Today we dive into a wave of supply chain attacks hitting everything from Notepad++ to antivirus software, nation-state hackers targeting power grids, and why 175,000 exposed AI servers might be the next big headache for security teams. Plus, the White House just threw out software security rules—what could possibly go wrong?

In this eye-opening episode, Mike Housch covers the shocking story of US cybersecurity professionals who pleaded guilty to participating in ALPHV ransomware attacks, plus critical vulnerabilities like the React2Shell exploit affecting 85,000 systems, major data breaches at Covenant Health and the European Space Agency, WhatsApp metadata leaks, and a devastating $8.5M cryptocurrency wallet supply chain attack. From insider threats to IoT botnets, this episode covers the full spectrum of cybersecurity shenanigans kicking off the new year.

We're talking zero-days getting hammered left and right, embedded browsers that are more vintage than secure, and some serious exploitation happening in the wild.

We break down the newest frontiers of cyber defense and attack, including how Google is using a new User Alignment Critic to shield Chrome's agentic AI from prompt injection, and why a critical flaw in the Ruby SAML library demands immediate patching,. Plus, a deep dive into the sophisticated vishing campaign that weaponizes Microsoft Teams and QuickAssist to deploy fileless .NET malware,.

Host Mike Housch dives into the chaotic fallout from the maximum-severity React2Shell vulnerability, which caused a massive Cloudflare outage and rapid exploitation by threat actors. We also analyze another critical 10.0-rated flaw in Apache Tika, the surprising scale of global ransomware payouts, and the strategic shift toward phishing-resistant authentication like Passkeys.

This week, we dive deep into the sophisticated China-nexus threat WARP PANDA, which is relentlessly exploiting VMware vCenter environments with the BRICKSTORM malware, alongside urgent warnings about the actively exploited React2Shell vulnerability. We also analyze the destructive Shai-Hulud 2.0 supply chain attack that compromised thousands of repositories and review the latest defensive strategies unveiled at AWS re:Invent 2025.

We break down Google's urgent Android patches, including two actively exploited zero-days, and analyze the appearance of the new ShadowV2 IoT botnet leveraging known flaws. Plus, we look into why an AI-generated recipe card landed Google in hot water over content scraping and monetization.

Host Mike Housch dives into the latest major breaches, including 146,000 records stolen from Delta Dental of Virginia, and dissects critical zero-day exploitation confirmed by CISA. We also explore the emerging risks of Agentic AI, and hear from CISO experts aiming to retire cybersecurity myths, or "hacklore," that distract organizations from real threats.