Is CVSS Irreparably Flawed?

This week on the podcast, we cover a video game that delivered malware through the Steam marketplace before diving into an analysis of a recent Palo Alto authentication bypass vulnerability. We end the podcast by covering the recent activity from the Department of Government Efficiency (DOGE) and the security impact to US federal agencies.

This week on the podcast, we cover a recent report that highlights a drop in ransomware payments in 2024. After that, we discuss a recent attack targeting ASP.NET web servers before ending with a report on sensitive data leakage caused by AI model use.

This week on the podcast, we discuss the Common Vulnerability Scoring System or CVSS and why one popular developer thinks its completely broken. After that, we cover Lumen's Black Lotus Labs' research into a Juniper backdoor malware. We end with the latest car hacking research and an admin portal with possibly the worst MFA implementation ever.

This week on the podcast, we cover security researcher Eaton Zveare's recent blog post on a trove of vulnerabilities they found in McDonalds India's McDelivery web application. Before that, we give an update on Salt Typhoon's latest US government victim and discus an attack involving hijacked Google Chrome extensions.

This week on the podcast, we dive in to the WatchGuard Threat Lab's 2025 security predictions. We'll cover each of the predictions and explain the trends that drove us to making them for the coming year.

This week on the podcast, we cover the first ever UEFI bootkit targeting Linux systems and what it means for evasive malware. After that, we give an update on whats being called "the worst telecom hack in US history" before ending with our analysis of a research post showing the latest phishing evasion techniques for malicious office documents.

This week on the podcast, we look back to our 2024 security predictions that we made last year and grade ourselves on how well we saw the future. We cover everything from AI deep-fake phishing to VR headset hacking!

This week on the podcast, we review CISA's most recent report on the top routinely exploited vulnerabilities from the last year. Before that, we cover North Korea's latest malware evasion testing followed by a report on a different evasion technique that abuses concatenated ZIP archives.

This week on the podcast, we cover a research white paper that details how attackers could use AI to complete an entire money-theft or credential theft-scam from start to finish. Before that, we discus Sophos' 5 year battle with Chinese hackers targeting network devices followed by Microsoft's current battle with password spray attacks through compromised network devices.

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements.