Summary7 min read

Daily Cyber Threat Brief Podcast Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Date: February 25, 2026
Episode: 1076
Theme: Covering the day's top 8 cybersecurity stories with insights, context, and career development tips for cybersecurity professionals and learners.

Episode Overview

Dr. Gerald Auger, “two thumbs, all smiles,” brings the cybersecurity community together for a live, unscripted rundown of the day's most relevant stories. Today’s episode emphasizes actionable insights beyond headlines—touching on threat landscape trends, AI in security, major breaches, compliance fines, and the evolving cybercrime economy. The show’s lively, welcoming tone (with an interactive live chat) is combined with practical, veteran perspective and community engagement.

Key Stories & Expert Commentary

1. Threat Actors’ Breakout Time Hits New Lows (CrowdStrike Report)

[12:24 – 18:19]

Report: CrowdStrike’s annual threat report shows intruders move laterally in environments within 29 minutes on average, 65% faster than the prior year.
Key Insight: “...from a threat actor compromising an endpoint...to lateral movement – under 30 minutes. Now, this isn’t [to] the crown jewels in 30 minutes, but lateral movement is serious.” (13:18)
Context:
- Most intrusions exploit credentials or social engineering, not malware.
- 0-day exploit use rose 42%; nation-state attacks jumped 266%, with North Korean activity up 130%.
Actionable Takeaways:
- “We really suck at visibility into east-west traffic unless you’re a Fortune 500… every place I’ve worked did not have [it].”
- Best Practice: Network segmentation and least privilege remain crucial: “You’re trying to contain the blast radius.”
Memorable Moment: “Who had Bell-LaPadula on their bingo card?” (17:35)

2. Anthropic’s Claude Allegedly Targeted by Chinese Distillation Attacks

[18:19 – 23:16]

Incident: Anthropic accused three Chinese firms (Deepseek, Moonshot, Minimax) of using model “distillation”—sending 15M+ queries via 24,000 accounts—to replicate Claude’s capabilities.
Auger Analysis:
- “If the Chinese government was helping, I think they'd be getting the answers another way. This is more junior varsity espionage compared to what we usually see.” (19:42)
Action Item: If you work at an AI firm, watch for “model distillation” in threat models; look to detection mechanisms for API queries.
Espionage Example: Auger references the uncanny similarity between the U.S. space shuttle and Russian Buran: “This is espionage at a whole new level.” (21:55)

3. Step Finance Shuts Down After $40M Crypto Theft

[23:16 – 28:43]

Breach: Threat actors stole $40M from Step Finance, using compromised exec devices. The DeFi platform (plus Solana Floor, Remora Markets) will shutter; $4.7M recovered for token-holder buybacks.
Context & Skepticism:
- “This just confirms to me that the platform was legit… [Unlike] Ronin Bridge which lost $600M and reimbursed users. Here, $40M was enough to close.” (24:42)
- “Maybe they wanted out or used this as convenient smoke screen… but fintech security should be massive.”
- General warning: “F around, find out is what’s cracking.”
Market-wide Note: “$3B worth of crypto was stolen last year. Just think about that for a second.” (27:32)
Quote: “Crypto – people are going to steal money. That’s it. Straight cash, homie.”

4. Reddit Fined £14.5M by UK ICO for Age Verification Failings

[28:43 – 34:14]

Violation: From 2018–2025, Reddit unlawfully processed under-13s’ data, failing effective age checks. Now fined £14.5M (~$20M USD); Reddit earns ~$2B/yr.
GRC/Business Commentary:
- “For Reddit, that's 1% of annual revenue. For them, the risk calculation is, ‘Put something in place, pay the fine if we have to. It's just a rounding error.’” (29:27)
- Insight: Use this story as a teaching point about risk, compliance, and executive decision-making: “This is how you speak the business’s language.”
Personal Note: “Reddit, be better. I don’t allow my kids on Reddit.”

5. Pentagon Approves XAI’s Grok for Classified Use; Pressure on Anthropic

[42:13 – 48:48]

Update: DoD approves XAI’s Grok for classified systems, with unrestricted use (unlike Anthropic’s limitations). Anthropic given until Feb 27 to comply or face DPA action.
Auger Opinion:
- “This isn’t a cyber story, but it’s interesting. Grok has gone off the rails in the past... I don’t know how it’s greenlit.” (43:30)
- “If you allow AI access to your data, you can’t protect it. Sanitize or tokenize it before inputting sensitive data. That's how you maintain data governance.”
Resource Mentioned: Free GitHub tool walkthrough for AI data sanitization (shown on video).

6. Github’s Dependabot Creates Alert Fatigue for Go Security Maintainers

[48:48 – 53:39]

Scenario: Go cryptography maintainer Filippo Valsorda finds that Dependabot creates thousands of unnecessary PRs, false alerts, and high CVSS noise.
Professional Advice:
- “If everything’s urgent, nothing’s urgent. Alert fatigue is real—don’t turn everything on by default.” (49:36)
- Generalizing: Applies broadly to vuln scanners and security tools—tune for signal over noise.

7. UAE Claims Interception of “Terrorist” Cyber Attacks

[53:39 – 59:23]

News: UAE reports stopping AI-enabled, ransomware-oriented attacks on vital digital infrastructure.
Skeptical Take:
- “This story says a lot while saying nothing. So many buzzwords, no substance. Like vaporware from 2002.” (54:43)
- Skepticism about attribution and evidence: “They say the attack used AI… How do you know? Did you reverse the malware and see AI signatures? Sounds like vaporware.”

8. North Korea’s Lazarus Group Partners with Medusa Ransomware

[59:23 – 64:40]

Discovery: North Korean subgroup “Stonefly” uses Medusa RaaS, targeting Middle East and U.S. healthcare, demanding ~$260k ransoms.
Context:
- “Lazarus is usually about big-money, sophisticated theft… them using RaaS is weird, like they’re picking peanuts out of elephant poop!” (59:55)
- Warning: “If you start playing with North Korea, you’ll get a lot of attention. Medusa’s flying higher now.”
Career Tip: Mature security orgs should map controls to specific threat actor TTPs using frameworks like MITRE ATT&CK.

9. ShinyHunters Dumps 12M CarGurus Records Post-Extortion Fail

[64:40 – 65:54]

Breach: ShinyHunters, known for voice phishing, leaks 6.1GB of CarGurus data after ransom demand refused; 3.7M records were new to HaveIBeenPwned.
User Impact:
- “We—the tech grunts—are the victims. You’ll probably get a breach letter and free year of ID protection. Business keeps going; we eat the risk.”

Community Moments & Quotes

First-Time Listeners & Team Solo Shout-outs

“If you’re the only IT/cyber person at work, don’t go it alone. #TeamSolo. This is your water cooler.” (04:01)
“Welcome to the party, pal!” – Celebratory tone for first timers and milestones.

Notable Quotes

“Everything you want is out there… but you have to take action.” (11:30)
“Crypto—people are going to steal money. That’s it. Straight cash, homie.” (27:35)
“If everything’s urgent, nothing’s urgent.” (49:36)
“If you allow AI access to your data, you can’t protect it… You need to sanitize or tokenize it.” (47:20)

Career Advice, Tool Recommendations, and Segment Highlights

Career & Skill-building

CPE Credits: “Each episode is worth 0.5 CPE, screenshot chat for proof.” (04:01)
Upcoming trainings: Red Teaming AI vulnerabilities & CTF walk-throughs (AntiSiphon & Flare) recommended for skill-building.

Q&A (Jawjacking Segment, [after 65:54])

Local LLMs vs Cloud for Data Security: “Only way to be sure is to run your own model locally (Ollama, Minstrel, Qwen...).”
GRC Entry for Accountants: “Yes, SOC2/IT audit is a quality on-ramp for accountants. GRC > SOC. Get some tech skills too.”
Breaking In (2026 edition): “Get Security+, build portfolio/GitHub, blog, LinkedIn presence—always deliver value to the reader.”

Community Nostalgia (Way Back Wednesday, [34:54 – ~42:13])

“Way Back Wednesday”: Shout-out to Neo Geo consoles and classic video game hardware as a break from the news.

Timestamps for Key Segments

[12:24] Threat actors’ breakout time (CrowdStrike)
[18:19] Anthropic’s Claude targeted by “distillation” attacks
[23:16] Step Finance crypto theft & shutdown
[28:43] Reddit fined for age verification failings
[42:13] Pentagon gives Grok the green light
[48:48] Github Dependabot alert fatigue
[53:39] UAE claims cyber attack disruption
[59:23] North Korea’s Lazarus uses Medusa RaaS
[64:40] ShinyHunters leak Cargurus data
[65:54+] Jawjacking community AMA

Recap and Closing Thoughts

Dr. Auger’s blend of authenticity, real-practitioner wisdom, and community emphasis makes this episode especially valuable. Whether dissecting nation-state APT trends, breaking down the business logic of compliance fines, or sharing hard-earned advice for cyber newcomers, listeners come away both better informed and motivated to take actionable steps in their cyber careers. The lively chat and inclusive vibe solidify Simply Cyber as a go-to daily resource for everyone from lone sysadmins to CISOs.

