YusufOnSecurity.Com

YusufOnSecurity.com

This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!

Author

YusufOnSecurity.Com

Category

Technology

Podcast website

yusufonsecurity.com

Latest episode

May 16, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

276 - copy.fail Explained-The Linux Kernel Bug That Turns Any User Into Root 16.05.2026

Enjoying the content? Let us know your feedback! This week we are going to talk about a bug with one of the most misleading names I have seen in a while. It is called copy.fail. And if you saw that name pop up in your feed, you would be forgiven for thinking it was some clever browser demo, or maybe a problem with your clipboard. It is neither. copy.fail is a Linux kernel vulnerability. Its offici...

275 - The Mercor Breach-When Your Security Scanner Becomes the Attack Vector 09.05.2026

Enjoying the content? Let us know your feedback! Today's episode is one of those stories that, when you start pulling the thread, the whole thing just keeps unravelling. We are going to talk about the Mercor breach. Now, if that name doesn't ring a bell, Mercor is a ten-billion-dollar AI recruiting startup. They match human experts with companies like OpenAI, Meta, and Anthropic to help...

274 - Ransomware Hit a Water Plant - Why Your Tap Water Is a Cybersecurity Problem 02.05.2026

Enjoying the content? Let us know your feedback! Today's episode is one of those stories that really does hit home. Not a bank breach. Not some government leak. I want to talk about the water coming out of your tap. On March 14th, 2026, hackers dropped ransomware on a water treatment plant in Minot, North Dakota. Staff walked in that morning, saw a ransom note sitting on a server screen, and...

273 - Project Glasswing (Mythos) - Anthropic Watershed Moment for Cybersecurity - Part 2 25.04.2026

Enjoying the content? Let us know your feedback! This is Part 2 of our deep dive into Anthropic's Claude Mythos Preview and Project Glasswing. In Part 1, we covered what Mythos is, how it fits into the Claude model family, and why Anthropic is pushing the boundaries of extended thinking and complex reasoning. Today, we are picking up right where we left off and turning our attention to Projec...

272 - Project Glasswing (Mythos) - Anthropic Watershed Moment for Cybersecurity - Part 1 18.04.2026

Enjoying the content? Let us know your feedback! About three weeks ago, on the 7th of April, Anthropic — the company behind the Claude family of AI models — announced something called Claude Mythos Preview. They paired the announcement with a coordinated industry effort they're calling Project Glasswing. And the headlines that followed have been, frankly, alarming. Fortune ran a piece headlin...

271 - $21 Billion Lost to Cybercrime — FBI's 2025 Report and Microsoft's Massive April Patch Tuesday 11.04.2026

Enjoying the content? Let us know your feedback! We have got two big stories to get through today. First, the FBI just released its 2025 Internet Crime Report — and the numbers are not just record-breaking, they are genuinely alarming. We are talking about over twenty billion dollars in reported losses in a single year. And for the first time ever, the report includes a dedicated section on how cr...

270 - Securing AI - The 3 Frameworks Every Defender Must Know 04.04.2026

Enjoying the content? Let us know your feedback! If you've been watching the cybersecurity space for the last two years, you've noticed something. Almost every breach report, every vendor pitch, every board meeting — AI is in the conversation. Sometimes as the hero, sometimes as the villain, and very often as both at the same time. But here's the uncomfortable truth. Most organisati...

269 - Cyber Resilience in 2026 - The Skills Gap, Team Readiness, and What Security Leaders Must Do Now 28.03.2026

Enjoying the content? Let us know your feedback! In this week's episode, I am joined by my good old friend Shakel Ahmed, a cybersecurity practitioner with over 20 years of experience across some of the most demanding environments in the industry. We are covering the importance of skills and cyber resilience — and this is particularly important for those of you who are responsible for building...

268 - The Stryker Attack: How State Sponsored Hackers Weaponised a Microsoft Tool to Wipe 80K Devices 21.03.2026

Enjoying the content? Let us know your feedback! Just over a week ago, on 11 March 2026, a cyberattack brought one of the world's largest medical device makers to its knees. Stryker - a $25 billion company that manufactures surgical robots, joint implants and emergency equipment - woke up to find thousands of employee devices wiped clean, its ordering systems offline, and surgeries being resc...

267 - SMB Protocol Explained-Why It Keeps Getting Hacked and Why We Can't Remove it? 14.03.2026

Enjoying the content? Let us know your feedback! Today we are talking about a protocol that is older than most of the people working in IT security right now, a protocol that has powered some of the most catastrophic cyberattacks in history, a protocol that security professionals have been trying to retire for years — and a protocol that is still quietly running in the background of almost every W...

266 - Why ClickFix Is Exploding, LLMs Make Terrible Password Generators, and Certificates Are Getting Shorter? 07.03.2026

Enjoying the content? Let us know your feedback! It has been a little while since my last update episode, and a lot has been happening in the world of cybersecurity. So today I want to catch you up on three things that have been on my radar and, more importantly, should be on yours. First, we are going to talk about ClickFix — a social engineering attack technique that has exploded in popularity o...

