As we ease into the holidays, the security news doesn't stop coming. This week we discuss the research from AWS threat intelligence on Russian adversaries targeting a variety of network edge devices for opportunistic exploitation, then we break down attacks by a Chinese threat actor that target a new zero day in Cisco's AsyncOS, and finally we discuss the continued exploitation of the React2Shell vulnerability. 

Support the show

Pete Baker and Zoe Lindsey join Dennis Fisher on the roof of Nakatomi Plaza to discuss one of the great action classics* and a beloved movie in the hacker community: Die Hard. Yippee ki-yay! 

*NOT a Christmas movie

Support the show

This week gave us the gift of some more React Server Components vulnerabilities  and further exploitation of the previously disclosed bugs by a variety of threat groups. There were also a long list of vulnerabilities disclosed by Microsoft, Adobe, and others, which we discuss in the context of how difficult vulnerability management is right now. Finally, we discuss CISA's warning about continued Russian targeting of US critical infrastructure.

GreyNoise report: https://info.greynoise.io/hubfs/At-The-Edge/Weekly-Intelligence-Brief-120825.pdf?_ga=2.212724369.466870115.1765553789-1325891860.1765553788

Support the show

Coming from a military family, Erin Whitmore was prepared for a career of service. But her path took her not into the military, but the intelligence community, first in the private sector supporting the DIA and NGA, and later as a cybersecurty program manager in the Office of the Director of National Intelligence. She eventually joined CIA as an operations officer and served in locations around the world before moving back to the private sector where she now focuses on executive risk and strategic intelligence at CYPFER. Erin joins Dennis Fisher to talk about her unique path and how it's prepared her for today's threats and the nascent AI revolution.

Support the show

Dennis and Lindsey react (!) to the React2Shell vulnerability disclosure and the quick exploitation of it by Chinese threat actors, then discuss the continues intrusions into critical infrastructure by the Salt Typhoon actors and this week's congressional hearing on telecom network security. Finally, we talk about some upcoming hacker movie episodes, including Die Hard and maybe Home Alone!

Support the show

Jeff Gothelf, a renowned author and product strategist and co-founder of Sense and Respond Learning, joins Dennis to discuss the need to design products with users in mind, how critical thinking can help teams succeed, and what the AI revolution means for security teams and other groups.

Support the show

It's an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the SEC dropping its enforcement action against SolarWinds and its CISO (13:25), and the FCC reversing course on a longstanding security rule for telecom providers (26:00).

Support the show

Dennis is joined by Rich Mogull, chief analyst at the Cloud Security Alliance, cloud security trainer, and all around good guy to talk about the Cloudflare outage, why the internet is now just six companies, and what, if anything, organizations can do to improve their resilience in the current environment. 

Support the show

This week was a bit of a throwback to olden times, with the disclosure by Amazon threat intelligence of  zero days in Cisco and Citrix products that were exploited by an unnamed APT, and Google using legal action to disrupt the Lighthouse phishing service operation. We dig into those two stories, plus we discuss the challenge of trying to quantify the financial and other effects of a major cyber attack. 

Related stories:

https://decipher.sc/2025/11/12/apt-targets-cisco-and-citrix-zero-days/

https://decipher.sc/2025/11/14/marks-and-spencers-profit-drop-the-financial-toll-of-cyberattacks/

https://decipher.sc/2025/11/12/google-wants-to-snuff-out-lighthouse-phishing-kit/

https://censys.com/blog/highway-robbery-2-0

Support the show

"You know, you really don't need a forensics team to get to the bottom of this. If you guys were the inventors of Facebook, you'd have invented Facebook." Melanie Ensign joins Dennis Fisher and Lindsey O'Donnell-Welch to discuss David Fincher's massively successful 2010 film, The Social Network, a movie that opens a window into the dark side of Silicon Valley and the lengths that some people will go to in order to win.

Support the show