Now Playing
Trellix Source Code Breach, Bluehammer Chain & AI Zero-Day Defense
Audio is available on Spreaker — see link below.
A ransomware group claimed access to Trellix source code as RansomHouse's dark web pressure clock starts ticking — with major implications for enterprise security stacks worldwide. Plus: the Bluehammer exploit chain escalates, Oracle shifts to monthly patching, and 12 tech giants including Apple and Microsoft partner with Anthropic on AI-driven zero-day detection.
Audio is available on Spreaker — see link below.
A ransomware group just claimed it breached one of the companies built from the ashes of McAfee and FireEye. That's not a small thing.
RansomHouse's approach is worth understanding on its own terms. This group operates by threatening to publish sensitive stolen data rather than simply encrypting systems.
Against that backdrop, the industry's response to the broader vulnerability problem is accelerating. Project Glasswing is the clearest signal of that shift.
Oracle is changing its patch cadence starting this month. The company is expanding its Critical Patch Updates from quarterly to monthly releases.
Two major emergency patches in under a month reflects a pattern, not an anomaly. The Bluehammer exploit chain reinforces that point.
NIST is also changing its approach. The agency is moving away from traditional vulnerability analysis toward a risk and threat-based assessment methodology.
The thread running through today's developments is acceleration. Patch cycles are compressing.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.