A

All right, what's up, everybody? Welcome to the party. Today is Wednesday, May 20, 2026. This is simply Cyber's Daily Cyber Threat Brief podcast. I'm your host, two thumbs. All smiles. Dr. Geraldo coming to you live from the Buffer Osier Flow Studio. Thanks for being here this morning. If you're looking to stay current on the top cyber news stories of the day while leveling up like an absolute boss alongside like minded, supportive, inclusive, amazing people, well, then you're in the right place because that's what we do every single day at 8am Eastern time. Today is no different. So let's get into it. Get your coffee, get ready because we're about to start cooking. Yes, that's right, everybody. Good morning. Already drank an entire French press of coffee. So I have no coffee here in the studio, so there won't be any slapping it over my keyboard or anything like that. But guys, yeah. Hey, good morning. Welcome to the show. Like I said in the intro, we're going to go through eight cyber stories of the day. I'll be giving my hot takes, my opinions, my thoughts on all those stories. Of course, you can just get an RSS feed and skim through an email for sure, if that's one way to consume information. But one of the things that we do here at Simply Cyber's Daily Cyber Threat Brief, which by the way, sans podcast of the year award winner 2024, I might add, we go beyond the headlines. I've got 20 plus years of experience in the industry. I'm very passionate about educating, I'm very passionate about cyber security and I'm very passionate about community. So if I can help in any way, I'm going to try to do that. That's what we're doing here by going beyond the headlines and giving you perspective. My career arc was grc, ciso, like that area. We have tons of people in the community who are blue, red engineer, orange architect, you know, coming from all different walks of life, different experiences, different industries, healthcare, ot, ics, law enforcement, marketing, transportation, energy, critical infrastructure. We've got it all here at Simply Cyber, which is the difference. We're like a living organism up in this mother trucker. And what that means is whatever the story is, whatever the lesson learned is, we will have insights and perspective from me and this community directly above my head to bring the heat to you. Now, every single episode of the Daily Cyber Threat Brief is worth half a cp. Now you can see Almighty and Temmie in chat right there saying hashtag CPE with the date that is one way to do it. But we have rolled out a new technique, a new method, a new format to get those CPEs so if you go to Cyber Threat Brief, simply Cyber IO, CPE or just hit exclamation point CPE in the live chat, whatever it is. If you go to Simply Cyber IO, you'll be able to get to this basically. But the CPEs are right there and all you got to do is go to this website, drop in your username, I mean your name, like, you know, whatever, Marcus Kyler, Gerald Ozier, Bill Boston, whatever it is, and then your email address. Why? Because you're going to get a certificate at the end of the month with all of the CPEs that you've earned and it's going to look much more, you know, professional, I suppose, for lack of a better term than screenshots. Screenshots are fine. This is going to be a little bit more evidence bound. We'll have our for, you know, you're all beta testers basically. So name, email, checkbox, check box, submit. And on June 1st, we're gonna see what happens. Everybody, this is just yet another piece of community service, a piece of a value that you know, I, I wanted to deliver to you guys. I've been wanting to do this for a while. Then DJ B Sec pushed us over the edge. Bonjour, Derek Welsky. You know Derek. What's up dude? Good to see you. I was actually just thinking about you yesterday, Derek. I hadn't seen you in a hot minute. I'm good to see you over in Paris, guys. Every single episode, we do it every day. This is episode like 10001136. Signing on with a new like merch store shop or whatever you want to call it. A place that know brands, shirts and sweatshirts and everything. Yesterday we had a kickoff call and I told them about the live show and they're like, oh my God, yes. Every single day. We've done it for years and we're going to keep doing it because you know what? Consistency is king. So if you're here for the first time, welcome to the party, pal. Hashtag first timer in chat. Drop a hashtag. First timer in chat. Everybody had a first timer one day. You know, day one of the show was my first time trying to figure it out. I am hell bent on making everyone feel included here. Unless you're, unless you're toxic or a jerk or whatever. And you'll self select yourself out because you're not interested in being part of an inclusive Supportive, empowering community. But for everybody else, let's go drop a hashtag first timer in chat if it's your first time. Every single day of the week has a special segment and Wednesdays is way, way back. Wednesday at the mid roll we have a fun little fun. We kick it old school with an old piece of tech some of you may never heard of. Some of you get nostalgia vibes. Whatever it is, we have a good time. It's like a little palate cleanser in the middle of the show. Now every show is sponsored by the stream sponsors because without them, without their support, I'm unable to bring this show to you. I'm unable to host the infrastructure that does the CPS. I'm unable to give $100Amazon gift cards on Mondays. By the way guys, remind me please. I. I'll try to remember but on Friday we're raffling off. We have a voucher for Wade Wells's training coming up. He's actually given me a couple and we're going to be raffling them off over the next couple weeks here guys. Shout out to Flare. Flair cyber threat intelligence platform is absolutely dope. So sick if you didn't know. Flare goes out on the dark web. Criminal cyber telegram channels, info stealer logs. They basically parse all this information, bring it back to their home base, dice it up, cut it up, enrich it and then put it in a very easy to query database. Very David Fox. Welcome to the party pal. Welcome to the party pal. Very, very simple product concept, right? They take all the dark web information and make it accessible to you. But the value prop is huge. Why? Because you can check to see if your users, your organization, your domains have been compromised or will be compromised using this data. Maybe your defenses fell through, maybe you didn't detect all these things, right? But the additional insights from a detection capability, the intrusion detection, that's non technical side channel notifications essentially that's what this is. This is incredibly valuable right now you can go to simply Cyber IO Flare and you'll be presented with this screen right here. Sign up once they Verify your legit 2 week free trial and you are going to be off and running to the races. Believe me, I, I would, I would challenge you. This is how confident I am. I would challenge. If someone has signed up for this and checked out the product and thought it was hot trash, let me know because I, I strongly suspect the answer is there are no one. There is no one because I've used the product. It's sick. All Right. Also anti Siphon training disrupting the traditional cyber security training industry by offering high quality cutting edge education to everyone regardless of financial position. And every week Anti siphon is bringing value. And today if you have your schedule changed, right, if you're looking to network, if you're looking to pick up a new skill, if you're looking to learn concepts that you may not have in your arsenal yet, may I recommend noon eastern today Anticast red teaming bypass, evade and exploit with Corey Overstreet. Not only are you going to learn about the these red team capabilities which it by the way if you're not a red team or if you're not aspiring offensive security person that is fine. You can still get value. Do you know what is very beneficial? Seeing how threat actors operate in order to be better at defending, seeing how the actual attacks work. So when you're planning your architecture or planning your spend on what technologies you want to invest in to get the biggest return on your investment, seeing how it's actually done is incredibly insightful and informative. Come check out noon today. I'm gonna drop a link in the chat. Tell them simply cyber sent you anytime. By the way, I've had multiple people tell me like whether it's anti cast or it's B sites tamper or whatever. Whenever simply Cyber rolls deep we, we are, we're like ah, like we're, we're a rowdy. Not rowdy in a bad way but we are, we have presence. I love, I love it. So you know basically shout out welcome other people see each other, high fives, all the good things. Finally I want to say shout out to Threat Locker, Threat Locker zero trust you know basically brought to the masses. They basically figured out or solved for application denied by default which is very difficult. Brand new malware, something written yesterday. A 20 year old vulnerability exploited in the malware that detonates will not run. That is what Threat Locker has brought to the masses. On the endpoint, they've recently brought it to the cloud. Let's hear from Threat Locker and then I'm going to melt your face. David Fox, our first timer for the day. Any other first timers in chat? Sound off. David, I hope you have a great program with us. I want to give some love to the daily cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a Deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, all right, all right. B. Nash, Data Dragon and Chuggy welcoming David Fox to the party again. If you see some first timers, please. I might not catch them all because I I am producing, hosting, connecting with the mods, watching chat. I'm doing a few things so sometimes I do miss a hashtag first timer because it does fly by pretty quickly. But do me a solid everyone let us know in the chat. Elliot, Cyber Risk Witch Toasty Pops in the Kansas City contingent. I need you all to sit back, relax and let's let the cool sounds of the hot news wash over us all in an awesome wave. Let's cook. From the CISO series, it's Cybersecurity Headlines.

