Send a text

Headlines about PayPal data exposure, a sprawling third‑party breach at Conduent, and a new phishing kit called Starkiller can feel like distant noise—until your details show up in a letter you did not expect. We pull the curtain back on how back‑office processors, data brokers, and AI‑powered tools create real‑world risk, then map out the habits that keep your identity and money one step ahead of the mess.

We start with the PayPal working capital loan app bug that exposed sensitive data, including Social Security numbers, and the Conduent breach affecting at least 25 million people tied to payroll and benefits systems. From there, we zoom out to the broker ecosystem: why lawmakers are connecting billions in identity theft losses to broker breaches and how opt‑outs are often buried by design. You’ll hear a practical checklist for shrinking your data surface—state privacy portals, quarterly broker sweeps, real‑time bank alerts, and SIM PINs that blunt port‑out attacks.

Phishing has also leveled up. Starkiller can mirror real login flows and siphon session tokens, making “spot the typo” advice obsolete. We walk through a three‑step workflow that works even when the page looks perfect: start at the app yourself, require passkeys or an authenticator, and verify alerts by switching channels. We also unpack the risk of ambitious AI agents and connectors like the widely discussed “OpenClaw” idea—why least‑privilege access, dummy data, and clear data boundaries matter before you hand over your inbox, calendar, and cards.

The throughline is simple: trust but verify. Bugs happen, vendors get breached, and scammers adapt. Your routine decides the outcome. Freeze your credit if you have not already, turn on MFA for email and banking, and add instant alerts for money movement. Then tell a friend. If this conversation helped, follow the show, leave a quick rating, and share your one action for the week so others can copy it.

Support the show

Send us a text

What if your living room was quietly working for someone else? This week we trace how low-cost Android TV boxes get roped into botnets, why that tanks your IP reputation, and the simple network hygiene that keeps your bank logins out of harm’s way. We keep it calm and practical: isolate smart gadgets on guest Wi‑Fi, kill debug modes you don’t need, and retire end‑of‑life routers before they become a liability.

We also unpack a busy Patch Tuesday where Microsoft fixed over a hundred vulnerabilities, including one already exploited. Updates remain your best defense, even when they cause side effects. We share a realistic update routine—save, schedule, reboot, verify—so you stay protected without bricking your morning meeting. Then we shift to AI safety: new research shows how assistant sessions can be hijacked or steered. The rule of thumb stands—don’t paste secrets, recovery codes, or private work into chatbots; if you wouldn’t post it publicly, don’t share it with a model.

Parents will want to hear the Roblox segment. Age verification promises safer spaces for kids, but account reselling and friction raise new risks. We lay out concrete steps: use platform parental controls, coach kids not to buy “verified” accounts, and treat age gates as helpful but imperfect. In our “weird but real” research corner, we hit laser-based eavesdropping on windows, gaming mice acting like microphones, ultrasonic cross-device tracking, and smart TV viewing analytics—plus quick privacy toggles that actually make a difference.

Stick around for a surprise: a preview of our free Account Finder that scans 500+ platforms to surface profiles connected to your email, built with hashing and without storing your data. Try it early by pinging us on social media, and tell us what security fix you’re making first. If this helped, follow, share with a friend who needs a home network tune-up, and leave a quick review—your feedback keeps the show sharp.

Support the show

Send us a text

Join Vivek and Salah as they delve into how cyber security and satellites help the US capture the Venezuelans president Maduro. We talk about advanced tech such as the fascinating world of thermal infrared technology and its role in detecting heat signatures. In this episode, they explore how satellites and advanced telemetry are used to identify active locations, even in challenging environments like underground bunkers. Discover the layers of data fusion that make modern tracking possible and learn about the implications of these technologies in cybersecurity and beyond. Tune in for an insightful discussion that bridges the gap between cutting-edge tech and everyday security concerns.

Support the show

Send us a text

https://bit.ly/3YR8v48

The headlines weren’t subtle: a massive AFLAC breach with health and SSN data, AI chatbots showing cracks under pressure, and “old” LastPass vaults fueling new crypto theft. We pulled these threads together to show what’s hype, what’s harm, and what you can fix before it’s too late.

We start with the AFLAC incident affecting an estimated 22.6 million people, unpacking why medical and disability insurance records are uniquely sensitive and how delayed disclosure shortens your response window. Then we zoom out to the AI front line, where Eurostar’s chatbot flaws spotlight a broader pattern—rushed rollouts, weak guardrails, and interface layers that turn helpful features into attack surfaces. You’ll hear how to interact with AI tools more safely and what teams should implement to reduce prompt injection and data leakage.

Accountability is shifting, too. South Korea’s consumer agency pushed SK Telecom toward direct compensation, a sign that regulators worldwide are moving beyond fines to tangible relief for victims. If you’re eligible for breach settlements, deadlines matter; we flag the landmark admin case and explain how to find and file claims before the window closes. And we revisit the LastPass breach that refuses to fade, linking stolen vault data to at least $35M in crypto losses. The cure is practical and proven: rotate passwords, enable multi-factor authentication, and consider hardware keys for financial and crypto accounts to cut off the most common attack paths.

