Cyberside Chats: Cybersecurity Insights from the Experts
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast on Tuesdays at 6:30 am ET and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity pro or an executive who wants to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you understand and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
10
The “Hacking Ray” Is Here: AI, Project Glasswing, and the End of Hidden Vulnerabilities
<p>Anthropic’s Project Glasswing and its unreleased Mythos model signal a potential turning point in cybersecurity: AI that can find—and potentially exploit—software vulnerabilities at unprecedented scale.</p> <p>In this episode of Cyberside Chats, Sherri Davidoff and Tom Pohl break down what this means for organizations today. If AI can uncover decades-old bugs in seconds, what happens to patching cycles, vulnerability management, and the balance between attackers and defenders?</p> <p>They explore the uncomfortable reality: we may be entering a period where vulnerabilities are discovered faster than organizations can fix them—and where access to powerful AI tools...
We don’t break in, we badge in
<p>In this episode, Matt interviews Tom and Derek from our pen test team to break down why attackers often don’t need to hack their way in at all.</p> <p>While most organizations invest heavily in tools like EDR and SIEM, Tom and Derek share how they regularly get inside buildings using nothing more than confidence, a good story, and sometimes even a box of donuts. From posing as copier technicians to tailgating behind employees, their experiences show that people are often the easiest way into an organization.</p> <p>And once they’re in, things escalate fast. Phys...
Stryker Attack Analysis: Cybersecurity and insurance perspectives
<p>A $25 billion medical device company brought to a standstill—without a zero-day exploit.</p> <p>In this episode of Cyberside Chats, Sherri Davidoff is joined by cyber insurance expert Bridget Quinn Choi to unpack the Stryker cyberattack and what it reveals about modern enterprise risk. From compromised admin credentials to the abuse of Microsoft Entra and Intune, this incident highlights how attackers are increasingly using trusted tools to cause widespread disruption.</p> <p>We explore what likely happened, why this wasn’t a “sophisticated” attack in the traditional sense, and how a single identity compromise can cascade into operational shutdown...
Mass Exploitation 2.0: Web Platforms Under Attack
<p>Mass exploitation vulnerabilities are back—and they’re evolving. In this Cyberside Chats Live episode, we break down the recently disclosed React2Shell vulnerability and the confirmed LexisNexis incident, where attackers exploited an unpatched web application to access cloud infrastructure and exfiltrate data.</p> <p>But this isn’t new. From SQL Slammer to Log4Shell to ProxyShell, we’ve seen this pattern before: widely deployed, internet-facing systems + simple exploits + automation = rapid, large-scale compromise.</p> <p>Most importantly, we focus on what matters for organizations today: how to reduce exposure, how to prepare for the next mass exploitation event, and why...
Is Anthropic a Pentagon “Supply Chain Risk”?
<p>Anthropic has been labeled a “Supply-Chain Risk to National Security” after refusing two uses of its models: mass surveillance of Americans and lethal autonomous warfare without human oversight. But is Anthropic really a supply-chain risk, and how does this designation affect businesses that use Claude? In this episode, Sherri Davidoff and Matt Durrin unpack the timeline behind the Pentagon’s designation, what Anthropic claims is actually driving the conflict, and what’s known (and not known) about any underlying technical risk. They compare the situation to Kaspersky—where the supply-chain concern centered on privileged security software, foreign-state leverage, and update-cha...
Google Gemini Changed the Rules: Are Your API Keys Exposed?
<p>For years, many Google API keys were treated as “public” project identifiers embedded in client-side code and protected mainly through referrer and API restrictions. But a recent discovery suggests Gemini changes that risk model: researchers found nearly 3,000 publicly exposed Google API keys that were still “live” and could be used to interact with Gemini endpoints, creating a new path to unauthorized usage, quota exhaustion, and potentially costly API charges.</p> <p>In this episode of Cyberside Chats, we unpack what “changed the rules” actually means, why this is a classic cloud governance problem (old assumptions meeting new capabilities), and what to chec...
Opus 4.6: Changing the Pace of Software Exploitation Description
<p>Claude Opus 4.6 is generating serious buzz for one reason: it can rapidly spot zero-day vulnerabilities out of the box, suggesting that long-trusted software may no longer be as “safe by default” as security teams assume.</p> <p>At the same time, Microsoft’s February patch cycle included an unusually high number of zero-days already under active exploitation — real-world evidence that the race is already accelerating, and the window between discovery and impact is shrinking.</p> <p>In this Cyberside Chats Live, we’ll connect the dots on what this means for defenders in 2026: a shrinking window between discovery and exploitati...
Nancy Guthrie’s Recovered Footage: The Reality of Residual Data
<p>After the FBI announced it recovered previously inaccessible video from Nancy Guthrie’s disconnected Google Nest doorbell, one thing became clear: in releasing the footage, authorities revealed an important truth — deleted surveillance footage may not really be deleted. That means law enforcement (or threat actors) could potentially access it.</p> <p>The case remains ongoing and deeply serious. For enterprise security leaders, the lesson is bigger than a consumer camera: modern systems often retain residual data across devices, local buffers, and vendor backends, even when teams believe it has been removed. In this episode of Cyberside Chats, we examine what...
Ransomware Gangs Are Teaming Up
<p>Ransomware gangs aren’t operating alone anymore and the lines between them are increasingly blurry.</p> <p>In this episode of Cyberside Chats, we look at how modern ransomware groups collaborate, specialize, and team up to scale attacks faster. Using ShinyHunters’ newly launched data leak website as an example, we discuss how different crews handle access, social engineering, and data exposure, and why overlapping roles make attribution, defense, and response harder.</p> <p>We also explore what this shift means for security leaders, from training and identity protection to preparing for data extortion that doesn’t involve encryption.</p> <p> </p...
Top Threat of 2026: The AI Visibility and Control Gap
<p>AI is no longer a standalone tool—it is embedded directly into productivity platforms, collaboration systems, analytics workflows, and customer-facing applications. In this special CyberSide Chats episode, Sherri Davidoff and Matt Durrin break down why lack of visibility and control over AI has emerged as the first and most pressing top threat of 2026.</p> <p>Using real-world examples like the EchoLeak zero-click vulnerability in Microsoft 365 Copilot, the discussion highlights how AI can inherit broad, legitimate access to enterprise data while operating outside traditional security controls. These risks often generate no alerts, no indicators of compromise, and no obvious “incident” until...
