Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

All North Korean IT worker schemes hinge on one thing: a willing participant in America. We found one, and knocked on her door. Experts have dubbed some of these Americans “laptop farmers.” The North Koreans call them “facilitators” – people willing to host multiple laptops in their home and happy to not ask too many questions. But identifying these people can be hard: unless you have access to a private Discord channel where North Korean IT workers talk freely among themselves.

This week on the podcast, we unpack the Claude Fable 5 release and subsequent revocation following an export control directive from the US federal government. After that, we cover the recent FortiBleed credential dump, discussing its likely origins, before reviewing the most recent Windows 0day disclosed by Nightmare Eclipse.

Gary Perkins, CISO at CISO Global explains what containment means related to incident response.

In this episode, host Richard Bejtlich and guest Ricky Lin explore the practical—and often personal—side of network defense: monitoring the home network. Ricky shares how he uses Corelight and Zeek to track everything from his children's YouTube habits to the constant chatter of IoT devices like Tesla vehicles and smart appliances. They delve into the "tinted windows" analogy to explain why visibility into encrypted traffic is still possible through network metadata, even when the contents are hidden.

A bug in Meta's AI-powered account recovery tool compromised 20,000 Instagram accounts. In this week's Intel Chat, Chris and Matt discuss how the flaw allowed attackers to bypass email verification. Meta patched the tool after discovering the abuse on May 31st. Matt's takeaway: tools given broad API access become attractive targets. Meta should have caught this in basic testing, yet it took an adversary to expose the weakness.

Fireblocks Co-founder and CEO Michael Shaulov joins NYSE Live at Money20/20 Europe to explain why the GENIUS Act unleashed stablecoin adoption, and what it means for banks, card networks, and the future of money movement.

Falcon Cloud Security correlates cloud exposures into prioritized attack paths and enriches them with CrowdStrike adversary intelligence, helping teams focus on the risks most likely to be exploited across AWS, Azure, and Google Cloud. Subscribe and stay updated!

This week’s briefing covers: Dive deeper.

In this video, we break down how to properly set up and use AI extension points - specifically MCP (Model Context Protocol) servers, Rules, Skills, and Hooks - to supercharge your development workflow. Using practical, security-flavored examples with Claude Code and Snyk, you'll learn how to configure a local project environment that automatically catches vulnerabilities before they ever hit your codebase. Whether you use the Claude CLI, VS Code extensions, or alternate AI ecosystems like Cursor or Gemini, you can use these exact steps as a blueprint to automate any workflow in your project.

Unlock the secrets to strategic investment in cybersecurity that every business leader needs to know. Avoid the pitfalls of over-investment and instead, focus on understanding your cybersecurity architecture, processes, and unique risks. Discover how a solid foundation can bolster your security architecture and enhance business operations. Protect your critical assets and ensure real-time visibility across your network.