In this episode, David Shipley unpacks a high-stakes cyber incident at the University of Pennsylvania that’s as much about reputation as it is about security. He also covers new warnings from Western cyber agencies on securing Exchange and WSUS servers before attackers strike, and the resurgence of the “BadCandy” exploit hitting unpatched Cisco routers worldwide. It’s a sharp reminder that in cybersecurity, vigilance — not fear — is what keeps organizations safe.

Beauceron CEO David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 out of 10 in severity.

Beauceron CEO David Shipley discusses several major events, including the FBI's takedown of the Breach Forums portal. This site was associated with a significant Salesforce data breach and extortion campaign led by groups like Shiny Hunters and ScatteredLapsus Hunters. Oracle users are also warned about a new critical vulnerability in the E-Business Suite, which could allow unauthorized data access without requiring login credentials. Additionally, the resurgence of the Asuru botnet, leveraging compromised IoT devices to execute large-scale DDoS attacks, raises concerns.

Beauceron CEO David Shipley talks about how researchers at Layer X uncovered a flaw in the Perplexity Comet AI browser that allows malicious prompts to turn the browser into a data thief with just a single click. Additionally, Discord has disclosed a data breach affecting users' personal information due to a third-party customer service provider compromise. Cybersecurity researchers have also reported a massive surge in scans targeting Palo Alto Network's login portals, suggesting potential reconnaissance for future attacks. Finally, the US Department of Defense has opted to reduce its mandatory cybersecurity training to allow military personnel to focus on their core missions, a move that has raised concerns given the intertwined nature of cyber and kinetic warfare.