🔴 May 28’s Top Cyber News NOW! - Ep 1141 - Daily Cyber Threat Brief

Summary8 min read

Daily Cyber Threat Brief – May 28, 2026 (Ep. 1141)

Host: Dr. Gerald Auger, Simply Cyber Media Group
Date: May 28, 2026
Theme:
Covering the most significant cybersecurity news for professionals and enthusiasts, Dr. Gerald Auger goes beyond headlines to share practical insights, analysis, and actionable lessons. From critical incident responses to career advice, this episode mixes news, humor, and community spirit.

Key Segments & Takeaways

Opening Comments & Community Updates

Timestamps: [00:01–13:55]
Dr. Auger welcomes listeners, highlights the show’s inclusive community, and announces CPE credit info.
Encourages first-timers to say hi and introduces show sponsors and free/discounted training resources.
“I am a lot. Welcome to the party! … Whether it’s me welcoming you or this entire community of awesome individuals, know that you have a safe space to ask questions, to share knowledge, to share wins, to voice frustrations. Here at Simply Cyber, we are more than a YouTube channel. Believe that—we are a community.” (A, 06:00)
Announces upcoming events: Flare Academy DNS investigation training and AntiSiphon Threat Hunting Summit.

Memorable Quotes & Community Moments

“Just remember, taking down the threat actor does not mean you’re clean.” [Glassworm, 23:13]
“If coffee ever becomes contraband, you’re gonna find that I am the biggest arms dealer in the world of coffee.” [Intro, 05:00]
Community shoutouts for career achievements, encouragement for newcomers; live meme segment that ties in Jerry’s own “origin story” from dev to GRC.

Mid-Roll (Meme of the Week & Sponsor Acknowledgment)

Timestamps: [40:48–43:26]
"What's Your Meme Thursday" highlighted—with a GRC-themed meme celebrating Jerry’s move from “bad dev code” to GRC.
“If you know my origin story, I was a software engineer who got his code audited for FISMA compliance, and from there on forward, I never looked back.”

Career Hotline (James McQuiggin @ 35,000ft; Career Q&A)

Timestamps: [63:39–end]
Advice for new auditors, consultants, those interested in privacy vs. networking, and would-be SOC analysts.
Strong emphasis on community support, networking, using LinkedIn, and building visibility in the field.
Recommends leveraging AI tools (Claude, Gemini) to analyze your resume for marketability.
“You have to be the CEO of you, you have to be marketable.” (James, 89:27)
Operation Privacy recommended as a free resource for managing your online data.

Summary Table: Timestamps & Stories

| Timestamp | Topic | Key Takeaway | |-------------|----------------------------------------------|-----------------------------------------------------------| | 14:19 | Glassworm Botnet Takedown | Supply chain and C2 complexity; vigilance still required | | 24:11 | China’s AI Surveillance Expansion | Privacy threat, global surveillance trend | | 30:21 | Shiny Hunters Breach at Charter | Vishing/social engineering as primary initial vector | | 35:23 | AI Accelerating Exploit Development | Exposure windows shrinking; defenders must adapt | | 43:26 | FBI: IT Impersonation Attacks on Law Firms | Empowering users/zero-trust policies; educate end users | | 49:42 | Romanian Hacker Sentenced | Geopolitical risk in cybercrime; local govs remain targets | | 52:05 | Bad Host Bug in Python Starlet | Supply chain, AI integration, patch urgency | | 57:20 | GCHQ on AI Arms Race | Heightened rhetoric; AI as “unstoppable” force |

Tone & Style

Dr. Auger’s approach is energetic, humorous, and direct. He blends practical cybersecurity knowledge with a sense of fun and a genuine interest in helping the community advance their careers and skills.

For Listeners: Action Steps

Review your supply chain exposure; don’t assume big takedowns mean you’re safe.
Update/patch vulnerable platforms (e.g., Starlet, agentic AI tools) immediately.
Train staff on social engineering, especially IT impersonation.
Reevaluate your vulnerability management pipeline—can you compete with AI-driven exploit development?
If you need CPEs or are starting your cyber journey, join the Simply Cyber community for support (Discord, daily briefs, upcoming Simply Cybercon in November).
For personal privacy, explore tools like Operation Privacy.

Next Live Streams:

Simply Cyber Fireside Chat at 4:30pm ET — with special guest Wade Wells (chance to win a $575 cyber threat intel training voucher).
Cyber Career Hotline every weekday post-brief for career Q&A.

Notable Quote to End:
“You can either stick your head down and pretend it’s not going to happen, or … get to work. We got our work cut out for us.” (A, on AI-driven exploits, 39:00)

Stay secure!