B

These are the cybersecurity headlines for Wednesday, May 20, 2026. I'm Rich Drofalino. Microsoft disrupts malware Signing as a Service According to unsealed court documents, Microsoft said it took down Fox Tempest, a malware code signing service in operation since May 2025. FOXTempest was used by several prominent ransomware groups, including Resida Inc. Quillen and Akira, for attacks across the U.S. china, France and India. They abused Microsoft's artifact signing to provide short life certificates to get malware running around typical Windows defenses. The takedown saw Fox Tempest's website seized hundreds of virtual machines taken offline and over 1,000 certificates revoked. Critical.

A

All right, so a couple things that we I just saw a pretty great announcement in the chat. Saigai Rye, which by the way, Cy Guy Rye, my guy Sai Guy Rye graduated last night with his associates as a cyber specialist. Thanks to Team SC for keeping them going and up to date with the cyber world. Congratulations, Cyri Guy. Keep crushing. All right, so this is a win. Listen, one of the techniques that we have as cyber security defenders is signed software. So a signature, not a signature, but a signed piece of software uses PKI encryption to uniquely digitally sign a binary, effectively giving it like a stamp of approval, right? So you know assigned binary is like authority or trust, right? It's like a. It's like having counterfeit money, not having the hologram in it. Like the hologram is like the signed certificate, right? So by having that certificate, operating systems and other Applications, maybe, maybe some cybersecurity defensive technologies like EDR solutions or whatever. Endpoint detection and response, anti malware, they might say, okay, this is signed by Microsoft, so it's pre approved. No big deal. Well, threat actors are hip to the game. And this, this guy, Fox Tempest, I hadn't even heard of these ones before, had malware signing as a service. So this is a, this is more of like a luxury item, if you will. So malware as a service, phishing as a service, you know, my guy as a service, okay. Oh, come on, Ric Flair, give me a my guy. All right. These are all different, you know, basically services that threat actors can use and, and paying to have your malware additionally signed, you know, is a luxury, but it increases the likelihood that your malware payload will actually detonate. Microsoft said enough is enough and they've disrupted this, this technique now really quickly. You're not supposed to be able to get a certificate signing capability for malware. Like that's not something that Microsoft just, you don't just like go to a vending machine and get a Microsoft certificate certification, you know, capability. So how did Microsoft do this, by the way? Fox Tempest is a Microsoft threat actor naming convention. I don't know what Tempest is. Let's see. Microsoft, the, the, the, the second part defines the country of origin. Microsoft threat actor naming. Let's see what it is really quickly. Oh my God, dude, can we get like, oh my God, like my eyes, my eyes. He says, all right, Tempest, where we at? Rain hail, Whirlwind hail. South Korea's got a threat actor name. Okay, Tempest. Oh, okay. So Tempest is not country specific, but it is threat actor motivation specific. So Tempest is financially motivated, which is surprising because they're a business to business, criminal enterprise. They basically sell their services to other threat actors, which I would argue is not necessarily financially motivated. I mean, yes, they're making money their business, but I'm sure they'd sell their malware signing as a service to a country or, you know, I suppose they're arguing that it's not country specific. All right, as you can see. Oh, by the way, I don't research or prep for these shows. Ain't nobody got time for that. So, you know, I'm, I'm reading this and seeing this in real time. So like I've done no prep for the show. That's another thing that a lot of people are blown away by. Like, I'm just, this is me going YOLO on cyber news, okay? Malicious software that should have been blocked or Flagged by av is allowed to open, run and pass security checks. This is the benefit of signing the malware, right? All right, let's see. So lots of ransomware affiliates giddy upped on this. Reseda Inc. Killing Akira. Haven't heard of Akira in a minute. Akira was kind of like running roughshod on everybody a while ago. The lifespan of the certificates are short, which is fine. So Microsoft does catch it and kill it, but it doesn't matter because by the time the detonation occurs, it's game over already. Let's see. Okay, so Microsoft ran the operation. They took hundreds of virtual machines offline, blocked access to the hosting site, and then saw. I love this. This is how Microsoft confirmed successful operation. They saw cyber criminals complaining about it not being available online. Lol. That's so funny. So anyways, good job Microsoft. A lot of people think of Microsoft is just like a operating system software company, right? And they make a ton of soft, like a lot of software. But because of how major a footprint Microsoft has, and because of Azure and Defender and all that stuff, Sentinel, they have tons of telemetry to be able to have very informed threat actor detection capabilities. Right. And threat intelligence capabilities. Let's see. Fox Tempest was paid millions of dollars by ransomware affiliates, and the tool was used in attacks targeting a range of organizations in U.S. china, France, India. Yeah, so $24 per month. Dude, this is crazy. Dude. The, the distribution and like subscription model has just infected everything. So yeah, for, you know, 24 bucks a month. Malware as a service. I'm glad. Way to go. Way to go. Microsoft disrupting it. This is not a law enforcement action. This is just Microsoft doing microso.

B

Way to go Law Found an industrial robot os. The Danish company Universal Robots released a patch for a critical command injection vulnerability in its Polyscope 5 operating system. This could allow an unauthorized user with network access to perform remote code execution on robotics controllers. This would require that the robot's dashboard server be directly accessible over the Internet or an attacker to have access to an ethernet port on a control box. Generally, these industrial robots run on a flat, unsegmented network, which could make accessing the vulnerable dashboards significantly less challenging.

