Summary7 min read

Daily Cyber Threat Brief Podcast – May 12, 2026 (Ep 1130)

Host: Dr. Gerald Auger, Simply Cyber
Special Segment Host (Cyber Career Hotline): Jesse Johnson, "The Cosmic Cowboy"
Theme: Top cybersecurity news and career insights for professionals and learners.
Date: May 12, 2026

Episode Overview

This episode dives into eight top cybersecurity stories shaping the industry as of May 12, 2026. Dr. Gerald Auger brings both humor and hard-won wisdom to the analysis, providing actionable takeaways and context you won't find in news headlines. Key stories involve AI-driven zero-days, major Linux flaws, data breaches, supply chain attacks, privacy lawsuits, and the real-world impact of cyber risk management. The episode concludes with the Cyber Career Hotline, offering advice to listeners navigating cybersecurity careers.

Key Stories & Insights

1. AI-Driven Zero-Day Attacks and Google’s Discovery

[14:13 – 22:50]

Story: Google identified the first known case of hackers using AI to discover and exploit a previously unknown software flaw (zero-day) in an open source admin tool. The AI-assisted attack could have bypassed two-factor authentication. The problem was patched before any damage.
Insight: AI is fundamentally changing the vulnerability landscape. Attackers can find flaws at unprecedented speed and at scale, pushing defenders towards "cyber resilience" over traditional "cybersecurity."
Real-World Impact:
- The National Vulnerability Database (NVD) is struggling to keep up with enrichment and analysis of AI-discovered vulnerabilities, which means more unclassified and potentially unaddressed bugs.
- Software engineers must integrate AI-driven code review and testing into development.
Quote:

"Security is a quaint notion and it’s a cool thought exercise, but that's not where we live. We live in cyber resiliency because you are going to get... exploited. How do you continue operations? How do you limit the blast radius? How do you recover faster? That’s what we should be talking about." (21:09 - Dr. Gerald Auger)

2. Forza Horizon 6 Leak and Enforcement Response

[22:50 – 29:24]

Story: Forza Horizon 6 leaked online a week before launch via unencrypted PC files on Steam. Microsoft began franchise-wide bans for players using the cracked version.
Impact: The leak appears to be accidental, not a deliberate hack, but with huge economic implications—potentially tens of millions lost. The ban is severe: permanent loss of access to Forza games.
Security Lesson: Privilege and access controls are pivotal for intellectual property protection. Policy must be tailored to the organization's risk appetite and culture.
Quote:

"Franchise-wide bans—that is a death knell if there ever was one... Access control is paramount." (23:30 - Dr. Gerald Auger)

3. Dirty Frag: New Linux Kernel Vulnerability

[29:44 – 37:56]

Story: "Dirty Frag" is the second major Linux kernel flaw discovered in two weeks (after "copy fail"). Allows attackers with basic access to gain root privileges and escape containers with little trace. The embargo broke early, accelerating patch cycles across major distros (Red Hat, Ubuntu, Alma Linux, more).
Broader Message:
- AI is finding older vulnerabilities rapidly. If organizations have technical debt (old, unpatched tech), they are newly exposed.
- There’s now a premium on meaningful, responsive patch management and regular board/CIO-level risk discussions.
Quote:

"We've come a long way, baby. Back in the 90s, you would try to do responsible disclosure and large companies would just tell you they're going to sue the crap out of you." (30:27 - Dr. Gerald Auger)

4. PowerShell Stealer Hits Claude Code Developers

[37:56 – 43:35]

Story: Fake installation pages for "Claude code" (popular AI tool) infected developers with PowerShell-based infostealers. The malware targets browser data and can lead to full compromise of dev pipelines.
Teaching Point: This is a classic attack in a new "skin"—malvertising and credential theft adapted to AI’s current popularity.
Advice: Both static and dynamic indicators of compromise should be sought; defenders must look for new variants of old tactics.
Quote:

"There's no difference between a fake landing page for Claude code and a fake Zoom installer during the pandemic. This is just a new skin on a common attack technique." (38:37 - Dr. Gerald Auger)

5. Netflix Sued by Texas over Mass Surveillance

[46:02 – 51:26]

Story: Texas sues Netflix for covertly collecting and sharing extensive subscriber data—including from children—with advertisers and data brokers. Alleged sharing partners include Experian and Google’s ad platform.
Analysis: Fines in the billions may not deter this behavior; the profit incentive outweighs regulatory penalties for large tech conglomerates.
Quote:

"In capitalism... if it's gonna cost me $1.4 billion in fines if I get caught doing this thing, but this thing makes me $10 billion... I'm in the black. I'll take it all." (49:58 - Dr. Gerald Auger)

6. Supply Chain Attack: Team PCP Compromises Checkmarx Jenkins Plugin

[51:26 – 56:05]

Story: Threat group Team PCP infiltrated Checkmarx, publishing a malicious Jenkins AST plugin including credential-stealing malware after prior attacks on other developer tools. They even renamed the plugin repo "Hacked by Team PCP."
Lesson:
- Prompt, thorough secret rotation after a breach is non-negotiable.
- Supply chain attacks are increasingly targeting developer tooling.
Quote:

"Rotating secrets sucks. It takes time, it's disruptive. If you don't do it, this is what happens—you can expect this." (55:25 - Dr. Gerald Auger)

7. US Government Agencies Battle Over AI Oversight

[56:05 – 58:41]

Story: National security and commerce officials clash over which agency should evaluate advanced AI models for risks.
Perspective: For most practitioners, this is "two giants fighting"—implications unclear, but whoever wins will set the trajectory for AI policy and possibly consumer access to advanced models.

8. Canvas Data Extortion: Shiny Hunters Attack

[58:41 – 63:01]

Story: “Shiny Hunters” threaten to leak 3.65TB of stolen data from Canvas LMS, affecting over 8,800 school systems. After failed ransom negotiations, attackers injected a defacement/extortion notice into nearly 330 Canvas login pages.
Impact: The attack may become the largest educational sector breach to date. Canvas eventually paid the ransom, as confirmed by listeners during the show.
Quote:

"As always, when you're doing your tabletop exercises... use this story as a case study. They got all our data—business still functions, but what do we do? That's a great scenario to run through." (60:49 - Dr. Gerald Auger)

Notable Quotes & Moments

AI’s Accelerating Impact:

"It doesn't rain all the time, but it is going to pour soon." (21:00 - Dr. Gerald Auger)
Supply Chain Vigilance:

"Jenkins... If you're running it, get with your developers ASAP. Team PCP is all over the place." (52:11 - Dr. Gerald Auger)
On Career Development (Cyber Career Hotline):
- "Experience trumps everything. If you want to break into IR, build a home lab—let it get hacked, practice response." (66:08 – Jesse Johnson)
- "If you’re applying for jobs and not even getting interviews, it’s a resume issue. If you’re getting interviews but not moving forward, it’s about your interpersonal skills." (68:45 – Jesse Johnson)

Practical Takeaways

Adopt a Resilience Mindset: Prepare for inevitable breaches; focus on detect/respond/recover.
Emphasize Responsible Disclosure: Advocate for fast patching and good rapport with researchers.
Prioritize Access Control for IP: Protect proprietary data assets, especially game studios and tech companies.
Supply Chain Defense: Review and control developer tooling and plugins after breaches—rotate all secrets.
User Awareness: Every hot tech trend will be exploited for phishing/malware. Teach users to be generically suspicious, not just of specific tools.
Stay Informed on Regulatory Actions: Fines may not force compliance; direct action and pressure from highly motivated states like Texas may escalate privacy litigation.

Career Q&A Highlights (Hosted by Jesse Johnson, 64:51 – end)

Paying the Ransom:
"It’s situational—lesser of two evils, sometimes the only way to blunt serious impacts." (65:20)
Breaking Into Cyber/CTI:
If you have credentials but can’t get interviews—revise your resume, get a second opinion, and focus on actionable experience.
Conference Tips:
Bring comfortable shoes, open mind, and put networking above rigid scheduling.
Skill Development:
Learn both Linux and Python for analyst roles; practical, hands-on learning trumps rote memorization.
Resume Issues:
If you’re not getting interview calls with industry certs and experience, focus on resume clarity and alignment with the job.