Next live episode: Tomorrow, 8 AM Eastern

Useful links:

Skill-building events: AntiSiphon Training
Community Discord: Discord Invite
CPE credits: Screenshot chat during live show & track them.

“Everything you want is out there...but you’ve got to take action.” — Dr. Gerald Auger, [11:30]

Loading summary

Transcript33 lines

[00:01]
A
All right, what's up, everybody? Welcome to the party. Today is February 25th. It is Wednesday. This is episode 1076 of your Simply Cyber Daily Cyber Threat Brief podcast. I'm your host, two thumbs. All smiles, Dr. Gerald. Those are coming to you live from the Buffer Osier Flow Studio. We got a great show for you today. If you are looking to stay current on the top cyber security news stories of the day while being educated, entertained and going way beyond the headlines so you could max out being a cyber security professional alongside a like minded, inclusive, very amazing community. Well then you're in the right place. Get your coffee, get settled in because we got a great show for you. What's up, everybody? Good morning. Good morning. How are you? I thought we almost started with a different song this morning. It was gonna blow out the copyright. I'm kind of feeling feisty. Just so you know, was gonna play either Offspring, the first song off the Smash album, the one that just starts with like a unbelievable drum solo, or Ballroom Blitz to take it back, way back. But neither of them start with the punch I'm looking for right now. So we'll, we'll see how it goes. Good morning, everybody. Listen, we are going to go through the next hour, the top eight cyber stories of the day that you need to know. And of course, you can do that on your own. So what do I give you? We go beyond the headlines. I've got 20 plus years of industry experience. Many folks in the Simply Cyber community have years and years of experience. Different perspectives, different cultures, different industries. And together we all mix it up and we go way beyond the headlines to deliver insights that you will not get not just in a classroom, but anywhere else. Now we are going to go through eight stories. I got surprise for everybody. I don't research or prep for the show. Ain't nobody got time for that. Ain't nobody got time for that. You are getting a livewire, rough, rugged, raw, unpolished version of this guy. You know why? Because that's how real life is in this world of AI Slop everywhere. And like, well, first of all, AI Slop everywhere. I'm. I'm giving you authentic content here. Second of all, I've been doing shorts lately. I don't know why this is pisses me off, but like, I've been doing shorts lately and people are commenting. I got a text message from somebody yesterday saying, dude, are your shorts AI generated? No, like, it's me. Like, I don't know if I have to do this. I don't, I don't know, like, either that or my content's that good or AI is that bad. I don't know what to tell you guys, but it's definitely me, it's definitely authentic, and it's definitely real up in here. Now, if you're a long timer, you know this for a fact. But if you're a first timer, welcome to the party, pal Welome. And I'd love to ask you or invite you to let us know that you're here for the first time. Hashtag first timer. Hashtag first timer in chat. Just grab up your phone, type in hashtag first timer. Grab up your keyboard, type in hashtag first timer. Whatever you want. Larry Shervington with the gifted subs. My man. Become best friends. Thank you, Larry. And if you're one of the individuals who just scooped up one of Larry's gifted subs, you can thank him. I like doing the Oprah emote personally. Thanks very much, Larry. That's great. Hey, listen, if you are here for the first time, just let us know. With a hashtag first timer, we have a special sound effect, a special emote, and I just want you guys to know, you know, also, I don't say it all the time, but want to let you know if you are a solo operator, you're a team of one. You're the one IT guy or IT lady at work. You're a lone wolf responsible for all cybersecurity.
[04:01]
B
And.
[04:01]
A
And you don't have co workers to bounce ideas off of. I want you to know, hashtag team solo. You have co workers, you know, quote unquote. Here at the Simply Cyber Community, don't. Don't disclose sensitive information. But you can certainly bounce ideas off people. You can certainly vent to people. Oh, my God. I can't believe this. You know what I mean? Don't feel like you got to go it alone. There's no reason to go it alone ever. Hashtag team solo ad techs here, DJ B. Sex here. Everybody be cool. All right. Hey, listen, first timers, long timers, Every episode of the Simply Cyber Daily Cyber Threat Brief is worth half a cpe A Continuing Professional Education credit. Now, what you need to do is say what's up? Say what's up in chat. It appears right above my head. This is a live feed right now. Live feed coming at you live. So you say something in chat. It appears here. Keep it clean. We have kids in chat. Okay, say what's up in chat. Grab a screenshot. You'll notice that the title of this episode is Cyber News Now. February 25th Episode 1, 076 It's a unique identifier. This is why I can't have a hot link to send everybody the daily Cyber Threat brief. It changes every single day. That's part of the trade off here. But grab a screenshot, file it away once a year, count up the screenshots and divide by two. It's that easy. They're not points, they're continuing professional education credits. All right, so you got your first timers, we got our CPEs, we got all the good stuff. Let's me quickly say shout out and love to the stream sponsors. Those who enable me to bring this show to you every single day. Those who enable me to do cool things like Simply Cybercon. Those who enable me to have these lights and whatnot. By the way, Mac Apple Mac is killing me. I changed this wallpaper to a Simply Cyber logo and it refuses to stick. And no amount of googling, we'll fix it. I. I delete. I literally deleted the photo from the freaking Mac and it's still there. AI, you're killing me, Smalls. All right, guys, hey, quick shout out to the stream sponsor, starting with Anti Siphon Training. Anti Siphon Training is offering high quality, cutting edge education to everyone for unbelievable pricing. Borderline free in some instances. So if you're looking to get educated, don't look too hard because it's right in front of your face. I want to call your attention to this Noon today. We've got a couple options for you today, guys. Pick your own adventure at noon today. Anti Siphon Training is bringing red teaming AI to you. That's right, AI offensive security learning. You can learn about the top 10 OAS LLM vulnerabilities. Right? Prompt injections definitely in there, guys. If you can't name like literally, if you can't name two, like remove prompt injection for a second name another AI attack. If you can't. This is an amazing opportunity for you to get skilled up in one hour. Think of it as speed running curated education. Brian and Derek are going to be dropping knowledge bombs on your face. I'm going to drop a link in chat. It's free to join. I'm going to get a haircut today because my hair, my hair has been given a one green mana giant growth plus three, plus three to my bangs into my. My bird's nest up here. So I will not be able to attend this because I'll be sitting in a barber chair. But. But you can. And you can learn from these two guys. So Definitely. Check it out. Anti siphon training. Now, if that's not your speed, maybe you would like to learn this because you're like, I don't want to do AI. Okay, no problem. Check me out. You want to check this out? Today at 11am, go to Simply Cyber. Simply Cyber IO Flare. And you can go to Mastering the Flare 2025 CTF. Capture the flag. Now, listen, capture the flags are great opportunities to learn new tools, practice your skills, socialize with other participants who are playing the. The CTF with you. But it can be intimidating. A lot of people are intimidated. Imposter syndrome flares up. Oh, my God. What if I don't get a single flag? Oh, my God, I'm gonna look like such an idiot. Well, guess what? Punch imposter syndrome in the throat. Because today at 11:00am, the, the 2025 CTF that Flair did, they're. They're bringing it back and they're going to walk you through. You're going to get an instructor LE experience through the ctf. You will get every single flag today. I promise you. You will learn ida. You will learn binwalk. You will learn reverse engineering binaries. You will learn network packet captures. I'm telling you, this right here is a practical skills supercharger. So definitely check this out. It's awesome. Simply Cyber IO SL Flare. All I can say is, like, listen, I. I say this all the time. And I don't mean this to be, like, dismissive or, you know, condescending or whatever. I can present all this to you. I can give you all the answers to the test. You have to take action. You have to take the time and commit to it. That's the. That's the balance here. I can't. I can't. I can just provide this to you, all right? Everything you want is out there. My keynote at Wild West Hack Infest is about this golden age of learning, okay? But you got to take action. So make your choices. As I always point out, you can register for this, it's free, get it on your calendar, and then choose to go or not go when the time comes. It's as simple as that. You're picking up what I'm putting down, bruh. All right? Also, we are just a few days away from Zero Trust World Threat Lockers annual conference. That is an absolute banger. If you're gonna be at Zero Trust World, come on by at 8am Eastern time because we're going to be doing the daily Cyber Threat brief live from the show floor. Wednesday, Thursday, Friday, next week. Be sure to check that out. I bought a new laptop just to make sure that the show didn't get all janky like it's been doing. While I'm on the road, let's hear from Threat Locker really quick and then I'm gonna melt your face. Also, Steve Young, I have to get you your. Steve, did I already get you your community member of the week prize? I can't remember. Please let me know in chat. I want to give some love to the daily Cyber Threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks keep keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn. Learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right everybody, let's get ready to cook. Also, I want to say thank you. I know some of you are like, oh my God. The sponsor reads. Listen, the sponsors is how we fund the show. It's how I keep this experience going and make it accessible to everybody. And I appreciate it. If you want to show the. If you want to show support to the show to simply Cyber. If you like what you, you know what we do here every morning, do take a minute, click the sponsor links below. Check them out. I appreciate it. Thank you very much. Now do me a favor everybody. I need you to do a couple things for me. Number one, Steve Young, sit back. Number two, Medine G. Relax in ad tech. Get ready to have an awesome wave. Hold on, wait. Sit back, relax and let's let the cool wave of the hot news wash over us all in an awesome wave. I will see you guys at the mid roll. Oh yeah, speaking of mid roll, it is Wednesday, so we're doing way back