A

Okay, so yes and no. All right, so this is a classic example where this is these, these robots, right? Like you guys have seen the robots that build like cars and stuff. I mean, the column a robot is fine, but it's just basically an arm that does things, right? And this is industrial control systems. This is very much manufacturing. And this specific robot has an Exploit for OS command injection, which basically means you're allowed to execute commands underneath the, the main system to cause it to do things like create user accounts, open network ports, run malware, whatever. Okay. It could be a foothold into an operation. You could also basically brick the robot and cause like a manufacturing downtime. Now how does this attack work? First of all, I want everyone to wrap their head around this. Okay, yes, this is a bad bug and you know, it could be exploited, but, but the likelihood's kind of low. Like, I know that the reporter here, Rich, said that most of these networks are flat networks. And you know, I, I would push back a little bit on that and say that a lot of times with these manufacturing environments or the healthcare environments, the, the networks are flat. But the industrial control system pieces are typically on a separate VLAN or a separate subnet, right? Like, like they're not complete, like Johnny's accounting computer, Carl. Like they can potentially act like hit those things. Like by hit I mean send network traffic to them. But, but a lot of times they're separate. And the reason is not for security. It's much more because the things are kind of like fragile. I think it's Italian. I'm joking. That's a Christmas story reference. Drink these, these industrial control systems are kind of brittle and they don't take kindly to like vulnerability scanning or random scans and stuff like that. So they just kind of stick them over here and you don't touch us. So it's not exactly flat networks going on over there. Second of all, they said it has to be exploited through some dashboard. Okay, I, I understand if somebody is a complete donkey and puts an industrial control system dashboard Internet facing. But, but if you're gonna have a business, well, not wealthy enough, but generating enough revenue to have a fleet of these, these robot systems, chances are you're not like, you're, you're not hiring like one high school intern to run your entire IT department. Okay? Like, nobody who knows what the hell they're do. Sorry. Nobody who knows what the heck they're doing is, is going to stick the industrial control system dashboard on the Internet. Like it doesn't even make sense. Like you'd have to go out of your way to configure it to put it on the Internet, right? Most of the times it's a dedicated system. It probably came from the manufacturer. Hey, like, here's your orientation. Here's how you run all this crap. If you want to be able to access the dashboard from a different computer, it's running A web server or whatever. And you can access it internally on this port on a non public routable IP address, by the way. Okay, so if you, absolutely. If you work in manufacturing and you happen to have. I wouldn't take the picture as bible here. They probably just grabbed it as a token photo. But if you're running a universal robots Polyscope 5, which you may or may not know, do a quick, do a quick search of your network. Do it like, query, like, ask some field engineer or whoever's in charge of the manufacturing stuff. These manufacturing companies will have a person who's in charge of the manufacturing believe that. Ask them. Be like, dude, are we using Polyscope 5? Again, you're not gonna have like a random Polyscope 5 over there. It's part of your infrastructure if you're using these things. So you could say, are we using these? Yes. No. Yes, we are. Okay, well, my understanding there is a dashboard interface to control these things. Where is it? What IP address is it on? Because there's a thing that we need to confirm. Again, there's two parts here. One, you gotta patch it, obviously, right? Ah, you gotta patch it. But more importantly, are we exposed again? I, I know it's basic and I, I know it's boring, but guess what? Welcome to like, efficient execution of professional service. Like, if you want to be a cyber security professional, it's not all zero days and popping shells. Sometimes it's blocking and tackling. Okay. Sometimes it's patching the thing. Sometimes it's just doing the normal, you know, unsexy thing. And in this case right here, it's the same with this, we look at likelihood and impact. Oh, Jerry, I heard about that on day one. I'm on day 50. I can't be bought. No, like there's a reason it's day one. Well, CIA triads, day one, risk and likely likelihood and impact for risk calculations, day two. But anyways, what are we looking at here? What is the impact? The impact's bad. We could take over the Polyscope five. Fine. Okay, let's put that over there. What's the likelihood? Well, we don't even have it in our environment. The likelihood is zero. Oh, we have it in our environment, but the dashboard's way over here. We didn't even enable the dashboard likelihood. Like, I'm not even concerned anymore. Like, I've stopped listening and I'm already on to the next thing mentally, while the director of manufacturing is explaining that they don't use the dashboard. Just again, since it just occurred to me, sometimes that person will say, we don't use the dashboard. But they don't, they don't use it, but they did set it up and it's. It, it's available. So sometimes you got to come behind them and verify. But, but the TLDR is you should know what your Internet facing IP address range is because you pay for that from some ISP somewhere. You don't just get. You don't just randomly grab an Internet facing IP and be like, oh, I'll use this one. It doesn't look like it's being used. No, it's registered. You can scan it, look for the dashboard. I'm sure there's some type of fingerprint for this one. Thanks for coming to my TED Talk.

B

CESA admin leaks keys Security reporter Brian Krebs was contacted by researchers at Git Guardian warning that a GitHub repository exposed credentials for several AWS GovCloud accounts accounts. GitGuardian routinely scans for exposed secrets and notifies account holders. In this case, the owner didn't respond to their notification. The GitHub repository was ironically named Private CISA and contained cloud keys, tokens, passwords and plaintext and other sensitive CISA and DHS assets. The account owner also Disabled A default GitHub feature to prevent sharing secrets. While the repo eventually was set to private, researchers at Soralis confirmed the credentials were working up to 48 hours later. Sisa said it was aware of the exposed assets, but said there was no indication that any sensitive data was compromised.

A

Bro, all day, double Carl on this one. Listen, people can make mistakes, okay? It happens, it happens. But when an administrator. And by the way, the receipts are there, right? Like something like this, there's going to be logs on all of these things, okay? So this guy very likely got written up, or woman, potentially. I'm not sure who it is. GitHub account shows that the CSA admin disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repos. I can't believe. I can't believe this dude had admin level access but at the same time didn't have the wherewithal to prevent this from happening. If I had to guess, this is what happened. Okay, There's a couple things here. First of all, password stored in plain text in a CSV is not a good move. Like, don't do that. Don't, don't do that. Okay? Second of all, If you don't know what you're doing, if you don't know what you're doing. Back up, back up. Don't do it. Okay. Like, I've been working with GitHub and Cloudflare and making some apps. In fact, I've got. If you asked me at Cyber Career Hotline, I'll tell you, I've. I'm very excited about the 2026 Simply Cyber sticker. I. I'm almost done with it, and it's got a web app component to it, but I've been working with these things. And you don't accidentally disable default settings in GitHub to block users from publishing SSH keys. Okay. Like, you enable it, it's disabled by default. Okay. So someone didn't know what they were doing. If I had to guess, they were trying to SSH into something and it wasn't working and they started tinkering around. This happens all the time. And it's unfortunate, but tinkering around, trying to see, like, oh, if I disable this, if I enable this, can I access. Oh, there it goes. I was able to SSH in. Now I'm able to do the things I wanted to do with like, little regard to the configuration change that were being made or the impact of those changes. Seriously, You apply a plain text file in CSV, why don't you back that up? You know, I, I don't know why, Marcus Kyler, but I had to get a little. I had to get like my hip bopping off to the side in order to sing that line correctly. Yeah. So the good news is it would appear that, you know, some type of, you know, public service, you know, good guy service, if you will want to call it that, discovered this data exposure, hopefully before other people did. It was so ridiculous an exposure that the researchers said that they thought it was all fake data because it was just the worst leak that they've ever witnessed. And then they realized it was actually real data. Now, of course, it's been fixed at this point. Unfortunately, if it were me, if, if I was the CISO over this group, first of all, I, I would, I would absolutely document this in. I wouldn't fire this professional, but I certainly would make note of it in their record because this is egregious and I would. You have to rotate those creds, man. Like, this is the part that really is sucks. You can't be like, oh, man, it's really inconvenient. It's really time consuming to rotate these creds, so I'm not going to do it. Nope, they. They are burned. They're burned. You, I don't know what else to tell you. You cooked all those creds when you turned on making them publicly accessible. So on top of having the creds in plain text file. So here's the TLDR defense in depth is a thing there. There's a bunch of different ways to manage risk. Okay? You can mitigate risk, you can avoid risk, you can transfer risk. I know everybody's heard this and it's like, oh my God, Jerry, Day three stuff. Here's the deal. In this particular instance, number one, you could have avoided the risk by not putting the creds in plain text files. So when this Jackie Jack, I was gonna say jack wagon. And then I pulled up short when this individual made a mistake by making the repository publicly accessible. Had you not put the creds there, had you avoided that risk, then the exposure wouldn't have happened and it wouldn't be such a big deal. It still would suck to make it public. But okay, maybe it's just the SSH key, so you can limit the impact of that damage by moving some of that risk off. Secondly, from a defense in depth perspective, we talk about least privilege, we talk about, when we talk about awareness training, by the way, it's typically like don't click on a fish. Don't fall for this phone call, right? But also you need to make sure, and a lot of IT people do not like this. You need to make sure that the I T. People actually know how to do what they're doing. Okay? Technology changes all the time. This could have been an instance where you've got like a 58 year old guy who's been working in an IT since cobalt and Fortran were hot, right?

B

That Hansel's so hot right now.

A

The guy's just trying to get a couple more years under his belt so he can get to retirement. And they're like, you're in charge of GitHub repos now? And he's like, okay, what's he gonna say, no? So now you got him in charge of GitHub repos. The guy's worked on a mainframe most of his life. He doesn't know what the hell is going on and he's just click clack and doing all the things. It happens. It happens where people get in, put in charge of technologies or, you know, CICD pipelines and they don't know. And I, I've been, I've been in this position in my own career. At one point you, you don't want to admit you don't know because then it looks like you're incompetent, which is embarrassing. It looks like, you know you shouldn't be in the job that you're in because you don't know how to do it. You don't know how to ask for training you or you have the Dune Dunning Kruger effect. Go Google that if you don't know what it is because it comes up all the time in it. The Dunning Kruger effect where you really don't know what you're doing, but you're hyper confident that you do you and then you do stupid stuff like this. Okay, so if you're using GitHub repos, if you do Tekken at all, educate your end users. Listen, guys, like don't put all the creds and all the things because if there is a exposure, it's gonna. You're making it exponentially more painful for us to recover from that exposure. All right. Hey, really quickly, David Fox. I hope you're having a good show, buddy. This feels like a pretty good. A pretty good episode of Daily Cyber Threat Brief. Like I feel. I feel like you're getting a representative example of what this show is all about.

