It's an Empirical full house as Josh, Robbie, Vaughan and AJ shine their expertise on some of the key stories of this week. Join us as we analyse the massive power outage that impacted Portugal, Spain and other regions and why this could be an act of cyber warfare. We also look at a spike in scan activity for Ivanti edge devices suggesting a potential zero-day on the horizon? Finally Josh takes the guys through some of the highlights of the Verizon data breach and incident report for 2025.

Support the show

Special guest and AppSec team lead Andrew OE joins the CyberSpace team to share his specialist focus on testing, breaking and securing applications using various techniques including SAST, DAST, fuzzing, CI/CD integrations and more. At the end of the episode, Andrew lets you know where you can access his free resources to upskill your AppSec.

Support the show

Everyone is back for a full house episode, as Josh, Robbie, Vaughan and AJ discuss a ransomware attack on a dialysis provider, the consequences of the Hertz Cleo zero-day breach and the implications of China naming alleged NSA agents involved in espionage and cyber attacks, including on the Chinese winter games.

Support the show

Josh and Robbie are joined by special guest Andrew OE, AppSec Engineering leader and friend of Empirical, to discuss the shift in Hunters International's operations, the infamous ransomware as a service group formerly known as Hive, as well as an update on the Oracle breach.

Support the show

Josh, AJ and Vaughan ask themselves why Oracle are denying the breach, despite Vaughan having first hand insights into organizations with compromised cloud credentials and other researchers and security companies coming forward with the same. After that, Josh provides some insights from the first day and a half of the SANS AI summit for the latest and greatest AI cyber security trends.

Support the show

Josh is joined by Vaughan and a refreshed AJ after his holiday. Using their experience on the frontlines of incident response, they talk about the security implications of using signal that people might not have considered, the Oracle breach (or not, as they still dispute it) and the impact on real Oracle users and an update from last weeks GitHub supply chain compromise see's Coinbase get compromised and rapidly contain the threat.

Support the show

Josh, Robbie and Vaughan look at developments in the threat landscape this week, including an SSRF campaign from 4000s unique IPs, an SSRF vulnerability in ChatGPT's infrastructure and the GitHub supply chain attack that leaked secrets.

Support the show

Josh, Robbie and AJ discuss the recent attack on the Polish space agency, a developer who tried to enact revenge when he was fired, a win for the good guys and the 2022 LastPass breach's involvement in crypto heists.

Support the show

Welcome back! For season 2 of the Cyber Space podcast. Four cyber security experts unpick some key developments in the threat landscape, including unpicking the Bybit hack where 1.5 trillion dollars of Ethereum was stole, how AI models leaked 12000 passwords and secrets as well as taking a look at recent shifts in the US cyber intelligence programs against Russia.

Support the show

On this episode of Cyber Space, Josh tells the others about a reckless penetration tester who decided he should hack local businesses in order to create business for himself. He's currently facing jail time for it, so where is the line between responsible disclosure of vulnerabilities and outright egotistical attacks?

Support the show