[12:25]
B
Wednesday cyber security headlines. These are the cyber security headlines for Wednesday, February 25, 2026. I'm Rich Trofalino. Threat actors break out in under 30 minutes. According to CrowdStrike's annual global threat Report, the average breakout time for initial network intrusion to other Systems fell to 29 minutes in 2025, 65% faster than last year. The fastest time seen was 27 seconds. Of these incidents, 82% didn't involve malware Most exploited legitimate credentials or social engineering. But don't forget good old vulnerabilities. Exploitation exploited 0 days increased by 42%. Activity from nation state affiliated groups increased 266% year over year, with attacks attributed to North Korea up 130%. We have a link to the full report in our show notes. You should check it out.
[13:19]
A
All right, so CrowdStrike, definitely one of the leaders in the EDR space. I actually use CrowdStrike myself here at Simply Cyber on my end. Points for protection, for what that's worth. But here's the deal. If you're crowd strike, you have EDRs all over the place. Just like Microsoft defenders all over the place. Palo Alto Cortex Sentinel 1. Now, besides having a huge footprint and making tons of money, great cash, homie. What that also. Hold on one second. I gotta take my shirt off. I'm not my shirt off. My, my, my cardigan. What that also means is that they have a massive deployment and have massive amounts of telemetry coming in. So when they say this, this isn't based on like one, you know, one business showing this thing. This is based on a ton of information. So what they're saying is from a threat actor compromising an endpoint. So initial infection into an environment to lateral movement under 30 minutes. Now. Now this isn't initial infection to crown jewels. 30 minutes. All right? Which is how it's kind of initially portrayed. But dude, lateral movement, I don't know. Like, to me it's like, okay, it's only a six. It's a 65 in percent increase in speed, which I, I don't even know how to do the math on that. So it was less than an hour before you know what I mean? So like, I don't know, as a practitioner, I wouldn't get my, my underwear in a bunch on this one, right? Like, it means that a threat actor gets on the box and then, you know, automation starts scanning laterally. That, that's what's going on here. Now, of course it's not good, right? If you see lateral movement in your environment, that is bad. And I want to point something out that most people don't think about unless they are practitioners is we have a lot of north south visibility. North south meaning like in the environment, out of the environment. In the environment, out of the environment. Firewalls, network segmentation. We can see kind of like movement like that. But you'll hear this term east west traffic. And we really suck at visibility into east west traffic. Unless you're like a Fortune 500 company if you got sensors all over the place. So if a, you know, Carl's machine, Carl gets compromised and then Carl starts scanning other machines in like, in his network segment. You, you're unlikely to see that in your tooling unless you have great detections implemented. But every place I've ever worked, every place I've ever worked did not have east west traffic visibility or at least any type of, like, reasonable, reasonably effective east west traffic visibility. So we can see this. Plus, dude with threat actors writing, more mature cyber, more mature malware, the fact that it's, you know, moving laterally through the network in under 30 minutes doesn't surprise me. Now what you should do is take this for action that you should be looking for. Here's how I would take this information and do something with it. This is not groundbreaking, okay? So you should already be doing this. This isn't light the, you know, light, light the boat on fire because we're in trouble. This is make sure that you're doing the, the, you know, best practices in 2026 Cyber security best practices. Network segmentation is a best practice, okay? It's not, it's not for the elite. It's not for the, you know, large enterprises with big budgets. Network segmentation, like plus, by the way, if you do network segmentation, technically it doesn't require a lot of like, care and feeding. Like, you set it up and then it's built and then you kind of like plug in endpoints into the segments that make sense, but you can use choke points. You can even wait for it, get your CSP study material out. You can even use Bella Bell Lapadula. Who thought I was gonna say that? Bella Padula, you know, approach to allowing read write access through those network segments. And, and that's good privileged access management, right? Making sure that every person in your freaking environment doesn't have a domain admin account, making sure your IT team doesn't drive around in their admin accounts as their daily driver. So when a, when, when it. Basically you're trying to contain the blast radius of somebody's endpoint getting compromised and then what. It's what its ability is outside of that endpoint within your network, you're, you're, you're managing choke points, you're managing what the user accounts can access. Etc. All right, exactly. Who, who had Bella Doula on their
[18:19]
B
bingo card, allegedly hit with distillation attacks. In a blog post, Anthropic claimed that three Chinese firms, Deepseek, Moonshot and Minimax, attempted to copy their Claude models using so called distillation.
[18:32]
A
Whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa. Hold on. Dreaded in tech. You think you're just going to slide this in the chat and not be noticed? Broseph? Ladies and gentlemen, I just put it on screen here. Dreaded in Tech casually drops. I started my first cyber security job this week. My man. We, we stopped the show to recognize things like this. Oh my God. All caps, bruh. All right, let's back to our programming attacks.
[19:07]
B
Model distillation is a technique in which a less proficient model is trained on outputs of a more advanced one. Isn't necessarily malicious. It is a legitimate technique. But. But this approach allegedly saw the firms engage in over 15 million exchanges with Claude using roughly 24,000 accounts. These distillation attacks weren't coordinated. Each firm was pursuing a different goal, like improving coding performance or reasoning capabilities. In response, Anthropic rolled out stronger account verification procedures, a more advanced detection system for API traffic, and a tool to detect chain of thought elicitation activity.
[19:43]
A
All right, so okay, two things here for everybody. Number one, if you work at an AI company, which like basically we all do now, right? Because it's AI everywhere, right? It's like now with AI, right? Okay, I'm being playful, but listen, if you are making LLMs or whatever, this is an attack, I suppose that you need to be mindful of. I am not going to be doing anything different at work because. Dude, did anyone else just see that matrix glitch Restream, get your crap together. I'm gonna go over to Riverside Studios, drop you like a bad habit up in here. Okay? So anyways, this, this distillation attack, essentially these AI, these Chinese firms are just querying Claude to see what the responses are in order to reverse engineer the, the, I guess the thought process of the AI tool. Okay? I mean there's no way for Anthropic to really manage this because they would have to look at everyone's query. You know, these are essentially like non deterministic models. So it's kind of hard to have repetitive formats to see. Oh, like, like a regex, like, oh, if it's this kind of query, it's a problem. Honestly, I'm surprised at this. Okay? Again, not, not, not, not xenophobic. Okay? But this is straight facts. China is amazing at espionage. Okay? So when I see this story and what these firms are doing to me, right away, right away, what I get out of this story is that the Chinese, you know, federal government of China, the People's Republic or whatever, are not involved in helping these AI firms. If they were, I think that they would be getting the. The. I think they'd be getting the. The answers to the test a different way. If you're picking up what I'm putting down. And I mean, there's been numerous examples of espionage, and I'm not going to start throwing out unsubstantiated claims of, you know, examples where it's just amazing how they went from zero to finished product very, very quickly after the finished product has been developed somewhere else. So espionage is a thing. In fact, I'm actually talking about industrial espionage at the Citadel this week. So just know that, you know, if anything, all this is saying is that, you know, the AI models that might be coming out of China could be as good as Claude because they're essentially reverse engineering or trying to reverse engineer Claude as best they can. I mean, just. This is one of my favorite ones when I give examples of espionage. You ever seen the. I. I've brought this up in the past. So if you're a regular, you know this. You ever seen the. The US space shuttle program from the 80s? That. That's on the left here. You see the space shuttle for Russia on the right. Do you see any similarities besides the fact that the. The big fuel tank is orange and it's white in this one? You see any other similarities? Like, this is espionage at a whole new level, right? The rhythm is the bass, and the bass is the treble defi.
[23:17]
B
Platform shutting down after crypto theft earlier this month, the decentralized finance platform Step Finance disclosed that on January 31, Threat Actors stole US$40 million from its treasury using compromised devices from its exec.
[23:31]
A
Oh, hold on one second. Marcus Kyler says he doesn't know what I was talking about. Some of you did. Listen, I don't like to gatekeep or any of that crap. Let me show you. I mentioned Bella Padula model. This is like an obscure model that you have to learn in cisp. And it's basically. It's basically how you control information, read, write access to information and stuff. This is like really quick. This is your classroom lesson for a hot second. This is Bella Padula model and it's. It's basically how you control access to compartmentalized information. But you can apply the same model to network segmentation, allowing people access in or outer whatnot. All right.
[24:19]
B
After exploring every possible path forward, Step Finance announced it will shut down all operations by the end of the week, along with the associated projects, Solana Floor, and the Remora Markets trading platform. The company is still working out details on a buyback program for Step Coin and Remora token holders using about $4.7 million worth of recovered crypto assets.
