* Cloud Security Concerns Surge in APAC as Data Breaches Remain High

* AI-Powered Scams: A Growing Threat

* Western Sydney University Suffers Major Data Breach

* New FakeCall Malware Targets Android Users for Financial Fraud

* UK Regulator Warns Financial Firms After CrowdStrike Outage

* OWASP Releases GenAI Security Guidelines

This episode is a replay from our sister podcast AppSec Unlocked

In today's rapidly evolving cybersecurity landscape, managing vulnerabilities in open-source components has become increasingly complex. While traditional approaches relying solely on CVSS scores have their merits, they may not be sufficient to address the exponential growth in discovered vulnerabilities. A more nuanced and scalable approach is needed, one that considers not only severity but also exploitability and potential impact.

An out of band update on my real life encounter with a supply chain attack

* AI Transcription Tool "Whisper" Creates Fabricated Text, Raising Concerns in Healthcare and Beyond

* Massive UN Data Leak Exposes Personal Information of Violence Against Women Victims

* Mandiant Report: Exploited Vulnerabilities Reach Record Lows in Time to Patch, But Zero-Days on the Rise

* Fake Browser Update Malware Targets WordPress Sites via Malicious Plugins

* Large-Scale Operation Steals Cloud Credentials from Exposed Git Repositories

* Anthropic's New AI Can Interact with Computers, Raising Safety Concerns

* Internet Archive Hit Again: Exposed Tokens Lead to Zendesk Email Breach

* Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

* Half of Businesses Underestimate SaaS Security Risks, Culture Blamed

* Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise

* North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

* Internet Archive Hack Exposes Data of 31 Million Users

* Australian Government Introduces Sweeping Cybersecurity Bill

* Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads

* iPhone Mirroring at Work Exposes Private App Data to Employers

* Ecovacs Robot Vacuums Collect Home Images for AI Training, Raising Privacy Concerns

* Deepfakes on the Rise: Threatening Trust and Security

* Meta Ray-Ban Glasses Hacked into Real-Time Facial Recognition Tool

* Apple Patches Privacy Bugs in iOS 18: Passwords Read Aloud and Early Voice Message Recording

* Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack

* CISA Boss Calls for More Secure Software Development

* NIST Proposes Sweeping Changes to Password Policies: Mandatory Resets and Character Rules Out

* Critical Vulnerability Found in Nvidia Container Toolkit

* Remote Code Execution Flaw Found in CUPS Printing System (Limited Impact)

* Privacy Group Claims Mozilla's "Privacy-Preserving" Feature Tracks Users

* ServiceNow Outage Caused by Expired Root Certificate

Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.

* CISA and FBI Urge Software Makers to Eliminate Cross-Site Scripting Vulnerabilities

* Paying Ransomware Doesn't Guarantee File Recovery, Even With Decryptor

* US Dismantles Chinese Government-Linked Botnet Targeting Hundreds of Thousands of Devices

* Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware

* Australian Government Suffers Surge in Cyber Attacks, Social Engineering Most Common Tactic

Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.

* Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method

* Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact

* New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams

* Online Voucher Scam Targets Sydney Restaurants Using Square POS

* TfL Staff Face In-Person Password Resets After Cyberattack

Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.