Daily Cyber Briefing
The Daily Cyber Briefing delivers concise, no-fluff updates on the latest cybersecurity threats, breaches, and regulatory changes. Each episode equips listeners with actionable insights to stay ahead of emerging risks in today’s fast-moving digital landscape.
Episodes
58 episodes
Agentic AI, Vishing, and the Critical SAML Bypass
We break down the newest frontiers of cyber defense and attack, including how Google is using a new User Alignment Critic to shield Chrome's agentic AI from prompt injection, and why a critical flaw in the Ruby SAML library demands immediate pa...
•
10:35
React2Shell Fallout: Max-Rated Flaws, The Great Cloudflare Takedown, and the Rise of Passkeys
Host Mike Housch dives into the chaotic fallout from the maximum-severity React2Shell vulnerability, which caused a massive Cloudflare outage and rapid exploitation by threat actors. We also analyze another critical 10.0-rated flaw in Apache Ti...
•
12:16
Title: State-Sponsored Threats & Supply Chain Worms: WARP PANDA, React2Shell, and Shai-Hulud 2.0
This week, we dive deep into the sophisticated China-nexus threat WARP PANDA, which is relentlessly exploiting VMware vCenter environments with the BRICKSTORM malware, alongside urgent warnings about the actively exploited React2Shell vulnerabi...
•
13:57
Zero-Days, Botnets, and AI Plagiarism: The Dec. 2025 Cyber Roundup
We break down Google's urgent Android patches, including two actively exploited zero-days, and analyze the appearance of the new ShadowV2 IoT botnet leveraging known flaws. Plus, we look into why an AI-generated recipe card landed Google in hot...
•
9:51
Beyond Hacklore: Exploits, Insider Threats, and the Agentic AI Risk
Host Mike Housch dives into the latest major breaches, including 146,000 records stolen from Delta Dental of Virginia, and dissects critical zero-day exploitation confirmed by CISA. We also explore the emerging risks of Agentic AI, and hear fro...
•
13:41
Cloud Chaos, Router Espionage, and the 7-Zip Time Bomb
Today we dive into Cloudflare's massive outage caused by a database mishap and track the alarming rise of ransomware targeting Amazon S3 misconfigurations. Plus, we uncover a global espionage network hidden inside 50,000 compromised Asus router...
•
9:57
The AI Phishing Arms Race and the FortiWeb/Ray Zero-Day Exploits
Threat actors are leveraging AI to run sophisticated phishing campaigns that mimic Fortune-500 marketing departments, making identity the most vulnerable target. We also dive into critical zero-day exploits impacting FortiWeb and the Ray AI fra...
•
11:52
Chrome Zero-Days, Cloudflare's Big Oops, and Why Gen Z Uses '12345
Today, we dive into a massive internet disruption that wasn't a cyberattack, as Cloudflare confirms a service-crashing bug, and we cover the urgent need to patch the seventh Google Chrome zero-day found this year. We also dissect a pervasive Wh...
•
14:06
Legacy Exploits and Guardrail Failures: Finger Protocol, FortiWeb Zero-Days, and EchoGram Tokens
Today. I dive into how decades-old tech, like the "Finger" protocol, is being weaponized in modern ClickFix attacks, alongside major zero-day exploitation news affecting FortiWeb and Logitech. We also unpack the sophisticated techniques used by...
•
18:46
AI Hackers, Worms, and Why CISOs Can’t Get Federal Agencies to Patch
We dive into a massive NPM registry attack where a self-replicating worm polluted the software supply chain with over 150,000 packages seeking cryptocurrency rewards. Then, we analyze how state-sponsored threat actors used Anthropic’s Claude AI...
•
11:57
Hacking Encrypted Chats: The Whisper Leak & The CMMC Compliance Clock
Today we expose the 'Whisper Leak' LLM attack that infers sensitive conversation topics from encrypted metadata. Plus, we break down the start of CMMC enforcement and why supply chain risks are soaring, according to the new OWASP Top 10 list.
•
Season 1
•
Episode 47
•
8:30
Zero-Day Spies, North Korean Crypto Heists, and Cl0p's Corporate Hit List
Australia steps up sanctions against North Korean cyber operations funding weapons programs, while the Cl0p gang continues to expose victims of the Oracle EBS hack. Plus, we break down the evolving threat landscape from sophisticated ClickFix s...
