Sign up to save your podcasts
Or
Share Software Exploits – The Fast-Paced Threat Landscape of 2025
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Software Exploits – The Fast-Paced Threat Landscape of 2025
Zero-day exploits are hitting faster than ever—are you ready? This week, we dive into the U.S. Treasury breach, which we now know involved multiple zero-days, including a newly discovered flaw in BeyondTrust’s security software. Attackers aren’t just targeting IT systems anymore—they’re coming for security tools themselves to gain privileged access.
We also cover new zero-days in Microsoft, Apple, and Android, and why time-to-exploit has dropped from 32 days to just 5. Plus, we’ll share key defensive strategies to help you stay ahead.
The race between attackers and defenders is accelerating—don’t get left behind.
Takeaways: How You Can Defend Against These Threats
With zero-days being exploited in days, manual patching isn’t fast enough. Automate patching for high-risk, internet-exposed systems.
Stay ahead of threats with the CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
Security tools like BeyondTrust are high-value targets—lock them down. Limit exposure: if attackers breach one system, they shouldn’t be able to pivot everywhere.
Don’t wait for alerts—assume exploitation is happening. Look for privilege escalations, odd script executions, and unexpected admin account changes.
Security vendors are part of your attack surface—evaluate them like you would any other software provider. Make sure they follow secure development practices, have clear incident response plans, and communicate openly about vulnerabilities and patches.
Helpful Links & Resources
LMG’s Software Supply Chain Webinar: https://www.youtube.com/watch?v=cB8iriZJ57k
View all episodes
By Chatcyberside
5
22 ratings
Zero-day exploits are hitting faster than ever—are you ready? This week, we dive into the U.S. Treasury breach, which we now know involved multiple zero-days, including a newly discovered flaw in BeyondTrust’s security software. Attackers aren’t just targeting IT systems anymore—they’re coming for security tools themselves to gain privileged access.
We also cover new zero-days in Microsoft, Apple, and Android, and why time-to-exploit has dropped from 32 days to just 5. Plus, we’ll share key defensive strategies to help you stay ahead.
The race between attackers and defenders is accelerating—don’t get left behind.
Takeaways: How You Can Defend Against These Threats
With zero-days being exploited in days, manual patching isn’t fast enough. Automate patching for high-risk, internet-exposed systems.
Stay ahead of threats with the CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
Security tools like BeyondTrust are high-value targets—lock them down. Limit exposure: if attackers breach one system, they shouldn’t be able to pivot everywhere.
Don’t wait for alerts—assume exploitation is happening. Look for privilege escalations, odd script executions, and unexpected admin account changes.
Security vendors are part of your attack surface—evaluate them like you would any other software provider. Make sure they follow secure development practices, have clear incident response plans, and communicate openly about vulnerabilities and patches.
Helpful Links & Resources
LMG’s Software Supply Chain Webinar: https://www.youtube.com/watch?v=cB8iriZJ57k
More shows like Cyberside Chats: Cybersecurity Insights from the Experts
View all
No Agenda Show
5,948 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
The DSR Network
1,782 Listeners
Conspirituality
2,041 Listeners
What Rough Beast
63 Listeners