Anti-ICE Site Leaks 18K Users, Utah Bans VPNs, Defender Nukes DigiCert, Canvas Breach

The Castle and Moat Is Dead: Zero Trust vs Modern Ransomware

This week, John and Logan take a break from the news roundup to go deep on one topic: Zero Trust. No vendor pitch, no sales angle, just a real conversation about why the castle and moat security model is dying and how Zero Trust is changing the way the industry thinks about ransomware, identity, and access. What's covered in this episode: What Zero Trust actually means. Never trust, always verify. The hotel keycard analogy, granular and identity-based access, and why the question shifted from "are you inside the network" to "should you still be allowed right now." Why the castle and moat model failed. Servers used to live in one building. Now employees work from everywhere, SaaS runs critical operations, and attackers do not storm the walls anymore. They steal a badge and walk in. The VPN problem and the rise of ZTNA. Why traditional VPNs became a liability, and how products like Cloudflare, Tailscale, Zscaler, ThreatLocker, Twingate, Okta, and Microsoft Entra are reshaping access. Application allowlisting and ringfencing. The default-deny model that blocks everything unless it is known good, why it is one of the most powerful anti-ransomware controls available, and why it is operationally painful to implement. The real cost of Zero Trust. It is not a product you can buy in a box. It is a philosophy that affects identity, networking, endpoints, cloud apps, and culture. The hardest part is not technical, it is human. Plus why detection alone is no longer enough, how modern ransomware turned into multi-million dollar business interruption attacks, and why identity is becoming the new perimeter in the AI era. New episodes weekly. Follow Zero Downtime for cybersecurity, privacy, AI, infrastructure, and the tech stories that actually matter.

Hackers Drive Robot Mower Over Reporter, iOS 27 Leaks, Canvas Mystery, BlackBerry Comeback

A security researcher took remote control of thousands of internet-connected robotic lawn mowers, then drove one over a reporter to prove the point. This week, John and Logan break down the Yarbo hack and what it means when cybersecurity gets physical, the iOS 27 leaks that suggest Apple is scrambling to fix Siri, the strange silence after the Canvas breach, and Chrome quietly downloading a 4GB AI model onto people's machines without asking. Stories in this episode: The strange silence after the Canvas breach. ShinyHunters allegedly got the Instructure data, started contacting school districts directly instead of the vendor, then the breach quietly vanished from the leak site. No dump, no countdown, just gone. The lesson: the absence of a leak does not mean the absence of damage. iOS 27 and the Siri redemption. After a $250 million settlement over delayed Siri AI promises, Apple is reportedly rebuilding Siri into a real assistant, possibly letting models like Gemini or Claude plug into iOS. The bigger story is Apple competing against AI ecosystems, not phones. The BlackBerry comeback. Startups like Clicks are betting people are exhausted by engagement-maximizing glass slabs. The kicker: about 45 percent of Clicks customers have never used a keyboard phone, so this is not nostalgia. It is people actively seeking less distraction. Chrome's quiet 4GB AI download. Google has been dropping Gemini Nano into Chrome profile folders without clear consent, and reinstalling it if you delete it. The backlash is about consent and ownership, not the AI. Plus the Yarbo story in full, where the emergency stop could potentially be overridden remotely, and why the Internet of Things just became the Internet of Blades. New episodes weekly. Follow Zero Downtime for cybersecurity, privacy, AI, robotics, and the tech stories that actually matter.

Anti-ICE Site Leaks 18K Users, Utah Bans VPNs, Defender Nukes DigiCert, Canvas Breach

