Daily Security Review

As digital deception evolves, so must our defenses. In this episode, we dive deep into the escalating battle for trust in our increasingly connected world. From nation-state-level authentication mode…

In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our electric grids, water supplies, and indu…

In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product delivery delays. This ep…

In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security Center APIs, this tool disa…

In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. The intelligent SaaS platform promises to replace…

In this episode, we unpack the 2024 cybersecurity incident that rocked the debt collection and healthcare sectors: the massive data breach at Nationwide Recovery Services (NRS), a third-party collect…

In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader …

In this episode, we dive deep into a newly disclosed healthcare data breach affecting over 483,000 patients of Catholic Health, stemming from a misconfigured Elasticsearch database maintained by thir…

In this episode, we take an in-depth look at the newly discovered CVE-2025-4664 vulnerability in Google Chrome’s Loader component. This high-severity security flaw is affecting not only Chrome but al…

In this episode, we dive deep into the recent wave of cyberattacks plaguing major UK retailers such as Marks & Spencer, Co-op, and Harrods, with a special focus on the threat group behind them: Scatt…

In this episode, we dive into the active exploitation of two critical zero-day vulnerabilities in SAP NetWeaver—CVE-2025-31324 and CVE-2025-42999. Threat actors have been leveraging these flaws since…

The recent ransomware attack on Marks & Spencer (M&S) is a sobering example of the evolving cyber threat landscape confronting the retail industry. In this episode, we unpack how one of the UK's most…

In this episode, we break down Apple’s massive May 2025 security update blitz—a sweeping patch release that spanned iOS, macOS, iPadOS, tvOS, visionOS, and watchOS. The urgency? Two zero-day vulnerab…

In this episode, we unpack the groundbreaking $1.4 billion privacy settlement between Google and the state of Texas—now the largest of its kind in U.S. history. This isn't just about numbers; it's ab…

In April 2024, a sophisticated cyber espionage campaign orchestrated by the Türkiye-linked hacker group, Marbled Dust, began exploiting a previously unknown zero-day vulnerability in the Output Messe…

In this episode, we dissect CVE-2025-47729, a critical vulnerability in TeleMessage, a message archiving app recently thrust into the spotlight due to its use by former National Security Advisor Mike…

A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we break down how threat actors published malicious mod…

In this episode, we break down the February 2025 data breach that hit Valsoft Corporation, operating under the name AllTrust, through its subsidiary Aspire USA. Over 160,000 individuals are potential…

In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery mechanism for a Remote Access T…