[24:42]
A
Wow. All right, so. Damn, dude, that sucks. I. I wish I had the sounder for Charles Finfrock. I'm a crypto evangelist. I love it. I love it. I love it. All right, so these crypto platforms getting robbed is not new. North Korea's Lazarus Group has made a. Made a name for themselves doing this. Multiple exchanges have been breached. This is one of the few where I've seen it have to shut down because of the attack. Now, $40 million is a lot of money. $40 million is a lot of money to. To me and you. Right? As I've been saying this whole week, like, if someone took $40 million for me, well, they'd be about $39.9 million in the. In the red. But I mean, this, if anything, this just confirms to me that this platform was legit. Like, let me show you this Ronin Infinity Bridge. Like, just to put in perspective, right? This happened last year. North Korea, or this happened in 2022. North Korea stole $600 million from this bridge. 6. $600 million from this bridge. Straight cash, homie. Right? And they didn't go out of business. In fact, they reimbursed all the people who lost money because of this attack. All right, so they basically ate $600 million and just kept on cruising. This group loses 40 million, and they shut it down. So, you know, the cynical person in me is like, they probably wanted to get out anyways. Maybe this is a convenient smoke screen to hide, you know, whatever nefarious activities the insiders were doing. Again, I have zero evidence to support that. Maybe they just got straight robbed and now they have no money. If you work in fintech, this is a legit concern that you have to be worried about for sure. I can't imagine working in crypto or fintech and not having a massive cybersecurity budget. Says they were able to recover $3.7 million of stolen assets and a million dollars in other coins. So they got 10% back. And you could just see here, dude, like, in the last week, this one lost 40 million. Another platform lost 10 million, another one lost 4 million. So three in. In all, $3 billion worth of cryptocurrency was stolen in the last year. Just think about that for a second. So anybody who's like, we're not gonna. We're gonna invest in, like, new features Instead of cybersecurity, my man f around find out is what's cracking again. It. I don't know. Personally, I would not bring this story to my CFO or my CEO. And as part of a compelling case on why we need to invest in cyber security, just because personally I can't. I think crypto is, I don't believe in crypto, all right? And I know this is going to make J. Jay Gold cry a little bit into his Wheaties this morning. But like, I just think the entire, the, the, the idea behind crypto is righteous and altruistic and I love, I love the idea of decentralizing and stuff, but it's been bastardized by, by so many charlatans that it's, it's, there's no utility and most of the time it's, it's criminal. What is being done with this, whether it's scams, NFTs, you know, hawk to a coin, like rug pulls, like the whole thing is just gross. So this, this is interesting. It's just another example that guys, crypto people are going to steal money. That's it. Straight cash homie. Straight cash homie.
[28:43]
B
Finds Reddit for age check failings. The UK's Information Commissioner's Office, we know it as the ICO find Reddit 14.47 million pounds. After finding that from May 5, 2018 through July 8, 2025, it processed the personal information of children under 13 unlawfully. In response to the fine, Reddit released a statement saying it didn't require users to share information about their identities, but regardless of age, because we are deeply committed to their privacy and safety. In July 2025, Reddit began age verification of users to comply with the UK's Online Safety Act. The ICO cautioned, though, that more action could be forthcoming, saying Reddit's account creation process made age declaration easy to bypass.
[29:27]
A
Sure, okay, so Reddit, you know, what's Reddit called? Like the front page of the Internet or like the front porch of the low country or something like that. So Reddit, you know the story behind Reddit. And there's that nice documentary on YouTube about the guy who created Reddit. Unfortunately, I'm pretty sure he unalived himself, but that's not related to Reddit. Reddit recently became for profit. Let's see Reddit. Nobody look at my search my, my Google history. I don't want anyone to see the magic, the gathering cards that I'm Googling. Reddit revenue 2025. Okay, let's see how much they made in 2025. Always follow the money, guys. Follow great cash, homie. The money. All right, so in 2025, Reddit made $2.2 billion. Okay, now why do I care about how much Reddit made? Because whenever you see something like this, £14 million, whatever that means, £14 million to USD. Let's get this in, let's get this in America money. So 8, $19 million. Okay, well let's just round up to 20 million to make it easy math. Okay, so $20 million and they made $2 billion. So if I'm just quickly doing the mapkin math, that's 1% of their annual revenue. So 1% of their revenue for them to have. You know, they put in age checks, but it was very easy to bypass. Okay? So they did the minimum compliance and you know, they got around it. Reddit. I'm not saying Reddit did this on purpose, but think about it for a second. Okay, think about this for a second. You're a business, right? And obviously for Reddit, the amount of activity on their website is how they generate, how they can sell, right? Like Reddit basically makes money by selling advertising on Reddit, right? If no one's using Reddit, then nobody wants to spend money to advertise there because no one's there. If everyone's using Reddit, then it's very valuable, right? It's like, it's like if someone started a new cell phone network, but you could only call people on the same network, right? If, if you are the only one who has a phone on that network, you can't call anyone. So it's not very valuable, right? Reddit's the same thing. So Reddit is financially incentivized to have more people on it, including kids, right? And there's a, like, I'm sure there's a Roblox Reddit forum. I'm sure there's a grow a garden form, a brain rot form. Like they're all there, okay? And by the way, don't I have kids? Don't think that I'm being cold hearted or like obtuse to the fact that predators and scumbags troll on these forums knowing that kids are in there. Like, I wish Reddit did a better job. I'm saying objectively from a business perspective, think about Reddit. Reddit's making a decision. Hey CEO, we have to put in this age check thing or we're gonna get. Fine, sure. Put something in. Okay, they put it in. It's not very good. We can make it better, but we're gonna have to stop working on this other project and focus on this project. Well, no, right. What's the worst that can happen? We. We could get fined $20 million. That's not great. But we can write that off. That, that is a rounding error when we make $2 billion a year. Okay, again, I'm not saying that's what they did. I just want you to think, whether it's Reddit and this thing or it's your business or, you know, anything, think, think, think through it. This is an example of speaking the executive language around business and decision making. Because just like this story in cyber security, when you're a CISO or you work in GRC and you're trying to get budget for something and like, the business is going to be thinking like, well, if we don't invest, how bad is it if we do invest, like, what, what, what's the return on financial investment? Want me to spend $800,000 on a firewall, right? Or I can spend $25,000 on like, you know, a, a, a cheaper. Like instead of getting a gigamon, I can buy a Fortinet, right? You guys know how I feel about Fortinet. Like, what's the downside? Can we take that $775,000 of saving and put it somewhere else to generate more money for the business? This is how you think about the business? All right, guys, it's always about money. Great cash, homie. Also, Reddit be better. Okay? I don't allow my kids on Reddit. I don't even think they know what Reddit is, honestly. But like, yeah, look.
[34:15]
B
And now, a huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Picture a new hire who interviews well, except they're synthetic AI, video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality. The attack surface is trust itself. Adaptive fights back with realistic deep fake simulations and training that actually sticks. Learn more@adaptivesecurity.com
[34:54]
A
all right, all right, all right. Hey, we're gonna do the. We're gonna blow out the copyright, so get ready for that. Did we have any first timers here? We have any first timers here? Sound off in chat Let me go ahead and just do the ad read for material like I said. Check out the links in the description below to support the channel. If you guys are running Google Workspaces or Microsoft 365 and you're trying to make a dollar out of 15 cents like it's if you are trying to stitch a chicken wing to a pork chop to make an entire meal for dad when he gets home. Right? Listen up, because material Security is going to be able to help you out. Your cloud workspace is more than just email, right? In 2026, it could be your entire business. So why does security stop at email? Materials delivers complete protection for your Google Workspace and Microsoft 365 environments. Going beyond perimeter defense to secure. I don't even know what you're talking about, Jesse. Go beyond perimeter defense to secure email files and accounts across your entire environment with advanced AI detections and automated threat response. Material correlates signals across the workspace to identify risks that others are going to miss. And it protects sensitive data in inboxes and shared files. It monitors account access and third party apps. And this is pretty cool. Automates remediation from phishing response to user report triaging. So what do you get for all this? Like I'm saying, a bunch of buzzwords, but what is that? Okay, you get to mature your security posture and scale protection without adding head count, all at the cost of traditional email security. So you get more for the same amount of investment, which by the way, the business loves that and you love that. So you can spend the same amount of money and get more security. Thank you. I'll take two. So if you're ready to secure your entire workspace, go to simply Cyber IO Material. Simply Cyber IO Material. And check it out again. Links in the description below. All right. Hey, look at. Sounds like we got a first timer in chat. Yes, sir. Yes, sir. Want to say what's up to tolu below. Tolu below. T O at to at T O T O L U. That should come up enough squad members, do me a favor, let's welcome a first timer to the chat. Welcome to the party, pal. Nice to have you. Thank you for being here, my first timer friend. You're going to get to experience this in all its glory. Oh, that never gets old. All right. Hey, every single day of the week has a special