Loading summary

Transcript29 lines

[00:02]
A
Good morning, everybody. Welcome to Thursday May 28, 2026. This is your Simply Cyber Daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Ozier, coming to you live from the Buffer Osier Flow Studio. Thanks for being here today. I hope you have a great experience as we shred the top cyber security news stories of the day. And I go beyond those headlines to give you insights and additional value to the best of my ability and if it extends beyond my range of knowledge or experience, well, don't worry. We've got a powerhouse of simply cyber community members ready to drop their knowledge bombs on all of us and help us level up ultimately in the, in the, I guess the quest for support, inclusion and empowerment of each of us. Let's go get your coffee. I got very rare situation. I've got a full cup of coffee. Haven't had a sip yet, so I'm ready to get into it myself. Let's get going. Yes. Yes. Good morning, everybody. I hope everyone's well. It's been a great week here in the low country. Both my kids going through graduation, promotion, whatever they call it. They call it promotion now around here, which I don't, I don't understand, but it's fine. I mean, I know what a promotion is, but just different naming convention here. We're through that. Kids are on summer break. It is shifting into high gear. I hope wherever you are and whatever you got going on, I hope it is wonderful. Now let me take this first sip. Grant me the grace for a minute. I'm a huge coffee drinker. If you've known me for a minute, for a minute and I need it, it's go juice for me. Whoa. Dan reardon, haircut fish, 43 months and meme of the week. That's right. Every single day of the week has a special segment here at Simply Cyber's daily cyber threat brief. And today is Thursday. None other than what's your meme Thursday? This guy right here is an absolute treasure. Haircut Fish whips up a custom meme for us. And for. I'll just give you a little teaser. GRC Mafia, you are going to be loving life when you see the meme of the week at 8:30am today Eastern Time. Just let me take this sip, please. A moment of silence for the sip. It's not quite a monster. Poor Daniel Lowry. But it is. It's my thing. Yeah. Oh, man, I hope to God we don't hit like 1984. Equilibrium, type, style, life, civilization, where like coffee becomes contraband. Because guess what? I'M gonna spoiler alert right now. If coffee ever becomes contraband, you're gonna find that I am the biggest arms dealer in the world of, of coffee because I need it. I need it. Oh my God, it's so good. All right, guys. Hey. Every single episode of the Daily Cyber Threat Brief, we go through eight stories of the day. We get the surface level headlines, which is really great. But then there's always additional lessons learned, things you can apply. I want to help train you either a to if you're more junior, to understand the bigger scope. Like yesterday, I lost my mind about 12 hour patch windows and how absolutely ridiculous that is for the entire country of India. There's a lesson learned, but sometimes maybe your mid tier, senior tier, it's more nuanced about managing people or paying. Playing the corporate game of thrones, as it were, to not have somebody take your budget or whatever or red flags to look out for. I had a call with a good friend yesterday who's looking to potentially move away from their company because of the red flags he's seen. So my goal here is to deliver value to you in whatever capacity that is for you as an individual. So the value I bring to Mara Levy might be different than the value to Mr. Buddha, different than Steve Young, Nerman, Marcus Kyler, Phil Stafford, et cetera. At the end of the day, I want to help. That's what I'm doing here. So in addition to delivering the hot takes on cyber news, you know what else I do? Every single episode of the Daily Cyber Threat Brief is worth half a CP continuing professional education credit. So every single day I would encourage you go to cyber threatbrief. Simply cyber IO cyberthread brief. Simply cyber IO CPE. It's in the show description and go ahead. You can see here today episode 1141. 1,141 times we've gotten up and done this together. Drop your full name, email address, check these two check boxes and hit this button and on June 1st. So just literally next Monday, you will get an email in your inbox from me with all of the dates you attended in May. Nice cool looking little certificate and making your CPEs more whatever legitimate. They've always been legitimate. It's just making it more palatable for the certification bodies that you're submitting them to. So that's what we do here. If you're here for the first time, you're like, wow, this guy seems like a lot. Well, let me get clear the air. I am a lot. Welcome to the party. But I also want you to know that you're welcome here. Welcome to the party. Whether it's me welcoming you or this entire community of awesome individuals, know that you have a safe space to ask questions, to share knowledge, to share wins, to voice frustrations. Here at Simply Cyber, we are more than a YouTube channel. Believe that we are a community. There's a Discord server, there's meetups. We got Simply Cybercon coming up in November. So if you're here for the first time, I know it's a lot to take in. So take the first step by saying hello and drop a hashtag first timer so we know it's your first time. All right, so we got our first timers. Our CP's mad value. Oh yeah, yeah, yeah. The show doesn't happen without the stream sponsors. Mr. Buddha says they checks in for the CPS doesn't, but doesn't need them yet. Still trying to get that cyber roll. You know what, Mr. Buddha, first of all, good luck on the cyber roll. Second of all, it's a good practice to get into. Third of all, looks like we've got some first timers. Ty Widener, 3,357. Ty Widener, 3357. Welcome to the party Ty. Guys, Dude, every single episode is sponsored by the stream. Sponsors obviously want to say shout out to them really quickly. Links in the description below. We've got a very timely one with Flare Academy. Guys, I, I am attending this tomorrow from noon to 2. It's on my schedule. Mu Mu 369. First time live. We'll take it as a first timer. Welcome to the live party. Mutok, welcome to the party. I love it. By the way Mu talk Not to, not to make fun of your name but I, I, I love Space Ghost. Coast to coast Space Ghost. And your name mut sounds like one of Space Ghost's like arch enemy, like the, the praying mantis guy. Okay guys, I'm attending this training. I'm a big old dork. I love cyber security. I love it. And I've, you know, I've known what DNS is for like a hundred years. That's hyperbolic. But did you know you can use DNS to map out cyber criminal activities, develop forensic artifacts, use it for investigation and make illicit connections. I did not know that. And I'm excited that tomorrow I can spend two hours for free learning about this with some of you. Whoever is in chat and wants to be part of it, go to Simply Cyber IO Flare. I'm going to drop it in Chat right now. Free training as it were. Free training sim. Oh my God, guy. Free training mods. I probably should ask for this Simply Cyber IO player, guys. You go to it, you sign up, you don't go. No punishment, no penalty. It's free. I'm gonna go. I'm excited. I hope some of you are there. I would love to. I would love to just jawjack with you while we're going through some training. Be a lot of fun. Anyways, come learn how DNS can help you put all the pieces together. Uni says can you change the time format on the CP page so the 24 hour calculation starts from when the show goes live instead of resetting at 12am every day. I can do that. Give me one second. And I know this is a little unprofessional, but I have a notebook that I need to physically write this down as a feature request. Actually, you know what I'm gonna do? I'm gonna do this. Zach Hill and I have a private DM chat going. But as much as we use it for normal stuff, we also just write clipboard and then paste in the comment and I come back to it later. All right, thank you and yes, I will have that change made later today. Thank you. All right, guys. Hey listen. Anti Siphon training is putting on an absolute banger of a virtual conference. Threat Hut Summit. Threat Hunting Summit 2026, June 17. Mark your calendars. 10:30, 10am to 4:30pm Six and a half hour free conference. Come hear some of the best industry professionals speak on topics. This is great for blue teamers, obviously, but if you're a GRC person or a red teamer, you can get value from this summit. Just go sign up, check it out. They do have tons of training. Might find a training that maps to your needed skill set. Maybe you have some budget you need to burn. Either way, with code. Simply cyber 26. Simply cyber. My fingers feel fat today, man. Like not, not good. I just put the code in chat. Simply cyber26. You can get 20% off of any of these trainings, which is like up to a, you know, hundred dollar value. So go check it out. Anti siphon training.com event/threat hunting summit. I'll drop a link to that in chat too. I can't carve out six out six and a half hours. But if you can, you know, sometimes it's worth even just signing up and punt. Jumping in, jumping out as time allows. If you need CPEs, you get six and a half for this, which is wonderful. And again 20 off training. Just as a quick aside, one of the trainings is a two day cyber Threat intelligence training with Wade Wells, great friend of the community. If you don't know who Wade is, may I invite you to simply Cyber Firesides, one of my other shows today at 4:30pm Eastern Time where Wade Wells, the same Wade Wells will be my guest on the show and, and we'll be raffling off a $575 voucher for this course for one of you. So if you'd like to go to this training but you just don't have the budget for it, come to the Firesides today. You can Potentially win a $575 voucher in a 104 free two day training. I've taken that training. It is great. Wade is not just a great instructor, but he's also very, very talented. Finally, let's say quick hello to Threat Locker. The zero trust platform making application denied by default, accessible to enterprises everywhere. They have some very large Fortune 500 companies, but that doesn't mean you can't use it too. Several simply Cyber community members actually work at Threat Locker now. Love the health of this company, love what they're doing. They're securing the endpoint and now they're doing the cloud and network as well. Quickly, quick word from them and then we're gonna get into the news. I want to give some love to the daily Cyber Threat brief sponsor. Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, really quick, Joseph Gamb 5427, it's been a minute. No, Joseph. I've actually developed like a really cool solution. Go to this uro, Joseph. You could see nightbot dropped it in there. Thank you Sunny Allen. And you can just type in your stuff here. It's once you get to the website, it explains it all. All right everybody do me a favor. I didn't research or prep for the show so I don't know what we're getting.
[13:55]
B
Ain't nobody got time for this, but
[13:57]
A
I need you to sit back, relax. Joseph, I know it's been a minute, but do me a favor, relax and let's let the cool sounds of the hot news wash over us all. An awesome way. I'll see you guys at the mid
[14:10]
B
roll from the CISO series, it's Cyber Security Headlines.
[14:20]
C
These are the cybersecurity headlines for Thursday, May 28, 2026. I'm Sarah Lane. Glassworm Botnet Gets Shattered Crowdstrike says it worked with Google and the Shadow Server foundation to take down Glass Worm, a self propagating credential stealing botnet targeting developers through poisoned software packages since early 2025. The coordinated action disrupted all four of glass worms command and control channels at once, severing access to infected machines and blocking new payloads. Researchers say the malware spread through compromised VS code extensions, NPM and Python packages and more than 300 GitHub repos using invisible Unicode injection plus Solana, Google Calendar and BitTorrent DHT infrastructure to resist takedowns.
[15:16]
A