We wrap with listener questions on airport biometrics, public surveillance, and safer browsing on public Wi‑Fi, keeping the guidance simple: reduce linkability, avoid oversharing, patch often, and treat security like routine maintenance. If this conversation helped, follow the show, share it with a friend who needs a nudge toward MFA, and leave a quick review so others can find these weekly, no‑jargon security updates.

Support the show

Send us a text

https://bit.ly/3YR8v48

Holiday shopping, hot headlines, and a new wave of AI-powered scams collide in a fast, practical briefing designed to make you harder to hack. We open with urgent “patch now” updates for Chrome and iOS that close real-world exploits, then dig into how an e‑commerce giant’s breach arms criminals with eerily convincing delivery and refund lures. From names and addresses to order histories, the data may not include your card number, but it gives attackers everything they need to sound legitimate.

We also tackle a confirmed extortion attempt tied to adult-site premium users, treating the topic with the care it deserves. Beyond the shock, we outline concrete steps: rotate reused passwords, enable two-factor authentication, and expect credential stuffing across your email, banking, and social accounts. Shame is part of the playbook—documentation, trusted contacts, and formal reports help break the isolation that extortion thrives on.

AI deception takes center stage as live face swap tools show up in romance scams and schools fight explicit deepfakes used to bully students. Rather than turn everyone into investigators, we share three simple “reality checks” that stop most fraud cold. Use a channel check to move conversations to a different medium, a liveness check with small unscripted actions, and a reasonableness check whenever urgency or secrecy appears. Pair those with smart routines—navigate from official apps, freeze credit where possible, keep auto-updates on, and rely on a password manager—and you’ve raised the cost for attackers without living in fear.

If you found this guide useful, follow the show, share it with someone who shops online, and leave a quick review so others can find it. Got a question or a scam story we should unpack next? Send it our way and we’ll break it down with clear steps you can use.

Support the show

Send us a text

https://tinyurl.com/2br89jv4

A stranger calls with your child’s voice. A five-star page sells a product that never ships. Your smart speaker hears a command you didn’t. We pull back the curtain on how AI turbocharges old scams and introduces new ones—then map out the simple defenses that actually work.

We start with the most emotional con: deepfake kidnappings and voice clone frauds that need just seconds of audio to sound convincing. We share the one habit that stops panic payments—a family passcode—and the callback rule that forces verification. From there we examine AI-powered phishing that mirrors your writing style, holiday “too good to be true” deals, and the rise of fake storefronts and synthetic reviews. The rule of thumb is clear: go direct to the site or app, treat urgency as a red flag, and weigh reviews for human detail, not star counts.

On the home front, we dig into hidden and ultrasonic commands that can trigger smart assistants. The fix is practical: disable voice purchasing, keep speakers away from locks and garages, and audit your connected skills. We also tackle QR code overlays at meters and restaurants, the spike in delivery text scams, and teen-targeted face-swap sextortion—why open conversations and quick reporting matter more than perfect controls. Finally, we explore metadata and inference risks in AI chat tools. Even with encryption, patterns can leak context, so we outline redaction and obfuscation tactics and when to avoid sharing sensitive data altogether.

If you found this helpful, follow the show, share it with a friend who needs a security reset, and leave a quick review to help more people stay safe online. What’s the first setting you’ll turn off today?

Support the show

Send us a text

We unpack how AI shifts the security game, from state-backed use of agentic tools to prompt injections that hijack functions and bypass access. We also show how to control Gemini’s training access to your data and outline practical steps to harden AI stacks.

• Anthropic’s disclosure of state actor abuse of agentic AI
• MITRE ATT&CK at machine speed via spawned agents
• When hallucinations blunt attacks and when they don’t
• Prompt injection and second-order function hijacking
• ServiceNow agent exploitation and lessons for guardrails
• Supply chain risk in Ray and distributed AI frameworks
• Practical defenses for data, context, and tool scopes
• How to opt out of Gemini training via myactivity.google.com
• Why ethical AI and transparency build user trust

If you learn something new, share this episode, share it with your friends, share it with a friend. Always please give us a like, a follow

Support the show

Send us a text

We break down urgent patches, a remote‑execution risk on tens of thousands of firewalls, and an AI browser flaw that leaks context. We also flag weaker federal support, a major airline breach, and leave you with a simple checklist to reduce risk now.

• Oracle E‑Business CVE and why fast patching matters
• Cisco firewall remote code execution and CISA’s directive
• Red team vs blue team across physical, social, and cyber
• Apple’s $2M bug bounty and device update urgency
• Government shutdown impact on CISA and data sharing
• AI browser comet jacking and prompt injection risks
• Qantas Salesforce breach and phishing fallout
• A practical weekly security checklist and backups

follow us, hit that like, subscribe, follow, comment, share, do all that

Support the show