segment I I will commit to you that I will have a graphic made for way back Wednesday now that we are going to be doing this. All right, so way back Wednesday, I like to pick like a piece of technology front that's, you know, antiquated and talk about it. You know, you're probably familiar with it. We did the Sony Walkman a while back. Many of you know what's up. I will Tell you from video game consoles. I cut my teeth on Nintendo Entertainment System. I know many people see that. Let me think here. All right, I'll give you. I'll give you one. This was way ahead of its time. Okay, dude, Back in the day, Neo Geo and shout out to Jesse Johnson, AKA the Cosmic Cowboy. Neo Geo was a concept out of Japan, and you could find these arcade cabinets. You could get a home Neo Geo system. Now let me tell you why Neo Geo was so innovative and so way ahead of its time. Neo Geo player card. Check this out. This was no joke. You could literally get a memory card. Okay? You could get a memory card. This is like 1991. You could get a memory card and play on your home Neo Geo system and save your stats, save your skins, save your. All your accomplishments. And then you could go to the arcade and you could plug it into the arcade machine. I don't know if you can see it down here on the bottom. There's, like, a memory card slot, so you could. You could, like, transfer your data. A lot of people didn't know this. It was awesome. I don't know. I. I literally don't know a single person who used the card. Okay. I don't know anyone who did it, but I remember thinking at the time when I was 11, my man, this is so cool. I also want to point out that Neo Geos were ridiculously expensive, and I didn't have any rich friends. I didn't have any rich friends. My friends, we were Nintendo, Sega, Genesis. Like, we didn't. I didn't even have friends who had TurboGrafx 16. Like, if you had a friend who had a TurboGrafx 16, they were basically. Their dad was like a doctor or a lawyer or something. There we go. So your way back Wednesday is all about classic video game systems. Phyllis Stafford has a Neo Geo on his phone. Oh, my God. That's so good. All right, I will say final thing, though. I was a fighting simulator guy. Neo. I mean, obviously, Street Fighter, Street Fighter was the rage in Mortal Kombat, became the rage. But for. For real, Neo Geo had some of the best fighting games. They were basically all the same. They were basically, bro. They were basically all the same. But shout out to Neo Geo. All right, guys, let's let the La la Las wash over us. That is your way back Wednesday. Let's. Let's wash over us and then get back to the news. Let's go. I feel like Zach Galifianakis in that. That meme where he's flying Here we. Yes, this is it right here. Thank you. Hold on one second. This is it right here. For those who this is. This is, like, what's going on in my head. This is me right now. In my head. All right, let's finish the news, man. Guys, for a Wednesday, it feels like a Friday. Those are my vibes.
[42:13]
B
Right now, Pentagon gives Grok the green light. A US Department of Defense official confirmed to Axios that XAI signed an agreement to allow the Pentagon to use its GROK model on classified systems. The agreement allows the Pentagon to use it for all lawful use, unlike claude, which makes carve outs, preventing its use for autonomous weapons development and mass surveillance. Up until now, Anthropic was the only model cleared for classified use by the DoD. In related news, an Axio source says DoD informed Anthropic CEO Dario Amodi that it had until February 27 to comply with similar unfettered access to its models, or it will either label the company a supply chain risk or invoke the Defense Production act to force the company to offer a version tailored for military use.
[43:02]
A
All right, really quick. I don't see Alpha Sierra in chat, but, hey, shout out to Alpha Sierra when we do the Simple Minds. La la la la la. As one of the drum majors. What's up? Shamiria Gonzalez out of h town. Good to see you in chat, Shamira. All right, so, I don't know, man. Listen, I don't want to get political,
[43:28]
B
but
[43:30]
A
this is not a cyber story. So let's just, like, let's just get that out of the way up front. I don't pick these stories, okay? This is not a cyber story, but this is interesting to everybody. Now, I'm going to. I'm going to make an opinion here, okay? Listen, I. I was dming with a close friend of mine yesterday about this, okay? This was in the news yesterday. Pentagon, Pete Hegseth, whether or not he actually lifted those weights or not gives Anthropic an ultimatum. You will bend the knee or risk losing one of the, you know, juiciest contracts in history. Okay? Then the next day, Grok gets greenlit for use in basically, the dod. All right? I would love to think that this is based on merit. This is based on efficacy, this is based on quality. But. But I think this is much more based on, I don't know, like. I don't know, like, this is Judge schmails from the 1980 classic Caddyshack. And basically, you know, Rodney Dangerfield was not part of the in club, not part of the good old boys network. And Judge Smales was kind of the personification of all of that. By the way, great hat. Great hat, Judge Smails. Does it come with a cup of soup? That was such a good line in that movie. No, but it looks good on you. Dude, this movie. I might watch this movie this weekend. I forgot how good Rodney Dangerfield is. Anyways, to me, again, not a cyber story, but I, I just. Dude, Grok is like, taking people's clothes off. Grock is the one who went Mecca H I T L E R like a few, like last year. Do you guys, like, don't put that in chat, but, like, Grock went off the rails and turned into, like, an unbelievably, like, racist type thing. Like, I don't know how Grock is greenlit for classified systems, but, you know, I will say that also, by the way, do you remember when Elon and Trump, like, had, like, a public cat fight? Like, I thought Elon was. Was out, but I guess when you're, you know, the wealthiest person in the world, maybe you're in. I don't know. This is not my hot take. This is somebody else's in chat. But does anyone want to take a bet on if Grok will leak classified information? I almost wonder. Poly market, Grock leak classified. I wonder if this is on Polymark. Polymarket. Is this, like, dystopian website where you can, like, bet on things happening. Like, you can predict, like, dude, you can predict the wildest things, like US strikes. You can bet on whether or not the United States is going to take a military strike in Iran. But will the US confirm that aliens exist before 2027? You can bet on this. Okay, I, I can't believe that people like, gambling is, like, degenerate at this point. But I, I almost wonder if. If Grok releasing classified information is in here. Not yet, but it will be, I'm sure. So, tldr, if you're going to use AI in your environments, to me, this, this is. I'm gonna make this a cyber story. Okay? Right here. Data governance, data sovereignty. If you allow AI to get access to your data, you can't protect it. If you do want to use AI to look at your data, and I know businesses that do this. I was actually talking to a good friend of mine who runs a cyber company yesterday. You need to sanitize the data. Either sanitize it or tokenize it, and then put it into these systems so you get all the value of the AI without any of the risk. Of losing data sovereignty. And guys, again, if you did not know, I literally made a video about this exact topic last couple weeks ago. And I, I just, I show you step by step a tool that is free on GitHub on how you can literally do. I told you then you can. How you can literally do this. Look at. Where is it, my man? Where is it? Come on. Where's the screenshots of. Oh, my God, the editors are too good here. There we go. Like, I show you the GitHub repo and like, this is like actual real examples of how to use the tool in order to do data sanitization. Okay? So don't be shy about checking that out.
[48:48]
B
Go maintainer decries GitHub's noise machine Filippo Valsorda maintains the cryptography packages in the GO standard library and previously headed Google's GO security team. After publishing a security fix on GitHub, he saw the repository's Dependabot tool send thousands of pull requests against unaffected repositories, generate a nonsensical CVSS score, and warn that a change in one line of rarely used code had a 27% chance of breaking existing code using it. Valsorta characterized the pen to bot as both too noisy with irrelevant alerts compared to things like static analysis tools or other vulnerability scanners, and insufficient because it doesn't consider the impact of a flaw. He recommended for anyone using GO to disable the feature, saying it reduces security by creating alert fatigue.
[49:36]
A
Yeah, so this is a, you know, okay, so first of all, if you are a. If you are a developer and you're using GO libraries. Okay, then, you know, obviously the suggestion here is to disable dependabot. Okay? This is a very, very niche use case, so I'd like to talk about this in a bigger context. Many of you may have experienced this in life, and if you haven't yet, let me just save you the trouble. Just because there's a feature that allows, you know, extra value, extra visibility, extra, extra alerts, extra whatever, right? When you're setting up a new tool, right? You might toggle on all the things, right? Like, like think about your mobile phone, right? When you install an app, it's immediately like, oh, turn on notifications. Like, let me notify you when, let me notify you when stuff comes in. Sorry, I'm a swore there. We have kids in chat. Welcome to the families in the chat here. I hope your morning's going well. Maybe you're on your way to car line or school or whatever. And, you know, for those for those youngs in, in, in the audience. Ain't nobody got time for that. That seems to be a, a fan favorite of the, the kids, that audio. Here's the deal. When you turn on all those things, that's great. It feels like, why wouldn't I turn it on? What's the downside? The problem is, and they outline it in this story, is that if you're getting notifications every two seconds, right? Or every five minutes, right, Then you get numb to the notifications because, oh my God, it's another notification. And then when one comes in that's actually important, you will treat it with the same priority that you're treating all the other kind of nonsense notifications. So unfortunately, if you want to be made aware when it's important or priority, you have to tune out kind of the, the informational alerts. Okay. You see this with vulnerability scanners quite a bit also where you get like 30,000 findings and it's like 25,000 or informational or low. And you're like, oh, right. So you tune those out, right? Same with if you've ever like done any type of like scanning or looking at your environment and you see like these, these like findings and you're like, I'm not going to change these. Like, this is an internal lab machine. I'm not going to generate a new certificate for it. I'm just going to use assert with, you know, expired date on it or something like that. Yeah, exactly. So the final thing I'll say, and I feel like I've heard this multiple times in my career, if everything is urgent, then nothing is urgent. If everything's a priority, nothing's a priority. We more often hear this when we're asking our boss, what are we supposed to work on? And they're like, work on everything. And it's like, yeah, but what is the priority? And they're like, everything's important. It's like, all right, well then nothing's important. Thank you. So anyways, be mindful of alert fatigue and tune out the ones that are annoying. I'll give another personal example. I have D Mark D, D Mark D Kim and SPF on the Simply Cyber domain, right? So I have to do this so I can send newsletters out and all that. Right. Anyways, I get email notifications all the time because I'm a dope and I put my own email as like the respond to. So I get emails all the time of like DMARC confirmations or, you know, so like from Google or other domains. So I Had to, like, tune a rule that basically looks for this commonality and just archive those things off. So anyways, again, not really a cyber story, but I'm gonna make it a cyber story by telling you don't. Don't get overwhelmed by having alert fatigue.