Episode Timestamps

[00:01] – Intro & CPE process update
[14:13] – New: AI hackers find software flaw (Google zero-day)
[22:50] – Forza Horizon 6 leak and bans
[29:44] – "Dirty Frag" Linux kernel vulnerability
[37:56] – PowerShell stealer via fake Claude code pages
[46:02] – Texas sues Netflix for surveillance
[51:26] – Supply chain attack on Checkmarx Jenkins plugin
[56:05] – AI policy fight in US government
[58:41] – Shiny Hunters extort Canvas LMS
[64:51] – Cyber Career Hotline with Jesse Johnson: Career questions, advice

Language & Tone

Direct, casual, and insightful
Humorous real-life analogies (“Three Stooges,” “YOLO,” “Carl situations”)
Supportive and practical for both newcomers and seasoned pros

Final Note

Simply Cyber’s Daily Threat Brief is more than just news—it's contextualized understanding for real-world practitioners, with a unique blend of levity and deep expertise. Show up daily to stay current, collect CPEs, and join a thriving cyber community.

Loading summary

Transcript32 lines

[00:02]
A
All right. Good morning, everybody. Welcome to the party. Today is Tuesday, May 12, 2026. Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Ozier, coming to you live from the Buffer Oer Flow studio. And if you're looking to stay current on the top cyber news, getting informed, able to execute and take action on, you know, this dynamic environment that is cyber security, well, then you're in the right place. And might I add one key differentiator. The Simply Cyber Community. Live chat, practical conversations with cyber security professionals and students. My God, we did it. Guys, get your coffee. Let's get ready. Got a big update on the CPE stuff, which is pretty dope. Let's settle in and get after it. Good morning, Foreign. Hello. Hello. Good morning, everybody. Great to see you. Code Brew. Find the true neck beard. Jesse Johnson, Cosmic Cowboy. Shout out to all y' all who are looking out the window right now and seeing darkness. I know it's early on the left coast, it's early in the mountain times, but definitely appreciate it. Not just for myself, but this community is better because you're here live with us, guys, every single episode. We got eight stories we're going deep on. How many have I researched and prepped for a zero. Ain't nobody got time for that now. You might be like, Jerry, that sounds reckless. That sounds like a hot mess express. No, it's not, because this is how it looks in real life. As a cyber security professional, you would not. You don't like research and prep and then like, basically posture around like a donkey in front of other people. You just do the work and get it done. That's what we do here every day. Now, I do have 20 plus years of experience and quite a bit of education, so what I love to do is go beyond the headlines and give you additional insights, additional value, things that you wouldn't know from a classroom or textbook. You'd basically just have to live them. Like. Like, for example, not patching on Friday afternoon. Why not? You could do that anytime. Well, unless you enjoy your. Don't enjoy your weekends. It's a. It's a, you know, gambling to do it, for example. That's a simple one, guys. Every episode of the Daily Cyber Threat Brief has. Let me do the first timers first. If you're here for the first time, what's up, Data Dragon? Good to see you. Sam Crow 7. She's out in the left coast. You know what? Sam Crow, a recent. A recent new person to the Simply Cyber community. She's on the left coast or at least definitely in the dark, I think. Left coast, though. All about good times, guys. If you're here for the first time, do me a favor. Drop a hashtag first timer in chat. Hashtag first timer in chat. Marcus Kyler. You don't need 20 years in the field. What I do up here is easy. Didn't you attend Marcus Kyler's talk at Simply Cybercon? I just. I just. Marcus, I. I love you, Marcus. So listen, if you're here for the first time, drop a hashtag first timer. Hashtag first timer. It's simple. You just click clack, click clack, click clack on the keyboard. It comes into the chat. There we go. Vince knows what's up, Vince. Vincent Lawson. Welcome to the party, pal. Welcome to the party, pal. Welcome to the party, pal. Guys. All right, here we go. Now, every single episode of the Daily Cyber Threat Brief has is worth half a cpe. Now check this out. Everybody get your sunblock, put it on your face, because I am about to fully lights you up. Ready? Cyber Threat Brief, Simply Cyber IO, follow along with me if you will. Across the top you'll see this CPE option. Oh my. What it, what? If you select it, you can see here claiming a.05 CP for attending today's brief. You have to put in your name, like you know, Gerald Oer or you know, Ben Cheryl, Jesse Johnson, casually Joseph, whatever, whatever you want to show up on the cert, you have to put your email address in because I have to email it to you. And then you have to select both of these. One that you. One is a self attestation that you're attending the talk today, so you know, it's on you to be ethically sound. And the second one is granting me permission to email you. I don't even think. I know I. I need this, but I just don't want. I. I'm doing all the things to protect my butt. Then you verify you're human and you submit the attestation. Now what happens after that? Check this out. I'm going to just show you guys really quickly because you won't see this until the end of the month. All right, I did. Oh, my God, guy, I did some testing on this. Hold on one second. Oh, my Jesus. Come on. One second. Give me a second. This is worth it. Okay? If you're like, hey, where's the news? I'm sorry, I'm sorry. Vincent Lawson's probably like, dude, I thought this was a news podcast and this guy's up here Talking. Trust me, this is a big thing. It's all about. This is a major update. We've been doing this for like four or five years and I've been promising this for like two. All right, so check this out. Here's the deal. Here's the deal, everybody once a month. So I, I don't send you an email every day for half a cp. If once a month, at the end of the month, it keeps tracking a database, right? Marcus Kyler May 12. Marcus Kyler May 13. Marcus Kyler May 14. Okay, at the end of the month, it's going to send you an email and it's going to enumerate all the days that you came with a half a CPE for each day and then a rollup. So here's what it's going to look like. Okay, Can I do this computer, take this tab over. Thank you. All right, so look at this. This is going to be what it gets. Okay? So obviously I was just testing this yesterday. So it only has the one day view and print cert. Boom, baby, boom. So you can see here how it's got the. The like, it'll be enumerated. So then it'll say, hey, you know, here's your 13 CPEs for the month of May 2026. I'm your host, all the things. Okay, so this is best as I can do. This is the best I can do for you guys. This is a free service. It's Cyber Threat Brief. Simply Cyber IO I'll drop it in chat. Cyber Threat brief. Simply cyber IO G. Get your CPEs here. Yes. And everybody, please, let's. Let's give a Oprah emote to DJ B, who was the catalyst for all this. Thank you, DJ B. You want to talk about Simply Cyber community member DJ B. Bring in the heat. All right, guys, so that's the deal. Get your CPEs. Yeah. Simple as that. And there's. There is one constraint of. Okay, and I'm just. I can't solve for it. It's a, it's a. This is in beta, by the way, so there may be some issues. I, I vibe coded this number two. You have to, you have to register the day of. So if you go back and watch like May 5's daily cyber threat brief, you cannot get credit on the CPE thing. It has to be today. Like, you know what I mean? So you got to show up every day and please don't email me asking me to like back, back date you and stuff like that. I can't do that. This Is a. This is the best I can do for y'.
[08:10]
B
All.
[08:10]
A
All right, so that's what's up. We have CPE capabilities now and on June 1st, I guess we'll roll the dice and see what's up. So all of you are effectively beta testers now. So if you take advantage of this, you're a beta tester. Thank you for beta testing. All right, so every day of the week has a special segment. Tuesdays is Tidbits Tuesday, where we talk about something that I'm, you know, whatever, something about me we see if we vibe on it. Sometimes it's personal, like how much I hate sour cream. Do not. Justin Gold put that in chat. Excuse me? Every time I say sour cream, there's like this disgusting gif that Justin Gold always puts in chat. Hopefully Justin Gold's driving and can't do that right now. Anyways, it's a fun little segment. We have some fun with it. All right, guys, so every episode of the Daily Cyber Threat Brief has sponsors. I gotta tell you, the CPE thing, you know, like managing that the back end infrastructure costs money. Things cost money. I'm adding new functionality. Dan, Dan, Dan, Dan Reardon. Stan getting out of his. Getting out of his lane. Do not do it. Do not. All right, all right, guys, shout out to the stream sponsors who enable me to bring this to you. By the way, Vincent Lawson, our. Our token first timer for today. Vincent, thanks so much for letting us know. Vincent Lawson's probably like, holy crap, dude. Cpe. So good. All right, guys. Hey, shout out to Flare. Flare's Cyber Threat Intelligence platform is Dino mite. It's like J.J. walker. All right, hold on, dude. Flare. Cyber Threat Intelligence platform. I'm actually going to be doing a video with Flare in June. Their Cyber Threat Intelligence platform, they go out on the dark web, they data mine all of the real threat intelligence and all the telemetry from threat actors. Like real criminals. The people at Flair are getting. Not getting in bed with, but like the people at Flair are getting with the. The like cyber criminal forums, you know, criminal telegram channels, all that stuff. And they're getting info stealer logs, breach password logs, you know, upcoming chatter on activities and attacks. And then they put it into this really easy to use platform which allows you to query it and basically what's the, what's the impact, guy? The impact is you can see your organization, your VIPs, your users and see if they've been compromised, see if there's something coming up. It's so powerful. Go to simply Cyber IO flare. Now you could sign up for two week free trial. So no questions asked, no concerns, nothing like that. Two week free trial. And once they verify you're not a criminal, you're locked and loaded. Giving it a shot. Robert trotter putting his CPEs. And Robert, you don't need to do