China Overhaul okay, so this is phenomenal. CrowdStrike, arguably the biggest EDR in our industry. Google, I mean everybody knows Google. Fortune, Fortune 5 company, huge threat intelligence. They own Mandiant as well. They partnered up alongside Shadow Server foundation and took down the four main C2 servers of this Glass Worm botnet. Now I'll admit I had not heard of Glassworm prior to this. So interesting. It does seem like it was quite a blight on society. As Roswell UK notes in chat here, striking all four simultaneously basically ensured that the automated fallback and redundancy that they had put in place did not work. Listen, threat actors that are worth their salt, right? Like real cyber criminals, like the professional criminals, not the footpads that you know, just try to send you a phishing email and steal a couple bucks out of your wallet like the pros. They run their business like a business. They run their business no different than you or I should be doing cybersecurity for our, you know, employers. What do I mean by that? Like, I'm not saying that they have a cyber team that does like nist, CSF and end user awareness training and stuff like that, but they do have backups, they do have redundancy infrastructure. They are, I guarantee you they are using multifactor authentication to log into their cloud infrastructure, their C2 servers. They likely have developers on staff that are using CICD pipelines and best practices to keep this code clean, keep it updated, make sure that it doesn't get caught by the newest Versions of EDR updates. Right. So, I mean, it's like, it is legit business. And I'm sure, you know, people in these criminal enterprises get fired for not doing their job and stuff like that. Although I'm not entirely sure, like, if you're fully aware of how a criminal operation works, I'm not quite sure firing is what happens if they have to remove you from the operation. But coordinating to strike all four at the same time. Very elegant. If anybody in chat has run a project that has more than like eight people on it, coordinating on execution is not trivial. It's not a video game. We're not playing Civilization here, where you can just click on a part of the map and like 300 people all start marching towards the same spot. Coordinating with real humans is messy, you know. Oh, like, I didn't get the email. Or did you mean 4:00 clock Pacific Time or 4:00 clock Central Time? Like, it's always a mess. So the coordinated takedown definitely shows a level of sophistication and elegance. I do want to point out that they. They hit all four. I. I had to Google, like, tell me what hit all four means, because hit all four sounds suggestive, but, like, did you know what. What did they. What does that mean? Right? CrowdStrike has it. Ooh. Oh, dude. Crowdstrike always has, like, the hotness when it comes to graphics. This is what the disruption was. They had their C2 channels, which was. They were. Oh, wow. All right, so Glassworm was using Solana blockchain as part of its C2. All right, this is a. This is a. Not a new technique, but one we don't see often, at least in my walk of life, is using blockchain as C2. Now, the blockchain is immutable record for crypto exchange. Not exchanges, but like crypto J. Crypto. What's the way to put this? The blockchain is the ledger, effectively, of any transaction that happens between two crypto wallets, put simply. And you can't delete it, change it, update it, modify it, whatever, which means if a threat actor puts a command on a blockchain, then, you know, law enforcement can't remove it, can't whatever, it's going to be there. Which also is great from a forensics perspective because you can't delete it. So you can always go back and look at it. So they were using Solana Blockchain BitTorrent for, you know, whatever. I. I haven't heard of using BitTorrent for C2, but sure why not? And then a Google Calendar. This is another kind of popular technique because you can, you can make Google Calendars public and have people look at them. So it's just another form. I, I want to remind everybody that C2 command and control is how criminals speak, to quote unquote, speak to compromised endpoints. So say you are doing cyber security at a business that has a thousand computers, right? Thousand endpoints, and 75 of them are compromised by a threat actor. And you don't know it yet. The threat actor doesn't come in with a lunchbox and a pair of coveralls and it's like here for work, boss, like here to do some crime. They need to remote into those 75. And just like you and I would not go visit 75 machines individually to patch them. Oh, you gotta patch it. Ah, you gotta patch it. We would use centralized controls in order to manage from a console. Threat actors do the same thing, right? They just call it C2, we call it endpoint management, right? It's no different. So they need to be able to have a communication channel between the compromised endpoint. You can use Google Calendar, Telegram, Twitter, DNS. You can use anything that allows for communication back and forth. Chris, Mike Fitz says hello. I'm new, actually been watching since April, but this is my first live. Hi everybody. Chris, Mike, Fit. Welcome to the party, pal. Welcome to the party, pal. Also want to say holla. Holla, Holla. Chris, Mike, thanks for being here since April and shout out for getting here for the live. So the disruption included VPS takedown, which is the virtual private server. So basically the cloud server. Obviously CrowdStrike and Google got in there. They, they say CrowdStrike and Google, but if these are VPSs, if they were either hosted on Google infrastructure or they worked with another partner, Amazon or you know, whatever host ringer, whatever that one is that people are all geeked up about for their Claude Claude instances. Salon takeover, Eclipse. Take our Google Calendar takedown. Okay, whatever. So C2 disrupted. I'll drop a link to the CrowdStrike blog. It seems like very informative if you want to read about a, you know, a professional high end, multi stakeholder cyber criminal crowd takedown. This is a great example. It doesn't mention law enforcement in, in the story here, but regulators. All right. And this was a massive supply chain attack. I do want to point out one more thing worth noting. Listen, this does not mean that all of the endpoints in your environment that are currently compromised with this botnet are now clean. Google taking down the threat Actor does not mean you're clean. Okay? It's, it's like. What would be an example about, of this? Imagine like a, a, a factory in the middle of town just bilging out super dark toxic smoke. Just like gross smoke. Okay. And Google and CrowdStrike come in and shut the factory down. All right, cool. No more gross smoke coming out of the smoke stacks. It doesn't change all the smoke that's like on your lawn still killing your lawn. You still got to go clean your lawn off, spray it, hose it down, whatever, whip it, flip it, spin it, rub it down. Oh, right. So just remember this is step, this stops the problem from happening further, but it does not clean up the problem from your environment. So you got to make sure you go look for those IOCs and because, and what, why, why Jerry? Well, you got to remember they didn't arrest the threat actors. So if there is any capability for them to reactivate in any capacity, all those compromised endpoints are still reaching out, trying to figure out, look for command. Look for command.
[24:12]
C
World's biggest surveillance network. The Financial Times reports that China is upgrading its surveillance network with AI powered cameras and software that can automatically identify people, analyze behavior and flag potential unrest in real time. Companies like Hikvision and Huawei use computer vision and LLMs to search footage with various text prompts to detect crowd buildups or erratic driving and then process video directly on device using specialized chips. This builds on China's decade old surveillance infrastructure which rather than replacing it outright with local governments layering in AI despite tighter budgets.
[24:55]
A
All right, well, I mean if we thought for a second that this wasn't going to happen, then I don't know what you've been doing. I'm not even going to spend a terrible amount of time on this or I will try not to. This is 1984 and if you have not read the book 1984, I don't even know if this book has been banned. Now that like that banning books, man. Like this is one of those books that like you would think it would get banned. Essentially it's a, it's a dystopian future where the government manages everybody. But, but, but the thing I want to point out is they have like a camera in everybody inside of everybody's house. All right? They've had this closed circuit TV thing, whatever you want to call it, for years. This is, this. China might be the one who's doing it front and center. But I agree with other people in chat. Many first world power countries are doing this I just want to point out something really quickly. Number one, AI is very good at, like, looking at images and patterns and seeing things. Okay? So it's no surprise that they're introducing AI to this. Now, I'm going to tell you two things. One, this is, this sucks. Okay? Personally, you, this will be wrapped. This is not a cyber security story, by the way. Let me just qualify that. I don't pick the stories. This is not a cyber story. It's a privacy story, civil rights story. Really quickly, this kind of concept of com. Of camera surveillance with AI on top of it has been around very long time. I would like to call your attention to the following. Madison Square Garden Rockettes lawyer kicked out. Okay. December 2022. Okay, so four years ago, a mom, Girl Scout mom, is taking a Girl Scout troop to see the Rockettes in New York City. They get inside and immediately the mother is detained and told she has to leave. The reason being she had a ticket, by the way, she had paid for her ticket. She's there with the Girl Scouts. The reason is she was a lawyer on a team of lawyers that were actively involved in representing a client who was suing the guy who owns Madison Square Garden. So the guy who owns Madison Square Garden was pissed that this woman was part of a team that was doing her job. And he said, no, no soup for you. And he knew it because the closed circuit TV is scanning everyone's face and anyone that was put on a special list gets notified. I mean, not notified, gets elevated to security to stop. So this is four years ago. Okay, now let's add A.I. okay, so a couple things here I can imagine. They are, they, they. This is going to be wrapped in clothing of. Oh, it'll help us detect drunk drivers. It'll help us find escaped criminals. It'll help us manage security and safety for everyone. My guy managing safety and security is fine. I love some security. I, I, you know, from a physical security perspective, if I see someone breaking into a remote facility, it would be great not to have to pay a human to stand there for 24 hours a day. It'd be great to have a camera. The problem is the per. Whoever's in charge gets to decide what's not okay, which is the entire premise of 1984 if you go all the way down the line to the end of the train tracks. So, yes, it's drunk drivers. I don't want a drunk driver crashing into my kid, you know? Of course. But what it, what if someone decides that, like, they don't like me Because I'm speaking out about injustices of Native Americans who. Whose land in North Dakota is being appropriated by the government so they can mine oil up there. And all of a sudden, like, all of my moves are tracked. You know what I mean? Like, it's. It's. What about. What about the situation where a guy who happens to work at the surveillance company is going through a bitter divorce and he doesn't want his wife, who's now his ex wife, dating anyone, so he just uses this thing to track and harass people. Like, there's a million instances of people abusing access to power. And when you give this kind of capability to a subset of humans, it absolutely will be weaponized. China's just very open about it, by the way. There is a technology out there that's existed for a while where you could put someone's face in. Almost like a Google Image search, but better.
[30:21]
C
So, Charter confirms Shiny Hunters data breach. Charter Communications confirmed a data breach after the extortion group Shiny Hunters threatened to leak stolen data unless Charter pays a ransom. The company says it notified authorities, but no sensitive personal information or customer proprietary network information was taken. Shiny Hunters claims it accessed charter on April 1st through a voice phishing attack targeting an employee's Microsoft Entra account, then exported millions of customer records from Salesforce, including names, comments, contact details, plan information, and support tickets.
[31:01]
A