[53:40]
B
UAE stops attacks.
[53:41]
A
Oh, by the way, this came in while I was talking. Quick shout out to Billy O relana at Billy, who's got a job interview later today for a security system engineer asking for some luck. My man. Let's go. I'm going to do the celebrate guy. There we go, Billy. Good luck, my man. Computer. Come on.
[54:08]
B
Infrastructure. The United Arab Emirates Cybersecurity Council released a statement saying it successfully thwarted organized cyber attacks of a terrorist nature that targeted the country's digital infrastructure and vital sectors in an attempt to destabilize the nation and disrupt essential services. Last week, a member of the Cybersecurity Council, Mohamed Hamid Al kuwaiti, claimed that 70% of threat actors targeting the country were state sponsored. Since signing a cyber cooperation agreement with the US treasury in 2023, the UAE has faced several attacks allegedly originating from Iran. Last.
[54:44]
A
All right, uae. Not to be confused with ua. Yeet. All right, UAE said it stopped a ransomware attack this weekend that was targeting the country's digital infrastructure. Okay. Country's digital infrastructure and vital sectors. Okay, like, the first three paragraphs basically say the same thing, just in different ways. The Council indicated the attacks included attempts to infiltrate the network, deploy ransomware, and conduct systematic phishing campaigns. All right, so if they tried to deploy ransomware, I would assume that they got in the network. People don't. People don't drive up and throw ransomware in your parking lot. They get on the machine and deploy it. So, like, first of all, what are we talking about here? The attacks involved exploitation of AI tech to develop sophisticated tooling, reflecting a qualitative shift. Dude, this. The story says a lot without saying a lot. All right, Okay. All right. So this. This story literally. We don't get a lot of these very often. This story literally says a lot. And. And at the same time says nothing. UAE claims. Yeah, claims. Like there's no. There's no meat to this story. This would be like me coming out and saying simply, cyber stopped a terrorist ransomware attack this past weekend. Like, there's a lot of ex. Exposition. It used AI. How do. How do you know it used AI? My guy. What are you talking about? This pisses me off. Like, what are we talking about here? It used AI like, deploy. Okay, so maybe the phishing campaigns I can see. Because you can see them in your email security gateway. Maybe infiltrated your network because you're seeing like, you know, door jiggling on the firewall or your VPN deploy ransomware. Either they did or they did not. So they got in. If you saw that. And then using AI to develop offensive tooling, what. How are you able to. Like, so what this story is suggesting. Okay, I don't know why I'm so mad about this. What this story is suggesting is that a threat actor got into their environment successfully, failed to deploy the ransomware correctly. Then the UAE took the ransomware or whatever payloads that they used, reverse engineered them, looked at the source code, determined that the source code was vibe coded because it had AI signatures and. And that's what's up. Ah, I don't know, maybe I'm just some dude in a shed screaming into a microphone, but I'm calling shenanigans on this one. This one is like void of like, I, I don't know again, like, I've worked in the industry for like a thousand years. Like, I've seen this. I know what's up. Dude, this is, this is like. This makes me think of 2002 vaporware when where you've got an idea on paper about what a software is going to do and you never build it. You're just looking to get acquired.
[58:24]
B
Earth Group expands the gaze of Medusa ransomware researchers from Synmantech and Carbon Black noted that an unknown subgroup with.
[58:33]
A
Okay, so BW says it's more important because the attack came from Iran. Okay, I don't know about that. It says the. The incident took place amid heightened tensions. The country has faced an array of attacks since 2023 from Iran. The US Department of Defense says Iran's coordinated with ransomware gangs. This doesn't. This says last year they were able to attribute. So this particular attack is not attributed to Iran, first of all. Second of all, again, I don't want to get political, but like, dude, there is a lot of. I'm not going to share my thoughts on this one because it's not cyber related.
[59:24]
B
The prolific North Korean operation began using the Medusa ransomware as a service platform for attacks in the Middle east and on several US healthcare organizations. Since November 2025, the average ransom demanded in these attacks against the US was $260,000. Tactics used in this campaign do align with previous operations by the Stonefly subgroup within Lazarus, also known as Andariel. But there's no reason to believe these are used exclusively North Korea typically uses ransomware revenue to fund espionage operations.
[59:56]
A
Wow, this is interesting. So, All right, so this is interesting. Okay. Medusa ransomware has been targeting us mostly. I've seen it attack schools like it attacked Minneapolis school district, if I'm not mistaken. And. And Medusa actually kind of like, goes a little. They're a little extra. Like, they'll make a video and release it, showing that they're on the compromised assets. Now, North Korea, who is all about making that. Straight cash, homie. Straight cash, homie. I mean, this is interesting. So basically what it sounds like is North Korea, who is very good at crypto heists anyways, with Lazarus Group, it says that they're basically becoming a ransomware affiliate for the Medusa Group, which is wild. As far as I know, there's been no connection between Medusa ransomware and North Korea's government in general. Lazarus doesn't. Lazarus doesn't typically screw around with ransomware. The only example that I'm aware of was early in 2017, North Korea, and I don't know if it's attributed to Lazarus, I believe it is, launched the WannaCry attack, which kind of like launched a thousand ransomware ships using the Eternal Blue tool that the NSA or the CIA got leaked by Sha. Oh, my God. Shadow Group. But here's the thing. Go Google Vault 7 League or Eternal Blue. You'll see what I'm talking about. But. But here's the thing, guys. Lazarus has never needed to use ransomware, malware, or do affiliate marketing. Lazarus always does super sophisticated attacks for high dollar. Lazarus Group. I. I showed this earlier in the stream today. Lazarus Group is the one who did the. The Axi Infinity Ronin Bridge attack. Hold on. Where is it? Yeah, this attack. $600 million. This was Lazarus Group. Lazarus also did the Bangladesh bank heist, Which was a. An attempt at a billion dollars. Okay, $1 billion. So this is. This is weird to me, okay. When I see this, it's weird because, like, this is the. This is like Lazarus Group picking peanuts out of elephant poop. Like, why are they doing this? They. They. They've stolen over a billion dollars, like, collectively over their last couple years. So doing ransomware as an affiliate model seems beneath them, frankly. So I don't know. It is what it is. What I would say is, if this is true, you want to protect from Medusa. Let me see if Medusa is in the. Yeah, Medusa is in the Mitre, ATT and CK framework now that the. Your. It's escalated to nation state threat actor models. If you want if your information security program is better than like a basic, basic B information security program and you're looking to like level up to like a 2.0 out of 5, go, start looking at specific threat actors and making sure that your controls map to the ttps of the threat actors that are most likely to attack your particular. Your particular group. Again, I've heard them. I mean, so it's ransomware as a service, which means it doesn't necessarily have a certain fingerprint because the affiliates can attack whatever they want. I just want to point this out. Medusa ransomware. I, I really, I'll put Minnesota in. I feel like it was a school system in Minnesota. Yeah, Minneapolis, Bruh. Yeah, Minneapolis Public school back in 2023. Okay, so they've been around for a minute, but not at this state. I will say final thing I'll say about this for the threat actors, my man. If you start playing around with North Korea as a nation state, you are going to bring a lot of attention to you. So Medusa has been operating for years without really, I haven't heard of any disruption to their operation. You want to start screwing around with North Korea? I bet you the US Government would be interested in taking a closer look at you.
[64:41]
B
Data leaked. The Shiny Hunters extortion group published a 6.1 gigabyte trove of data with over 12 million records. They claimed the data was stolen from the US auto platform Car Gurus. This includes emails, IP addresses, financing, applications and outcomes, and dealer account details. No statement from car gurus about this publication, but the data has been added to the have I been pwned Data set which found 3.7 million records were new to its service. No word on how it breached Cargurus, but of late, Shiny Hunter's primary tactic is voice phishing.
[65:15]
A