that anymore. We've got a whole new workflow for CPEs. Robert Trotter, go to Cyber Threat Brief, simply Cyber IO and on the top you'll see CPEs. So just follow along. You want to know what else to follow along with? Anti Siphon training. Anti Siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone, including you, T.J. medine, G. Mara Levy, GRC Guardrail and others. And every Wednesday they're doing a free series called Anticast. It's a one hour we webinar for free cost zero dollars. They're bringing in some of the best and brightest in our industry. Okay so this isn't just like you know, they grabbed somebody and said hey, get over here. They're like Scorpion, they're, they're literally getting some of the best and brightest. And tomorrow at noon eastern time, Elite Dennis is going to be teaching you how to build a bulletproof pretext. And if you don't know what that even means, even more reason to show up. Elite Dennis is next level social engineer, physical penetration tester. She is amazing at her job. She's like literally if you play Battlefield or Call of Duty she is prestiged multiple times. You know what I mean? Pick up what I'm putting down, come learn from her. Engage with a community similar to the simply Cyber community. Many of us are over there are, are go to these things. So it's all about good times. Reminder, Jay Smooth. You do not need to do the CPEs in chat anymore. We have simply cyber has a CPE capability now. All right, all right. Finally let's hear from Threat Lock. Really quick. Threat Locker application deny by default on the endpoint in the cloud. Quick word from them and then we're going to do the news. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance, onboarding and Operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right everybody do me a favor, sit back, relax. Let's let the cool sounds of the hot news wash over us in an awesome wave. I'll see you guys at the mid
[14:13]
C
roll from the CISO series, it's cyber security headlines Foreign these are the cybersecurity headlines for Tuesday May 12, 2026. I'm Sarah Lane. AI hackers find software flaw Google says it has identified the first known case of hackers using AI to discover and exploit a previously unknown software flaw. The AI assisted attack targeted a popular open source administration tool and could have let attackers BYP pass two factor authentication though Google patched the vulnerability before damage occurred.
[14:57]
A
X All right, so for sure this is, you know the, the micro story here, the transactional story is that there was a attempted exploit of, of a vulnerability that was used AI to define the vulnerability and then exploited. Of course this would be a, you know what an example of what a zero day is. Nacho. Randy, Chip, you don't have to do the CPS that way. Go look at the pin comment guy. Hey, simply Cyber community, can you please let people know as we're going, oh Christ almighty. As we're going through the day here like go to. I've pinned a, I've pinned, I've pinned a URL into the YouTube chat. If you're watching on LinkedIn, come over to YouTube for today. If you go to cyber threat brief.simply cyber IO we have I, I built an entire automated workflow for you to get your CPS monthly. This is a much better, there's a much better way of doing it. So please come over here. All right, the micro story is Google found something and you know, there we go. All right, here's the macro story and for real, for real this is. Guys, I hope you guys, you know have, get your, get your rain jacket on. Get your, you know, whatever those pants are that are made of rubber like waiters, I think they're called. Get it all because it is going to be raining torrential downpour for the foreseeable future. All right? And by the way, now more than ever it is critical to make sure that your response, your detect and response capabilities are up to snuff and tested. Couple things are happening here. All right. Mad Hat. Mad Hat actually and mods. Can you. Mad Hat had a video that I watched Last night, I think it's, I think it's a couple days old. But it's about NIST and NVD and how they're not going to be enriching all the vulnerabilities. Like if anyone has that link that his video was excellent at it. But here's the reality. AI, of course. AI. AI, AI. Right. Shall we play a game? Listen, AI is disrupting everything. Of course, of course. But specifically within cyber security. We've been talking about this for a while. You can use AI to review source code. You can use AI to find patches. I mean, stop it. You can use AI to find vulnerabilities in code. Code that's been around for 20 years. You can use AI to reverse patches. Okay, thank you. Thank you, Dan. All right, so check this out. I'm gonna link this video. Matt. Mad hat. If you don't know mad hat, this guy is definitely, this guy's definitely awesome. Okay, if you don't know Mad hat, please, Worth, worth a watch. The guy, he's, he's funny, which is great. And then he is definitely a, a well experienced professional. He wears the hat, but he's probably got scarred. Not, not like he's disfigured or something. I meant, I mean the proverbial scars of having worked in the industry a while. Anyways, this video, let me give it a. Like, this video is an excellent breakdown on kind of the nightmare fuel that is happening within our industry. I'm going to summarize it for y', all, but a couple things are happening and you could take. Dude, you could drop this knowledge in a job interview. You can share this around the water. Cool. Here's the deal. AI is being used to significantly find vulnerabilities, right? So many vulnerabilities that NIST's National Vulnerability Database, they have not progressed on the way that they are find that they are analyzing vulnerabilities and enriching the vulnerabilities with like additional information on how can it be exploited, how bad is it, etc. So what does this mean? This means that there's going to be lots of vulnerabilities that just don't get any information associated with it, which means people, businesses, users, it, etc, we're going to have gaps where we don't even know about vulnerabilities, which means with the speed at which threat actors are moving, they are going to be able to develop exploits. So, so the, the storm is coming, I guess to put it a plain way, like we're going to be dealing with a Lot more exploitation. Again, I, I hate the fact that I've been saying this, but I, you know, I have to be true to myself. We should be working in cyber resiliency, not cyber security. Security is a, is a quaint notion and it's a cool thought exercise, but that's not where we live. We live in cyber resiliency because you are going to get, you know, basically exploited. And how do you continue operations? How do you limit the blast radius? How do you recover faster? That's what we should be talking about. So here we go. So when we talk about anthropic Mythos, when we talk about open AIs, whatever, dash, cyber model, remember there are other first world power countries out there, China to name one. There's others, of course, right. But China's doing this heavily that have their own AI research lanes that are doing it their own way. So it's not like this is the nuclear bomb from the 40s where, like, we are the only ones in the United States who can control this super weapon and we're going to decide who gets it and then we do nuclear proliferation and give the knowledge out and then it turns into a cold war and everybody agrees that mutual destruction is imminent, so we're not going to do that anymore. This is very similar, except everybody now has the capability, the knowledge and the technology to, to be able to drive their own research paths to completion, which means we in the United States cannot control access to this technology. So having said all that, you can, you can put guard rails and control around Mythos and open AIs, but there's other ones. This is what's happening. Pretty soon you're going to be able to roll your own AI and do whatever. Bugs are going to get exploited. Exploitation is going to happen. This is a taste of what's up, dude. Okay? So again, now more than ever, I just hope, honestly, that software engineers begin to integrate AI into their QA and unit testing and all that. There will be a phase. Again, this is a hot take. There will be a phase, a period of time where all the old software riddled with bugs and stuff gets ripped up and, you know, all those things. But eventually we will reach a point where hopefully all of that code is kind of either deprecated or it's been exploited and we fixed it. And then all software going forward is built in and integrated with best practices and AI. I will tell you, I've been working on my own projects, okay? Like, I've been working on a big project that's unrelated to cyber Security, so I won't bother you with the details, but the CPE thing right here, right, this has some functionality, this has text Fields, this has URLs and stuff. So when I vibe coded this, I then did a whole session of. All right, now let's do it. Let's look at all the code that we developed from a security perspective. Is this vulnerable to SQL injection? Is this vulnerable to cross site scripting? Is this all like I went through all of it and hardened the crap out of this thing to the best of my ability. So we are going to get there. But right now guys, it doesn't rain all the time, but it is going to pour soon, okay?
[22:51]
C
Box leaks Forza Horizon 6 Forza Horizon 6 leaked online more than a week before launch after unencrypted PC files briefly appeared on Steam, letting pirates crack and distribute the game. Early reports blamed a preload error, but Microsoft later said the leak was not the result of a preload issue, suggesting the files may have come from a reviewer or early access source. Instead, Microsoft has begun issuing franchise wide bans to players using the cracked version, though the game remains playable offline.
[23:30]
A
