In this episode, we dive into the ransomware attack that struck Kettering Health, a major healthcare provider, and the evolving tactics of the Interlock ransomware group behind it. Interlock, active since late 2024, has adopted advanced techniques including double extortion, credential theft, and PowerShell-based backdoors to compromise healthcare systems. The attack on Kettering Health disrupted services and underscored the vulnerability of healthcare data to cybercriminals with professional-level operations.

We explore how ransomware groups like Interlock are no longer lone actors but sophisticated teams with their own reputations and operational playbooks. You'll hear about common infection vectors such as phishing, exposed RDP ports, and MSP compromise—and why healthcare data, ranging from patient records to proprietary research, is among the most valuable on the black market.

This briefing also unpacks how healthcare providers can build layered defenses, including adoption of the NIST Cybersecurity Framework (CSF), segmented networks, offline backups, and least-privilege access. Finally, we discuss why authorities advise against paying ransoms, and how collaboration with CISA, MS-ISAC, and law enforcement is critical in recovery and prevention.

Tune in for a direct, tactical analysis of what happened, how it happened, and what your organization can do to stay protected.

As digital deception evolves, so must our defenses. In this episode, we dive deep into the escalating battle for trust in our increasingly connected world. From nation-state-level authentication models to real-time behavioral biometrics on your mobile device, the tools to verify identity are becoming more sophisticated—and more essential—than ever.

We unpack the concept of a Pervasive Trusted Ecosystem, where every layer—from user identity and hardware to operating systems and global trust services—is fortified to resist cyber threats. Learn how Secure Boot protocols, hardware-based roots of trust, and Risk-Based Authentication (RBA) are shaping the architecture of secure systems.

But it’s not just about defense—it’s about deception too. The rise of deepfake technology, fueled by GANs and synthetic audio, is challenging the very idea of “seeing is believing.” We examine how these tools are being weaponized in fraud and misinformation campaigns—and what can be done to detect and stop them before trust collapses.

From mobile continuous authentication using gait, touch, and typing patterns, to deepfake detection and public education, this episode offers a critical look at the tools, techniques, and trust models we need to secure our digital lives.

🔐 This isn’t just cybersecurity. It’s a fight to preserve reality.

In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our electric grids, water supplies, and industrial automation—but thousands are reachable online, often unsecured.

We explore how researchers are working to distinguish between real ICS devices and honeypots—decoys used to bait cyber attackers. You’ll learn about scanning tools like Shodan, techniques like lightweight fuzzing and TTL analysis, and how attackers and defenders are racing to outsmart each other.

We’ll also unpack the latest data: over 119,000 potentially real ICS hosts exposed as of April 2024, and more than 39,000 suspected honeypots deployed globally. From protocol fingerprinting to cloud-hosted traps like GridPot, we explore what’s real, what’s fake, and why it matters for national infrastructure.

If you're in cybersecurity, critical infrastructure, or just curious how close we are to a digital blackout, don’t miss this briefing.

In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product delivery delays. This episode explores how a ransomware incident brought one of Europe’s leading food manufacturers to a standstill, revealing how vulnerable the food industry is to modern cyber threats.

We examine the critical infrastructure of the food supply chain and why operational technology (OT), programmable logic controllers (PLCs), and distribution systems are becoming prime targets. From the risks posed by third-party vendors to the dangers of shadow IT and outdated ICS environments, we analyze the multilayered vulnerabilities that cybercriminals are increasingly exploiting.

We also discuss Germany’s cybersecurity challenges, the rising professionalization of cybercriminal groups, and how businesses in the food and beverage sector can bolster their defenses through OT-specific protections, Zero Trust security, and robust incident response plans. The Arla incident is not just a case study—it’s a warning for every company in critical manufacturing.

In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security Center APIs, this tool disables Windows Defender by impersonating a trusted antivirus and injecting its code into Microsoft-signed Task Manager. We explore how Defendnot bypasses Protected Process Light and security signatures, effectively neutering the built-in antivirus on Windows systems.