B

Announced for Drupal Core, the Drupal security team issued a PSA about an upcoming Urgent patch set to be released on May 20th. This patch only impacts Drupal Core, not Drupal CMS. Drupal Steward customers are recommended to install the patch as well. The PSA urge users to install the patch quickly after release, saying that exploits might be developed within hours or days. The flaw applies to using uncommon module configurations, but the PSA said it was easy to leverage, doesn't require elevated privileges, and could expose non public data. Drupal also released patches for all impacted versions, including out of support versions 8.9 and 9.5.

A

Ah, you gotta. Patrick, I don't even remember. Like I forgot about Drupal, dude. There was a time like I don't know about you guys, I feel like it was like 10 years ago. Like Mongo databases and Drupal were the hotness. Everybody was like losing their collect, their collective minds about these things and I forgot about Drupal. Now that doesn't mean you don't have technical debt in your environment. Drupal is a content management system. I feel like Drupal's like WordPress kind of in Mongo database would be like a back end no SQL database. So. So if you're running Drupal patch it. That's. That's what's Up. Okay. Period. Full stop. I'm not going to spend more time on it. I feel like Drupal isn't really. Correct me if I'm wrong, guys. I feel like Drupal's here. Let me Google this. Drupal market share. Let's see how Drupal like. Listen, I'm not even making this up, dude. Drupal currently holds 1% of the global CMS market, but it dominates high traffic, high security enterprise space. It's the second most popular CMS for the Internet's top 100, 000 websites. How does that even, how does that even reconcile? It's less than. It's 0.7% of all websites globally, but it's a top tier in the 10, 000 biggest websites. Okay, so that gives me a popsicle headache trying to sort out what that all means. But all I would say is I guess if you're working for a, if you're working for a company that has a website that's in the top 10,000 websites, which, you know, I guess hold on. Top websites in the world. Okay, so if you're working at WhatsApp, Yahoo, Reddit, Wiki Chat, GPT, Twitter, Instagram, Facebook, YouTube, Google, if you happen to be at a fang company, you might be using Drupal. But guess what? If you work for a company that has One of the 10,000 most popular websites, chances are you've got an entire fleet of cyber security people because you're a very wealthy revenue generating company and you know you're on top of this. So for the rest of us mere mortals, Drupal is a footnote in the history books if you're running it. Patchet. That's all I would say. And I know I might get some flack here in chat or comments on replay about like, ah, Drupal's the sickest. Okay, for me, I literally forgot about it. I, I feel like there's a lot of other more mainstream technologies out there being deployed. Drupal was hot for a minute. I think it's less hot now just to do service to you guys. Let me just see. How do you exploit this? Okay, well, they do say that they urge you to reserve time for core updates. Okay, this is, you know, I'll give a shout out to the Drupal security team. Like this right here is a best practice that you should do. Regardless if you run Drupal or not, you should do this for any of your technologies. A main reserve time. So first Saturday of the month from 3 to 6am or the second Sunday of the month. Like you should have maintenance windows. Like this is. If you don't have maintenance windows, you're either doing it YOLO like I do here at Simply Cyber because it's a small micro business and I can apply patches and do production changes and it's okay because I'm the only one here. But if you're coordinating with applications owners, system owners, workforce, different time zones, different facilities. Yes, you have to have time windows so you can coordinate and communicate with everybody on what the hell is going on now.

B

A huge thanks to our sponsor for today. Threat Locker. Threat Locker is extending Zero Trust beyond Endpoint control with their recent release of Zero Trust Network access and Zero Trust cloud access. Access isn't based on credentials alone. It requires the right user, the right device and the right conditions. Because as we've seen in recent large scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With Threat Locker, nothing is exposed and access is limited to exactly what's needed. Learn more and start your free trial today@threatlocker.com CISO

A

Ethereum looking at all right, all right. David Fox will never know the simple, simple minds. Don't you forget about me. One day maybe if you stick with us, David. Any other first timers in chat? Holler at us. Guys, I want to say we're at the mid roll. Thank you very much for being here. Shout out to the stream sponsors, Threat Locker, Anti Siphon and Flare. Every day at the mid roll, we let it, we let it breathe a little bit. And on Wednesdays we do way back Wednesday where we kick it old school and talk about, you know, kind of a fun tech. I'm big nerd. I love the 90s. I stopped developing culturally in 1997. I don't understand like current music. I think current music's terrible except for the midnight. So anyways, we've done some serious ones in the back. But guys, you youngs, you may not know, but let me introduce you to. Before Discord, before live chat, before any of that, ladies and gentlemen, we had the AOL Instant Messenger. Oh yeah, dude, this was the OG way of coordinating with people. You would, you would like chat with your friends. You just launch AOL Instant Messenger. At one point there were a couple competitors. You guys, if you were like hardcore, there was like pigeon. There were a couple that would allow you to like speak to like different services. But AOL Instant messenger reigned supreme in the space. Your AOL Instant messenger name was like almost as valuable as like your first phone number. I remember in College in 1998. I remember like getting a girl's instant messenger name and then like connecting with her. We ended up dating for a little bit, but like, it was like getting someone's phone. Yo, what's your. What's your AOL name? So hey guys, if you want to sound out what was your AOL name? Because again, when we make our email addresses or instant messenger name, when we kid. Trillion. Thank you. Quiet gamer. Trillion. All right, so mine was Audactor. Audactor 82. My. My AOL name. Okay, so stupid Audactor 82, which was. So I was taking Latin. I, I took a couple years of Latin and like, I think it's audactar or audax means like audacious and like bold. And I was like, yeah, I'm 15 year old. I wrestle, I kick butt. Yeah, I'm on. And then I drove a 1982 Datsun 280Z and I thought that was the coolest thing too. So odd. Dr. 82. Andre Max. Talking ASL. That's another one. Age, sex, location. That was like how you opened conversations. Come on, Code Brew, Think hard, man. What was your. What was your original. Fuzzy Lumpkins. Josiah Culling. That's so good. Derek doesn't remember. Yes. What a nerd. I was taking Latin. Agricola. Talking about farms, sheep. All right, defaun's 12. Jared, cyber ops veteran. So continue to drop your, your instant messenger names. A lot of fun, guys. And by the way, the sound of an inbound message. Just the final thing I'll share. I remember in the dorms at UMass Amherst, people would leave their doors open in the dorms, but the sound of an aol, like, it was definitive and you would just hear it like, like all over the dorms and stuff like that. So yeah, shout out fun little way back Wednesday. Hopefully it took you for a little bit of nostalgia. Let's get back into the news, shall we? Thank you, Dan Reardon, for the suggestion.

B

Looking at AI assisted formal verification. Everyone is trying to deal with the increase in AI assisted cyber attacks. And cryptocurrency is no different. In a blog post this week, Ethereum co founder Vitalik Buterin said AI has advanced the possibilities of using formal verification to better secure blockchain networks against software flaws. In the most general sense, verification uses mathematical proofs to ensure software is operating correctly. Buterin said this approach is particularly well suited for situations where the goal is much simpler than the implementation. But. But cautioned that this Was not a panacea patch.