Wow. Okay, I'll tell you what franchise wide bands that is. That is a death knell if there ever was one. Like you can never play a Forza game ever again. So listen, this is a couple different things here. Number one, the files leaked online. Someone didn't. I mean, it doesn't sound like someone hacked it. It sounds like someone accidentally released it. You know, permissions kind of issue or you know, visibility issue, whatever it was a week before. Now, obviously Forza is one of the, you know, the big franchises for Microsoft. My son is a huge Forza 5 fan. He plays it all the time. I can't play it. I don't, I don't. The game's too real. It's. It annoys the crap out of me that like controlling the car is like next to impossible, but they cleaned it up and then this is an interesting technique. They are dramatically penalizing their customer base for using it. So like you have people that are so die hard into Forza that they want to use the early access. Not early access, but use the, the platform if it got leaked. And now they're getting basically bans for forever. So that's pretty insane. I will say that someone, someone probably got fired for this. Okay, just so everyone knows, like if you were the one who had the source files on your computer and you leaked it, I feel like ownership or not ownership leadership is going to like this is like millions and millions of dollars. Like, think about how much it cost to develop Forza 6, okay? Like, how much did it cost to develop Forza 6? Okay, just really quickly, come on. AI all right, I don't care how much it cost. I want to know how much it cost to. All right, so I don't know how much it costs, okay? I don't know how much it costs to make. But let me point this out. They pre sold 500,000 copies of it and made $30 million. Okay? If I, if I ever sniffed $30 million, I, I, I, I don't know what I would do. I'd probably pass out from just like shock. Okay, so it's software though. So when it leaks, the value of that goes to zero if it's just released online. So like, this had the potential of like tens of millions of dollars. You better believe, you know, some reckless engineer or whatever who, who made a mistake. There's going to be someone who wants accountability because unfortunately, hey, here's a reality of corporate America. Definitely somebody in the C suite heard about this and is like, what happened? And immediately went down one level to the senior director of software or whatever. What happened? Give me an answer. And then the senior director turns around, it's like, give me an answer. It's basically the Three Stooges where Mo tells Larry, Mo tells Larry to do something, and then Larry turns Curly to do something. Then Curly tells and realizes there's no one to tell. Director's like, what happened? And then senior manager's like, what happened? And then managers like, what happened? And then developers like, I just, I don't know. And then like, all right, well, there's gonna be, you know, millions of dollars. You're fired, Right? Like, like straight up, dude. Okay? So unfortunately, the whole thing is unfortunate, but you got to be mindful of that. What I would recommend from a cyber security perspective is when you have intellectual property, like software, something like this, okay, Access control is paramount. Okay. Again, I love, I love making things relevant to cyber security and making lessons learned. Listen, if you work at a tech startup, a tech company, you have GitHub or whatever, you know, software concurrency versioning control system you have. You have to be really deliberate about access controls. You have to make it so. Guess what? You can't take IP locally onto your machine, or you can't take your machine home, or, or if, if you do. This is all policy decision. You have to come. This is why policy isn't cookie cutter and textbook stand or boilerplate. Excuse me, you have to figure out policy for what works for. For your workforce, for your environment. But by controlling that ip, you can eliminate the possibility for a leak like this in the first place. If you let everybody go loosey goosey and yolo, you. You. You're just taking on risk, right? It's. It's totally, entirely possible that what happened here, you could have done business this way. That engineer could have had data on their machine, no big deal, and it never got leaked. This is what risk is. It's the likelihood of the bad event happening, and then when it does, what's the impact? So if you can reduce risk to zero or near zero by not letting this IP get out in the first place on, you know, out in the wild, well, then that's what the chances of it happen are, really low. So that's what's out. Guys, you got to be careful. I'm not claiming insider threat. I'm not claiming malicious activity. I think this was a Carl situation. Carl's our token user who makes a problem. Yeah, DC5 knows what I'm talking about.
[29:25]
C
Next, Colonel hit by second flop.
[29:28]
A
Oh, by the way, just as a quick aside, if you have friends, family, loved ones, kids, nephews, nieces that play Forza, let them know. Don't download this cracked version because you will be banned for life, which is a pretty heavy hit.
[29:44]
C
Computer researchers discovered a new Linux kernel vulnerability dubbed Dirty Frag, the second major Linux flaw revealed in two weeks after the earlier copy fail bug. The chained vulnerabilities let attackers with basic access gain root privileges and escape cloud containers by exploiting how Linux handles files in memory while leaving little trace for security tools to detect. The flaw was publicly released after a disclosure embargo collapsed, accelerating patch efforts across major Linux distributions, including Red Hat, Ubuntu, and Alma Linux.
[30:27]
A
All right, Dirty Frag sounding spicy. Spicy. Oh, my God, it makes me think of Dirty Mike and the boys. The. The letter found in the back of Lebowski's car. All right, guys, so second major Linux vul discovered they did do a responsible disclosure, which is great because it allows you. Oh, thank you, DJ B. Guys, I. DJ BAC is such a great community member, he has automated the CPE notification. So now I think if you do exclamation point cpe, it will notify you of the URL. All right, let's see. Dirty Frag allows for a container escape. Container escape is like compartmentalization. You do not want. Like, there's a lot of trust put in containers and. And kind of like logical boundaries. So if you can break out of a container, if you can break out of a tenant, it's really bad. Okay, let's see. You can see here. They used AI tooling again. Guys, this is, this is where we're at now. This is where we're at now. Okay? If you're not using AI to defend, to review source code, look for vulnerabilities, etc. Oh yeah, please, if you can add, I guess the exclamation point CP isn't in place, but yeah, DJ B sec, if you can, that'd be awesome. Let's see. So the term responsible disclosure, this is a good example. This security researcher who's considered a good guy found this major Linux flaw and then privately communicated it to, you know, the, basically the foundation to get this message out to the. Affix, out to the, to the users of it before. So April 30th, so 12 days ago. Allowing time for vulnerable populations to patch. Okay. Ah, you got to patch. That's called responsible disclosure. Irresponsible disclosure is just posting it on Twitter and being like yolo. That would be that. I will tell you that. Responsible disclosure, we've come a long way, baby, right? We are. We are the Fat Boy Slims. Was it Moby or Fat Boy Slim? I think it was Fat Boy Slim. We've come a long way, baby. Because back in the 90s you would try to do responsible disclosure and large companies would just tell you that they're going to sue the crap out of you. So a lot of people would just like announce at defcon a major vulnerability. One guy got arrested like as he was doing it on stage. It was kind of crazy. Oh, in this particular instance, the embargo was broken. So that's another term that I've learned since I've been working in the industry. An embargo is like basically kind of like NDA, like, hey, this is a notification, but it's under embargo, so don't tell anyone. All right? All right. So Moby, as you've come a long way, baby. Thank you. The, the exclamation point CPE now works. DJ B sec. We're, we're building it in production right now. Everybody. There are two CVEs, 2026, 43284 and 43500, each affecting different part of Linux's kernel networking. So what version of Linux? All right, so I guess this is the vibe for today. The theme of today, as noted by these, you know, this, this copy fail and dirty frag these Linux problems, okay? AI is going to Find all, not all. AI is going to find a lot of older vulnerabilities. And if you've been like, carrying around technical debt, if you, if you've been carrying around old tech and, you know, it's. You might be thinking like a patch might not even come out right, so you've got to get on board. I would recommend having a meeting, like, do some research, get this in place and have a meeting with it and maybe the CIO and say, hey, listen, this is going to be a problem for us over the next three years. Like, I'm talking like a strategic meeting to inform them on this. And there's so much evidence to support that. You're not Chicken Little screaming that the sky is falling. Like, there is a lot of evidence around what AI is doing as far as finding vulnerabilities in the, in the, the speed at which it's happening and the, and like, I guess the speed at which we're not going to be able to patch these things. Shout out to Britain's National Cyber Security center. Kind of like the British CESA for providing all this information. Very nice. The one other thing I want to point out here is. There was another, like, lesson learned I want to give you guys. I don't remember. Whatever. Anyways, if you're running Linux, I guess look into this. It's not clear to me what version of Linux is vulnerable to this one. So maybe it's in the. Oh, yeah. Anyway, yeah, here's that. Here's an article from a couple weeks ago that we covered in the show that you can use for that strategic meeting that I was talking about. Okay, listen, guys, if you serious about protecting your organization, you need to. I, I would have a meeting with cio. I. You know, honestly, I might even start publicly talking about this, like doing talks at conferences and stuff. I might, I might build a talk around this. I feel strongly that this is, this is where it's at. I mean, and guys, I've been telling you guys about this for a minute. If you go to Simply Cyber IO Books. Simply Cyber IO Books. This is my recommended reading list. This book I've been talking about for probably two years. It's a sobering read. Hold on. When did I buy this book? It says right here on my Amazon shopping cart. I bought this March 22, 2024. So over two years ago, I bought this. The coming wave. This is what the wave is it? The coming wave is just the speed at which everything's going to happen. And you know, the book predicted it. It's 100 accurate. It's going to continue. I recommend strongly, strongly reading this book. Okay, coming in from DJ B Sec. Dirty Frag affects Linux versions including Red Hat, Enterprise Linux 8910, OpenShift 4, Ubuntu Fedora, CentOS Stream and Alma Linux. So thank you. If those are yours, get your stuff patched asap.
