Now Playing
Credentials Meet CVE Data, FortiBleed & SocGholish Dismantled
Audio is available on Spreaker — see link below.
A 24-billion-password dump cross-referenced with CVE data is redefining credential threats, while 74,000 Fortinet firewall admin credentials leak in FortiBleed and the SocGholish botnet falls after seven years of ransomware delivery. Today's briefing covers the most consequential cybersecurity developments of the past 24 hours.
Audio is available on Spreaker — see link below.
Twenty-four billion stolen passwords just got significantly more dangerous. Not because of the scale, though that alone is staggering.
While that credential story dominates, a parallel perimeter crisis is worth direct attention. Seventy-four thousand Fortinet firewall admin credentials have been exposed in what's being called FortiBleed.
The SocGholish takedown is the kind of enforcement win that deserves more credit than it usually gets. This botnet, also known as FakeUpdates, has been running since two thousand seventeen.
Ukrainian national Oleksii Lytvynenko entered a guilty plea this week for his role in Conti ransomware development. He was arrested in Ireland in twenty twenty-three and faces up to twenty years, with sentencing set for September twenty twenty-six.
CISA's acting director made a statement this week that's worth sitting with. The explicit message is that critical infrastructure will be disrupted by sophisticated adversaries, specifically China and Russia, and that prevention-only planning is no longer viable.
One quieter story with outsized implications: Novo Nordisk disclosed a breach traced to a single compromised GitHub access token. The attacker gained limited access to IT systems.
And on AI governance, the White House and Anthropic are actively negotiating a standardized framework for assessing AI model security flaws, following the suspension of two Anthropic models over a jailbreak dispute. There's currently no consensus on how to define jailbreak severity or what triggers export controls.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.