The 443 - Security Simplified

This week on the podcast, we discuss OpenClaw, the open source chatbot that has exploded in popularity since launching late last year, and some of the risk it introduces to organizations. Before that, we chat about Ring's Super Bowl advertisement that caused a stir before ending with a Google Threat Intelligence Group report on advanced threat actor AI usage.

This week on the podcast, we cover a recent supply chain compromise involving the popular text editor Notepad++. After that, we discuss a recent vulnerability report in the Moltbook AI social network before ending with a deep-dive review of a recent remote code execution vulnerability in the N8N automation platform.

This week on the podcast, we cover a Politico report detailing a security lapse at CISA in the United States involving sensitive data and a public version of ChatGPT. Following that, we dive into a couple of vulnerabilities recently resolved in the SolarWinds Web Help Desk application. Finally, we end with some closure on a story about two Coalfire penetration testers who were arrested several years ago for completing a penetration test in Iowa.

This week on the podcast, we cover some first-hand research from the WatchGuard Threat Lab on a phishing campaign targeting users of nearly every major VPN vendor. After that, we discuss two recently resolved vulnerabilities in the Fortinet FortiSIEM application, then end with research from Varonis on a new attack flow against Copilot called RePrompt.

This week on the podcast, we discuss the recently disclosed React2Shell vulnerability affecting a wide array of web applications. Before that, we review a new phishing campaign that uses a newly coined ConsentFix technique before discussing a security misstep from Home Depot.

This week on the podcast, we cover the Kimwolf botnet, a collection of compromised IOT devices that at one point grew so large that it's command and control domain beat out Google.com as the most popular domain on the internet. After that, we discuss yet another devious take on ClickFix style phishing before ending with coverage from Cisco TALOS on another threat actor targeting edge networking equipment.

This week on the podcast, we cover a wave of attacks against network edge equipment and internet-exposed systems including an update on the recently patched Firebox 0-Day. After that, we cover two stories on browser extensions siphoning off data and making unwanted modifications to victim’s web browsing activity.

This week on the podcast, we go through all six of our cybersecurity predictions for 2026. For each prediction, we'll discuss the trends behind them, why we think they'll hit next year, and some takeaways for people and organizations on how to react to them in the coming year.

This week on the podcast, we cover OWASP’s update to the top 10 web application security weaknesses and its changes from the 2021 list. We also cover a recently uncovered adversary-in-the-middle campaign that’s pushing malicious software updates to targeted systems. We conclude with our opinions on Microsoft’s latest AI features, which are coming to Windows.

This week on the podcast, we review our 2025 security predictions and grade ourselves on our accuracy. We recap all 6 predictions for 2025 from multi-modal AI being used to create entire attack chains to the CISO role becoming the least desirable role in business, and follow up on this year's news to see if they hit or not.