All right, really quick. I do appreciate all the healthy conversation around this topic. I. I just want to. I guess I'm not. Not to pick on pocket pixels, okay? But, you know, pocket pixels, you know, if it's to deter crime, I don't mind. This is quote. If it's a deter crime, I don't mind. If it's to gather information, stalk and harass, then it shouldn't be used. Yes, that's exactly right. It'll be. It'll be sold and marketed and physically deployed everywhere with righteous intent. But once the infrastructure is deployed, ensuring that it's only used for righteous intent. This is why you have oversight and inspector generals and, you know, watchdogs and stuff like that. But, but. But you begin to erode that, right? I mean, we saw several inspector generals get fired. We've seen government oversights be, you know, basically dissolved. Right? It. It. It's a slow burn. No one. No one just comes in and says, like, oh, we're putting surveillance on everybody. No one's safe anymore. Ah. Ah. Like, that only happens in, like, Data east video games from 1991. Right? So, okay, Charter confirms data breach after Shiny Hunters. Dude, I'm Telling you, I still feel strong. Joss Decks wants to buy Shiny Hunter stock. I'm telling you, I. I'm upgrading my recommendation from strong to very strong. That, that Shiny Hunters is absolutely gonna be the target of law enforcement in 2026. By the way, Shiny Hunters, like, I don't, I don't support or endorse you, but whoever's in charge of your graphics team. This is. Look at. This is nice. Look at it like, I love this dude. The, the retro synth, wavy light blue with red. The font choice. Oh, yeah. I mean, this is like low key American Psycho looking at business cards. Look at this landing page. Is that silly? And rail charter is, you know, big time company. They're hitting all these people. They were able to vish and attack an employee's Microsoft Entra account. Okay. Foreign. It's not good. Here's the deal, guys. Shiny Hunters, it should absolutely be on your list. Like 10 years ago it was. Or, you know, eight years ago it was very much like you should be looking at Conti Ransomware, lock bit ransomware. You should be it. You know, if, if you should be doing tabletop exercises with ransomware as the scenario. But if you're particularly good, you should be doing it for specific threat actors in 2026. If you've got your ransomware, you know, tabletop exercise sorted out and done and you want to take it to the next level, I recommend doing Shiny Hunters. Did we just become best friends? Yep. Pivot vishing is the attack sequence. They are social engineering. They're not breaking in, they are logging in. Remember that you use that as the title slide on your tabletop exercise. They're getting creds and logging in really quick. Esco 07. Yes. If this is the same Esco 07 that we normally see, this dude's been around for a minute in the community. He says officially pivoted into grc. Start my entry level IT audit roll next month. Massive thanks to Jerry and the community for two years of guidance. Oh, my God. I don't do this very. I think I've done this one other time. I'm double wrecking ball. This Esco 07 has legit been here most days. Putting in the work, asking the questions, taking the action moving forward. Hell yeah. Escol 07. Double wrecking ball. Yes, dude. So pumped for you. Remember, Esk 07, you can put your hands on your hip for a second, take a breath, but remember, the real work starts now. I've got a video on the channel how to Crush your first 90 days Strongly encourage you. Watch it, it will set you up for success. S. Cole07 what? What a legend. I love it dude.
[35:23]
C
AI exploit development outpaces scanner detection. New research from Cogent Security says attackers used AI to slash exploit development time for disclosed vulnerabilities from about 125 days in early 2025 to just 12 hours by this April. Outpacing major scanners from tenable Qualys and Rapid7 the firm found 83% of critical CVEs created a visibility gap for defenders with more than half never getting scanner coverage and many exploits circulating before detection signatures were even available.
[36:03]
A
Yes. Okay, so again I've said, I've been saying this for a while. I might have to do a conference talk on this. Like I feel like it's not a hot take I'm coming up with, but like guys, patches come out. Listen, AI, I'm gonna try to cut this to make it a short. Okay, hold on, let me get it ready. I'm gonna do a YouTube short of this. So like. Okay, ready. Let me explain to you why AI is changing the game. In vulnerability management, AI can be used to reverse a patch incredibly quickly from when it comes out and discover what the patch fixed and then write an exploit for it. So if you're not patching the second the patch comes out, which many of us aren't going to do because you have to test the patch in your environment, roll it out. Especially if you have a large enterprise, the threat actor has a window of exposure where they can be successful in exploiting your infrastructure. On top of that there is a massive back catalog, 20 plus years of software that was only tested by humans. And there are many, many, many, many vulnerabilities that AI are going to be discovered. We've seen several 17 year old, 20 year old Linux vulnerabilities just coming out recently that were AI discovered. So whatever your approach is to vulnerability management, it has to change and it has to be coordinated with the vulnerability scanner engine exposure management companies that are developing product for our industry because they need to bake in AI to not just move quickly on when these patches come back and find exposure inside your environment, but also be proactive to, to kind of run an arms race, almost like an AI security researcher in your own environment to be able to discover these things. The arms race has always been there. Now it's just accelerated incredibly faster because AI is being used to discover these things and exploit them much, much faster. We've got our work cut out for us. Okay, that's the short, I swear to God what I just said is what I mean. Like this is what's happening. This is the thing that we need to worry about. It's going to be, guys, I basically there are dark, dark, stormy clouds on the horizon. Not dark and stormy. Jesse Johnson, we're not talking about delicious cocktail dark, stormy clouds on the horizon. And that storm is moving this way. And there's no amount of, no, no, there's no amount of that that's going to stop that storm from coming. So the best thing you can do is right now go online, go to L.L. bean, buy yourself a rain slicker. Like one of those crazy ones that fisherman's wear in the fish sticks box, right? The big heavy yellow ones. Get yourself an umbrella and get a shovel because you're going to be doing some work, my guy. That's what's up. And, and really there's two ways to it. You can either stick your head down and pretend it's not going to happen or that's I can tell you, not going to work out. Very good for you. And number or number two, get to work. We got our work cut out for you. I will say that exposure management and this isn't like a pitch for exposure management companies, Exposure management is much more the way vulnerability scanning is just not going to be fast enough. They've got to rethink the kind of architecture of vulnerability scanning. By the way, you might be like I don't get it. What's so hard about vulnerability scanning? Jerry, I, I ran Nessus on my own box and it took like five minutes to run. That's fine. When you have 45,000 endpoints across 18 facilities, it takes much longer to run a vulnerability scan. In fact, just to give you real perspective, when you get large scale deployments of scanners, you typically need multiple engines across your infrastructure, all reporting to one main brain controller. And that controller it usually at least in the environments I've been it can take up to a week to scan your entire environment. It takes time. All right, let's go.
[40:18]
C
Huge. Thanks to our sponsor, Guard Square, AI is speeding up development. But at what cost? While 96% of teams now use AI tools, 81% report that AI generated code has introduced new vulnerabilities into to their mobile apps. In a world with automated threats, you need multi layered polymorphic security to stay ahead of the curve. Learn more@guard square.com
[40:48]
A
all right, let's do that. All right, we're at the mid roll guys. Thanks so much for being here. Hope you're getting value from the show. I do genuinely mean that. I don't. I don't, you know, the show has a format, but like, I, you know, I don't research, I don't prep. I try to deliver, you know, a great experience every day. I don't know what you're gonna get. I don't know what I'm gonna say. So from my heart to yours, I do hope you're getting value from the show. Thank you again to the stream sponsors, Threat locker, anti siphon flare for sponsoring the show. Every single day of the week has a special segment. And Thursdays is what's your meme Thursday. Now, I did promise you GRC people your day in the sun. Now, Dan doesn't always do this, but sometimes he captions these memes and the caption for this meme is. The caption for this meme is when the moment Jerry discovered grc. Okay, Dan Reardon, meme of the week. Thank you very much. Let's go. So here we go. This is the moment Jerry discovered grc. There we go. So bad dev code, which is what I was writing, grc. And then, oh, if you know my origin story, I was a software engineer who got his code audited for FISNA compliance. And from it from there on forward, I never looked back. I still tinker around with code, but I'm a cyber guy through and through. So here we go. Dan Reardon with an interactive meme for my cyber origin story. All right, thank you very much. Dan Reardon, Cyber Mom 17, says Love simply cyber. Wait, hold on. That was a misfire. Cyber mom. All right, thank you and thanks, Dan. Let's get back to the news. I saw someone ask about Simply Cybercon. If you are interested, we have a whole website for Simply Cybercon.Simply Cybercon.org Simply Cybercon is a separate 50001 3c non profit. I do not want to make money off Simply Cybercon. It is deliberately a non profit. Just to ensure that there's no confusion. It is a community driven initiative. It's our annual celebration of all things awesome. Okay, let's get back to the news.
[43:26]
C
Cyber criminals impersonate FBI IT personnel. FBI is warning that the Silent Ransom Group, aka SRG, also known as Luna Moth, Chatty Spider and UNC 3753 is impersonating IT support to trick employees, especially at U.S. law firms, into granting remote access so attackers can steal data and extort victims. The group uses phishing emails, phone calls, legitimate remote access tools and may send somebody on site for physical Computer Access SRG focuses on rapid data theft without encrypting systems targeting some sensitive legal records and client communications before defenders realize anything is wrong. Romaine.
[44:15]
A
All right. The. The balls on the. Sorry. The. I'm sorry. I can't believe I just did that. The. The audacity of these threat actors. That's a much more appropriate word. The audacity of these threat actors to go on site and pretend to be IT Support is interesting. You don't see that very often. Yes, T.J. i made a mistake. Thank you. So, okay, a couple things here. Number one, they're targeting law firms. I've said this before on the channel. If I was going to target someone, if I, If I. If my moral compass broke, if I got painted into a corner and I needed to commit crime, I would go after accounting firms and law firms, right? They. They know where all the money is or all the bad things, respectively. So anyways, whoever this group is, the silent spider silent ransom group, that. That's what they're doing, targeting law firms now. They're impersonating IT support. The. The bigger picture here is impersonating IT support because whether it's Silent Ransom group targeting law firms or it's Shiny Hunters targeting help desk and. Or it's, you know, I guess, Indian call center scammers pretending to be, you know, a printer support desk people, it's the same thing. Okay? The, the scam changes, but the attack technique, if you boil it down, is identical, which means once we've identified the attack technique, we can, A, put in technical controls to defend and B, educate our end users to be mindful. So what. What are we going to say? Jesus Christ. I may have said that. Listen, Number one, the. The remote access software that the threat actors are using is not going to flag as malware. They are using any desk. They're using TeamViewer, they're using log me in, they're using legitimate signed software. That's not going to flag anything. And it all looks legit. The person who's the victim, right? If somebody is like a paralegal at a law firm or a receptionist and someone calls them and says, hey, I'm from it, we're dealing with an issue. I need to do something really quick. It. It feels from a. I guess a relationship power dynamic. It feels weird to say no because the person's just trying to do their job, you're just trying to do your job, etc. Etc. Part of the educating of your end users is to have them question inbound IT support requests. Like have an approved process, educate people that this is a, a potential attack technique. So they feel this is the important part that your end users feel empowered to question this and say hey this doesn't feel right. I appreciate that you have a need to do some remote IT support work. I'm going to hang up and I'm going to call the help desk and you know, confirm this right now it's a little bit of extra work for the victim but this is why you have to educate them. Okay, Number two, a little bit more difficult but just a heads up, if you have a tool like Threat Locker, right? Stream sponsor I've talked about Threat Locker before. If you have a, a tool that does this when they, when the threat actors try to run a legitimate software signed piece of remote access technology like any desk, if your company doesn't use any desk, well then it's not going to be allowed to execute. It's going to be identified as suspicious because your organization doesn't use it. At that point the threat actor cannot access the victim machine and the attack completely fails. And if the threat actors like oh it's not working like they would have to know what prove solution you have. Maybe you have one they don't have access to. It's not a silver bullet but so trident memory here said or triadic memory says what if the help desk is in India and there's no way to validate, hang up and call your help desk. That I mean it's simple as that, right? You call your own help desk and say hey I you know just got a call from you asking to do you know some IT supports. What, what's this about? Can you confirm it? If they have no idea what they're talking, what you're talking about, chances are it's a problem, you know what I mean? So I am not wearing contact lenses. Little tidbits Tuesday Trend Dream Logic I do not like touching my eyes. I've tried to put contact lenses in twice. If you want a hilarious. If I lose a bet. Listen, if I lose a bet to the simply Cyber community at some point the, the, the punishment should be I have to put in contact lenses. Watching me do it is borderline hilarious because I look, I'm like it's a mess. It's a mess.
