Podcast
Darnley's Cyber Café
Hosted by Darnley's Cyber Café · EN
Darnley's Cyber Café is your go-to cybersecurity and IT security podcast, available everywhere you listen. Each episode, we brew up fresh conversations on cybersecurity, IT security, business, technology, and the geopolitical forces shaping our digital world: from data breaches and ransomware to privacy, surveillance, and emerging threats.
Whether you're commuting, at your desk, or just unwinding after a long day, there's always a seat at the café. Pull up a chair, pour your java — not script — and join the conversation that keeps the digitally aware one step ahead. Follow and subscribe wherever you get your podcasts, and never miss an episode. The café is always open and knowledge is your power.
22episodes
Episodes
Newest firstAll episodes
Ghost Session: The Zero-Click WhatsApp Takeover Nobody Saw Coming
2d ago00:22:41Tap to summarizeiPhone users across iOS 16 are having their WhatsApp accounts hijacked...without clicking anything, without approving a login, and without any new device appearing in their Linked Devices list. In this episode, we break down how the attack chain works, why iOS 16 is the specific target surface, what the broader shift of zero-click exploits into financially motivated crime actually means, and what you can and cannot do to protect yourself. If you or someone you know is on an unpatched iPhone, take a listen. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
Your AI Told You to Download That. It Was a Trap
1w ago00:17:21Tap to summarizeYour AI chatbot just recommended a software download. You clicked it...along with a GPU cryptominer running silently in the background.Darnley breaks down Microsoft Defender Experts' latest findings on a sophisticated cryptojacking campaign that evolved beyond traditional SEO poisoning into AI search result poisoning, a new delivery technique that turns your trusted AI tools into malware recommendation engines. In this episode, we cover how the attack works from ZIP download to process hollowed miner, why high end GPU owners are deliberately targeted, and the six concrete steps every listener can take today to stop trusting links blindly; whether they come from Google, ChatGPT, or anything in between.The tools are getting smarter. So should we... Listen now. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
When The Vendor Gets Hacked, You Pay The Price
2w ago00:21:04Tap to summarizeIn May 2026, NYC Health + Hospitals, the largest public health system in the USA, disclosed months long data breach affecting 1.8 million people. Stealing data such as medical records, Social security numbers, passport details, geo-location data, and biometric information. In this episode, Darnley breaks down exactly how third party vendor breaches work, what each category of stolen data means, and why biometric theft is forever. We deliver a 10-step protection playbook to stay protected now and into the future. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
AI Doesn't Ask for Permission: Agentic AI Is a National Security Problem
3w ago00:26:49Tap to summarizeFive Eyes intelligence agencies: CISA, NCSC, CCC, ASD, and NCSC just published their first ever coordinated security guidance on agentic AI, and the message is clear: autonomous AI systems are already operating inside critical infrastructure with excessive access and insufficient governance, and the consequences of getting this wrong are a national security threat. In this episode of Darnley's Cyber Café, we break down the five risk categories the Five Eyes flagged, walk through the exact attack scenario outlined in the guidance document, and connect the dots. Whether you're an IT professional navigating governance gaps, a business owner weighing agentic AI adoption, or a privacy-conscious individual wondering what autonomous AI in the organizations you trust means for your data ... this episode delivers the threat picture and the actionable controls you need. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
The Training Trap: Why Cyber Awareness Isn't Making You Safer
May 600:12:43Tap to summarizeYour organization spent money on cybersecurity training. Someone still clicked the link. In this episode of Darnley's Cyber Café, we break down why most security awareness programs fail to change behaviour, and why the gap between knowing about a threat and actually being ready for it is exactly where attackers operate. Drawing on research from ETH Zurich, real-world breach data, and the 2025 Marks & Spencer cyberattack, this episode unpacks the compliance checkbox model, the rise of AI powered phishing, and the vishing surge that most organizations are completely ignoring. What you can do about it today, whether you're running a security team or a five-person business. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
Bitwarden CLI Hacked? The Supply Chain Attack That Targeted 250K Developers
Apr 2900:21:31Tap to summarizeOn April 22, 2026, the Bitwarden CLI, used in CI/CD pipelines at tens of thousands of organizations, was weaponized for exactly 93 minutes. In this episode, Darnley walks through the anatomy of the supply chain attack that compromised bitwarden cli version 2026.4.0: how the threat group exploited a compromised Checkmarx GitHub Action to inject credential-stealing malware into Bitwarden's npm publishing pipeline, what the worm actually stole, how it self-propagated by republishing victims own npm packages, and why the fact that "no vault data was compromised" misses the point...Packed with practical technical guidance on pipeline hardening, package pinning, least-privilege, and the one npm setting that could have blocked this attack entirely...this episode is essential listening for developers, IT security teams, and anyone responsible for a software supply chain who need to hear it. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
Why Cybersecurity Startups Are Being Targeted? What That Means For Your Business?