[37:57]
C
Claude code page pushes PowerShell stealer researchers uncovered a malware campaign using fake Claude code installation pages to infect developers with a new PowerShell based information stack. The malware targeted Chromium based browsers to steal cookies, passwords and payment data while evading detection through heavily obfuscated scripts and minimal native code activity. Researchers warned that compromised developer machines could give attackers access to source code repositories, cloud infrastructure and CICD pipelines.
[38:38]
A
Yep, 100 true. A lot of people are going ham. In fact, like I, I'm, I'm particularly excited. I told you guys for the month of April I wanted to learn GRC engineering and get smarter on AI. I did that and now phase two of that is I have some GRC engineering work I'm going to be making a video around. But also I am building web apps now using Claude and it's, it is interesting. Like obviously I'm a big fan of getting your hands dirty to learn because you learn where the, the issues are and the mistakes and all that stuff. But guys, it's like, you know, set up Cloudflare, set up GitHub, connect them all and then just Claude writes hundreds of lines of code and you're just going ham. So threat actors know this. Threat actors are well aware of, you know, valuable source code, valuable API keys, etc and unfortunately there's a lot of people who don't know what they're doing that just hear the word Claude code or they've watched a freaking YouTube video on how you can use Claude to make six figures a month and people are just hitting the this. They're spamming the easy button, right? Like, like, oh yes. Like oh Claude, Claude. God, I want more. Give it to me, give it to me. And basically threat actors are like, we were happy to serve you. Here's a Install Claude code. Click here now. And people are just like, yes, yolo. And they're infecting themselves. Guys, this is so hot right now that Hansel's so hot right now. But listen, there is no difference between a fake landing page where you get to run an install Cloud Code PowerShell command from your terminal and it installs Claude code. But in reality it's Info stealer. This is literally no different than a click fix attack. A, a, a malvertizing campaign that lands you on a lookalike landing page where they steal your username and password. It's no different than a fake job interview where they have you run some type of application so you can do a coding challenge. It, it's all the same. This is just a new skin on a common attack technique. So don't, don't like, you know, get your butt puckered up and be like, oh my God, how are we gonna deal with all this? It's the same attack. It's just all they do is they pivot to like, whatever's hot right now. So, like, literally, if you hear Will Ferrell say this, that Hansel's so hot right now, then whatever that is, that's what's going to be hot, right? Open Claw was hot doing the same thing at the beginning of the pandemic. Zoom. Fake Zoom installers. Because everybody was going crazy for Zoom. Do you remember that whole thing, like, whatever it is, Get Ready Olympics, World Cup. Are we still doing World cup in Atlanta? Or is that like, like, I don't even know if, like, we've soiled our reputation globally. We're, that's a problem. But like, it, whatever it is, whatever it is, it's going to be the thing. So when you're educating your end users, yes. You have to say, hey, listen, my guy, my guy, listen. This is like, be careful. Threat actors are tricking you to install fake Claude code things. But make, you can tell them that specifically. But also make it more abstract, more generic, more agnostic to say, listen, this is an attack technique. This is a vector that has been very successful for the last, since email came out 25 years. So be careful on that. All right? Also, you know, if you want again, like, if you do this on your home machine, you cannot protect your end users. But what I will say is there's probably indicators of compromise, right? So if you, I, I don't know where it is. You'd have to pull down this PowerShell command. It runs an install ps1. You'd have to pull it down and then look inside the code to see what it does, what, what artifacts it creates, what URLs it connects to or what web resources it pulls from, and then build a detection. Someone asked me yesterday on Cyber Career Hotline about how to get into threat hunting if you want to take it to the next level or what job would be great. And I said, detection engineer. Here's A perfect example. Like, again, listen, I mean this with, with all the seriousness I possibly can give you. Do not touch malware unless you know how to handle it.
[43:35]
C
Huge thanks to our sponsor, Doppel Social Engineering Attack look trustworthy? It's a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Its AI native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. They fight relentlessly to protect your business, your brand and your people. Doppel outpacing what's next? And Social engineering. Learn more@doppel.com that is dop.com
[44:18]
A
all right, really quick, because I am behind on time, but I, I'm not, I'm not sorry for it. Right? We spent some time on the CPE stuff. Guys, thank you again. Midroll threat locker, anti siphon flare. Always bringing the heat. Every day of the week has a special segment. Tuesdays is Tidbits Tuesday. Just for the sake of discussion and time, I will be fast. Personally, I've already said it. I'm doing some AI stuff. I'm working on some AI stuff. I little vibe coded this. I guess I'll just say, like I will tell you, I'm working on something completely outside of cyber security. It is, it is a web app. It's a SaaS app. I'm, I'm like, this is an experiment. I found a very, very, very specific problem for health insurance brokers. My buddy owns a health insurance broker firm and I talk. He complains about this one thing all the time. So I'm building a solution that fixes that one problem and I'll let you guys know how it goes. But from, from building, from like developing a web application using Claude and Cloudflare and all these other things. It, it is quite interesting. So let me know in chat if you are, if you build in a web app or if you have any ideas. I can tell you personally, I find it very, very educating to do it. I'm learning all sorts of tools like resend and clerk and web share and all these other platforms that do all these crazy things. So interesting stuff. Let me know in chat if you're doing any kind of web app development or web SaaS app. Don't. Don't disclose what it is in case you, you know, for privacy purposes. All right, let's get back into it.
[46:03]
C
Netflix sued over surveillance machinery. Texas Attorney General Ken Paxton sued Netflix, alleging the company secretly collected and shared subscriber data with advertisers and data brokers without Proper consent. The lawsuit claims Netflix tracked viewing habits, locations, device data and children's profiles while publicly downplaying its data collection practices sharing information with firms including Experian, Axiom and Google's ad platforms. Texas is seeking fines and restrictions on Netflix's data practices, including changes to autoplay settings on kids accounts.
[46:50]
A
All right, don't mess with Texas, guys. You might think of Texas as like a big red state, which it is, but, but dude, quietly California always gets all the press and pub of being like the privacy advocate state. But Texas does not mess around. Dude. Texas comes hard for privacy and they're suing Netflix. Now as you can hear, this is more of a privacy story than it is a cyber security story. Privacy does overlay a bit with cyber security, but I'm not going to spend a terrible amount of time on this. Couple interesting things jump out right away. Netflix collects five petabytes of user behavior each day. Dude, listen, my guy, listen, I. If you don't know, text is a very light, from a storage perspective medium, right? Like video is very heavy, right? So like a video is like four gigs. Logs are like kilobytes. So to collect five petabytes of like text data a day is insane. I'm, I'm making an assumption that it's text data. I don't know if they're tracking eyeballs or something like that, but that is a ton of information. Now they are collecting behavior data from kids, which is dystopian and gross. So I don't like that. I am glad that they are. Texas is going after it. Here's what I will say. Unfortunately. Okay, this is an unfortunate thing, but this is a perfect example of what I'm talking about. Okay, watch this. And if you have Netflix, you know that their friggin pricing goes up like every couple months. I think I'm paying like $30 for Netflix right now a month, which is annoying. Annual revenue, Netflix, they made $45 billion. $45 billion in 2025. $45 billion. They made 4,500 million dollars. Okay. In 2025. So why do I bring that up? Well, if Texas sues them, Netflix will drag it out or whatever and then they'll get a fine. Let's see, Texas fines company privacy. Let's see. Let's just take a quick look here. Let's see. Texas Attorney General Ken Paxton targeted is targeting companies for privacy violations, including settlements. $1.4 billion from Meta, $1.4 billion from Google, and now they're suing Netflix. So chances are they're going to get Netflix for $1.4 billion. All right, mark tape. $1.4 billion. Now, if Netflix makes $45 billion a year, you're take like, what is that? You're taking like one week of revenue from them. Okay, like, again, I'm not downplaying it. Losing $1.4 billion is devastating. Like, if I got a bill in the mail for $1.4 billion, I would probably immediately poop my pants. Okay? But these businesses probably work it into their budgeting. Oh, hey, like, let's put a rainy day fund because we're clearly going to be violating privacy here. But you know what? We. Let's just ask for forgiveness. Who knows how long they've been doing this? Let's say they've been doing it for two, three years. They're selling that data, by the way. It's not like they're not selling that data. It's valuable, man. Straight cash, homie. So, like, the value they've been getting from harvesting this data is greater than the fine that they're going to have to pay, which means it's a totally reasonable business move. Again, I'm not, I'm not saying, like, let's steal everybody's data and do all the bad things. My point is, in capitalism, and this is, I love capitalism, but there are downsides to it, and this is a downside of capitalism. If it's Gonna cost me $1.4 billion in fines if I get caught doing this thing, but this thing makes me $10 billion, well, then I'm in the. I'm in the black. I'll take it all. Every business is going to take that. No shareholder is going to be like, no, no, no, bro, we're not going to be making money on this one. No. That's what's up.