[49:43]
C
National sentenced for Oregon government hack Kathleen Dragomir was sentenced in the US to 56 months in prison for reaching the Oregon Office of Emergency Management and 10 other American companies. Prosecutors said Dragomir stole employee credentials and personal data like Social Security numbers. Then Sold access on dark web forums, causing at least $250,000 in damages. He was arrested in Romania back in 2024, extradited to the U.S. in 2025, and pleaded guilty earlier this year. AI.
[50:20]
A
All right. You know, I always. I'm always kind of mixed vibes on this. Regulators. I. I always have mixed vibes. But like, this dude stole like 250 grand and he's going to do six years in prison. Meanwhile, Shiny Hunters has stole like $400 million. And they're just like, ah, like, just laughing all the way. So. But. But whatever, my guy. So listen, what's this guy's name? Hold on. Catalyn Dragomir. Clearly not a simply cyber community member, because if he was, he would know. If you decide to commit cybercrime, you have to not live in a country that's friendly with the country you're attacking. This is criminal 101, my guy. Did you not catch my talk at Criminal Con, the one with the minions went to in Florida? You cannot live in Romania and commit crimes against the US and think you're going to be all set. All right, so he hacked Oregon government systems. I gotta tell you, dude, state, local governments, they have very porous security. Not because the people who work there are terrible, but because they're a nonprofit entity. No one ever really thinks of government as a nonprofit, but that's what it is. And they typically are trying to make a dollar out of 15 cents like it's a Tupac song. And they are stretched thin, which means they have lots of exposure to what? Talk to anyone who works in state and local. Talk to Jay Gold about the water department. Okay, so this guy getting caught, they. They probably spent a lot of money to extradite this dude. But you know what? Hopefully it serves as a reminder to other people in around his circles that you shouldn't be doing this stuff.
[52:05]
C
Agents hit by open Source vulnerability A critical vulnerability dubbed Bad Host in the Python framework, Starlet is exposing millions of AI agents and services to authorization bypass, data theft, SSRF and potentially remote code execution. The flaw lets attackers manipulate the HTTP host header and affects starlet based tools including FastAPI, VLLM and Light LLM. Putting systems tied to healthcare, finance, email, cloud and and cyber security at risk. Starlet 1.0.1 fixes it. Organizations are urged to patch and scan exposed systems immediately.
[52:51]
A
All right, okay. I'm just, you know, you got to make a risk based decision. Here's the deal. Here's the deal, everybody. Oh, man, I'm. I'm oh, bro, like. Like, you got your Rick Rubin Hawaiian shirt on. Maybe you're. You're token on some fun funny grass, right? And you're just like, oh, bro, maybe you got like a. A brass dor. Is that what they call those instruments from, like, the Middle Ages? Dulcimers? Like, like, hold on, I gotta Google this thing. I. I'm trying to paint a picture for you. Oh, yeah, you got one of these things. It's not even brass. It's like a weird Jesse Johnson. Can you play one of these? Jesse Johnson's a very talented musician. I want to know if he can play dulcimer. We're watching. If you're watching on stream. I just pulled up a picture of a dulcimer, right? So you're doing one of these things. You're. You're enjoying some organic material, and you're just like, oh, my God. Oh, I just. Don't harsh my mellow. I'm just into Vibe coding. Listen, you can vibe code all the things you want, all right? When something like this happens, you. You introduce a problem. So there is this package called Starlet, which has 325 million weekly downloads. I've been doing Simply cyber for, like, six, seven years. Six, seven years. And I think we have, like, 15 million views, right? So, like, these people are crushing it from a weekly download perspective. And the foundational platform now has a flaw in it that can be exposed, which means everything built on top of it, all these AI agents built on top of it. All these businesses that have been stood up or have integrated AI agents based on the Starlet package are. Are exposed. And the reason I was like, oh, man, Vibe code. The thing is, you can Vibe code all the things, but if you don't understand the code base, if you can't get in there and. And. And, you know, be mindful of these things. If you're building on top of a dependency, in this case, like Starlet, that's fine. I'm sure you're printing money at your business, but now you've got a real problem. It is trivial to exploit. Trivial to exploit. So, you know, for all those, you know, AI vibe coding developers out there in the world, you know, a poor little bit of OE out for you, but just a little bit. You're not getting a full 10 ounces of OE on the ground for this one. My. Because you accepted the risk when you started vibe coding all these things, biopharma, A.I. like, like these. Oh, this is the functionality, right? Clinical trial databases, a lot of real sensitive Phi Email and SAS products. Candidate information for hiring pipelines, AWS topology nuclei, scanner access and asset inventory. Dude, there is so much information and with 325 million downloads a week, you better believe there's way more than that. I don't even know. They said you can go to Starlet 1.0 which would fix this thing. Good luck. This, this is one of those ones where we're about to find what vulnerability management and vulnerability like patch management looks like in an environment where you have rolled out AI all over the place and you have dependencies all over the place, Agent harnesses, you know, like database, er, diagram, not diagrams but er, schemas getting updated and stuff like that. I, I don't, I don't know man. I don't know. Like this is another whole host of problems that we haven't really talked about much because we've got, you know when, when you have several huge blazes going on, huge fires going on, the middle size fire doesn't necessarily always get top, top, top visibility. So anyways, anyone out there doing agentic AI, or people in your workforce doing agentic AI, if you've heard anyone say Starlet as part of their package, make sure they're aware of this because this again, it's trivial to exploit.
[57:21]
C
UK cyberspine chief calls AI unstoppable Anne Keast Butler, head of the UK's cyber intelligence agency GCHQ, warns that AI is becoming an unstoppable force, increasingly weaponized just below the threshold of war. While Russia escalates daily hybrid attacks on, on critical infrastructure supply chains and democratic institutions across Britain and Europe, she warns the west risks falling behind adversaries like Russia and China unless governments, businesses and citizens treat cybersecurity with greater urgency. We know.
[57:59]
A
Are you serious right now? Okay, so the UK cybers. This thing is like, shall we play a game again? This isn't a cyber story. I know it's a cyber spying chief, but like my guy, okay, this is crazy to me. Like this is like, I don't know, call me crazy. Call me, call me out of my mind, tell me that I'm wrong here. But what I'm seeing here is the guy who's responsible for spying on people is saying that we need to move faster with AI development in the UK and US because China and Russia are moving fast and, and we, if we want to maintain our competitive advantage, Pull off the guard rails, slam it into fifth gear, put the gas pedal to the floor, open the top, throw your money out and scream money Ain't a thing as you, you know, basically swerve across three lanes. That's what they're saying here. Get after it. That that UK cyber spying chief calls AI unstoppable before us and warns that we gotta get after it. Dude, if I was in charge of spying, I would want AI to the max. He's also right. Dude, I, whatever. Everybody said this in 2023, the genie's out of the bottle, the toothpaste out of the tube, this thing. No one's going to slow down because it's not, it's not in anyone's interest to slow down. Which is part of the problem why people, like, let's be honest, it's be the conversations are happening in closed groups, but I'm sure many of you have had these conversations. There's a really uncomfortable vibe going on with people. I've had this conversation with many people about what, what does the end state look like? Like if, if we continue to march down this path, there's a, there's an obvious inevitable conclusion or there's several, you know, obvious inevitable conclusions and many of them are not great. So how do we stop it? And you can't, because this is basically like a landslide and not the Fleetwood Mac kind. You know what I'm saying? So anyways, yeah, this guy's banging his chest. I'm sorry, like, by the way, like, I don't know who the UK cyber chief is speaking to about. We need to go faster on AI development. Last time I checked. Like, I mean, maybe this is a UK thing. Roswell uk. Are you guys complaining that you don't have kick butt AI development? Because in the United States we have Google, Gemini, Rosa, Microsoft co pilot, Anthropic, Claude, open AI chat, GPT. We have like four of the largest, if not the largest AI tech firms. Gro, if you want to throw that in there. Like, we have the big ones. Yeah, China's got a couple. But like, I don't think the US is falling behind. We're so far ahead that we actually aren't even allowing the newest models to go public. Hello. Look at glasswing Project Mythos. That's not, that's like an invite only for rich kids. Like, what is this dude talking about? Sorry again, I don't research or prep for this, but this feels like propaganda. Honestly, I, I, I'm not aware of Russia having some blistering speed AI tool. I'm sure they have some AI, but like, I don't know, whatever. Going back to this story of the mass technical Surveillance with AI. Maybe I should watch what I'm saying. Can't criticize UK cyberspan chief. All right. Freaking kind of a, kind of a, kind of a grab back. You guys ever been like one of the last ones to get to lunch? You ever go to listen really quickly? You ever gone to like a company lunch and they like brought food in from catering but like you had a meeting that ran late or your boss wanted to talk to you and you're like oh my God. And then you get to like the lunchroom and there's like two vegetarian bags and then like the turkey sandwich and you're like, like that's, that's what I feel. The stories were with CSO series today. There were like a couple good ones in there, but for the most part just a lot of like puffy puff chest shenanigans. All right. Guys, we did the thing. We did the thing. I hope you guys enjoyed the crap out of the show today. I certainly did. Don't go anywhere because we got a lot more content coming your way. Cyber Career hotline is coming up at 98 right now. Phone lines are open. James McQuiggin at 35, 000ft will be bringing you career guidance. If you have questions, drop them in chat with a queue. He's here for you. I'm Jerry from Simply Cyber. Thank you all so very much. Reminder, today at 4:30pm, Wade Wells will be my guest on Simply Cyber Fireside. So set your clock 4:30pm Also we'll be raffling off a $575 prize during that one hour firesides today. So don't miss it. It's a great opportunity of course. Much more to report with that project I'm working on. I've got the, my, my, my, my participant has agreed so we're going to start that today. I'm Jerry from Simply Cyber. Thank you so very much and until next time, stay secure. I leave you in the capable hands of James McQuiggin at 35000ft. Let's go.
[63:39]
B
I'm James McQuiggin. I'm James McQuiggi at 35.
[63:42]
A
What are we doing here, buddy? I will do.
[63:45]
B
