GentleKiller uses BYOVD to kill EDRs

GentleKiller uses BYOVD to kill EDRs

Ransomware operators are no longer trying to evade detection. They are disabling endpoint defenses at the kernel level before attacks even begin, changing how security teams need to think about control and visibility. This shift matters because many security strategies assume tools will stay active long enough to respond. At the same time, law enforcement is exposing how ransomware depends on large-scale identity fraud to turn crypto into cash. Together, these trends point to two pressure points: kernel access and identity assurance. In this episode, we cover the GentleKiller EDR takedown approach, the AudiA6 laundering network, Malaysia's push toward national digital identity, and a Bluetooth flaw that turns everyday devices into potential listening points. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Gravity SMTP flaw leaks WordPress API keys

A WordPress plugin flaw is exposing API keys, and attackers are already using it to move beyond simple exploits into account takeover and lateral access. This is not just a CMS issue. It is a reminder that secrets management failures can quickly become identity incidents. For security and IT leaders, the takeaway is immediate. Email infrastructure, API keys, and integrations now sit directly on the identity boundary. At the same time, vendor risk and AI cost control are becoming operational pressures that require proactive planning, not reactive fixes. This episode also covers VMware pricing fallout, a claimed breach of a major water utility, and growing limits on enterprise AI usage. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Klue breach weaponized OAuth tokens into CRM exfiltration

A breach at Klue shows how attackers are shifting away from breaking core systems and instead exploiting trusted integrations. By stealing OAuth tokens, they turned normal API access into a high-speed data exfiltration path inside Salesforce environments. This matters because most organizations do not tightly manage their integrations, token lifecycles, or non-human identities. At the same time, a critical Splunk vulnerability is already being exploited, and AI is now acting directly inside financial systems like QuickBooks. These changes are expanding the attack surface in ways traditional controls are not designed to handle. Also covered: a major law enforcement operation disrupting SocGholish infrastructure, new warnings on FortiGate exposure, and why phishing is becoming more precise even as volume drops. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Cisco patches critical ISE command-exec flaw

Cisco's latest ISE vulnerability is a reminder that when identity infrastructure breaks, everything behind it is exposed. At the same time, CISA is redefining how quickly organizations are expected to respond to real-world threats, with patch timelines shrinking to days when exploitation is active. This episode breaks down what it means when your network access control layer becomes a pivot point, and why risk-based patching is quickly becoming the standard across both government and enterprise environments. There is also a closer look at how Google's new agent discovery standard could shape machine identity and trust, and why ransomware groups are scaling faster with new incentive models. We also cover Teams-based command and control abuse, third-party data exposure, and shifts in vendor risk. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

FortiBleed breaches 30k–73k Fortinet devices

Credential reuse just turned tens of thousands of edge devices into an attack platform. This episode breaks down how Fortinet systems were accessed without exploits, and why identity at the perimeter is now the real control plane. For security and IT leaders, the pattern is clear. Weak authentication at internet-facing systems is no longer a gap, it is a direct entry point. At the same time, AI platforms are shifting enforcement into runtime, where actions can be stopped before they execute. The combination of human and non-human identity risk is reshaping how security needs to be designed. We also cover Databricks moving AI governance into execution, Tenet Security's approach to preempting agent behavior, regulatory action in Australia tying poor security to financial penalties, and key signals from npm, CISA, and emerging AI-driven attacks. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]