Download full study questions for CISSP Domain 1-8 (200 questions) at: https://www.patreon.com/DecodedPodcast.

Several cybersecurity reports from April 2025 detail a significant rise in ransomware attacks across various sectors globally, including education, legal, and critical infrastructure, with threat actors like INC, Rhysida, RansomHub, Lynx, and Storm-2460 actively exploiting vulnerabilities. These reports highlight specific incidents, such as data breaches affecting the State Bar of Texas, Port of Seattle, Lower Sioux Indian Community, Royal Mail, Chord Specialty Dental Partners, Europcar, and LSC, exposing sensitive personal and business information of millions. Furthermore, researchers identified actively exploited vulnerabilities in Cisco Smart Licensing Utility and Ivanti Connect Secure VPN, alongside patched zero-day flaws in Apple products and a Microsoft CLFS zero-day used for ransomware deployment. Experts emphasize the increasing weaponization of PDFs and the targeting of misconfigured servers, while also noting the critical need for legislative action to classify biotechnology as critical infrastructure. The rapid evolution of cyber threats necessitates the integration of AI in security practices and continuous learning for cybersecurity professionals, as highlighted by new training initiatives.

Become a Patron:

https://www.patreon.com/DecodedPodcast

Other ways to contribute:

https://buymeacoffee.com/decodedcybersecurity

On Instagram:

Follow @decodedthecybersecuritypodcast to level up your cybersecurity skills

"Decoded: The Cybersecurity Podcast" features Edward Henriquez, a hacker, explaining QRL Jacking. This technique exploits QR code-based logins found in apps like WhatsApp Web by tricking users into scanning a malicious code. The attacker clones the login page, lures the victim, and upon scanning, gains immediate session access, bypassing passwords and multi-factor authentication. Henriquez outlines the attack steps, tools used like QRLJacker, real-world examples, and defensive strategies such as short-lived QR codes and user education. The podcast episode emphasizes that QRL Jacking is a stealthy and effective social engineering attack that many organizations are unprepared for.

Become a Patron:

https://www.patreon.com/DecodedPodcast

Other ways to contribute:

https://buymeacoffee.com/decodedcybersecurity

On Instagram:

Follow @decodedthecybersecuritypodcast to level up your cybersecurity skills

Download full study questions for CISSP Domain 1-8 (200 questions) at: https://www.patreon.com/DecodedPodcast.

Download full study questions for CISSP Domain 1-8 (200 questions) at: https://www.patreon.com/DecodedPodcast.

Download full study questions for CISSP Domain 1-8 (200 questions) at: https://www.patreon.com/DecodedPodcast.

Download full study questions for CISSP Domain 1-8 (200 questions) at: https://www.patreon.com/DecodedPodcast.

This podcast script for "Decoded" features a cybersecurity expert, Thunderbolt, discussing the growing threat of API attacks and their potential to compromise digital infrastructure. The episode explains what APIs are, outlines common attack methods like Broken Object Level Authorization and Mass Assignment, and provides real-world examples of breaches affecting companies such as T-Mobile and Peloton. Furthermore, Thunderbolt details tools used by both attackers and security professionals and offers a defense playbook with crucial security measures like authentication, rate limiting, and input validation to protect APIs. The discussion underscores that APIs, while vital for modern applications, represent a significant and often overlooked attack surface requiring robust security practices.

Patreon Support:

https://www.patreon.com/DecodedPodcast

This podcast script for "Decoded: The Cybersecurity Podcast" with host Edward Henriquez and ethical hacker Sentinel explains SQL Injection (SQLi), a prevalent web vulnerability. The discussion covers what SQLi is, detailing how malicious code can be inserted into input fields to manipulate database queries. The experts also explore attacker tools and step-by-step attack methodologies, alongside various types of SQLi attacks and real-world examples of significant data breaches caused by this exploit. Crucially, the script outlines essential defense strategies and recommends platforms for ethical hacking practice.

Patreon Support:

https://www.patreon.com/DecodedPodcast

This podcast episode of Decoded: The Cybersecurity Podcast, hosted by Edward Henriquez, examines the critical cybersecurity threats of secrets sprawl and automated identity attacks from a hacker's perspective. Henriquez explains how the unintentional scattering of sensitive credentials like API keys and passwords across various systems creates vulnerabilities easily exploited by malicious actors using automated scanning tools. He further details how attackers leverage compromised machine identities and automation to gain unauthorized access and escalate privileges within an organization's infrastructure, often going unnoticed. Finally, the episode provides actionable strategies for organizations to mitigate these risks, emphasizing centralized secrets management, continuous repository scanning, least privilege for machine identities, and anomaly detection.

Patreon Support:

https://www.patreon.com/DecodedPodcast