Claim OwnershipYusufOnSecurity.com
Subscribed: 7Played: 60
Subscribe
© 2026 YusufOnSecurity.com
Description
This is a weekly podcast on cyber security domains. We discuss, dissect and demystify the world of security by providing an in-depth coverage on the cybersecurity topics that matter most. All these in plain easy to understand language. Like it, share it, and most importantly enjoy it!
258 Episodes
Reverse
Enjoying the content? Let us know your feedback! It has been a while since we've done a news update episode. So today, we're diving into two major stories that have been dominating cybersecurity headlines this past week. First, we'll unpack React2Shell, a critical vulnerability that's being called one of the most serious web application flaws in recent memory. Then we'll discuss the Instagram data breach affecting over seventeen million users. Both incidents highlight how quickly the threat l...
Enjoying the content? Let us know your feedback! In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the automotive industry in recent memory.** The incident not only shuttered factories and hammered sales, but also served as a stark reminder of how deeply cybersecurity failures can ripple through complex modern...
Enjoying the content? Let us know your feedback! As we've done at the end of each year, it's time to look back at what resonated most with you, our listeners. 2025 brought us some incredible episodes covering everything from fundamental security concepts to cutting-edge AI developments. But three episodes truly stood out—pulling the highest download numbers and sparking the most conversation. These weren't just popular because they covered trending topics. They addressed real, practical chal...
Enjoying the content? Let us know your feedback! Today, we're tackling one of the fastest-emerging threats of 2025—one that's probably already active in your organization right now, whether you know it or not. We're talking about Shadow AI, and the statistics are alarming: That means right now, as you're listening to this, someone in your organization is likely pasting sensitive data into ChatGPT, Claude, or another AI tool—and your security team has no idea it's happening. Lets peel the onio...
Enjoying the content? Let us know your feedback! Today we're talking about one of the most dangerous yet underestimated threats in cybersecurity right now. While everyone's worried about ransomware making headlines with million-dollar extortion demands, there's a quieter threat that's actually fueling those attacks. It's called infostealer malware, and in 2024 alone, these silent digital pickpockets were responsible for nearly one in four cyberattacks. They stole over 2 billion credentials an...
Enjoying the content? Let us know your feedback! Imagine discovering that your organization is running nearly ten times more applications than your IT team knows about. Imagine learning that two out of every three cloud tools being used by your employees were never approved, never vetted for security, and are completely invisible to your monitoring systems. Now imagine that one-third of all data breaches last year involved exactly these kinds of hidden applications. This isn't a hypothetical ...
Enjoying the content? Let us know your feedback! Today, we're lifting the hood on something you interact with dozens of times per day but probably never think about: Windows password security. What actually happens when you type your password and hit Enter? Where does Windows store that password? And perhaps most importantly, why do attackers spend so much time trying to steal password databases? https://learn.microsoft.com:Prevent Windows Store LMHash Password https://www.nist.go...
Enjoying the content? Let us know your feedback! Today we're talking about the future of security operations, specifically three technologies that have dominated the conversation for the past few years: SIEM, XDR, and SOAR. And I'm going to make a case that might surprise some people: these tools are converging. They're merging into unified platforms, and that's actually a good thing. Now, if you're a security professional, you've probably noticed this trend already. Vendors are starting to ...
Enjoying the content? Let us know your feedback! Today we're tackling a question I get asked constantly: "Should we do a pentest, a red team engagement, or a vulnerability assessment?" These terms get thrown around interchangeably, but they're actually very different things with different goals, different costs, and they're appropriate for different situations. Choosing the wrong one can either waste money on overkill testing or leave you with a false sense of security. Here's the reality: ...
Enjoying the content? Let us know your feedback! Today we're talking about one of the most common yet misunderstood cyber attacks happening right now: credential stuffing. And I do mean right now. As I'm recording this, somewhere in the world, automated bots are attempting billions of login attempts across thousands of websites, trying to break into accounts using stolen usernames and passwords. - https://www.usenix.org: Protecting accounts from credential stuffing with password breach alerti...
Enjoying the content? Let us know your feedback! Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on security awareness training every year, employees keep clicking on phishing emails, using weak passwords, and falling for social engineering attack. - https://www.sans.org: Security Awareness Training - http...
Enjoying the content? Let us know your feedback! Something fundamental changed in how we browse the internet in October 2025, and most people have no idea. In just 48 hours, OpenAI launched ChatGPT Atlas, Microsoft fired back with a revamped Edge, and suddenly every major tech company was racing to release AI-powered browsers that don't just load web pages—they can read your emails, book your travel, and access every logged-in account you have, all autonomously. The marketing promises unprece...
Enjoying the content? Let us know your feedback! So today, we're unpacking what vibe coding is, why it's creating serious security risks, and what you can do about it. Because whether you love it or hate it, vibe coding isn't going anywhere. The question is: are we shipping features, or are we shipping vulnerabilities? All that coming up next in today's episode. - https://cloud.google.com: What Is Vibe Coding?- https://learningnetwork.cisco.com: Escaping Abstraction: Why AI-Generated Code De...
Enjoying the content? Let us know your feedback! This week, we've got three stories that really caught my attention, and honestly, they're all pretty alarming in their own ways. If you're new here, welcome to the show where we break down the latest cybersecurity news and help you understand what's really happening in the cyber security domains. We're going to talk about a shocking discovery about AI security - turns out it takes way fewer malicious documents than anyone thought to compl...
Enjoying the content? Let us know your feedback! Picture this: You're at London Heathrow, Europe's busiest airport, ready to check in for your flight. But the kiosks aren't working. The screens are blank. Airport staff are scrambling with iPads and even pen and paper to manually check passengers in. Your flight is delayed, maybe canceled. And you're stuck in a long line with thousands of other frustrated travelers. Today we're diving into something that disrupted the travel plans of thousand...
Enjoying the content? Let us know your feedback! Welcome back and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain English. I am your host Ibrahim Yusuf... This is part 2 of where we will continue covering the debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are...
Enjoying the content? Let us know your feedback! We're tackling a debate that's been heating up in security circles: Are Web Application Firewalls obsolete? Now, if you've been in the security game for a while, you've probably heard the whispers. Some people are saying WAFs are dead weight, legacy technology from a bygone era. Others swear by them as the cornerstone of application security. So which is it? Well, stay tuned because this is exactly what you will find out in today's episode. -...
Enjoying the content? Let us know your feedback! In this week's episode I am joined by my good old friend Shakel Ahmed a cyber security practitioner with over 20 years of experience. We discussing how the cybersecurity landscape is at a tipping point as AI revolutionizes both defenses and threat capabilities. While tools like ML/LLM boost defender and developer efficiency, they're simultaneously empowering attackers with unprecedented advantages—operating without the ethical constraints that ...
Enjoying the content? Let us know your feedback! Today we're unpacking one of the most significant supply chain attacks of 2025 - the Salesloft-Drift OAuth breach that sent shockwaves through the enterprise software world. We'll explore how a compromise at one marketing company led to data theft at some of the biggest names in cybersecurity and technology. We'll break down the technology at the heart of it all - i.e. those digital keys that let applications talk to each other - and exa...
Enjoying the content? Let us know your feedback! Today’s episode is all about Volt Typhoon, a Chinese state-sponsored hacking group whose stealthy techniques and strategic missions have caused significant concern for defenders worldwide. We’ll break down who Volt Typhoon is, analyze the recent major report covering their activities, walk through real examples of the organizations they targeted, and explain every bit of technical jargon so everyone can follow along. By the end, you’ll und...
Comments
Download from Google Play
Download from App Store
United States