Crestvale Newsroom

Cisco patches critical ISE command-exec flaw

6 min · 19. kesä 2026
jakson Cisco patches critical ISE command-exec flaw kansikuva

Kuvaus

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Cisco's latest ISE vulnerability is a reminder that when identity infrastructure breaks, everything behind it is exposed. At the same time, CISA is redefining how quickly organizations are expected to respond to real-world threats, with patch timelines shrinking to days when exploitation is active. This episode breaks down what it means when your network access control layer becomes a pivot point, and why risk-based patching is quickly becoming the standard across both government and enterprise environments. There is also a closer look at how Google's new agent discovery standard could shape machine identity and trust, and why ransomware groups are scaling faster with new incentive models. We also cover Teams-based command and control abuse, third-party data exposure, and shifts in vendor risk. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Kommentit

0

Ole ensimmäinen kommentoija

Rekisteröidy nyt ja liity Crestvale Newsroom-yhteisöön!

Aloita maksutta

14 vrk ilmainen kokeilu

Kokeilun jälkeen 7,99 € / kuukausi. · Peru milloin tahansa.

  • Podimon podcastit
  • 20 kuunteluaikaa / kuukausi
  • Lataa offline-käyttöön

Kaikki jaksot

165 jaksot

jakson Google Search now saves media for AI kansikuva

Google Search now saves media for AI

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] AI systems are no longer just consuming data. They are quietly collecting it by default. Google's latest change turns everyday search interactions into a training pipeline, expanding what enterprise data can be stored and reused without most teams realizing it. This matters because the boundary between normal tool usage and data sharing is disappearing. At the same time, agents are gaining access to sensitive systems, and new AI interfaces are becoming control layers for business operations. Without clear policies, isolation, and audit trails, organizations risk exposing critical data through routine workflows. We also cover Vercel's push for agent sandboxing, Navan's move to bring finance data into AI interfaces, and Canada's shift toward active ransomware disruption. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

7. heinä 20266 min
jakson Medtronic breach hits 3.8M in ShinyHunters kansikuva

Medtronic breach hits 3.8M in ShinyHunters

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A major breach at Medtronic shows how quickly corporate systems can become the weakest link when they hold sensitive data. At the same time, new guidance from NIST is turning AI security into something that will be measured, audited, and enforced across enterprises. For security and IT leaders, the message is clear. The boundary between corporate and production environments is fading, and AI systems are moving into the same category of critical infrastructure. Decisions made today about segmentation, validation, and governance will directly shape breach impact and audit outcomes. We also cover an AI-driven threat intelligence error that triggered global blocking, plus signals from Amazon, ESA, Flipper Devices, and Palo Alto Networks. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Eilen6 min
jakson Linux Bad Epoll bug roots servers fast kansikuva

Linux Bad Epoll bug roots servers fast

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical Linux kernel flaw, a surge in malicious open source packages, and a high-profile breach all point to the same shift: attackers are focusing on identity, tokens, and trusted workflows instead of traditional perimeter defenses. For security and IT leaders, this changes where risk actually lives. Patch speed is now a primary control. Developer environments are active attack surfaces. And a single leaked credential can expose far more than expected if access is not tightly scoped. This episode breaks down the Linux "Bad Epoll" vulnerability, the Lazarus package campaign, and the Novo Nordisk breach, along with a disruption of residential proxy infrastructure used in credential attacks. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

5. heinä 20265 min
jakson ServiceNow unauth API bug exposed enterprise data kansikuva

ServiceNow unauth API bug exposed enterprise data

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A quiet fix to a ServiceNow API exposure is raising a louder question about trust in the SaaS control plane. When systems that power identity, tickets, and internal context leak without authentication, the blast radius extends far beyond a single tool. This episode breaks down why delayed disclosure changes your response window, and why you should treat core SaaS platforms and build systems as breach critical. It also looks at how autonomous ransomware is compressing attack timelines, and why internet exposed orchestration tools are becoming high value entry points. We also cover the NetNut proxy disruption, the rise of supply chain to ransomware pipelines, and signals from Alibaba, CISA, Visa, and Microsoft 365. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

4. heinä 20266 min
jakson CISA adds SharePoint RCE CVE-2026-45659 to KEV kansikuva

CISA adds SharePoint RCE CVE-2026-45659 to KEV

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered. This episode breaks down what these shifts mean in practice. From emergency patching decisions to the growing legal weight of compliance frameworks, the environment is changing from both sides. Security leaders are being pushed to move faster operationally while also proving that controls are actually in place. We also cover FortiBleed's role in ransomware campaigns, Visa's move into threat intelligence, and what it signals about the merging of fraud and cybersecurity. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

3. heinä 20266 min