - The Stryker Attack: How State Sponsored Hackers Weaponised a Microsoft Tool to Wipe 80K Devices
Just over a week ago, on 11 March 2026, a cyberattack brought one of the world's largest medical device makers to its knees. Stryker - a $25 billion company that manufactures surgical robots, joint implants and emergency equipment - woke up to ...
267 - SMB Protocol Explained-Why It Keeps Getting Hacked and Why We Can't Remove it?
Today we are talking about a protocol that is older than most of the people working in IT security right now, a protocol that has powered some of the most catastrophic cyberattacks in history, a protocol that security professionals have been tr...
266 - Why ClickFix Is Exploding, LLMs Make Terrible Password Generators, and Certificates Are Getting Shorter?
It has been a little while since my last update episode, and a lot has been happening in the world of cybersecurity. So today I want to catch you up on three things that have been on my radar and, more importantly, should be on yours.Fi...
265 - The AI Agent Security Crisis – How OpenClaw's ClawJacked Flaw Compromised 40K Systems
In late February 2026, a Meta executive lost her entire email inbox when an AI agent she was using deleted everything despite explicit instructions to confirm before taking action. At the same time, over 40K OpenClaw AI agent instances were fou...
264 - Inside the Cisco Live SOC: Securing the World's Biggest Networking Event
Cisco Live is one of the largest networking and security conferences in the world, bringing together thousands of IT and security professionals for a week of learning, innovation, and hands-on experience — and this year, I was there, working as...
263 - BGP Hijacking - The Invisible Threat That Can Redirect Your Traffic Anywhere
On June 27, 2024, millions of people worldwide suddenly couldn't access one of the internet's most popular DNS services—not because of a cyberattack in the traditional sense, but because a single network in Brazil convinced the internet that it...
262 - DORA Explained – What Financial Firms Need to Know About EU's Cyber Resilience Law
On January 17, 2025, the European Union's Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into enforcemen...
261 - Passkeys in 2026 – Are We Finally Done With Passwords?
After sixty years of password resets, forgotten credentials, and phishing attacks, the authentication landscape is finally shifting — and 2026 marks the tipping point. In this episode, we break down what passkeys actually are, why over a billio...
260 - From NTLM to Kerberos - Microsoft's Security Transformation Begins - Part 2
In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM's security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos ...
259 - From NTLM to Kerberos - Microsoft's Security Transformation Begins - Part 1
Today, we're diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we'll explore Microsoft's plan to phase out the NT LAN Manager protocol, better known...
258 - React2Shell Mass Exploit and Instagram 17 million breach
It has been a while since we've done a news update episode. So today, we're diving into two major stories that have been dominating cybersecurity headlines this past week. First, we'll unpack React2Shell, a critical vulnerability that's being c...
257 - Jaguar Land Rover Cyberattack-How the Breach Disrupted Production and Exposed Sensitive Data
In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the auto...
256 - The best of 2025
As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But t...
255 - Shadow AI-The Invisible Security Risk Already Inside Your Organization
Today, we're tackling one of the fastest-emerging threats of 2025—one that's probably already active in your organization right now, whether you know it or not. We're talking about Shadow AI, and the statistics are alarming: That means right no...
254 - Infostealers-The Silent Malware Stealing Everything
Today we're talking about one of the most dangerous yet underestimated threats in cybersecurity right now. While everyone's worried about ransomware making headlines with million-dollar extortion demands, there's a quieter threat that's actuall...
253 - Shadow IT and SaaS Sprawl - The Hidden Security Risk in Your Organization
Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for ...
252 - Windows password security - What is under the hood?
Today, we're lifting the hood on something you interact with dozens of times per day but probably never think about: Windows password security. What actually happens when you type your password and hit Enter? Where does Windows store that passw...
251 - The Future of Security Operations- Are SIEM, XDR, and SOAR Converging or Moving Apart?
Today we're talking about the future of security operations, specifically three technologies that have dominated the conversation for the past few years: SIEM, XDR, and SOAR. And I'm going to make a case that might surprise some people: these t...
250 - PenTesting vs Red Teaming vs Vulnerability Assessment-Which One Do You Need?
Today we're tackling a question I get asked constantly: "Should we do a pentest, a red team engagement, or a vulnerability assessment?"These terms get thrown around interchangeably, but they're actually very different things with differ...
249 - What Is Credential Stuffing? How Hackers Use Your Old Passwords Against You
Today we're talking about one of the most common yet misunderstood cyber attacks happening right now: credential stuffing. And I do mean right now. As I'm recording this, somewhere in the world, automated bots are attempting billions of login a...
248 - The Truth About Security Awareness Training- Why 95% of Programs Don't Work
Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on secu...
247 - AI-Powered Browsers-The Privacy and Security Risks No One Talks About
Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was rac...