Crestvale Newsroom
Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.
Episodes
147 episodes
FortiBleed breaches 30k–73k Fortinet devices
Credential reuse just turned tens of thousands of edge devices into an attack platform. This episode breaks down how Fortinet systems were accessed without exploits, and why identity at the perimeter is now the real control plane. For security an...
GitGuardian scans dev laptops for plaintext secrets
The security boundary is shifting from systems to identities, and endpoints are now at the center of that change. Developer machines are increasingly becoming the easiest path into production environments as credentials leak through logs, caches, ...
NewCore raises $66M for AI agent IDs
AI agents are rapidly becoming first-class actors inside enterprise environments, and identity systems are struggling to keep up. This episode looks at NewCore's $66 million bet on rebuilding identity for a world where agents outnumber employees, ...
Microsoft pulls 73 GitHub repos after malware
A supply chain attack targeting developer tools forced Microsoft to remove dozens of GitHub repositories, highlighting a shift in where real risk now sits. This episode breaks down how attackers are moving closer to credentials through trusted wor...
US export controls shut off Anthropic models
AI access is no longer just a product feature. It is becoming controlled infrastructure. In this episode, we break down how U.S. export controls forced Anthropic to shut down major models globally, and what that signals for any team relying on thi...
CISA orders Ivanti Sentry patch by Sunday
CISA just enforced a seventy two hour patch deadline for actively exploited infrastructure, and that single move signals a broader shift in how fast security teams are expected to operate. This episode breaks down what that means in practice, fro...
South Korea fines Coupang $400M after breach
A record fine against Coupang signals a shift in global privacy enforcement, with regulators willing to apply maximum penalties across borders after insider-driven breaches. For security and IT leaders, this changes how breach risk is modeled. In...
ServiceNow bug exposed customer instance data online
A ServiceNow vulnerability exposed how quickly SaaS platforms can become part of your attack surface, while new federal guidance is shrinking vulnerability response windows to just three days. This episode breaks down what the ServiceNow incident...
Anthropic adds mandatory 30-day traffic retention
Frontier AI access is starting to look like a gated system, and the price is visibility. Anthropic's latest model release makes thirty day data retention a requirement, signaling a broader shift in how advanced AI will be governed and consumed. F...
Check Point VPN flaw bypasses passwords in IKEv1
Today's episode focuses on two failures that point to the same root issue: identity controls breaking under outdated assumptions. A Check Point VPN flaw shows how legacy configurations like IKEv1 can silently become open doors, while Meta's AI-pow...
Miasma worm hit 73 Microsoft GitHub repos
A new supply chain attack shows that simply opening a code repository can now execute malware inside common developer tools. At the same time, AI search is beginning to surface fraudulent websites, and outages in upstream models are breaking featu...
OpenAI adds Lockdown Mode for ChatGPT
AI tools are forcing a new tradeoff between capability and control. OpenAI's Lockdown Mode makes that explicit by limiting what ChatGPT can access during sensitive work, rather than trying to eliminate risk entirely. For professional service firm...
Fake IT staff hit law firms in-person
Physical access is becoming the new attack vector for professional service firms. Today's episode looks at the rise of ransomware groups showing up in person at law offices, bypassing traditional cybersecurity defenses entirely. For firm leaders,...
Trump AI EO makes patching a compliance issue
AI security just became an operational requirement, not a policy discussion. New federal direction is pushing vulnerability management and rapid patching into enforceable territory, with implications that extend well beyond large tech companies. ...
Ramp Stack launches agentic close for accounting
Automation is moving from assistance to execution inside accounting firms. Ramp's new Stack platform signals a shift where AI agents can run the monthly close end to end, with auditability built in. That changes how work gets done and how firms pr...
Workday launches Agent Passport for AI verification
AI is moving faster than the systems designed to control it. Today's episode focuses on how governance, verification, and security are becoming the real constraints as firms adopt AI inside sensitive environments. Workday's new Agent Passport sig...
CaronBletzer launches Atlura practice ops platform
A CPA firm just launched a platform it built for itself, and it highlights a deeper shift in how professional service firms are expected to operate. This episode breaks down Atlura and why scheduling, not features, is becoming the center of firm p...
Germany approves draft law for active cyber defense
Cyber policy, AI cost, and cryptography are all shifting at the same time, and the direction is clear. Governments are moving toward active intervention, AI pricing is normalizing, and post-quantum readiness is becoming an operational requirement....
GitHub Copilot shifts to tokens June 1
AI costs are becoming variable, security risks are becoming immediate, and governance is becoming mandatory. This episode breaks down GitHub Copilot's shift to usage-based pricing and what it signals for every AI tool your firm is adopting. For f...
Shadow AI triggers SEC Item 1.05 8-K
A single internal AI misuse just triggered a federal disclosure, and it is redefining what counts as a reportable incident. This episode breaks down how "shadow AI" moved from a policy concern to a governance and regulatory risk overnight. For fi...
Kirkland commits $500M to build AI platform
Kirkland and Ellis is committing five hundred million dollars to build its own AI platform, signaling a shift from using external tools to owning the systems that deliver legal work. This move ties directly to value based pricing and long term con...
How Cisco is redesigning security for AI threats
Cisco is moving away from periodic patching and into continuous exposure management, a shift driven by AI attackers moving at machine speed. This episode breaks down what that change means for firms that still rely on slow security rhythms and why...
Frontier AI now a security asset for boards
Frontier AI has crossed an important threshold, and national security experts now want boards to treat the most advanced models as assets that require serious protection. This episode breaks down the policy shift and what it means for professional...
Microsoft, Uber rethink AI coding tools as costs spike
Today's episode focuses on the growing tension inside firms as AI coding tools scale faster than budgets can support. Microsoft and Uber are both pulling back after runaway usage pushed costs far beyond expectations. Their shift is an early signal...
PHP supply chain breach drains cloud keys, logins
A hidden compromise in PHP localization packages shows how a small dependency can undermine an entire build pipeline. Attackers rewrote trusted tags and turned routine updates into credential theft paths, hitting cloud keys, developer tokens, and ...