All right, everybody, really quick. This is a follow up from earlier in the week. Shiny Hunters, remember, they are the youngs who do vishing mostly to get access. They log into your environment, they don't break in. Cargurus did not pay the ransom and they went ahead and dumped the information online. That's it. Okay, Car gurus will very likely send you a. Let's see what got leaked. Email, IP name, physical address, some finance information, etc. All right, you can go ahead and download this if you want. I'm not saying you should or shouldn't, but it's there. And expect to get a letter in the mail from car gurus or the law firm representing the car gurus with your one year of identity theft Protection again, guys, when, when, when a story like this happens, we, me and you, tech grunt, we are the victims. Okay? Car gurus, like car gurus is only impacted if we stop using them as customers. I don't know. Is this going to make you stop using car gurus? I don't know. Probably not. Right? So car gurus takes this L and keeps on trucking. And we are the victims. All right. Yay. All right, that's going to do it for today's daily Cyber threat Brief. I know I'm a few minutes over if you stuck with me past the 9am drop dead date. Thank you very much again, genuinely appreciate all of you. Thank you for being here today. Thanks for making this community rich, robust, engaging, safe and supportive. I definitely enjoyed it. Thank you all so very much. Don't go anywhere because we're going to do jawjack. Any 30 minute AMA where I will try to mentor at scale, answer any and all questions that you have. I'm Jerry from Simply Cyber. See you tomorrow at 8am Eastern Time. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's cracking everybody? Welcome to Jawjack and I'm your host, Jerry Guy. All about good times and got two thumbs, almost two complete thumbs at this point. All the kind words for everybody in chat saying that they enjoyed the daily cyber threat brief with that nerd, Dr. Gerald Ozier. It's an absolute pleasure. I gotta tell you guys, I am so grateful, appreciative and definitely recognize how fortunate I am that I get to do this every single day and be here and, and engage with you. It's just, what a blessing. I'm not a religious person, but I can recognize a blessing. And my man. This is unbelievable. So if you got questions in chat, drop them with a Q in the front. I will answer any and all that I possibly can up until 9:30. I've got a ton of work to do. We're going to Zero Trust World next week. I know James McQuiggin who's in chat's going to be there. Kathy Chambers. Kimberly can fix it. I'm just gonna throw it out there. I will be bringing a Commander deck to Zero Trust World. In case there's anyone there that wants to play magic, I will be bringing a vampire deck. So for the, for the magic contingent in chat, I won't be bringing my oppressive Azorius deck. I get crap on. I get crap from people because I build a deck that works. All right, so I'll be bringing a vampire deck. Come at me, brah. All right, let's get our questions rolling. I want to say good morning to Mercedes Cabrera. Good morning. Good morning to you, Mercedes. All right, let's look at the chat. Hey, Rhonda Rummerfield's here. Good to see you, rhonda. All right, BW5542 is in the chat. Shadow Brokers. Thanks, Kyle. Kyle on that Eternal Blue story. Tech Grunt making Monty Python jokes. S. Cole07 Good to see you. Doom Kraken always appreciate you. Jesse Johnson, the cosmic cowboy getting up early for the show. James the Quiggin likes Jerry guy. Very cool. Continuing to look through chat. Here we go. There are many AI models out, says the rarest heart. In your opinion, which AI model protects data best? If so, which one do you personally use? Okay, so really quick, as far as protecting your data goes, the only way, I mean, it's not necessarily a model, it's local LLM versus cloud based LLM. So if you're using Claude code or Claude, right. Opus 4, 6, sonnet, it doesn't matter. If you're putting things into Claude and hitting enter, you're sending that data to Anthropic's servers. Only if you roll your own local LLM can you ensure that the data never leaves. Right. If I was going to use a local LLM. Let me show you really quickly what you can do. This is going to be a quick little tutorial. I should make a short about this again. People think my shorts are AI, which kills me. But check this out. Shout out to John V. Who turned me on to this. You can go to Olama, go to the models in the top left and you can look at the different models. Now I want to call your attention to this right here. The, the 24B. You'll see 35B, 122B. These are billion, like number of parameters. Right? So the bigger the number 122 billion parameters, the more effective the model is effect essentially. But you don't need a huge model because I'm not going to be asking my AI about quantum physics or about like cardiac surgery. I'm asking it to like write me a to do list. Okay, so a smaller model is going to be easier to run locally. Personally, people like Minstrel, Ministral, Quen, and then there's a Kimmy one that is also Quite popular. There's Deep Seek. Also be mindful. This one is for like vision based language models. So you have to look at these. I'll drop a link in chat. Roll your own. I will tell you all. Also really quick, if you've been following me, I have Claude code. I have Open Claw. In fact this machine back here is Open Claw. I get, for some reason I gave it like a 75 inch monitor but. I, my, my work laptop I recently replaced. Okay, so I needed my, my laptop. I take on the road. I'm going to rsa, I'm going to Zero Trust World, I'm going to Black Hat. I needed a new computer that can handle, handle all this. Okay, so I'm in the middle of decommissioning my original laptop and I usually take two weeks. If I can go two weeks without accessing the laptop, that means I'm done with it, right? There isn't something I forgot about. I'm going to wipe it and then I'm going to install probably the Ministral LLM locally and make that the brain for Open Claw. So stay tuned. But that's, that's how you protect data. That's the only way to do it. Unless you do data sanitization before you put it into some of these cloud based models. Thanks for the question. Also you can talk to Phil Stafford and John V in chat. They are the are simply Cyber Community AI residents. SPIRAL said. And make sure you put a Q in front of it so I can see it quickly. Would Sock two and IT auditing be a good starting point for an accountant who wants to get into cyber? Would it also be good to pick up more technical skills? So Spiral, if you're an accountant, yes, IT auditing and, and specifically GRC governance risk compliance. That is where you're going to get your most, I guess, transferable skill set. Technical skills. Yeah, you definitely need to get some technical skills. Of course, the onboarding to GRC for a tech perspective is more forgiving than say pen tester or SOC analyst. Spiral, if you want an inspiring story and someone to talk to, go. Well, first of all, spiral, go to Simply Cyber's Discord server. Okay, so go to Simply Cyber IO Discord. I just put that in chat. Okay. And then look for Steve McMichael. Steven Michael is a very active simply Cyber Community member. He's a friend of mine as well. And here he is right here on the right. Steve. Steve is it was an accountant and went into cyber security. So like your story, Spiral Steve is like literally the person that has done exactly what you're wanting to do. So I would strongly encourage you to go on to Discord and then at cpa, to cyber security. I think that's his handle, Steve mcm Michael. And ask him what's up. Okay. That's going to be your number one best practice. There you go. All right, let's keep going. Jerry's going to the cons as three vampire Leat. Yep. Thank you, Shamira Gonzalez. Don't let them bully you. Hell, yeah. They're just mad. They hate it because they ain't it. And you know what? Honestly, Shimeria, I gotta tell you, I'm a Patriots fan, okay? New England Patriots, like, way to go, Pats. I know you lost in the super bowl, but we're back. I lived for 20 years of people hating me because of the Patriots. So them hating on my, you know, my magic decks, my oppressive magic decks, doesn't hurt me. If you had to break into cyber in 2026, what would your road map be, Papa Bear 8160? Well, Papa Bear, there's a slight trick to that question, because where are you starting, right? Whenever you're doing a roadmap, right, you have a destination, but everybody's got a starting point, right? So where are you starting from? Are you already working in it? Are you working in a non IT related field? Have you had a career? Or are you just getting out of college? Are you transferring from the military? So, unfortunately, Papa Bear, the starting point is difficult. You said if I had to break into cybersecurity, so I was a software engineer, and then I got into cybersecurity. If I was going to get into cybersecurity right now, what I would do, I mean, the roadmap is kind of multipronged. Number one, I'd start immediately, kind of getting wide on personal brand. Steve McMichael is a great example of this. He has a GitHub repository. He's making GRC tools, He's making content. He has gotten active in the Simply Cyber Discord server. He and I have become friends. He's not looking for a job, but, you know, I know what he can do. And if he was looking for a job, I would be mindful of that. He's delivering value into the community by, you know, answering questions and stuff like that. He's picking up skills by learning AI and. And, you know, making GRC tooling a bit easier, doing GRC engineering. So I know that's kind of a broad stroke, Papa Bear, on how to do It. But basically, here's what I would do. All right, let's get like, very granular. Number one, I would prioritize getting my security plus because unfortunately that's a thing that, you know, adds a lot of value as far as marketability goes. Number two, I would set up a personal website, jerry ozer.com or whatever, and then I would have a blog there that I try to contribute to regularly. I would have a link to my GitHub. If I'm going to be doing GitHub stuff, I would be working on some, some, you know, tooling or whatever. I would then share that on LinkedIn with some regularity, always with a focus of delivering value to the reader. If you read any of my LinkedIn content, you'll see that I'm trying to educate, I'm trying to deliver value. I'm not just, I'm not just posting for the sake of telling people stuff. Even I get, I, I get sponsored. Some of my posts on LinkedIn are sponsored, meaning I get paid to post on LinkedIn and when I work with the, the businesses that are paying me to post on LinkedIn, I tell them right up front, if you want to work with me on a LinkedIn sponsored post, that's fine. But I will be delivering value. I'm not just going to be a billboard. In fact, I actually had to turn a deal down recently because they literally just wanted me to copy and paste like their marketing stuff on my LinkedIn. I'm like, no, like I, I appreciate wanting to do business with me, but like, I'm gonna have to decline this money because this is not, this doesn't deliver any value to anyone. Like you're basically renting. I might as well put one of those, you know, those, those signs that. Or like I could stand out in front of LinkedIn and Spin1 of those arrows and point, you know, point to the