Apr 2200:27:08Tap to summarizeThe company you hired to protect you just got hacked. That is not a hypothetical, it is the defining threat pattern of the past 18 months. In this episode Darnley breaks down why cybersecurity vendors, including some of the most recognized names in the space, have become the highest-value targets for threat actors, how a single vendor compromise translates directly into a supply chain breach affecting hundreds or thousands of downstream clients, and what every business needs to do before signing another security contract. Featuring real-world case vendors including SolarWinds, Okta, CrowdStrike, Sisense, and the 2026 eScan compromise, plus a practical vendor vetting playbook and a hard look at why infrastructure-level privacy matters more.Listen hereClick here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
Smart Weapons: How AI Is Rewriting the Attacker's Playbook
Apr 1500:19:44Tap to summarizeThe attacker's toolkit just got a significant upgrade, and most businesses haven't caught up. In this episode of Darnley's Cyber Café, Darnley breaks down how AI is reshaping offensive cyber operations across two fronts: AI-generated spear phishing and deepfake social engineering that bypasses conventional awareness training, and AI-assisted vulnerability discovery that is compressing the window between a flaw existing and a flaw being exploited. Featuring documented real-world cases including the 2024 Hong Kong deepfake video call fraud, the emergence of WormGPT and FraudGPT on dark web forums, and Google DeepMind's AI-discovered zero-day in SQLite. This episode grounds the conversation in what's actually happening in the wild. Plus five concrete defensive measures that move the needle against AI-powered threats, from updated security awareness training to zero trust architecture. If your security posture was built for the threat landscape of three years ago, this episode is a wake-up call. Tune in, and know what you're actually up against before its too late.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
Digital Exhaust: The Trail You Leave Online Without Knowing It
Apr 800:27:13Tap to summarizeYour digital footprint is bigger than you think, and most of it was never intentional.In this Episode of Darnley's Cyber Café, Darnley breaks down digital exhaust: the passive data trail generated by your everyday online activity, from browser fingerprinting and mobile advertising IDs to smart home surveillance and metadata exposure. This episode covers who's collecting your data, how it's being used against you, and why app-level privacy tools aren't enough. Whether you're a privacy-conscious individual, a small business owner, or an IT professional trying to justify a stronger security posture, this episode gives you the framework, and the actionable steps to start reducing your exposure today.Tune in, unwind, and stop leaving exhaust.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →
The Deepfake Threat: Voice Cloning & Video Fraud Targeting Businesses
Mar 3100:16:26Tap to summarizeYour CEO sounds exactly right on that Zoom call...but is it actually them? In this episode of Darnley's Cyber Café, cybersecurity veteran Darnley breaks down the rapidly escalating threat of deepfake voice cloning and AI-generated video fraud targeting businesses. From the $25 million Arup incident to the 2025 Singapore case where attackers faked an entire executive video conference, this episode unpacks how these attacks work, who's being targeted, why finance teams are in the crosshairs, and what procedural defences actually hold up when your eyes and ears can't be trusted. If your organization moves money based on voice or video confirmation, this episode is worth the listen.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Transcribe →