•
Season 1
•
Episode 46
•
8:50
AI Slop, Chrome Flaws, and the Geopolitical Sovereignty Showdown
We dive into how AI is complicating the threat landscape, covering an "AI Slop" ransomware test sneaked onto the VS Code marketplace and novel prompt injection hacks against ChatGPT memories. We also break down critical high-severity browser fl...
•
Season 1
•
Episode 45
•
8:30
State Spies, Autonomous Malware, and Why Your Password is Still '123456'
Today we dive into alarming new reports, including how state-sponsored hackers stole firewall backups and how AI is enabling malware to mutate autonomously during execution. We also cover the costly Nevada ransomware recovery, critical Cisco pa...
•
Season 1
•
Episode 44
•
9:09
Digital Pirates, AI Backdoors, and the Critical Android RCE
Today, we expose a sophisticated campaign where hackers use Remote Monitoring and Management tools to hijack physical cargo, leading to billions in losses, and analyze the dangerous new trend of malware like SesameOp abusing trusted AI APIs for...
•
Season 1
•
Episode 43
•
8:44
Airstalk, AI Hijacks, and Cargo Theft in the Supply Chain
Today, we dissect how a suspected Chinese APT used the new 'Airstalk' malware to compromise BPOs in targeted supply chain attacks, and why the Claude AI model was successfully tricked into exfiltrating user data. Plus, we look at the rising thr...
•
Season 1
•
Episode 42
•
8:21
KEV Alert: China-Linked Zero-Days, WSUS Exploits, and the Diplomats' Digital Woes
CISA issued urgent warnings, adding exploited VMware and XWiki flaws to the KEV catalog and requiring federal agencies to patch immediately. We break down the Chinese threat actor exploiting an unpatched Windows shortcut vulnerability targeting...
•
Season 1
•
Episode 41
•
7:45
PhantomRaven, Supply Chain Bombs, and the $35 Million Insider Threat
We dive into two major software supply chain campaigns, including the "PhantomRaven" operation, which delivered infostealers via 136 malicious NPM packages downloaded 100,000 times. Then, we look at why vetting dependencies is no longer enough...
•
Season 1
•
Episode 40
•
9:14
DELMIA Exploits, Copilot Confusion, and Qilin's Evasive Maneuvers
Today we dive into critical industrial cyber threats as CISA warns of active exploitation in DELMIA factory software. We also examine Google's move to make HTTPS the default for all public sites and review the massive lawsuit alleging Microsoft...
•
Season 1
•
Episode 39
•
10:12
Agentic AI Risks, Industrial Hacks, and the Death of the Privacy Light
Today we dive into the inevitability of prompt injection as agentic AI takes over enterprise functions, and reviews massive credential theft data circulating online. Plus, learn why industrial giants are falling victim to Oracle EBS exploits an...
•
Season 1
•
Episode 38
•
8:26
AI Jailbreaks, Hacking Team Spyware, and the Million-Dollar Exploit That Wasn't
Today, we dive into critical AI browser vulnerabilities, including a trick that weaponizes the OpenAI Atlas omnibox, and analyze the spectacular flop of a promised $1 million WhatsApp exploit at Pwn2Own. Plus, we cover active exploitation of a ...
•
Season 1
•
Episode 37
•
12:10
High-Severity Zero-Days, Cache Poisoning, and the AI Code Judgment Crisis
Today we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe codi...
•
Season 1
•
Episode 36
•
9:59
Patch Wars: Russian APT Evasions, Chinese Espionage, and the Critical Windows SMB Flaw
CISA is ringing the alarm on actively exploited Windows SMB flaws while Chinese threat actors leverage a recently patched SharePoint vulnerability for espionage. We also detail how the Russian APT Star Blizzard rapidly changed tactics after res...
•
Season 1
•
Episode 35
•
8:32
Patch Panic, Deceptive AI, and Unsinkable C&C:
CISA confirms multiple zero-day exploits, including a critical Oracle EBS vulnerability being leveraged by groups tied to Cl0p, necessitating immediate action from federal agencies and private enterprises. Meanwhile, we examine how threat acto...
•
Season 1
•
Episode 34
•
9:04
Hacking the Skies, Time, and Messaging: NSO Gets Banned & The AI Escalation
Today. we unpack the fallout from a massive Oracle E-Business Suite hack that targeted American Airlines subsidiary Envoy Air, exposing business information from the regional carrier. We also dive into high-stakes cyberwarfare, covering China's...
•
Season 1
•
Episode 35
•
10:07