One Token to Rule Them All - The 443 Podcast - Episode 344

This week on the podcast, we bring on WatchGuard's head of MDR data science Luke Wolcott to discuss the evolution of machine learning and artificial intelligence in cybersecurity. We dive into the differences in common (and uncommon) machine learning models, the pros and cons of supervised vs unsupervised learning, and why some of the coolest things happening in AI aren't the ones you hear about in the news.

This week on the podcast, we discuss Cisco's recent zero-day vulnerabilities before covering a Microsoft Threat Intelligence post on a phishing campaign that abuses SVG files. After that, we review GitHub's proposed changes for securing the open source software supply chain.

This week on the podcast, we cover a vulnerability in Entra ID that could have allowed attackers to gain Global Admin access to any and all Entra ID tenants. After that, we discuss the Shai Hulud NPM worm that ran rampant over the last week, infecting hundreds of packages. Finally, we end with a quick reminder to WatchGuard Firebox customers to update their devices to the latest firmware to resolve CVE-2025-9242z

This week on the podcast, we cover a massive software supply chain compromise involving widely-used NPM packages. After that we discuss an increase in social engineering attacks called ClickFix. Finally, we end with a discussion of Senator Wyden's recent letter to the FTC demanding Microsoft being held accountable for "gross cybersecurity negligence" and whether his claims have any merit.

This week on the podcast, we discuss a recently published research study from UC San Diego on the effectiveness on security awareness training on phishing prevention. After that, we discuss a security researcher's work on identifying vulnerabilities in four separate employee webapps at Intel. Finally, we end with our analysis of a Ponemon Institute research report called The State of File Security.

This week on the podcast, we review Anthropic's AI Threat Intelligence Report which walks through specific examples of how threat actors are abusing Ahropic's Claude AI model. Before that, we cover an update from Google on how they plan to secure the Android ecosystem before discussing a recent research post on new phishing campaigns that specifically target LLM-based protetions.

This week on the podcast, we discuss key findings from IBM and the Ponemon Institute's 2025 Cost of a Breach Report, including a deep analysis of AI impacts in cybersecurity. Before that, we cover Norway's claim that Russian-aligned hackers opened a floodgate in one of their dams. We also discuss a vulnerability in Microsoft 365 Copilot that allowed the AI to delete its own audit logs.

This week on the podcast, we discuss key findings from a DefCon presentation from researchers at AmberWolf titled ZeroTrust, Total Bust and what it means for Zero Trust Network Access. After that, we review a new vulnerability in the FortiWeb WAF before ending with a quick update from Google Project Zero on a new vulnerability disclosure policy.

This week on the podcast, we discuss some recent research into a new zero day vulnerability in the popular WinRAR utility under active exploit. After that, we give a round up on everything we know about the SonicWall SSLVPN attacks from the last few weeks before ending with a review of a new ChatGPT vulnerability.

This week, we discuss the SharePoint ToolShell vulnerabilities that recently received an out-of-cycle patch from Microsoft. After that, we cover some research into a Chrome and Edge extension malware campaign that impacted 2.3 million victims. Finally, we end by discussing a lawsuit from Clorox against their offshore helpdesk provider Cognizant stemming from a security incident 2 years ago.