00:00 Intro

00:50 AWS Outage

20:48 F5 Breach

41:06 Risk Management vs. Security Engineering

58:19 Moving the Needle Part 3

F5 Hack Blamed on China

Chinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares.

AWS Outage

A race condition in Amazon DynamoDB’s DNS management system caused widespread outages across the US-EAST-1 region on October 19–20, 2025, disrupting DynamoDB, EC2, NLB, and multiple dependent AWS services until recovery was completed the next afternoon.

The CISO Dilemma: Risk Management vs. Security Engineering

This post argues that quantitative risk management (QRM) in cybersecurity is a deceptive comfort mechanism that lets executives rationalize insecurity, urging CISOs to reject financialized “risk buy-downs” and instead demand true security engineering and systemic architectural integrity.

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Highlight

03:44 Oracle E-Business Suite Zero-Day

14:49 UK government to be guarantor for Jaguar Land Rover cyberattack

25:54 "Moved the needle" Part 2

48:18 12 Security Problems Practitioners Want Solved

1:02:53 National Risk of Losing the CISA 2015 Act?

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Mandiant and Google Threat Intelligence Group uncovered a large-scale CL0P-linked extortion campaign exploiting a zero-day (CVE-2025-61882) in Oracle E-Business Suite to steal data from organizations before patches were released.

https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation

UK government to be guarantor for Jaguar Land Rover loan as it recovers from cyberattack

The UK government is guaranteeing a £1.5 billion loan to Jaguar Land Rover to support its recovery and supply chain after a major cyberattack forced the automaker to halt production earlier this month.

https://therecord.media/jaguar-land-rover-loan-guarantor-cyberattack

12 Security Problems Practitioners Want Solved

Leen and Lockstep Ventures released a “Requests for Security Startups” report outlining twelve practitioner-driven problem areas—from preventative security and identity sprawl to AI-native assistants and continuous compliance—calling for builders to create practical, AI-powered, and workflow-integrated solutions that solve real security pain points.

https://www.leen.dev/beyond-the-noise

When Cyber Visibility Fades: The National Risk of Losing the CISA 2015 Act—and How Organizations Can Stay Secure Without It

The expiration of the Cybersecurity Information Sharing Act of 2015 has reduced national cyber visibility and weakened public–private threat intelligence sharing, prompting experts to warn that organizations must strengthen internal risk management and collaboration to stay secure.

https://www.carson-saint.com/when-cyber-visibility-fades-the-national-risk-of-losing-the-cisa-2015-act-and-how-organizations-can-stay-secure-without-it

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)

00:00 Highlight

00:43 Intro

06:40 "Moved the needle" awards

37:05 Scattered Lapsus$ and Jaguar Hack

44:39 One Token to Rule Them All - Entra pwned

1:02:21 H-1B visa changes and their effect on the cyber industry

Scattered Lapsus$ and Jaguar Hack

Jaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operations at Range Rover plants.

https://www.wsj.com/business/jaguar-land-rover-extends-production-pause-until-october-following-cyberattack-0e39b7e8

One Token to Rule Them All

A deep dive into how attackers can obtain Global Admin across all Entra ID tenants using Actor tokens — the mechanics, prerequisites, and mitigation strategies.

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

What to Know About Changes to the H-1B Visa Program

The U.S. is proposing major H-1B visa changes, including a $100,000 annual fee per visa starting in 2026, a move aimed at prioritizing higher-wage hires but likely to hit startups and global tech talent hard.

https://www.wsj.com/us-news/h1b-visa-changes-explained-45b818e9?mod=djemCybersecruityPro

Hosts:

Jerry Perullo (Founder, https://adversarial.com/)

Sounil Yu (Founder, https://www.knostic.ai/)

Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (Founder, http://githoundexplore.com/)