I'm James McQuiggin at 35000ft. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. Alrighty. Well, good morning everybody. You gotta love the delays on, on restream. You click the button and you're waiting for it. To go. And there's that split second and it's not playing until you click it again and then it plays and then. Yeah, so it's the mad Hatter for. For me this morning. But greetings from Dallas, Texas. I'm here for your cyber career hotline. Let's see. And I've kind of got some new things going here this week. And of course it shows up reversed. I love technology, don't you all? I'm gonna have to figure out what that setting is, but yeah, so I kind of got some new. Crying out loud. Maybe it's a. It's probably a setting in here with the camera, but. Oh, looks like it kicked around. So there we go. Jerry fixed it. Thanks, Jerry. Tech support. You gotta love it from behind the scenes. So, yeah, I kind of got crafty playing around with obs. I see all the cool kids play with it. So I'm like, all right, so, yeah. So hopefully you've just a friendly reminder. Make sure you've put in for your CPE for watching the show today. Jerry's part of the show. Not this, because this doesn't really count. This is more advice giving and not educational. Even though it may be. It is a little educational. Who knows? But yeah. So actually, let's go back to just the chat. There we go. So I can see everybody. There's Jerry wishing everybody a great day. Thanks to everybody. But I am excited to be here to answer your questions. So drop it in chat with a Q and then add your questions. If you haven't met me before, haven't seen me, I'm James McQuiggin. Jerry calls me at 35,000ft because I do a lot of traveling. I'm actually, as I said, I'm here in Dallas, Texas. Home is central Florida, and today I'm here in Dallas, Texas. This weekend I head off to Bonita Springs, South Florida, where I'll be at OsmosisCon. That's an OSINT conference. And I'll be hanging out with fellow Simply Cyber member Dennis Keefe. We're going to be at that OSUN conference together next week. And then at the end of next week, I will be in Minnesota. Oh, yeah, don't you know, I'll be in Minnesota for the secret con. And I'll be presenting there on a topic of agentic AI and social engineering and what cybercriminals are doing and attackers are doing with all of that. So I am the now founder and advisory CISO for apparent security. If you know, you know, spend over two decades Working in IT and cyber, done everything from database administration, networking, both kinds to security awareness. And now I just. I truly enjoy going around and talking with people about cyber security. I'm a university professor teaching cyber Threat intelligence. So. Yeah, so drop in those questions. Be curious to see what everybody's got going on. I'm having fun here with the obs and being on the road and. Yeah, so yesterday it was really cool. Jerry mentioned earlier about Anti Siphon training. The Anti cast, they've got that threat summit coming up in a couple weeks. I had the pleasure of being the host for the Anti cast the last four weeks. Had a blast doing it. Now they're gonna have. I was filling in for somebody while they were getting somebody prepared. And so I had a lot of fun doing that. Hopefully I'll be back to do that because that was a lot of fun being the host of that and kind of like doing the host for this and thanks, Pocket Pixels. Here we where's. Let's see. I see it in the real chat. Where is it in this? In the. On screen. There it is. Pixel pocket pixels B6M. Loving that comment. I love the Cyber career hotline. Me too. I think it's pretty cool as well. All right, it looks like I. Where is the Threat Summit hosted at? Well, that is the Anti Siphon. It is. Actually. Let me bring up the browser that I have here. I got another screen where I can bring up a browser. But the Andy Siphon training, the Threat Summit is going to be virtual. It's all online. It's June 17, so you can definitely sign up for that. That's going to be free. But then they're also doing training classes. So you got Wade Wells, who's going to be on the Fireside Chat this afternoon. Don't miss that. Ask Wade all kinds of cool questions regarding cyber threat intelligence and threat hunting. And I'm sure if casually, Joseph will be on, he'll ask about a particular threat hunting concept. But this guy yesterday, Fawn Russo, Agent GI for Threat hunting, he did a really, really fascinating talk yesterday. John Strand's Intro to Network Threat Hunting. If you're trying to get in, learning more about threat hunting. If you're doing threat intelligence, definitely check out those. But those are paid classes. But those are training classes. Will be, I believe, two days or one day. Oh, Wade's is two days. The other ones are all one day. Oh, John's is two days. Sorry, John's doing a two day. Wade's doing a two day. The other ones are all one day. But then the summit itself is going to be free, open to everybody. Definitely check that out. Lots of great sessions. Let me see. Does we have the. Oh, yeah. Here's the breakdown. You can see all the people speaking. Fawn, Jamie, Sydney, Marone speaking. She's going to be talking about fronting Herman, Shane, Lauren. So definitely check that out. That's going to be really, really cool. So awesome. Let's see. There we go. Cool. No, that's not what I want. That's what I want. There we go. All right. So good stuff all around. Let's get back up into here. You know, FedEx is on the line. Cool. The. Is it in Florida you're talking about? Osmosis Con. Yeah, it's in South Florida. Question. All right, here we go. From space tacos, looks like I made it to the next step for Auditor 2 at my current company. What sort. What sorts could I expect to get as a current employee? What sorts. This is a fun thing. It's trying to guess what he. What he. Let's see. Did you. Yeah. Straw hat sex and thrunting. Yeah. That's the question to ask on. On question to ask Wade Wells. Ask him about front fronting. I made it to the next separate Jew. Yep. That's awesome. We came in like a wrecking ball on that one. I don't have my sound effects with me today. What sorts can I could I expect to get as a current employee? She's using question mark. Oh. What sort of questions could I expect to get as a current employee? Thanks, Jerry. Yeah, gotta love it. What sort of questions could I expect to get as a current employee as working as an auditor, too? That's a. That's a really good question. I guess for me or, you know, for me, it's always about scope and schedule. Right. You know, it's always about what, what, you know, what scope and schedule. Yeah, scope and schedule. And cost is always kind of one of the first things that get asked for me when I know when it comes to auditing, when it comes to working on an audit overall. But if you could. I expect to get as a current employee. If you're talking about questions you're going to get from upper management. Are you talking about questions that people could ask you overall as a question you might be asking? So there's kind of a lot to unravel there. But I think for me, as an auditor, auditor too, you're now kind of taking that next step. That's a great space talk. I got Jerry to feed me the line there, but you know, for as a second level auditor, you're now kind of look helping out the auditors below you, you might be providing guidance for them. You know, think of questions you can ask them. For me, I would probably have a nice little chat with Gemini or Claude and see what kind of questions it might come up with that can help you with that. So cool. I'm a freelance cyber secure guard. I'm a freelance cyber security consultant. I wanted to ask you how difficult is it to attract SMEs subject matter experts as clients when you don't have any references or testimonials in the field? So this comes down to for me, comes down to networking. When I launched Apparent Security back in February of this year, for me it was kind of the same thing. I'm going to do it based, I'm going to do it so I have, I can take on contract work. I don't have to be hired by organization. I could be a fractional CISO or do fractional cybersecurity week. And I'll tell you the first two. First, the three contracts that I have now all came from people in my network, people that I knew already. Not customers, not potential clients, but people that were in my network that knew what I was looking to do. And they, when I kind of reached out to my network and was talking with people trying to figure out what to do, they came back to me several weeks later and go, hey, I've got a vciso role. Hey, I'm working on this, this course for an organization. How would you like to do X and Y for me, another organization it's been, we want to bring you on as retainer for strategic support for top of funnel work for, you know, helping develop content. People that knew me and you know that that ever famous saying of it's not what you know, it's who you know and essentially for, for me it's who you know, who knows you and knows your capability and what you can deliver. That's how I got my work. So cyber secure guard. I would definitely be out there networking. Get yourself some business cards. I was, aha. Get yourself some business cards. There's mine, it's got the lighthouse on it which is my logo and then on the back I've got yes, I know a QR code. Don't come at me, but I have the website underneath it. But the best part is I also put a dad joke on the bottom of my business card as well because people are going to be like, oh my God, that's so bad. Yes, I know it is. You know, why can't you use beef stew as a password? It's not strong enough. It's not strong enough. But I have that there as a way for people to remember me. But go to events, go to local security events, ise to Issa, Isaca, B sides, local conferences and network with people. Get connecting with your people in your. Your network that you have already on LinkedIn. If not, build up your network on LinkedIn and start reaching out to them and seeing if they can provide some support. But that's what I've been doing. That's what's worked for me. Everybody's going to be different but get out there and network. That would cut. That would be my biggest piece of advice for you. Overall. The get yeah, Phil Stafford comes in with the the assist. Getting the first couple clients is hard and will take longer than you think. Run a pilot where you offer discounted or free work for testimonials but you have to network. Yep, I agree. 100 Phil Stafford, you, me buddy. That is a way to do it. You might be able to offer up some volunteer, go in as a retainer, go in as fractional and start that way. Maybe discounted, maybe free work, you know, maybe it's people in your community or an organization, a small medium business and see if you can help them over that with regards to that. So excellent point there. Let's see what other what's this coming in from Dream Logic. Love that James. The color of your curtains and the light. So clean. Well, this is the hotel. You know this is always try to have a corner in the background for your shot. And I got the windows closed as well because otherwise it brings in way too much light. Make those relationships. Yep. Yeah, you gotta, you gotta network. Let's see Especially when it comes questions Studying for Linux plus. Hey, there's a fun search. Need to know what platforms are recommended for Linux plus. You know, for me when it comes to Linux I like to use Ubuntu. That's kind of one of the more common ones that gets used. You might look at, you know, messing around. If it's looking on the more enterprise, you've got red hat, but you've also got other flavors out there as well you could mess around with. Kali, Kali, Linux is a common one. Ubuntu is a common one. Maybe a little bit of red hat, but I'm guessing on the Linux plus it is going to be platform agnostic. It might look at some of the different distros and flavors but essentially I Would mess around with a couple of them. Get a virtual, maybe set up a virtual machine or a couple of laptops and set them up and load up your different Linux distros. But you know if you got Windows VMware is easy to get or actually VirtualBox is even easier and load up you can download them pre made as well. You can just do a Google search and look for the different distributions distros of Linux. But Kali and Ubuntu would be the first two I go with maybe try Ubuntu Server which is more command line. You can do that more with command line interface and play around with that. Those would be the ones I would recommend. I'm not saying that's the be all end all but those would be the ones that I recommend going with to, to work on and practice with. Also with a Mac you've got the Unix base in there as well. That can help you learn and go through and try different things. Question coming in from Jerry. As a GBA 7352 I just finished SOC1 on try hack me and plan to write my SAL1 in June. For reference, I have Security plus and Network Plus. Done a few projects in the past. What skill or cert can I do to be marketable? Good question Jerry. You have and as Jerry, our Jerry always likes to say you have to be the CEO of you, you have to be marketable. How do you market yourself? First of all, I would be reaching out and checking out Mr. Robert Wetstein. Check out bowtie security guy, bow tie security guy, Robert Wetstein. He's over on YouTube. He's got a bunch of episodes but he talks about how to get in the job market. But he does talk about, he's got one of his episodes where he talks about making yourself marketable. You got to make yourself stand out and whatever is, you know, whatever that involves making yourself marketable. Whether it's on LinkedIn, you're posting, you're connecting with people, you're. You're posting stuff that you're doing. You got to put yourself out there, be the CEO of you, make yourself marketable. One of the things I would do is use Claude or Gemini, upload your resume, Maybe provide your LinkedIn profile, provide information about yourself and ask it for ways on how to make yourself marketable on LinkedIn or on social media and get yourself put yourself out there that way. Communication skills are huge. Maybe you want to go into public speaking, you want to do presentations, maybe not. If you've got security plus network, maybe the CC the ISC2 certified in cyber security is a good one to get you on the path to going towards your cissp. Maybe you're going to look at the pen testing cert that you've got with Hack the Box or try hacking one of them. They have a pen testing cert that you could look at doing as well. But making yourself marketable is being the CEO. CEO of yourself. Putting yourself out there and making yourself known. And then that way you know when on your resume you've got your LinkedIn profile and then people start seeing that. But