[51:26]
C
Computer Team PCP compromises check marks. Check marks confirmed that attackers linked to Team PCP published a malicious version of its Jenkins AST plugin to the Jenkins marketplace weeks after the group compromised the company's Kix Docker image and developer tools and a separate supply chain attack. Researchers say Team PCP briefly took over the plugins GitHub repository and inserted credential stealing malware, raising concerns that the group either retained access to checkmark systems or exploited incomplete remediation from the earlier breach. Spy agencies.
[52:11]
A
All right, sake of time. I. I was talking. Hey, listen, on the CPE thing, I'm not really going to be able to test it until the end of the month because, like, I guess I could run. I can't I can't confirm until the end of the month. So if you would like during this beta phase, you're. You're absolutely welcome to write CPE above my head and take screenshots. Okay, Like, I'm not saying you can't do that. I'm just. It's beta. I even thought honestly of waiting to launch this CPE thing until like the 29th, just to limit it, but whatever. All right. TPCP has been coming, coming out hard. Jenkins is a CICD pipeline. As full as far as I'm concerned. Someone's releasing. I didn't even know Jenkins had a marketplace. My guy. All right, all right, here's the tldr. If you're running Check Marks Jenkins AST plugin, you've got to make sure that you're on this current version and any version that was published prior to December 17, 2025 could be. Could what? What does this mean? Oh, like basically the version currently is compromised. So this sucks, man. December 17th, 2025 is when this attack happened. So you've been running five months. Chances are you probably have updated your version, which is not good. What's the impact of this one? The new plugin is not available. So you are running like you might be actively exploited. Listen, I feel like check marks like Jenkins. As far as I know, Jenkins is like a CICD pipeline support tool like Puppet. So if you are running it, you should know in your organization. Get with your developers ASAP to talk about this one. Team PCP is like all over the place. You can see here they've been linked a series of breaches in March 2026. Oh my God. So this Team PCP must be young too. So not only did they get unauthorized access to the GitHub repository, but they named the repository Check Marks. Fully hacked by Team PCP and their customers should cancel. Now this is harken back to the 90s where you would like deface a web page and say like it career questions was here. Code brew was here. Very, very. It's for like prestige among other threat actors more than anything says Check marks fails to rotate secrets again. So they must have got access to either credentials or session keys, API keys, whatever, and logged in. Final thing I'll say before I move on, guys, when you had. Listen, rotating keys sucks, Rotating secrets sucks. It takes time, it's disruptive, it doesn't make it any better. It sucks when you suffer a data compromise, a data breach, a, a, a, a, a, you know, a, a secret, a breach, whatever. You have to Rotate the keys. It's. It's hard. It's a pain. I'm telling you. If you don't do it, this is what happens. You can expect this. Okay, so hammer this into your developers, guys. We've got to do this. Also during tabletop exercises with them. Make one of the scenarios that the key has been compromised. And what would they do?
[56:05]
C
Seek more power. The Washington Post reports that the US administration is divided over whether US intelligence agencies should gain a larger role in evaluating advanced AI models amid growing cybersecurity concerns tied to systems like Anthropic's Mythos. National security officials want the Office of the Director of National Intelligence to oversee AI testing while Commerce Department officials argue their existing AI evaluation programs are better suited and warn against heavier regulation that could slow US competitiveness against China Canvas.
[56:47]
A
All right, this is basically a pissing match between Commerce and NSA or the Office of National Cyber Director. We'll see how it goes. This, this for me and you, right? For me. Kathy Chambers and, and you know, Justin Golds and stuff like this doesn't matter. This is like watching two giants fight and we're just kind of like standing over on the side. How does this impact us? We'll see. But what they're trying to, what the US federal government is trying to do is intervene in a way where they are the first line of review, first line of policymaking around these AI models. I, I don't know what to tell you. I mean like basically the tech companies have more juice and more power than they ever have before. The fact that Anthropic pushed back on a multi billion dollar deal with the Department of Defense, Department of War, depending on what you call it, because they don't need it, is just telling. In my opinion. I would think that the NSA and the spy agencies would get access to this than Commerce. Unfortunately, that's not good for us because I feel like Commerce makes it so things can get into our hands as consumers. Where, you know, the US Federal government, spy agencies and stuff are going to hoard those things because it's powerful. Pocket. All right, so quake3128 says, wouldn't that be smart? I don't know what you're talking about though. Like, I don't know, like qkb3128 says Jerry, don't you believe that would be smart? I don't know what that means in that context.
[58:42]
C
Data leak, extortion, Deadline looms. Instructure, parent company of Canvas is facing more pressure after cyber criminal group Shiny Hunters Threatened to leak data allegedly stolen from more than 8,800 school systems using the Canvas learning platform. The attackers claimed to have stolen 3.65 terabytes of student, teacher, and school data and escalated the extortion campaign by defacing Canvas login pages and setting a new ransom deadline after the company reportedly refused to pay. The breach exposed usernames, email addresses, enrollment details, and messages. But some are questioning the company's response and warning the incident could become one of the largest education sector data exposures on record. There's.
[59:36]
A
That's interesting to QK3128 talking about the president of the United States changed it to Department of War. So should we call it that? I mean, I call X Twitter still. I call Gulf of America the Gulf of Mexico. So maybe it's just old habits die hard, I suppose. I don't know. The important thing is you know what I'm talking about, right when I say it. We both know it's the same thing. All right, so, dude, Canvas's day is getting worse. Shiny Hunters, the comm, they are these young, kind of like gang of threat actors that are hitting organizations hard. Canvas got hit. Really? They declined to pay the ransom or negotiate with them. The Shiny Hunters took it personal, and now they're pushing hard and they say they're going to release all this information. Instructure, who owns Canvas, said the incident was contained, But obviously these threat actors did get the information.
[60:46]
B
Foreign
[60:49]
A
hunters injected an extortion page directly into the Canvas login page of 330 institutions. That's getting right in front of your customers. This is another common technique of threat actors. They put the pressure on the customers to push pressure on the business itself. They say this could be the largest education sector exposure. Power School was another one recently that was pretty massive. See, did they pay? Okay, So. I don't know. It doesn't look like they're gonna pay, so we'll see. I don't see anything in the story saying that they did pay. I don't know, man. This becomes a big business decision. Do you pay ransom or not? Do you deal with threat actors or not? Honestly, in this instance, Canvas is still up and functional. It's not like they were encrypted and they're operationally down. So, you know, you could weather the storm, send out, you know, privacy letter things in. In Structure in. Canvas is one of the largest, if not the largest, LMS platform. So I don't think people are gonna, like, Mike, like, I. I work at the Citadel. I wouldn't imagine that we would migrate all of the courses at the Citadel onto a new platform because of this. You know what I'm saying? Now, if Canvas wasn't accessible and you couldn't do classes every day, that would be a catastrophic impact. Okay, so those are my thoughts on that. As always, when you're doing your tabletop exercises with the business, you can use this story as a case study, right? Hey, listen, they got all of our data. Every piece of data we have. Our business still functions, but they have all of our data, and they're going to release it. What do we do? That is a great scenario to run through. Again, I'm a huge advocate of frequent tabletop exercises that are short. So say 30 minutes, once a quarter. Bring donuts. All right. All right, here we go. All right, guys, hold on one second.
[63:02]
B
Second.
[63:04]
A
I got a lot to report. Guys, I want to say thank you so very much for being here. This was simply Cyber Daily cyber threat brief. We did cover a lot today. Oh, Kimberly can fix it. Just advised me that Canvas did pay the ransom so that data leak won't happen again. This is this. Somebody with, you know, a C in front of their name. CEO, cio, cfo, major investors. Somebody made the decision to pay the ransom. So that's. That's how that works. All right, guys, don't go anywhere because we have Cyber Career Hotline coming up with my man Jesse Johnson. As always, we got. We got so much to cover here really quickly. This is today, all right. Hey, remember, at 9:30, so 24 minutes right now. Kathy Chambers and Kathy Chambers, Media with Authentically Cyber. Talking about breaking into AI and cyber security in just three years. If you want a inspiring story of how you can break into Cyber Security in 2026, authentically cyber, there's a link in chat right there. All right, guys. Of course. We got the CPE in beta right now. I'm Jerry from Simply Cyber. I want to say thank you all so very much. Don't go anywhere, because my man, Jesse Johnson, the cosmic cowboy, looks like. Oh, he's. He's standing. So he is ready to rock. This guy's gonna bring the heat. I'm Jerry from Simply Cyber. Be well, everybody. And until next time, stay secure. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cybersecurity, this show is for you. Let's get into it.