A

All right, I want to give Rich Stro or, or whoever, this Vitalik guy triple word score on the Scrabble for using pan Pano like a, a, you know, that's like a very fancy Latin word for silver bullet basically. So what's this guy saying? AI assisted formal verification could reduce vulnerabilities in Ethereum. Technique uses math proofs to verify software behaves as intended. Okay, well I'm going to shoot that down in a second. And he argues AI can strengthen both attack and defense. Okay, so, Okay, so this story is written for non cyber security professionals. I'll just start there. It does talk about verification, which would be great, and integrity, which would be great, but this are, this story is not written for cyber people. Okay, I'll tell you why. Number one, he argues AI can strengthen cyber attacks and defensive tooling. Yes, of course, like we in the cyber security community have been saying this since 2023. Let me check. Jerry checks calendar yeah, it's 2026. We've been talking about this for three years. Like that's not a hot take. In fact if you hit the, you know, Wayback Machine. Threat actors have been using AI to accelerate not just their attack kill chain but like to get initial infection through reversing patches using AI quickly to develop, you know, basically exploits. Okay, so like let's just put that on the shelf over there. Number two and this is what I want to call out specifically he says the technique will use math proofs to verify that software behaves as intended. If that is your plan, that is not going to go very well. Okay, so I, I again I'm, I, I. It's not fair. I don't research or prep this. This is a single bullet extracted from probably a longer thing but may I point your attention to the following foreign this is living off the land Binary scripts and libraries. I went to lol bass project GitHub IO I'm going to drop that link in chat if you're watching on replay. Definitely something you want to flag. If you've never seen this before, I am super pumped to be the one to introduce you to it. Here is a list of all the Windows binaries that come pre installed with Windows operating system. There's a Linux here. There's also a Linux one. Okay, so don't think the Linux users are, are, you know, being marginalized. Okay, These are all the Windows binaries that come by default with the Windows operating system. You go to Best Buy right now and pick up the cheapest Windows operating system. And they're all going to be on there. Okay, so why am I pointing this out? Because. Finger fsutil, FTP, HHexe JSCexe. Some of these binaries I've never heard of. I've. I've been around so long that I have gray all over the place and I've never heard of these. Right, Ms. Exec. Okay, everybody knows that one. But like obdc comp Right? So I'm guessing that's a database configuration file. PCA L U A what? I don't know what these are, but they're all Windows binaries that can be weaponized by threat actors to achieve threat actor goals. GP script exe can be used to execute a payload that they brought down. Well, how are they going to bring it down, Jerry? How you going to do that? Well, let me explain to you how you're going to do that. Let's see, you're going to use D I A N TZ exe again, binary I've never heard of to download. You see this download option, the binary, and then execute it. But. But I'll see it. Nope. I'll use device credential deployment exe to conceal it. Do you see what I'm saying? Okay, so now that I've proven the point that you can live off the land on all these binaries, let's go back to what this dude had to say about these things. And again, this is why it's not for cyber people. We can use proofs to verify the software behaves as intended. Well, guess what? That proof's going to come back with a hundred percent green check mark. Because BITS Admin is downloading a malware payload. But it is intended to download things. It's part of the functionality. So when I, you know, investigate it, the math proof verifies it and says you're good to go. So circle gets the square. That's a Hollywood Squares reference, if you're looking to. If you've been wondering about what that Kool Aid man is, your emo tray, that would be the one that would be a good time to use it. All right, so I'm not dunking on this guy, obviously. This guy, I've seen his face before. He's a celebrity. He's highly involved with Ethereum. He's probably got a bankroll full of crypto money and all these other things. I'm sure there's a lot of crypto bros that like, follow this guy and everything. He says the TLDR is AI can be used. Blockchain can be used. Threat actors can use it for all the bad things. Good guys can use it for all the good things. We've seen blockchain used as C2. We have seen blockchain and what are the contracts called? Digital contracts or whatever or crypto Con. We've seen the contracts used for integrity of systems and stuff like that. So whatever. At the end of the day guys, I don't want anything to do with cryptocurrency, okay? And I'm not some big government like centralized finance broke. It's just the the world of the decentralized finance and crypto is so rife with fraudsters, scammers, criminals, hucksters, charlatans. What are some other like old timey descriptions? Bamboozlers. I just. Yeah, smart contracts. Thank you. I'm just off. I'm done. You know what I mean? I'll wait for the next bus.

B

Errors in Restricted Windows Networks In a service alert, Microsoft said that customers in restricted network environments may see Windows update failures after installing the January 2026 Optional Non Security preview update. Catchy name guys. This would apply to isolated or air gapped systems. This issue stems from a change in Windows download timeout requirements. Microsoft is working on fix but released a set of group policies in its known issue rollback feature for IT admins to use as a workaround.

A

Oh yes, I Dude, the Simply S community always comes. I need one of those sound effects where it's like like the cavalry like like near do wells flim Flam artists, scoundrels, rap scallions, the scallywags. Oh I love it. So good, so good. All right, so listen, I don't research or prep for these shows, okay? So I don't know what's coming. Ain't nobody got time for that. But I love the fact that the very next story talks about LOL bin and if you're a millennial LOL is hilarious. But by the way, I found out recently if you say LOL like you literally spell out the letters when you are saying like I do it means you're a millennial. Because Gen Z people don't do that LOL bin based attack chains. This is literally what I just talked about. Like LOL bin based attack techniques. Is this living off the land binaries? LOL bins are living off the land binary. So there's your acronym for the day. So holler at you. Legacy Windows Tools Fuel Surge and Silent Malware Attack. My guy. Okay, get your denzels ready. This all this is saying Is that if you're running like, you can use living off the land attacks to download software, to load software, to steal sensitive information, to do all these things. Okay, This mshta HTML application, I've seen this a million times, right? It's been around since 1999. It came out with Windows 98. Oh, so good. You guys remember Windows 95? Oh, so good. Okay. Apparently it runs on edge again, if you know me for a second, Microsoft Edge is good for one thing, and that's downloading Google Chrome. That's. I mean, I know some people aren't Google Chrome people. That's what I use Edge for. Edge has very specific use case for me. All right. Okay. So legitimate use of this binary is declined. Of course abuse has grown. So how do we defend from it? Please. Okay, I'm gonna drop a link to this in chat. Like basically this story just explains step by step the kill chain of using living off the land attack techniques. Okay, I dropped a link in chat. If you're listening on replay or audio only, just Google legacy Windows tool Mshta fuels surgeon. And that should bring the story up. It's for security week dot com. Is there a way can we disable this thing or what are we doing here? All right. Social engineering is a vital part of this abuse. Sure. So protect your end users from themselves. All right, Dude, I just read this quote really quickly because. Who's this guy? Silvio Stafi, security analyst at Bitdefender. You want us. Hey guys, like, listen, I've been in the industry for a long time. Many of you have been in the industry for a long time. If you're new here, this right here is a dead giveaway that this person has worked in the industry for a very long time. This is dripping with apathy. And just. This person has been hurt. Okay, ready? Listen to this quote. Sylvia Sylvieu Stahi says, quote, if we can convince people to stop running commands in their terminals and in Powershell and stuff like that, we would solve most of these issues. The same goes for downloading cracked apps and pirated games. I would say 90 of attacks would stop the next day if people would just stop falling for these attacks. My guy Silvio, you wanna like that all day, every day? As somebody who's worked in the industry, it's just short, like literally. That is a long extrapolated way of Silvio saying this. The reason we have the Carl sound effect is, is like literally that. Yeah. If people would stop following, falling for things, if people would stop doing things that make no sense, if people would Stop trying to circumvent the system and get around things and install stupid stuff on their computer. We'd be out of a job, frankly. So, Sylvia, welcome to the party, pal. Welcome to the party.