also you might, you know, have a blog that where you talk about the different exercises that you're doing or your experiences working with that SAL one that you've got coming coming up in June. That goes a long way as well. Blog about it, share your experiences. Other people may learn from you and that gets you out there as well. Let's see. Good stuff. Lots of great questions coming in here today. I thought they were asking search are good. Having a degree in search is better. Experience is better. On top of that, overall, C Supplies is another good shirt as well. You guys doing a great job in the chat. I love how this community supports everybody else in the chat, not just me, but all of us here helping each other out. That's what makes this community awesome overall. And I love to be a part of it as well. And looking forward to simply Cybercon this November as well. Let's see what other questions scrolling through the chat looking for. Yeah, so today I am out here at Elevate It. That's here in Dallas and excited to if you're here, you know, maybe you're heading along today, maybe you're not. But you know, I'll be down here at the Elevate it event today. I'm on the CISO panel this afternoon at at 1:00 o' clock here in Dallas. So looking forward to to sharing info with a lot of folks on that one. So yeah. Cool. Let's see how do we got 8:22. We still got some time left. We're looking. Good question. Oh, I've created a how to audit guide. This is coming from space talkers. I create. Oh I've created a how to audit guide for myself over the past three plus years. Perhaps I can leverage my education background to start helping baby auditors learn how to do it. There's here. Yes, excellent. That is a great way, you know, make it like an ebook and something that you share with them going hey, you know and that's no pressure on them. Hey, this is stuff I've learned over the last three years. Maybe it's something that can help you too. That's one of the things, A, this community is great, but B, that we can do to market ourselves is share our knowledge, share information with everybody out there. You know, don't share intellectual property, but share, share information about ourselves, experiences, things that we've learned that we've had to deal with. That goes a long way in helping make ourselves marketable, but also make yourself that much more valuable in the organization as well. Excellent. That, that is cool. Let's see, running through the questions here. Your network is what it's all about. Yep, that's right. FedEx. Good morning. Alias Justice. Good to see you. Phil Stafford coming in on the Linux question. A bungee. Desktop and server sent OS might be useful for a lot of things. Linux is getting you into a terminal. Learning the base parts. Yep. Learning how to navigate your, your way around Linux is crucial through the command line interface, not the gui. You know, there are keyboard warriors out there that won't use a gui. They think it's cheating. Got to do it all through the terminal window. You know, I'm here for the big bucks. Love the sound effects. Yeah, that's me, FedEx, you know, just trying to pass the time. Is that Phil Wileycon? Simply CyberCon. Oh, the Phil Wiley Con. No, that's actually the Cyber Hacker Con. He's doing that. He's just done it, I think. Did it yesterday. It was yesterday? I think so, yeah, Yeah. I don't have. Oh, hang on. I was like. I just realized I haven't had. I haven't been playing the music. Minimal house is the one I like to play. There we go. All right. Having the nice little cyber beat. Oh, and then I forgot to kick this up too. There we go. Let's see. Go back to the chat. Seeing what everybody else has said saying people connecting on there. Gotta love it. Gooey is ooey. That's priceless. I do like that. Kitchen Infosec. Kitchen Infosec.
[84:38]
A
I like that.
[84:38]
B
There we go. GUI isn't bad, it's flawed. Stick to this command line. Yep, I, I mean I remember that's what I started with was command line. Way, way, way, way, way back into the 80s with my 8086. I mean it started with a Commodore Vic 20, but my 8086 XTPC clone that had two two five and a quarter inch floppies. Not the same desk icon, the three and a half, but the five and a quarter. And I would have to load the operating system off one floppy and then the other floppy I would run, then have to load the application that I wanted to use. Whether that was word perfect or whatever the word processor was back in those days. I'd load is 1, 2, 3 on there. But my favorite thing that I played on there was Bard's Tale. That was always, that was like a fun game that I always truly enjoyed playing. Let's see, any other questions that everybody's got out there? Got a couple minutes left here before we wrap up for the day. Don't forget folks, make sure you get your CPEs, get your fill that form out there on the cyberthreatbrief simply cyber IO. I believe you can do the exclamation mark and CPE in the chat and it'll give you the link. And of course this evening, this afternoon at 4:30 Eastern you have Wade Wells is going to be talking with Jerry in the Fireside Chat and that's going to be be a lot of fun. He is fantastic when it comes to cyber threat intelligence. So definitely be asking him questions regarding threat hunting cti. He's also now teaching at a university as well. So he's an educator. Yeah. So all around awesome guy. Definitely check out Wade this afternoon. You won't want to miss that. How long, Here we go. Pocket Pixels asking how long do you think it'll take to become a SOC analyst? Well, I, I have to imagine one, once you get hired, you're as a sock analyst. If you're training up from nothing, then I would certainly be going out and let me pin that one there. I would certainly be going out and looking at, I know Jerry's got videos on what it takes to become a SOC analyst on GRC as well. But look at, you know, the role of a SOC analyst and figure out okay, what do I got to do to learn those. Talk with other people that are SOC analysts. How do they get into the role? Leverage a large language model like Gemini or Chat, GPT or Claude and look at, you know, a rope, come up with a 40 day plan on what it takes to become a SOC analyst. Look at the job requirements and, and see what, see what's involved. If you've done all that now you're looking to try to get a job as a SOC analyst, then that comes down to networking and finding an organization that's hiring SOC analysts and then work to get hired. So it can all, it all depends on your strong, your network, how you know, because putting out the resumes is one thing, but I Know, a lot of folks put out hundreds of resumes and unfortunately still don't get hired. So definitely be out there looking to network and look for those roles that are out there. If you do find organizations are hiring for a SOC analyst, see if you can connect with people at the organization and network that way as well. Cool. There was. Oh, where's that PIN one? There it is. Question. As someone who got interested in cyber because of the privacy and control of information, how to balance networking and privacy from soap flavored. Yeah, privacy is really important, but also when it comes to and the control of information, for me, one of the things that I always like to do is Google myself, go out there and see what information is out there. And if it's information I want to have out there, then cool, great. If there's information I don't want out of there, then I have to go out and reach out to that organization, that market broker or user service. I know Jerry used delete me. But our good friend and friend of the community, Michelle Khan, he has a website, I believe it's called Operation Privacy. Let me see if I'm remembering it right. If not, he's probably shouting at me. Nope, I got it right. But check out Operation Privacy. This is something that he created. He's got a dashboard that you can use that goes through to help you stay private and keep the privacy going. He's got a free version and then you can pay, you know, nine bucks to, you know, a year. He practically offers this for free. But that is a great way. And of course I have to show you the browser, not just me. Look at it. There we go. But Operation Privacy is a good way to make sure you stay private. But when it comes to controlling information, yeah, you don't want your address and your phone number. Sensitive information out there a lot. There are services to do it. Or you can use Michelle's do it yourself tools and ways to be able to get, you know, manage your information, but also try to control what information is out there. Review. I know if I go out and Google my name, it comes up with all the presentations, comes up with podcasts and things that I've been on. You got to really go deep to find information on me, but it's out there. But I've also worked to make sure that I try to keep that information private as well. So it is a fine balance overall. So make sure that whatever information is out there about you, that it is that you, you want. And if it's not, then you go out and make the effort to get it removed from those particular websites after all. Cool. Yep. I'm humming my song and I can hear the music playing as well. All right, it's 8:31. Let's see if we got another question. Any other questions out there? Oh, here we go. I'm a student going to my first community cyber event in Colorado. Very cool, Mr. Mad Hat. Have a. An awesome time. How do I go about connecting networking with business professionals at my beginner level while leaving a blasting impression? Bribery. Give them money. A lot of the time, it's just a matter of going up and saying hi to folks. You know, when you, when you're at the cyber event and you're sitting at the, you know, if it's a table or chairs or whatever, you know, and you're, you're sitting there and somebody sits next to you, and as long as they're not engaged in another conversation or you're. You interrupt them and they're just kind of maybe looking at their phone, you go, hey there, how you doing? I'm Mr. Mad Hat. I'm here. Let them know. Be transparent. This is my first event. Any particular sessions you're looking forward to? Anybody particular I should go see? You know, strike up a conversation with them? You know, anybody I should seek out while I'm here or talk to or sessions, Maybe even strike up a conversation with them? Hey, and after you've had a good conversation, then maybe you connect with them on the LinkedIn as well. So that goes a long way. You can go around to the different booths and network with the vendors and kind of see the different products, maybe even find who's organizing the event or talk to the folks in the registration desk when it's quiet and go, hey, I'd love to volunteer if you guys are doing this event again next year or whatever. Networking by volunteering is huge because then you really meet even more folks overall. So definitely do that. You know, whether, you know, whether you've got a business card, I know they're kind of not there anymore for me. I don't have it with me, but I have an RFID and, sorry, an NFC card that I carry around with me, and I can tap it on people's phones and it brings up my profile on LinkedIn. And that's an easy way to be able to connect with people as well. But, you know, you never know who you might sit next to. That might help you get a job down the road, but, you know, to strike up conversations, people next to you sitting there at a session Getting ready to start, maybe even in the lunch line when everybody's in lined up to get food, you know, kind of say, hey, this is the first one I've come to. I'm studying at university, that kind of thing. So good luck with that. Definitely like to hear how it goes for you overall. Let's see. Oh, Phil Stafford coming in with the, with the assistance. Don't be shy, professionals there. Network as well. And anyone being a jerk is shooting themselves in the foot. Yeah. Be kind to each other, be nice, don't be a butthead. Overall. Yeah.
[93:09]
A
Cool.
[93:10]
B
Alrighty. Well, it is 8:33 here on the Central Time, 9:33 on the East Coast, 633 for those of you Pacific and 7:33 for those of you in Colorado. Thank you all for being here today not only for the Simply Cyber Career Hotline, but also for joining me here joining Jerry for the daily cyber threat brief. I will be getting ready now to send off the dad jokes to Jerry for tomorrow. On Fridays it's the in the is mid roll. He always has something different. Today was the meme of the week and I love that with Dan Reardon and Haircut Fish. He had a great meme. Almost animated gif on when Jerry discovered grc. That was hat tip to you, sir. That was really good. But yeah, tomorrow on the mid roll will be my dad jokes. So hopefully you get a kick out of those. But again, thanks everybody for being here today. Really appreciate you taking the time. Hopefully the advice has been helpful to you. If it does come on back, we'd love to see you back here at the the chat. You're welcome to connect with me on LinkedIn. I'm out there. Just search for James from Quiggin and be glad to connect with you. Just let me know if we're, we're not connected and you do connect, just let me know that this is where you shot. So that way I'd be more than happy to quickly connect and everything else. So that's it for me here today. Have yourself an awesome Thursday, have an amazing weekend ahead and I'll see you guys next Thursday. Take care.