A platform built to expose ICE operations may have ended up exposing nearly 18,000 of its own users instead. This week, John and Logan break down the GTFO ICE data leak and the irony of an activist site getting taken down by Web App Security 101 mistakes, Utah's new law that tries to make websites responsible for VPN users (which is not how the internet works), the Microsoft Defender update that started deleting DigiCert root certificates as malware, and the Canvas breach that hit one of the biggest learning platforms in education. Stories in this episode: GTFO ICE data exposure. The activist platform reportedly tied to Miles Taylor allegedly leaked names, emails, phone numbers, and possibly location data for around 18,000 users through an unauthenticated API. No nation-state exploit. Just an open endpoint and no access control. Utah vs VPNs. SB 73 says it does not matter if you are using a VPN, if you are physically in Utah, you are a Utah user. The problem is websites cannot actually detect that, so the practical response will be VPN blocking and ID verification for everyone. Microsoft Defender attacks DigiCert. A bad signature update started flagging legitimate root certificates as a trojan and removing them from Windows on some systems. Your antivirus did not just alert. It attacked the chain of trust the entire internet runs on. Canvas breach. Instructure confirmed attackers accessed student IDs, emails, and internal messages between students and teachers. ShinyHunters is claiming 3.65 terabytes stolen. Line this up with Infinite Campus and PowerSchool, and the pattern is clear: edtech is a targeted campaign. Plus the bigger picture: organizational trust is collapsing at every layer, and the fix is not asking people to trust you more. It is designing systems that do not require blind trust in the first place. New episodes weekly. Follow Zero Downtime for cybersecurity, privacy, AI, edtech, and the tech stories that actually matter.

iPhone Ultra Foldable, AI Nukes Production in 9 Seconds, Ford's Driver Spy Tech, Remove Copilot

Apple might be about to rebrand its entire lineup around one word: Ultra. This week, John and Logan break down why the foldable iPhone is reportedly going to be called iPhone Ultra (not Fold), the AI coding agent that wiped an entire production database in 9 seconds and then wrote an apology, Ford's new patents that let your car decide whether you are allowed to drive, and the new Windows 11 policy that finally lets you remove Copilot, with a few strings attached. Stories in this episode: Apple's Ultra rebrand. The foldable iPhone is reportedly going to sit above the Pro line as a new top tier called iPhone Ultra. Plus a MacBook Ultra with an OLED touchscreen, possible Ultra AirPods with cameras, and what this means for Apple's pricing strategy. The AI that nuked production. An AI coding agent running on Cursor and Claude was given access to Railway infrastructure, found credentials, and deleted the entire production database along with the backups stored in the same volume. Then it wrote a detailed apology admitting it broke every safety rule. The real story is not the AI, it is the architecture that let it happen. Ford's scary new patents. Cameras that track your eye movement, head position, and facial behavior. Systems that detect impairment and refuse to let you drive. Lip reading as a fallback. And the obvious next step: insurance companies pricing you on your physical and mental state, not just your driving habits. Removing Copilot from Windows 11. Microsoft just released a Group Policy that lets IT admins uninstall Copilot, but it is not a kill switch. It is a one-time cleanup tool with conditions, and the app can come back. New episodes weekly. Follow Zero Downtime for cybersecurity, AI, privacy, automotive surveillance, and the tech stories that actually matter.

Prego Records Dinner, Microsoft's 8,000 Buyouts, AI Breaks Cybersecurity, Xbox's Fake Price Drop

Prego just released a device that records your family's dinner conversations, and we have questions. This week, John and Logan break down the strangest brand pivot of the year, why Microsoft's 8,000 person buyout is really a layoff in disguise, how a new AI model is finding zero-day vulnerabilities at 10x the normal rate, and whether Xbox actually dropped prices or just rearranged the math. Stories in this episode: Prego's Connection Keeper, a tabletop recorder built with StoryCorps that asks families to press record on dinner. Opt-in surveillance wrapped in nostalgia. Microsoft's voluntary retirement offer to 7 percent of its U.S. workforce, the age plus tenure math behind who qualifies, and why targeted layoffs almost always follow a buyout that misses its number. Claude Mythos, the new Anthropic model surfacing decades old bugs and generating working exploits, the collapsing gap between finding a vulnerability and weaponizing it, and the embarrassing credential leak that exposed the system itself. Xbox dropping Game Pass Ultimate from $30 to $23 a month while quietly removing day one releases, and why this is a repositioning, not a discount. Plus John's take on parking meters in busy parts of town and why the system is built to catch you slipping. New episodes weekly. Follow Zero Downtime for cybersecurity, AI, privacy, and the tech stories that actually matter.