265 - The AI Agent Security Crisis – How OpenClaw's ClawJacked Flaw Compromised 40K Systems 28.02.2026

Enjoying the content? Let us know your feedback! In late February 2026, a Meta executive lost her entire email inbox when an AI agent she was using deleted everything despite explicit instructions to confirm before taking action. At the same time, over 40K OpenClaw AI agent instances were found exposed to the internet, vulnerable to complete takeover by any malicious website a developer happened t...

264 - Inside the Cisco Live SOC: Securing the World's Biggest Networking Event 23.02.2026

Enjoying the content? Let us know your feedback! Cisco Live is one of the largest networking and security conferences in the world, bringing together thousands of IT and security professionals for a week of learning, innovation, and hands-on experience — and this year, I was there, working as a SOC analyst on the ground -protecting the event. At an event of this scale, thousands of devices and con...

263 - BGP Hijacking - The Invisible Threat That Can Redirect Your Traffic Anywhere 14.02.2026

Enjoying the content? Let us know your feedback! On June 27, 2024, millions of people worldwide suddenly couldn't access one of the internet's most popular DNS services—not because of a cyberattack in the traditional sense, but because a single network in Brazil convinced the internet that it owned an IP address that belonged to someone else. This wasn't hacking in the way most peop...

262 - DORA Explained – What Financial Firms Need to Know About EU's Cyber Resilience Law 07.02.2026

Enjoying the content? Let us know your feedback! On January 17, 2025, the European Union's Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into enforcement, regulators have designated critical ICT providers, penalties are now being levied, and the January...

261 - Passkeys in 2026 – Are We Finally Done With Passwords? 31.01.2026

Enjoying the content? Let us know your feedback! After sixty years of password resets, forgotten credentials, and phishing attacks, the authentication landscape is finally shifting — and 2026 marks the tipping point. In this episode, we break down what passkeys actually are, why over a billion people have already adopted them, and what the regulatory push from NIST, CISA, and global financial regu...

260 - From NTLM to Kerberos - Microsoft's Security Transformation Begins - Part 2 24.01.2026

Enjoying the content? Let us know your feedback! In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM's security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos as the obvious alternative that's been waiting in the wings since ...well....Windows 2000. Today...

259 - From NTLM to Kerberos - Microsoft's Security Transformation Begins - Part 1 17.01.2026

Enjoying the content? Let us know your feedback! Today, we're diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we'll explore Microsoft's plan to phase out the NT LAN Manager protocol, better known as NTLM, and fully embrace Kerberos authentication in Windows 11. This isn't just a mi...

258 - React2Shell Mass Exploit and Instagram 17 million breach 10.01.2026

Enjoying the content? Let us know your feedback! It has been a while since we've done a news update episode. So today, we're diving into two major stories that have been dominating cybersecurity headlines this past week. First, we'll unpack React2Shell, a critical vulnerability that's being called one of the most serious web application flaws in recent memory. Then we'll d...

257 - Jaguar Land Rover Cyberattack-How the Breach Disrupted Production and Exposed Sensitive Data 03.01.2026

Enjoying the content? Let us know your feedback! In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the automotive industry in recent memory.** The incident not only shuttered factories and hammered sales, but also...

256 - The best of 2025 27.12.2025

Enjoying the content? Let us know your feedback! As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversa...

255 - Shadow AI-The Invisible Security Risk Already Inside Your Organization 20.12.2025

Enjoying the content? Let us know your feedback! Today, we're tackling one of the fastest-emerging threats of 2025—one that's probably already active in your organization right now, whether you know it or not. We're talking about Shadow AI, and the statistics are alarming: That means right now, as you're listening to this, someone in your organization is likely pasting sensitiv...

254 - Infostealers-The Silent Malware Stealing Everything 13.12.2025

Enjoying the content? Let us know your feedback! Today we're talking about one of the most dangerous yet underestimated threats in cybersecurity right now. While everyone's worried about ransomware making headlines with million-dollar extortion demands, there's a quieter threat that's actually fueling those attacks. It's called infostealer malware, and in 2024 alone, these...

253 - Shadow IT and SaaS Sprawl - The Hidden Security Risk in Your Organization 06.12.2025

Enjoying the content? Let us know your feedback! Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for security, and are completely invisible to your monitoring systems. Now imagine that one-third of all data b...

252 - Windows password security - What is under the hood? 29.11.2025

Enjoying the content? Let us know your feedback! Today, we're lifting the hood on something you interact with dozens of times per day but probably never think about: Windows password security. What actually happens when you type your password and hit Enter? Where does Windows store that password? And perhaps most importantly, why do attackers spend so much time trying to steal password databa...

Listen to the YusufOnSecurity.com podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.