B

Google wants people to remember Code Mender. At its IO conference, Google announced it's making its Code Mender tool available to select groups of experts. Google initially announced code mender in October 2025, an AI agent similar to anthropic mythos that can debug and fix software vulnerabilities. At the initial announcement, Google said it was taking a cautious approach, focusing on reliability with Codemender with all patches reviewed by human researchers. Google DeepMind CTO Corey Kavukolu confirmed that they have been in discussions with governments and enterprises to audit systems with Codemander. Abusive.

A

All right, I mean, I hadn't heard this before. Okay, so, dude, classic, classic example. I like Google, okay? So I think Google's done a lot of good things for society. I know they've done some bad things. So I'm not trying to get into a shouting match with anyone about this, but when the cloud wars happened, okay, not to be confused with the Clone wars, you nerds. I'm joking. I'm a Star wars guy, listen, not a Star Trek guy, okay? But when the cloud wars happen, Amazon and Microsoft were like the two heavyweights. It was like the blue and red rock em sock em robots, right? And then Google with Google Compute or Google Cloud platform. They're over there trying to figure it out, getting in their own way. Kind of like the kid brother trying to hang out with the older brothers at the lgs, right? And Google, you know, whatever, the distant third. Now we've got anthropic and open AI, another couple juggernauts doing rock em sock em robots, blue and red type things. And Google's over here with Google Gemini trying to figure it out. And now they've entered the chat with Codemender. I, I just don't know, man. I mean, you can market it until today. Did you hear about Code Mender? I didn't hear about it, so we'll see how it goes. It just, there's a lot of specialized AI tools coming out right now. But I, I don't know about you guys, but like, for, for me as a general end user, which is where I, a lot of my bias come from. Yeah, I use some tools for certain things, but like anthropic quad cowork. I use Claude cowork for like 90 of my AI needs, right? So like, I don't know, like what is Codemender getting me significantly better results on my code base review? Or, or is Mythos fine? You know what I mean? Like again, as a, as, as an executive, frankly, like just take away the, the, the cyber security part. If you're looking at your, in your environment, your infrastructure or whatever, back in the 80s it was like best of breed, like you would have like a bunch of different tech. The reality is, at least in my opinion, I'm firmly in the philosophical camp of like fewer tools that do more things. And this, a lot of people agree with this. That's why you see the bigger companies like your Palo Altos, your Cisco's, your Microsoft's acquiring other companies to build out their entire tech stack portfolio on the cyber side because a lot of executives want one like tech stack because then I can train my staff on Microsoft technologies or on anthropic AI technologies and then I don't have to train a bunch of people on a bunch of different things. Someone leaves and we lose that knowledge base, right? You renew and you don't have to renew five different contracts, you just renew the one contract and you get like all of the different capabilities. Right? So this is very common. So my, my thing is if I have an enterprise, just think about it from a business perspective, okay, great cash homie. If I have enterprise contract with Anthropic and my dev lead comes to me and he's like, or my CISO comes to me like I guess I'm the ciso but like, and says hey, like Google's got this code Mender thing that can help secure code. My first question is going to be how's Anthropics code review solution? Like is it, is it 80% of the code mender? Oh man, Code Mender is the best and the best and the best. It's the actual top of the mountain. Okay, that's top of the mountain's great but like is, is Mythos just like close to the top of the mountain. Because I'm already paying for that and I don't want more expenses. You're picking up what I'm putting down. My guy. Okay, so I get it, I get that, you know, friggin Trader Joe's has the best, you know, mix nut trail mix bag. But I've got this, you know, 400 pound bag from Costco of trail mix. Do I need to go buy the Trader Joe trail mix bag or can we just eat this Costco bag and deal with the fact that it has raisins in it? Okay? Shamira Gonzalez, 32 months hello, Microsoft HTML

B

applications on the rise Microsoft HTML Applications, or MSHTA, came out first in 1999 as part of the release of Internet Explorer 5.0.

A

What are we doing here, Rich?

B

Windows 11 maintains support for these through Edge's IE mode. While legitimate use of MSHTA has fallen over its more than quarter century of life, researchers at bitdefender warn that abuse is on the rise. That's because an HTML application file can be manipulated to run VBScript in memory where it's harder to see malicious activity. Bitdefender saw this used to deliver Luma, a Matera Clipbanker and Purple Fox malware usually paired with phishing campaigns.

