Today on Security Squawk we are breaking down three different incidents that all point to the same underlying issue. Basic security failures with real consequences. An Oregon state agency exposes personal information tied to environmental complaints. Nissan suffers a ransomware incident that leaks nearly 900 gigabytes of internal data. And an Illinois government agency exposes sensitive information connected to more than 700,000 individuals. Randy Bryan, Reginald Andre, and Bryan Hornung walk through what actually happened, why these incidents keep repeating across industries, and what they mean for businesses that assume they are too small or too quiet to be targeted. If government agencies and global manufacturers are struggling with access control, monitoring, and accountability, the real question is what that means for your organization. Join us live to understand the risks and what to do next. Join Randy Bryan, Reginald Andre, and Bryan Hornung live and be part of the conversation.

University of Phoenix confirms a massive data breach affecting almost 3.5 million current and former students, staff, and partners after attackers exploited a zero-day in Oracle E-Business Suite. We break down the implications for identity theft risk and breach response. Next, Andre explains why most existing medical devices would fail the FDA's new cybersecurity standards and how healthcare organizations can manage legacy device risk in critical environments. Finally, Bryan breaks down a cloud breach spree that hit 50 global organizations because multi-factor authentication wasn't enforced. Learn why MFA is no longer optional and how basic security failures lead to major breaches. Tune in for expert insights, practical advice, and what every IT leader needs to know today.

In this annual Security Squawk tradition, we do two things most people avoid: accountability and predictions. First, we break down the top cyber-attacks of 2025 and translate them into what actually matters for business owners, IT pros, and MSPs. Then we grade our predictions from last year using real outcomes. No excuses. No hand waving. No “well technically.” Why does this episode matter? Because 2025 made one thing painfully clear. Most cyber damage does not come from genius hackers. It comes from predictable failures. Unpatched systems. Over-trusted third parties. Tokens and sessions that live too long. Help desks that can be socially engineered. And organizations that still treat cybersecurity like an IT issue instead of a business survival issue. We start with the Top 10 Cyber-Attacks of 2025 and pull out the patterns hiding behind the headlines. This year's list includes ransomware and extortion campaigns, software supply chain failures, identity and OAuth token abuse, and attacks that caused real operational disruption, not just data exposure. These stories show how attackers scale impact by targeting widely deployed platforms and trusted business tools, then turning that access into downtime, data theft, and brand damage. One of the biggest lessons of 2025 is simple: identity is the new perimeter. Many of the most important incidents were not break-in stories. They were log-in stories. Stolen sessions and OAuth tokens keep working because they let attackers bypass MFA, move quickly, and blend in as legitimate users. If your security strategy is focused only on blocking failed logins, you are watching the wrong signal. 2025 also reinforced how fragile third-party trust has become. Integrations are everywhere. They make businesses faster and more efficient, but they also expand the blast radius. When a third-party tool or service account is compromised, it can become a shortcut into systems that were never directly attacked. In this episode, we talk about practical steps like minimizing access scopes, eliminating unnecessary integrations, shortening token lifetimes, and having a real plan to revoke access when something looks off. We also dig into why on-prem enterprise tools continue to get hammered. Many organizations still run internet-facing platforms that are patched slowly and monitored poorly. Attackers love that combination. In 2025, we saw repeated exploitation of high-value enterprise software where a single weakness led to widespread compromise across industries. If your patching strategy is “we will get to it,” attackers already have. Another major theme this year was operational disruption. Some of the costliest incidents were not just about stolen data. They shut down production, halted sales, broke customer service systems, and created ripple effects across supply chains. That is where executives feel cyber risk the hardest. Data loss hurts. Downtime is a business emergency. Then we grade last year's predictions. Did AI take our jobs? Not even close. What it did do was raise the baseline for both attackers and defenders. AI improved phishing quality, accelerated scams, and forced organizations to confront the risks of adopting new tools without clear controls. We also review our call on token and session-based attacks. That prediction aged well. Identity-layer abuse dominated 2025. The issue was not a lack of MFA. The issue was that attackers did not need to defeat MFA if they could steal what comes after it. We also revisit regulation. It did not arrive all at once. It crept forward. Agencies and lawmakers continued tightening expectations, especially in sectors that keep getting hit. Businesses that wait for mandates before improving controls will pay more later, either through recovery costs, insurance pressure, or lost trust. Finally, we look ahead to 2026 with new predictions that are probable, not obvious. We discuss what is likely to change around identity, help desk security, SaaS governance, and how leaders measure cyber readiness. The short version is this: 2026 will reward companies that treat access as a living system and punish those that treat it like a one-time setup. If you like the show, help us grow it. Subscribe, leave a review, and share this episode with someone who still thinks cybersecurity is just antivirus and a firewall. And if you want to support the podcast directly, buy me a coffee at buymeacoffee.com/securitysquawk.

This episode breaks down the true scale of the cybercrime economy. Randy covers the Marquis vendor breach that exposed data across more than 74 banks and credit unions and highlights the ongoing weakness in third-party risk. Andre examines the FinCEN report showing over 2 billion in ransomware payments last year and reveals how organized these criminal groups have become. Bryan closes with a deep dive into the US Treasury's decade long analysis of 4.5 billion in ransom payments, showing how ransomware has grown into an economy that rivals legitimate global businesses. This is essential insight for business leaders, MSPs, and IT professionals who want to understand what is really driving the surge in cybercrime.

This episode breaks down three major cybersecurity stories that reveal exactly where businesses are exposed and how fast the threat landscape is shifting. We analyze how a ransomware group hijacked an emergency alert system to trigger fake national warnings, why more than half of retailers are still paying ransoms despite stronger defenses, and what security leaders should expect heading into 2026. You will learn the real weaknesses behind these incidents, why attackers continue to outpace outdated systems, and how companies can strengthen their defenses now. This episode delivers practical insights, real world examples, and expert commentary that help MSPs, IT teams, and business leaders stay ahead of the next wave of cyber threats.

In this Security Squawk episode, Brian Horning from Xact IT is joined by guests to unpack three real ransomware incidents, the rapid rise of “The Gentlemen” gang, and how attackers bypass basic security by turning off tools like Windows Defender. You'll learn why relying only on built-in protections creates dangerous blind spots, what layered security with EDR, SOC monitoring, and log retention looks like, and the practical steps business leaders can take now to harden their defenses and reduce ransomware risk.

In this episode of Security Squawk, we dig into three major cyber incidents — the DoorDash data breach exposing users' contact info, the Logitech zero-day and data-theft campaign tied to Clop, and the ransomware attack on the Pennsylvania AG office. We break down how each attack played out, what it means for MSPs and business owners, and how you can protect your organisation when the threat spectrum keeps shifting.