Daily Security Review

In this episode, we dive deep into the legal, technical, and geopolitical implications of the U.S. court ruling in WhatsApp v. NSO Group—a landmark case in the global effort to hold spyware developer…

AI tools are generating more code than ever — but who’s reviewing it? In this episode, we spotlight CodeAnt AI, the fast-growing platform built to solve the growing code review bottleneck created by …

A newly disclosed zero-day vulnerability, CVE-2025-3248, is being actively exploited in the wild—and it's targeting Langflow, a popular open-source framework for building AI-powered applications. In …

In this episode, we break down the active exploitation of CVE-2024-7399, a critical path traversal and arbitrary file upload vulnerability in Samsung MagicINFO 9 Server. Despite a patch released in A…

A critical zero-day vulnerability — CVE-2025-31324 — is shaking the enterprise tech world.
 In this episode, we dive deep into the alarming exploit targeting SAP NetWeaver Java systems, specifically t…

In this episode, we break down the anatomy of some of the most critical vulnerabilities threatening enterprise systems in 2025 — and the real-world attacks already exploiting them. We explore how see…

In this episode, we dive deep into the massive data breach at Kelly Benefits, a payroll and benefits administrator that exposed the sensitive personal data of over 413,000 individuals. We break down …

The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to China without ensuring equivalent pro…

In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development landscape. With $93 million raised in…

In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute webshells after obtaining valid creden…

On April 25, 2025, Nova Scotia Power, the province’s primary electricity provider, confirmed what many suspected: a cyber incident involving unauthorized access had compromised customer data. But wha…

In a rare move, SentinelOne has publicly confirmed that it is under persistent attack from nation-state threat actors and ransomware gangs. This episode breaks down their recent report detailing how …

In this episode, we unpack the evolving landscape of Product Lifecycle Management (PLM) and why it's become a strategic cornerstone in modern IT environments. From conception to retirement, managing …

LayerX just raised another $11 million — and it’s not to build another antivirus. With $45 million in total funding, the company is betting that your browser is the most vulnerable—and most overlooke…

In this episode, we dive into the story of Pistachio, the Norwegian cybersecurity startup that just raised $7 million in new funding—bringing its total to $10.5 million. Pistachio isn’t building anot…

In this episode, we dive deep into AirBorne — a critical set of vulnerabilities in Apple’s AirPlay protocol and SDK, recently uncovered by security researchers at Oligo. These flaws enable zero-click…

The bots have taken over—and they’re not just crawling your website. In this episode, we dig into the alarming reality that automated bots now generate over half of all internet traffic. Armed with a…

In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as affecting fewer t…

Three actively exploited vulnerabilities—CVE-2025-42599 (Qualitia Active! mail), CVE-2025-3928 (Commvault Web Server), and CVE-2025-1976 (Broadcom Brocade Fabric OS)—have been added to CISA’s KEV cat…