A

I don't know. So I, the guy, the reporter who, who's talking that picked these stories, I know this guy. This makes no sense. Like literally two of these stories are like basically the same story. Okay, so like thanks I guess we are running behind on time so that'll be quick. But like Legacy window tool mshta Fuel surge Silent malware and the next story is Microsoft confirms patching issues restricted networks. Talking about this MSHTA attack. Okay, hold on, I'm reading the story now. Okay. No, no, no, no, no, no. So, So this is messed up. Okay, so here's what they screwed up over at CISO series. So this third, the, the second to last story should have been about patching errors and restricted networks and the last story should have been abusive mshtma and he, he basically did the same story twice and skipped one of the stories. So just to be thorough with you guys, okay, there's patching issues that Microsoft released. I again I don't research prep for the show so I wasn't prepared for this problem really quickly. Oh my God. Okay. Microsoft says that some people who have restricted network environments could have had a problem with the January 2026 non security updates that are optional. This is going to affect like not that many people and if it does, you already know about it because Chuck's calendar, it's May, this is the January four months ago. So. All right, whatever. So that the way this show and story just ended, that was a complete like a bit of a bit of a hot mess express right there. Wrong story and the update is like I don't know. In my opinion people already know about this. So sometimes Microsoft patches don't work. This is why vulnerability management analysts need a job. And you can't just set things to auto patch because patches don't work sometimes. Sometimes they break, sometimes they do all these other Things. So. All right, check it. Check it out now. David Fox, are you still with us in chat? Can you text something or chat something? I'd like to know if you're still here, and I hope you had a good experience. All right, here we go. Computer. All right, guys, fastest hour in Cyber. This was your Simply Cyber Daily Cyber Threat brief podcast for May 20, 2026. Don't forget to get your CPEs here. Go to Cyberthreat Brief. Simply Cyber IO CPE. Cyberthreat Brief. Simply Cyber IO cpe. Bookmark it, put in your name, email, and get emailed by me once a month with all your cps. You have to do it the same calendar day as the show. You cannot go back and speedrun, like, 15 episodes that this form changes daily. All right? Now, for everybody else, if you're still here, don't go anywhere because we're about to light this candle and get you guys leveled up. It's almost time for Cyber Career Hotline. Phone lines are open. You got questions, we got answers. It's another promise to the Simply Cyber community to provide insights, tooling techniques, support, empower you to be the best you can. And Cyber Career Hotlines. One way we do it. So let's go. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. All right, what's up, everybody? Welcome to Cyber Career Hotline. Phone lines are open. Hopefully you guys are having a good show. Cyber Risk Rich, always with the telephones. I love it. So what's up? My name is Jerry Guy. This is Cyber Career Hotline, a hidden program. It's the Easter egg of the Daily Cyber Threat Brief. We're gonna go hard in the paint for 24 minutes until 9:30am and then two cyber chicks, Jack Scott, Erica McDuffie, are going to take the reins and usher you in to the next phase of your day. All about good times, guys. Community, support, inclusion, straw hat, sex as. Ring, ring, ring. Let's answer the call. What? What do y' all got? There was something that. Oh, oh, hey, really quickly, if you guys are. I can't show you right now. Well, I can show you this. Hold on one second. So for those who don't know, every year I. I come up with a new st. Every year I come up with a new sticker for Simply Cyber. Okay? It's kind of a thing I do. Two years ago, it was the old, you know, 76 gas station logo. And then last year it was the, it was the old cassette tape, right? This one right here is this. Whoops. It was this one right here, right? And I loved this one. And it's got a QR code on it that goes to a mixtape playlist. Come on, man. Can we zoom in? Anyways, this year I've got another QR code and I'm pretty excited about it because not only is it a QR code, but I'm going to show you the. I want to show you what the sticker looks like, get you guys feedback. Okay, so this is it right here. This is going to be the Simply Cyber 2026 sticker. And it's a old timey arcade machine. The QR code is going to go right over the coin slot thing here. And I made a game. It's nothing, it's not going to win any awards, but I made a game called Defender. It was Patcher, but I couldn't get it the way I wanted. So I created a game called Defender. And when you scan the QR code, it takes you to the video game. So not only do you get a sticker, but then you can play a little video game, compliments of Simply Cyber. So if you think it's cool, find me at conference and I'll give you. I'll give you one. So this is my 2026 sticker, everybody. Thank you for letting me share that with you. The game. The game's almost done. I. I was playing it this morning. I was playing it this morning. The game was too easy, so I made it harder and now it's like freaking wicked hard and I'm like, like stubborn. So anyways, phone lines are open. Come on down, get your questions asked. Did David Fox say anything? Oh, Jay Brock saying it's awesome. Thank you. Marcus Kyler says it's fire some people. Raymond Cruz saying it's sick. Elliot Matice liking it. Mara Levy enjoying the sticker. Cool. FedEx, dude. It's a new laptop. My guy. Jesus. FedEx. Just coming off the top rope with all caps exclamation points. It's a brand new laptop. Pirate Kitty. Hey, what's up, Pirate Kitty. First timer yesterday. Came back for more. Thanks, Pirate Kitty. Hopefully you enjoyed that Kathy Chambers video. I saw you over on that chat. Bearded ruckus with the first question. Yes, Sir. Oh, hello. J.T. gorman had a question. Hold on one second. I'm here for you guys. Hey, Jerry. Should orgs prioritize adopting a single AI tool or adopt a multi tool approach? Also, how can orgs effectively manage and govern them. Okay, so this is a big question, AI governance. We've come a little ways at RSA this year. I did get the vibe that. So two years ago I was at RSA and everything was like AI explosion, like AI all the things, agentic, all the things. This year it felt much more like it was about managing AI and governing AI. So I will say that organizations are thinking about this, which means vendors are thinking about this as far as managing and governing them. I do think you need to take an approach of messaging, educating end users, making them aware of what's okay and what's not okay. So end user awareness. Secondly, it's incredibly easy to spin up AIs for any end user. So you have to check, you have to be looking on the network for network traffic going to you know, like Open Claw or The thing is being specific about IP addresses or domain names is very brittle. That's not great detections but it's better than nothing as far as adopting a single AI tool. I believe if, you know, I guess I'm, I'm in charge of my business but like I would be all in on like an enterprise license for an AI tool and telling people to use it. I know some organizations. I was moderating a panel at a healthcare conference a couple months ago and I got the vibe that a lot of companies that are using Microsoft Azure as their kind of enterprise office platform are using Copilot for their AI solution. If you're a Google workspace group, you can use Gemini. So again I'm a big fan of Anthropic, but I, I'm a bit. So I think you should use a single AI tool for like 80% of your AI needs at your organization. If possible, maybe try to do it for 100% but you are going to get into some situations where there is like specialized AI tools. Like I'll give you an example. If you're using anthropic for your like business enterprise, but you are a healthcare company, you would want to use specialized AI that has been trained on pharmaceuticals or healthcare or clinical practices or something. Right? You don't want to use a gen AI for a specialized discipline or skill set. So that's, that's the only thing I would kind of note on that. What I wouldn't recommend from a multi tool approach is just like widespread scatter shot because being able to like diverge and, or excuse me, converge and pull those things back in is going to be problematic. Right? It's, it's like, I mean if Just look at technical debt and tech sprawl in organizations. So that's what I would recommend about that. Hey, Jerry, I know a PhD in cyber isn't mostly done for the money. Yeah, I believe that. But from your experience, would you recommend it for the lifelong learner these days? I would not like to lose my beard in that process. Yeah. So it's a good question. I get asked about the PhD periodically. I'll tell you this. And Kathy Chambers is going through a PhD right now. I don't know if she's in chat, but would certainly appreciate her take on this. Here's the deal. If you're a lifelong learner, it could be for you. Getting a PhD does not necessarily unlock more money. It does open opportunity. Right. There's a certain, like, I don't know, swagger or whatever that you can weaponize if you want. I don't, you know, I make my students call me Jerry. Like, I'm not, like, I don't, I, I don't, like, typically, like, if I'm going to be introduced at a conference or whatever, they'll ask me how to do it. And I say, you can say Dr. Gerald Ozier once, but don't keep repeating it. I don't, I don't like. It's just whatever. So I will tell you the, this one thing, and I have several videos on the channel about PhD. So if anyone's interested in getting a PhD, I have a whole playlist on the channel for it. Listen, this is the one thing that you have to know, okay? If you are not ultra passionate about whatever the topic is that you're going to get a PhD in, don't do it because you will not complete it unless you're absolutely stubborn, okay? And I don't mean that. I'm big on inclusion, right? That's one of the core values here at Simply Cyber. But I'm telling you right now, it's long, it's lonely. I did it before AI, so maybe it's a little bit easier now. But there's two parts. There's the class part and then there's the dissertation part. The class part is just like getting a master's degree, okay? I have two master's degrees. I can tell you the getting the courses done, they're harder courses, of course, and they're more demanding, but it's very similar, right? You can do them in a couple years. The dissertation, it. You're generating new knowledge within a discipline and like, and it's ultra niche, okay? Like you're solving a Very specific problem. Problem that no one else has really solved before or doing it in a way that hasn't been done before. And it took me like three years to do it. And you write a book. My book is up here. It's just. It's lonely. It's lonely man. And it's very easy to give up. So I would say you have to be super into it or else you're going to become abd, which means all but dissertation. And that is like a four letter word in academia, right? If you, if you're going to get a PhD and then you, you like fail out and your ABD, it's like, it's like a scarlet letter. Like people don't say it. Like if, if I, if you were an abd, I could be talking about you to another person. Say, oh, he's abd. But like, I would never say it to you because it's like insulting. Okay? So just be careful. And you don't have to lose your beard. I had a beard the whole time. I did have a beard the whole time. Although I did ask the people I was working with. Jesse, ask Matt Jones. I was like kind of crazy at one point. How do I coin? How do I. Coins in those slot. Okay. Do you or anyone else know where to get challenge coins made? Yeah. So I have challenge coins. I will if you give me. Marcus, I have a bag of these over there. Right after the show ends. I'll just go grab the bag and I'll tell you. Josh Mason turned me on to a place. I guess the military people know where it's at. In fact, Marcus, let me know someone in chat who, who's military probably answered this question already. But if they haven't, I'll. I'll get it to you after. AI Governance ISO 42001. There you go. Roswell UK's dropping some knowledge on AI Governance, which goes back to that first question. 