[64:52]
B
Ladies and gentlemen, boys and girls, welcome to the party. You have dialed in Cyber Career Hotline. The line is open, so make sure you put your chat and your questions with a cue. Whatever it looks like for you when it comes to breaking into the industry or leveling up or maybe you want to talk about a story Previously My name is Jesse J AKA the Cosmic Cowboy. I work in cybersecurity, vulnerability management and security operations and I love answering questions and helping others break into the industry or level up to the best of my capacity. Right. That's what we do. Bruise and hacks Asks the poll I think we've done this poll before but I'm curious where everybody stands today. Are you in favor of paying the ransom? What do you think folks? Are you in favor of paying the ransom? I think it depends. I think like so much of this it depend it's so situate situationally dependent. Kenny D asks how often do we think the ransom is paid? I think it gets paid and then not reported. Potentially at times not 100% sure how often it gets paid. I'm sure there's a statistic we could google on that but I I think sometimes it gets paid and then not reported because you don't want to report that. Yeah, I paid the ransom. Bring those questions in chat. I hope everybody's having an awesome week so far by the way, I know it's only Monday. Pocket Pixels asks how long will it take to be become an incident response personnel and what certifications are needed for it. Well I think more than anything having a good understanding of IT cyber security architecture, the incident response life cycle having some practical application is going to be most important secondary. If you're looking at certifications I will look at something from the SANS courses, some incident responder incident handler courses the size of plus your cyber security analyst which isn't necessarily incident response. I think from the incident response domains Sans seems to have some of the higher quality training. It is pretty it's pricey but I think if you're looking to get working out the gate get some heavily recognized industry certs that SANS route wouldn't be a too too bad of a way to go. And then at the end of the day get experience, practice understanding ir, build a home lab. We say this time and time again let it get hacked. Practice incident response understanding what that looks like. Jay Gold Piping in paying ransom is a lesser of two evils. You don't want to fund malicious actors but sometimes the release or etc of data can have a bigger and more immediate impact. Yeah so I think it's so situationally dependent. Legrat says tough question. I don't know I'd answer how I'd answer. I'd hate to pay the ransom. Yeah, who wouldn't? Random X skills answering Nick, that depends on a few factors. Honestly, a foot in the door is a foot in the door. But if you're a federal employee, that is something to consider
[68:41]
A
foreign.
[68:45]
B
And I'm totally down to just jawjack or you know, Cyber Career Hotline. Talk about the stories that we had. If you have any questions, please feel free to drop them in. Remind Everybody that at 9:30, the amazing Kathy Chambers is presenting us with authentically cyber foreign. Skater. I have a degree and I have industry certs, but I am struggling to get interviews when applying to jobs on various platforms. What piece of advice can you give someone looking to get into cti? That noise is my background music doesn't seem to want to be doing what it's supposed to do. So bear with me folks. Sorry about that. I have a degree in industry certs but I'm struggling to get an interview. So from my experience, I have found that if you have the degree and some certs and even if you have some experience and you're not getting any, any interviews whatsoever, that tells me there's a resume issue. And so I think that would be the number one thing is let's, let's have your resume reviewed. There's tons of people on LinkedIn that give high quality reviews for free. I'm happy to look over it. I probably don't have the years of experience, maybe in the same sector as you do, but I'd be happy to give a second pair of eyes over the resume. Because if you are applying and applying but you're not getting interviews, that tells me that it's a resume. If you're getting interviews but you're not moving through the process like you're getting interviews, you have no problem getting that first interview, but you can't move forward. That tells me something. Interpersonal is an issue. There's a fit, there's a question. You're something with. Your communication might be off. But if you're not getting the interviews, to me that tells me it's probably something within the resume that's just not getting picked up. Chaikin, I'm going to my first conference. What are your recommendations to bring I. E. Business cards, notebook? Well, I think that depends on what your goal is at the conference. Are you going there to make meaningful connections, meet people and kind of soak it all in? Are you going as a vendor representing your company? Are you going as a practicing cyber security professional who's giving a talk. It really depends. I think some obvious things are comfortable shoes. You're going to be walking quite a bit to and fro the various conferences. Depending on where you're at, you want to stay hydrated throughout the day, especially if you're speaking. Business cards are always great if you're representing your company, some swag bring. I would go with an open mind. If this is your very first conference, you're going to get a list of things that you think you're going to want to do. I have to see this talk and then I have to see this talk. Be open to all of it because you're going to do a lot of meaningful relationship building, rubbing elbows with people that you have either talked to in the industry and you're seeing them for the first time. You're talking face to face with maybe with vendors hiring security, you know, security hiring practitioners or professionals. So my key piece of advice would be don't set a strict schedule for yourself. Go with an open mind because there's a good chance you're going there to think, to learn and gather all this information. But you may spend some of that time networking and building those really, really important relationships. So of course, business cards, a notebook, something to take notes and they'll typically give you some kind of program on what you can expect. Either it's going to be digital format or a card of some kind. So I think those are pretty straightforward. Comfy shoes, an open mind, stay hydrated, things of that nature. Straightforward for the Con Life. Chant. Space Tacos asks when can we expect to see a cyber musical event? Between you, Tyler Ramsby, Daniel Laurie and anyone else, cyber and musically talented, album drop, live stream, live event, whatever, Space tacos, I can tell you and I hope we can live stream it or record it. Myself, Tyler Ramsby and Joe Hudson are taking a bunch of our musical equipment and recording and mixing gear up to Deadwood, South Dakota, and we're going to put together a couple tracks and hopefully perform them live at the open mic. So, yeah, that's in the works. Super excited. You know, it's going to be some rap, gonna be some rock, gonna be some melodies and beats. Cyber fit. Nick asks I'm a mailman trying to break in. I was offered a job as a field technician for Spectrum. Should I consider taking it? The base Pay would be $9 less than what I currently make now. So just from somebody who has in their life done similar, you know, made career changes, look at it and say, can I afford the $9 pay cut. And if you can, great. If you cannot, obviously it's a different conversation. But if you can afford the nine dollar pay cut, understand that your life as a mailman, which I think being a mailman is incredibly hard profession, we had one of our favorite mailman pass away last year from heat exhaustion. And so my, my hat goes off to folks that are bringing us our information. But at the end of the day I feel like there's a little bit of a ceiling to where you can go as a mailman. Whereas let's say you take the job for Spectrum. Maybe you start out as a field technician, you're gaining just hands on experience and whatever it is, running cable, plugging things in the industry, you're adjacent to it, you're adjacent to cyber in a way. And so I think that the spectru opportunity, because it's adjacent to it would be something to consider if you can afford the $9. If you can't, that's a different conversation to have with your partner and maybe your community to see how you can bring that $9 back. It's only a $9 difference. Did I read that correctly? So not 9K. Yeah. If it's a $9 difference and you get to kind of get your foot in the door work industry and you can move up through the Spectrum ranks for me, that's, that's what I would take. Hey Lazaro, good, good to hear from you. Good to see you. Kind of a personal question, but I had to leave LinkedIn after some personal stuff happened about two years ago. How do I revive my LinkedIn if I want to try getting back into it? Thanks, that's an excellent question. I had to do that with my Facebook just because it died and I don't really do social. But if I had to revive my LinkedIn, I would just do it with confidence. I would not, I would just either create a new whatever, zero followers, start from scratch. Because of who you are, Lazaro, and how you've impacted others and helping the industry, I don't think it's. It would take very long for you to rebuild that connection of friends or just clean house. Right. There's a couple options here. You could painstakingly clean house, rectify your profile and it's the same profile that maybe be tied to some of that drama, some of those gnarly feelings you might have carrying with that. Right. So maybe starting fresh with your position, what you do, your experience, hey, I'm here to build healthy relationships and to stay current in the cyber security industry. And then just run with it, own it. Don't be, don't do the whole. Hey guys, it's been a minute. Sorry, I'm back. Just go with it, roll with it, keep your head up, stay confident and if anybody tries to get you down, that's their prerogative, not yours. So Zoltan Snarf, I think in regards to our Spectrum technician, it's not nine dollars at forty hours a week, it's a nine dollar pay cut from what his base pay already is. As a mailman. Scrolling for questions, let me know where is everybody in their cybersecurity journeys? Do you work in the industry? Are you a 20 year incident responder? Are you a CISO? Are you just trying to break in? Are you still studying for your certs? Let me know in chat. Let's, let's talk about it. But Lazaro, going back to your question, feel free to reach out to me brother. I am more than happy to like chat through it, coach through it. Whatever we got to do. If you want to get that LinkedIn built back up up, Kimberly can fix it. Hey Kimberly, good to see you. Haven't seen you since the sailboat in South Carolina which was freezing but awesome. What is Slay Cert? Slay Cert is a community driven experience that is produced live on YouTube. It is basically a live study session presented by myself and Tech Ricky as a community driven effort to help people break into the industry or level up with live free study sessions. You can find me every day at noon or 2pm Eastern and then 5pm Eastern on Fridays. Appreciate the question and The Hype Slim Daddy 9. I'm working on pivoting to cloud security from 35 years of on prem Network admin engineer security virtualization. However security I think that's what's the architect may be within reach because an on Prem experience. Ooh. You know there was this movement to push everything in cloud and now we're seeing any of people you're not seeing maybe a lot of hype about it but we are seeing people bring in certain things back to in on prem and in house. That's a tough question. 