The discussion broadens to cover the common antivirus and EDR detection mechanisms — including static analysis, AMSI, ETW, API hooking, IAT inspection, and behavioral monitoring — and the sophisticated techniques attackers now use to bypass them. From DLL injection and reflective loading to direct/indirect syscalls and anti-sandbox checks, we break down the tools and tactics adversaries use to slip past enterprise defenses.

We also discuss the broader implications of tools like Defendnot: how trusted Windows infrastructure is being turned against itself, why these attacks are difficult to mitigate, and what the security community needs to consider moving forward. Whether you're a red teamer, blue teamer, or somewhere in between, this episode is your technical crash course on how modern endpoint protection is being circumvented — and what that means for defenders.

In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. The intelligent SaaS platform promises to replace outdated, reactive playbooks with automated, tailored response plans that span legal, security, IT, and executive teams. With participation from top cybersecurity VCs and the addition of industry giants Kevin Mandia and Nicole Perlroth to its board, BreachRx is pushing to make operational resilience the new standard.

We unpack how BreachRx’s AI-powered platform addresses compliance with frameworks like NIST, SEC, and ISO 27001, protects CISOs from liability, and enables real-time cross-functional collaboration during high-pressure breach scenarios. The conversation also explores their go-to-market expansion, MSSP partnerships, and the role of communications in managing incidents effectively — not just technically, but reputationally.

If you're tired of “stale paper plans” and want to understand the next generation of incident response, this episode is for you.

In this episode, we unpack the 2024 cybersecurity incident that rocked the debt collection and healthcare sectors: the massive data breach at Nationwide Recovery Services (NRS), a third-party collections agency and subsidiary of ACCSCIENT. Between July 5 and July 11, 2024, threat actors gained unauthorized access to NRS’s systems, exfiltrating sensitive personal and medical data belonging to individuals whose information was handled by NRS on behalf of healthcare providers and government entities.

We'll break down what was exposed — including names, Social Security numbers, medical records, and financial account details — and discuss why this breach is considered particularly severe. With downstream vendors like Harbin Clinic, DRH Health, and the City of Chattanooga now notifying over 110,000 individuals (and counting), the scale of the breach is significant — and growing.

Our discussion explores:

• Why NRS delayed notifying affected clients until February 2025 — 7 months after detection.
• The legal and contractual backlash, including Chattanooga’s canceled contract and threats of litigation.
• Regulatory obligations under HIPAA and GDPR, and how NRS may have fallen short.
• Lessons for healthcare providers and public entities in managing third-party risk.
• Steps individuals should take now if they were affected — and why identity protection services matter.

We also analyze how the incident has intensified scrutiny of the debt collection industry’s data security posture and why vendor oversight must be a priority in any data-driven operation.

Tune in for a comprehensive breakdown of a breach with far-reaching consequences — and what it signals for future legal and cybersecurity landscapes.

In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader component. This vulnerability allows attackers to leak cross-origin data, including sensitive query parameters and session information, via crafted HTML pages. Even more alarming: it's not limited to Chrome. Other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also at risk.

We’ll explore the technical mechanism behind the flaw, how it abuses Link headers and referrer-policy directives, and why it's capable of bypassing same-origin protections, putting OAuth-based login flows and session security at risk. With confirmed active exploitation, CVE-2025-4664 has been added to CISA’s Known Exploited Vulnerabilities Catalog, triggering federal mandates to patch or discontinue use of vulnerable versions before June 5, 2025.

Our discussion covers:

• How the vulnerability works and why it’s dangerous
• Which browsers and versions are affected
• The urgency of applying the latest Chrome and Edge updates
• Security best practices and monitoring recommendations for SOC teams
• Lessons this incident teaches about browser security architecture

Don’t miss this essential security update—whether you're managing enterprise systems or browsing on your personal laptop, this vulnerability demands immediate attention.

🎧 Tune in to learn how to stay protected.