business. So anyways, hopefully that answers your question. Papa Bear, do me a favor. Chat back in chat. Like message in chat. Does this answer your question or is this. Did I not answer your question? Soul Shine. Can I build a program on my flipper to block flock cameras when I drive by them? Possibly. I don't think so, no. Because the camera itself is, is. It's like a webcam, right? All the Flipper zero is going to do is you could disrupt radio signals. Maybe I don't understand how the flock cameras work, but if there is a camera looking at you, it's looking at you. Like it's not, it's not using radio waves to look at you. And once you drive by, it's going to see you, right? And then maybe you're disrupting its ability to communicate. But as soon as you drive by, it's going to pick back up where it was and broadcast your information wherever. So I don't think that Flipper zero is going to impact flock cameras. Hey, Triple D. Mary, good to see you. Mary, I always appreciate seeing your, your LinkedIn post there. You always seem like you're having such a nice time with family and friends. Shane, what do you think are the biggest differences between Cyber and the DoD versus civilian preparing to jump back into the real world? All right, so for those who don't know, I did spend quite a bit of time working for the Marine Corps and the Navy a little bit Veterans affairs, which is not necessarily DoD, but it's a lot of DoD people in there. Most of my experience with DoD is the Marine Corps. So the biggest difference, I would say, is speed. Well, it depends on how, how big an organization in the civilian world you're going to be doing. And when you say civilian, do you mean as a civilian working in the DoD Federal Government? Because that, that term civilian does mean something very specific. So I'll try to answer the question in multiple factors. When you work for the federal government versus working in the private sector, you get paid a lot more money in the private sector than the federal government. You get a lot more training dollars in the federal government than you do in private sector. You can move faster in the private sector because there's a lot less regulation and requirements. You technically can cut corners in the private sector that you can't do. The speed of everything in federal government is wicked slow. DOD is like the largest employer in the world and it moves at the speed of the largest employer in the world. So you can't get a lot done private sector, you can move a lot faster. If you have a small team, a small business tech startup or something, you can move blistering fast. Those are kind of the main differences. All right. All right. So people are commenting in chat about the different models. Brown Coyote says Quinn is good. James Quiggin likes Olama a Gemma. I'm not even familiar that one. Ellipsis says is volume management course still being worked on? I haven't. Yeah. I mean, here's the deal. Ellipsis. I know people make fun of me for having challenges at delegation. I am super busy and I wish I could work on it, but I don't know. I. I don't know how to answer this question, like, technically it is in progress. I would not say it's off the stove. It is on the back burner. Yeah, I'm sorry. Ellipsis. All I have left to do is literally, I talked to Nessus and I got the licenses. All I have to do is film the labs. That's it. It's just hard. Like, listen, I mean, not to belly ache to all y', all, but like, just to put it in perspective, like on Tuesday and Thursday I do the stream and, and then I teach. I don't even get to work. Like I can't get to work on Tuesdays and Thursdays until like 12:30 or 1. Okay. And then I, I have a hard stop. I, I had a hard stop at five, but that's blown out. The last week or two, I've been working till six, which is like, I don't like that. I hate that because it's taken away from my family. Monday, Wednesday and Friday, I don't get to work until 9:30, which is, you know, basically in a few minutes. Let me check my calendar. I might even have a meeting. Yeah, I mean, and then I just have meetings all day today. So like working on the course, it's hard. I'm sorry. I know a lot of people want this. I feel like I'm letting this community down by not getting the vulnerability management course done. I even paid someone to help me work on it. They did their job wonderfully and even that did not progress it. So the question has come up for. Oh, actually even I feel like kind of like a failure because of this. I also want to remind everybody, if you did not know, just so everybody knows really quickly. Yesterday we did the Simply Cyber Skills stream with Tim Papa, talking about working through ransomware negotiations and how to leverage emotion on the threat actor in order to like control the situation. I want to remind everybody that tomorrow we are actually running Simply Cyber Academy Workshop. Okay? So hands on ransomware negotiation. You will be working through practical exercises on doing a ransomware negotiation. If you work in IR or you work in GRC and you haven't had to deal with a ransomware negotiation, but you'd like to get some like, cycles, some time in the seat. This is a workshop for you. Okay, I'll drop a link to this in chat. I do want to tell everybody the skill streams are free, right? We do one a month. The skill streams are free, the workshops are paid and they're, they're. I mean it's 99 for like two, two or three hours. I think it's two hours, this one. So you're. It's paid, but you're getting value for your money. And it's tried. I tried to price them reasonably, but also, you know, I have to pay the trainer to come train, right? Like, they're not coming for free. So the reason I bring this up is one to promote it and tell you guys about it in case you want to attend the workshop and check it out. But also kind of like the vulnerability management course, I'm trying to do this, but if there isn't a interest in the workshops, then I'm gonna stop doing them. Because frankly, between you and me, I'm losing quite a bit of money running the workshops. Like, I pay like a 200 bucks a month for Zoom, and the workshops are generating $0 a month at this time. So from a business perspective, it doesn't make sense. So I'm trying to learn. But this vulnerability management course, I'm sorry that it's not been moved forward. This Ben Ban field. This question's come up for me recently, and I was curious how you would explain it to a new security person. How do you describe the difference between technical controls and NIST controls? What? Okay. Okay. So I guess what the first thing I would denote is like NIST controls are NIST 853. Right. So for a new person, I guess I would say the first thing you need to understand is that technical controls are a subset of NIST controls. Technical controls and NIST controls aren't two different things. NIST controls have administrative controls, technical controls, and physical controls. So NIST controls are inclusive of all controls that you could possibly implement to reduce risk for your organization and protect your data, protect your apps, hide your wife, hide your kids. Right. Technical controls are controls that you implement on systems that are typically, you know, configurations that are, you know, basically always on or always off or whatever. Right. So a technical control would be like a password. A technical control would be like a firewall preventing access. A technical control would be like, you know, not being able to access files on a server until you authenticate to it. A technical control would be like having backups that you can restore from. Okay. A NIST control is. It's. It is a collection of controls that include technical controls. I don't know how to make that any more clear. Now, if you said the difference between technical and administrative controls, those are two mutually exclusive things. Hopefully that helps Ben Banfield find the true says. I've seen a request for vulneragement analyst master class. I'm sure it's on the radar. I just can't find it. Yeah, I know. Not a question. But what's helped me is using CHAT GBD to help create gut. Gut get up projects when you can hone those skills. Thank you, Alex. Nicole says, for someone who doesn't have an A plus SERP but has a SEC plus certified, would it be good idea to get a help desk job first? Okay, so first of all, Alex, great question. What I would say is you don't need the A plus cert, but it is useful to learn the knowledge that would be required to get the A plus cert. Secondly, help desk is a great first job. It is a great first job. You want to drink from a fire hose? Help desk is great. You can cut your teeth on all sorts of real problems and challenges that end users are having. You can also, you know, obviously start getting into like identity and access management because you're going to be doing like MFA enrollments, password resets, MDM deployments, stuff like that. So you can get cyber adjacent. All right, hold on. Quick question. For AI workloads in aws, should cloud security engineers deeply understand ML model security or is it focusing on infrastructure controls sufficient? So I would say infrastructure controls is sufficient. You don't need to understand ML model security. I mean, you, you should be careful. The thing is, infrastructure controls aren't going to stop prompt injection. Right? Prompt injection is just going to happen regardless of that. So I would be mindful of that. Yeah, I mean, I think controlling access to the model and to the interface of it is. Is probably more important. Rich 464. Are people getting confused by your shorts? Are they confusing authentic with agentic? Oh, my shorts. Yeah, I don't know, man. I don't know. Like, I don't know what to tell you. Like here, like, I'll just show you guys. Oh, crap. Hey, two Cyber Chick starts in just a minute. Here, look. This black and white one right here, people think is AI. It's not like. I'm sorry, I just put a black and white filter on. I'm trying some different stuff. All right. Hey, really quickly, we got a two Cyber Chicks season premiere. It's just starting. Where is it, bruh? So we can boogie over there. I'm gonna speed run. Hey, listen, really quickly, two Cyber Chicks is premiering right now. So we can go over there. I will say this, it's premiering right now. Let me drop a link in chat. If you dropped a question in chat, what I will tell you is do not leave the chat. Okay, Pop the chat out or whatever. Hold on. My God. Open a new tab. Go to the two cyber chicks for raid. But I will, I'll spend five minutes going through, and I will text answer everyone's question because I, I, I want to. I feel bad. So let's do a little sc. Raid. So I'm gonna end the stream, but the chat will still work, so I will answer your questions. Okay, thank you all so very much. I hope you have a wonderful day. Again, I will answer the questions in chat after the stream ends. It's still an active chat. Be well, everybody, and until next time, stay secure. Have a great day.