35. You have so much experience depending on the pay. If there is a security architect position and it's the pay is higher or equal to the cloud security position. That's a tough question. I would be they don't want to do it but I would be torn between the two. What do you guys think for Slim Daddy 9? Drop your suggestions for them and chat. They're working on Pivoting to cloud security from 35 years of on prem Network admin engineer security and virtualization. How however a security architect may be within reach because of an on premise experience. Thoughts? What do you guys think? Give them some, give them some tips on that. Transitioning to cyber from 30 years in healthcare I have associates in cybersecurity and will complete bastard. Complete bachelor's in cyber defense in December. Hey, keep it up. You work in healthcare, you probably already have a lot of connections. Previous to the job I work now I was cyber security specialist working in a hospital. So I've actually worked as cyber in a hospital. You're gonna have a lot of understanding into medical systems and the way it works. With healthcare being one of the number one targeted sectors among industries when it comes to hacks, you've already kind of got a really a really cool situation. So I would start getting that hands on experience volunteering where you can maybe go back to some hospitals, tell them what your transition is, run some assessments. But the medical professional need help. They need people like you. So I think you'll do awesome. What is the best to learn as a cyber analyst? Linux or Python? Know any YouTube channels? What is the best to learn as a cyber analyst? Linux or Python? The answer to that is both. You're going to work quite a bit in Linux. It depends on kind of what you're doing, but you're going to work in Linux. It's really important to at least have a familiarity of what Python is as far as a programming language. How is it compiled, is it interpreted? Having an understanding of the language because we have so many tools that are resources. I don't know if it's necessarily as important to memorize every single line of code you'll ever do. I think it's important to memorize, commit a few things to memory so that you can have them at your fingertips. But I would soak it all in. I would do both. I would look at for as far as YouTube channels go. I would look for Network Chuck because he covers Linux and Python. I would look for anything from Zach Hill. I would look for even simply cyber. There's some things on the TCM community that talk about both Linux and Python, so I think any of those would be a great place to start. And that's a great question by the way. I saw a good question earlier and I do not want to miss it, so bear with me while I scroll back to it. Hey Rick, trying to break in? Working in a data center. I have my SEC and CISA plus, but I can't manage to get any interviews. Any suggestions? Refine your resume. If you work in the industry, so you work in the, well, you work in a data center, you've got a couple certs, there's something in the resume that's, that's keeping you from getting the interviews. I don't think it's an experience issue and I don't know if it's a certification issue. But let's take a look at that resume because like I said, if you're submitting a lot of resumes but you're not getting any calls, it's a resume issue. If you're submitting a lot of resumes and you're getting those first interview or a second interview, but then you're just not moving forward, it might be a communication, a soft skill or an interpersonal issue that we got to work through and do some corrective coaching on that. So that would be, that would at least be my suggestion. If you've got better ones in chat, please throw them in. Oh, that's a great question. What does my workflow look like while working? Well, allow me to jump on a, I guess a quick tangent. And so I start my day around 5:30 in the morning, 6:00am you know, usually looks like I'll clean out all my dashboards. In fact, I close all my browsers. I kind of start from scratch. I like to open different windows and label them for the client that I'm working with. And because I feel like I might have an undiagnosed something on a spectrum somewhere, I've learned that I've got to tell myself to be hyper focused. And I use a pomodoro method. So I'll work hyper focused on a specific task or a client portfolio for 30 to 45 minutes and then I'll take a 10 minute break and I'll do that process throughout the day. Helps me stay focused and I can put hyper focus into one mission, get as much. A lot of productivity, a lot of productivity, then back off, let my brain cool off. I like to keep my windows as far as on my computer. I try and keep things relatively organized. I'm a big fan of labeling and understanding where things are. A lot of times you don't need to know all the answers but, but knowing where to find them is crucial, especially in client facing meetings. If they pop you with something that you're not expecting, you can say, oh, I've been keeping notes on this company. I don't know if that helps, but that's what My workflow looks like I take periodic breaks throughout the day. In the morning, I typically am pretty creative. So that's when I'll do more technical work as far as either writing out documentation, scripting, looking at configuration files, looking at configurations, reviewing help desk tickets for any of the engineering tasks that I need to fix, and then I'll typically take a break. I'll go into a more of administration mode as the morning kind of cooks up around 10. This is just how my brain works. So that's when I'll start really emailing clients, emailing other engineers, making sure that my meetings are set, take a lunch. Mondays, Wednesdays and Fridays, go to the gym. Tuesdays and Thursdays, I relax and spend time with family, watch anime. But always within that, come back and prioritize. I don't know the speaker's name. My name is Jesse. I think that's who you're talking to. And you're very welcome for the response. How do you tell the company they need to do X, Y and Z without sounding like a threat? But I have found is that you work it into a conversation and then at some point somebody with a C in front of their name, if you can convince somebody in leadership to almost make it feel like it's their idea, it's going to get pushed forward. I think that asking questions instead of telling a company, asking those qualified questions, sometimes people will ask you questions and it helps you get to the answer. You go, oh, you know what? I think these folks are onto something. I know what I need. Okay, so asking qualified questions versus telling somebody. Dr. Jerry might say, buy donuts for whoever the team is and just have a conversation around it. See how far you can get. I don't know the hurdles or the type of person you're talking to. I think that being blunt with leadership and sometimes telling somebody doesn't always work right. You know, when I was a street cop, we were always encouraged that you gather more flies with honey than you do with vinegar. So you could be a jerk, face to people and tell them what they need to do and get compliance. Or you can refine your soft skills, interpersonal skills, verbal judo, whatever you want to call it, and you can still get your point across. And you can even tell them what they need to do without them even realizing that you're telling them. They're going to think it's their own great, fabulous C suite idea. I got one minute left. So let's turbo go through these and then we're going to join Kathy Chambers for authentically Cyber what anime am I watching right now? Right now I'm watching Spy Family and I just wrapped up. I did all of Attack on Titan from beginning to end. The first time for me watching Attack on Titan, I got Aaron Yeager up here in the corner. I'm a Jaegerist. Do with that what you will. What if you don't have access to those people? Somebody in your company does, so become friends with them, Right? Do it in a healthy way. That's kind of like you may not have access to those C suiters and things of that nature. The folks in those positions. Positions. Do your best to communicate, network, and branch out. At least that's kind of how I would operate and find the people that do have those connections. Start planting the seeds. I'm telling you, you'd be surprised how that information is going to travel to where you need it to go. Last question. Jazzy asks my favorite anime. I grew up in the golden era, so the 80s and 90s. So obviously I like things like Full Metal Alchemist, some of the older movies, of course, Ghost in the Shell, some of the throwbacks. All right, that's perfect timing.
[88:59]
A
I'm gonna roll.
[89:00]
B
My camera's getting blurry and it's time to load out and go see Kathy Chambers authentically cyber. I'm gonna rock and roll. Hey, thanks for hanging out for Cyber Career Hotline. You can catch us every single day. Monday through Friday at 9am Eastern time. I'm gonna run. Hope you guys have a great day. And until next time,