🔴 May 28’s Top Cyber News NOW! - Ep 1141

Daily Cyber Threat Brief – May 28, 2026 (Ep. 1141)

Key Segments & Takeaways

Opening Comments & Community Updates

Top News Stories & Analysis

1. Glassworm Botnet Dismantled in Joint Operation

2. China Expands AI-Powered Surveillance Network

3. Charter Communications Breached by Shiny Hunters

4. AI is Accelerating Exploit Creation Beyond Defender Capabilities

5. Threat Actors Impersonate IT to Breach Law Firms

6. Romanian Hacker Sentenced for Oregon Agency Breach

7. Bad Host Vulnerability in Python Starlet Exposes AI Agents

8. GCHQ (UK) Chief Says AI Now ‘Unstoppable’, Urges Faster Western Adoption

Memorable Quotes & Community Moments

Mid-Roll (Meme of the Week & Sponsor Acknowledgment)

Career Hotline (James McQuiggin @ 35,000ft; Career Q&A)

Summary Table: Timestamps & Stories

Tone & Style

For Listeners: Action Steps

Daily Cyber Threat Brief – May 28, 2026 (Ep. 1141)

Key Segments & Takeaways

Opening Comments & Community Updates

Top News Stories & Analysis

1. Glassworm Botnet Dismantled in Joint Operation

2. China Expands AI-Powered Surveillance Network

3. Charter Communications Breached by Shiny Hunters

4. AI is Accelerating Exploit Creation Beyond Defender Capabilities

5. Threat Actors Impersonate IT to Breach Law Firms

6. Romanian Hacker Sentenced for Oregon Agency Breach

7. Bad Host Vulnerability in Python Starlet Exposes AI Agents

8. GCHQ (UK) Chief Says AI Now ‘Unstoppable’, Urges Faster Western Adoption

Memorable Quotes & Community Moments

Mid-Roll (Meme of the Week & Sponsor Acknowledgment)

Career Hotline (James McQuiggin @ 35,000ft; Career Q&A)

Summary Table: Timestamps & Stories

Tone & Style

For Listeners: Action Steps