82. Okay. Boju says I want to make. Hey, what's up? Stones fan in the house. Hold on. So Stones fan says, how do I get a sticker? Dude, are you gonna be at Black Cat, defcon, Wild West, Hack and Pass, Simply Cybercon, any of those? Because I'll be handing them out there. Boju says I want to make a cyber sticker. Any recommendations on the company I use? Oh, yeah. So I like Sticker Mule. I like Sticker Mule. I will tell you that Kimberly can fix it. Turn me onto this. Like a lot of the sticker companies kind of like. Run specials and stuff, but I, I like sticker Mule. I use sticker mule. How are you doing? Do you need help with anything? Ellipsis. Thank you. No, I mean, I. I appreciate it. I'm very awkward. Not awkward. I guess I'm awkward sometimes, but I struggle at delegating or asking for help. I've been working on it. Kimberly can fix it works with me. But I. I don't need any help with anything right now. Thank you. I. I guess ellipsis. If you did want to help, just, you know, spread the message of simply cyber. Share it with people, let them know what we're doing over here. All right. Continuing to look through chat. If you got a question, put it in chat with an AI with a. Any experience with SIM and security camera images being ingested into data lakes. Is this common or not? No, I mean, this would be cool. I mean, sims typically take text logs, telemetry, and then enrich the logs to have, like, correlated events show up. So you wouldn't see images in a sim necessarily. Silence Poet. Silence poet with 10 gifted subs. Thanks, dude. By the way, Silence Poet may or may not be running a Texas Holden poker tournament at Simply Cybercon this year, so stay tuned for that. Not real money, so not gambling. But all I would say about this is lemur, it is cool. AI does have the ability to review images and be able to make insights. So I think you'd almost have to like, do it offline and then send insights into the sim. If anyone in chat is doing this. I haven't heard of this before, but if anyone is doing this, give a shout out at L E U M U R in chat. Goat in the machine. Excuse me. Industry advice regarding AI and company data is to avoid uploading sensitive docs to external providers. How do we reconcile that with Copilot having access to all the data? I mean, I guess you could argue it's pre approved, right? I mean, I guess that's a good question for Internal to approve. Hey, if we're allowed to stick this information in OneDrive, then can we use Copilot to look at it? Chances are probably yes. Likely you would have a contract with Microsoft, right? So to me, it's like pre approved, right? I mean, it's already in there, so it's not really external. Striving to learn. Super Chat just passed their last class or bachelor's yesterday. Knowledge definitely helped accelerate the learn. And thank you so much. Did we just become best friends? Congratulations. Striving to learn, dude. Massive accomplishment. I remember you texting, texting me. We just become best friends. Yep. I Remember you texting me when you got into the program and now completing it? Just amazing. Congratulations. Super happy for you. Random Skills says it perfectly. You do a PhD for you, not for any other reason. That is 100, right? There is one reason why you would do it. Like, if you are in higher education, and I know this has fallen out of favor, but if you're in higher ed, a PhD does put you higher in the pecking order. If you're into like office politics and stuff like that. A guy named 303 says he would abuse the crap out of having a PhD. He'd make reservations on all his handles. You would know he has a PhD. That's so funny. Warner Brothers might want a word. How about auditor or Thrunter? Yeah, I'll show you the guys the game later today I'm gonna publish the game publicly on cloudflare with a URL and everything like that. So you guys can play it Slim Puppet Said or Slimy Puppet. Ooh, I got my BS in cyber from WG Gu. Never really got into cyber. I'm about to go for a master's in AI and LLM. Any thoughts? Oh, okay. What I would say Slimy Puppet is right now, just because of a meta and a social media AI is blistering hot. So if you have a whatever you're learning, whatever you're doing, post about it and make sure that you're using the keywords AI, LLM, all the things that you're doing, and you will be able to grow a professional network pretty quickly. Oh, my God. Mr. Underhill. No. If someone asked for a doctor on a plane, I'm going to be looking around too. I'm about to get involved with my company's patch management process. Okay, guys, can we collectively pour a little bit out for J.T. gorman? How can he prepare for. What are some things I should be aware of before getting started? Okay, so J.T. gorman, what you want to do is. Oh, also Angular 777 Blue Badge, 26 months. Thanks, everyone. I can't always make it live, but greatly appreciate the community that Gerald Ozier and you all Foster. Thank you. All right, hey, here's what I would do. NIST csf or excuse me, NIST Special Pub Vulnerability Management. First of all, this is a 2005 document, so it's old. As old as me. What are we doing here? Load. See, I don't have. I pay for gigabit. If Ethernet. Like just load the page. I don't. Broseph. All right, so here's what you need to do. There is a NIST document 800 here. Here's the link to it. Who asked that question? J.T. gorman. I don't know why it's not going. J.T. gorman. Here's what you got to do to get prepped for this role. Okay? Number one, understand how vulnerability management works. First of all, you got to get a scanner, right? Scan your network. Make sure that your scans are not disrupting technologies. Make sure your scans are staying up to date and current. Make sure your scans are scanning all the things. You may have to get multiple scanners, depending on the size of your organization. They'll be central. Like, you'll have like one kind of console scanner. And then scan engines across your enterprise. Scan all the things. Be aware that you're going to have hundreds of thousands of results. Be aware that you're never like. Think of vulnerabilities as a dump truck dumping a load of mulch on your driveway, okay? And you are shoveling into a wheelbarrow and wheelbarrowing mulch out to the back. You are never going to get to the bottom of that mulch pile before another truck of mulch comes and dumps it on that. So just be aware that you will never close all the vulnerabilities. Okay? First of all, second of all, get to know application owners, get to know information, system owners, get to know the networking team, because you aren't going to patch anything. You don't get to touch systems. You don't get to decide when a computer gets rebooted. Application owner, system owner, network owner, they get to decide. So you gotta get on their. On their schedule and be ready to have soft skills, empathy, to be able to communicate effectively on why you need them to do the thing you do. Also, final thing, do not everything is not a blistering emergency. Save those for when it really is. Or else you're gonna like, erode the value of you being like, I need you to patch it now. Artemis X Gerald, what's one skill you wish more career pivoters in cyber actually developed before applying? Wow, that's a good question. I mean, I mean, understanding networking is pretty valuable. I'm not saying all career perimeters don't have it, but a lot of times people come into cyber and they don't understand how networking works. And it's devastating. Like, you need to understand how a network, you have to understand how two endpoints talk to each other. Could be two endpoints on the same land, two endpoints across the Internet. But, like, that is how C2 works. That's how, that's how X Fill works. It's like how lateral movement works. Like you people need to understand how networks work. I think that's one real big skill. Also, soft skills are pretty important, but usually people pivoting into cyber already have soft skills. Who wants a custom SC Con Magic the Gathering card? Elliot Matice. I've already actually developed this. Anyone who enters The Simply Cyber 2026 Magic the Gathering tournament will get a limited edition soul ring that looks like the retro synth wave Sun. I already built it casually. Joseph has a prototype. All right. All right, let's go. Tech Grunt wants a challenge coin. Okay. Find me bro Cyber Risk, which says you can go to Staples and get stickers made. Very cool. Good to know. I will tell you guys, like if you don't have a sticker, that's okay. But like stickers are like, I don't know. Devin Grady and I were talking about like, like stickers are like a. It's like a vibe in cyber security. Right? It's a good icebreaker. It's a good way to like. It's just cool, you know, it's like supporting your friends. All right, continuing to look through chat for a question. We have two cyber tricks coming up at 9:30. All right. James says, should I shift my focus to AI, RMF and NIST 600? 600 versus FedRamp and Sock2? I'm still trying to break it in the industry. I don't know what NIST 600 is, but I mean, yeah, I mean Fed Ramp and Sock two are kind of well established. AI is super hot. I would also look at cmmc, James, but yeah, AI and AI governance for sure is coming and it's going to get more and more so certainly. Certainly Fed Ramp is kind of wellestablished at this point, right? Like unless you're going to be doing like readiness assessments or something. I would look for CMMC readiness assessment and audit roles. What's your thoughts on the big tech giants eventually dominating the AI market? Just like some of the past innovations. It's Fred on. It's a good question. I'm a little, it's a little, it's a little unsettling because basically, I mean, I guess I'll just put it plainly, right? Like if you think about who's in charge, right? If the most wealthy, powerful people in the world are capitalists, then it's less about government and serving civil service and it's more about profits and late stage capitalism. Right. Look at, you know, look at a lot of go look at the movie or the TV show Altered Carbon on Netflix, which, by the way, season one is phenomenal. Sci fi, awesome. But like, the people with money can generate wealth and new generational wealth so their offspring can be powerful. So it sucks. But at the same time, I. I do appreciate it because I feel like if the government was in charge of AI, As it were. All right, we're going to two cyber chicks right now. Guys, if I didn't get to your questions, I'm sorry. Come back tomorrow. I promise you will get answers. It was a good time. Here's the two cyber checks. At.