This is the Friday Rollup for September 29th through October 3rd, 2025. It was a week of edge-device pressure, identity weak spots, and evolving email tradecraft. We cover Red Hat’s internal GitLab intrusion, Outlook’s move to block inline SVG lures, and a critical DrayTek router RCE. We track Allianz Life’s SSN breach and CERT-UA’s CABINETRAT via Excel XLLs, plus a broader pivot from Office macros to ZIP-packed LNK files. You’ll hear why a federal shutdown slowed CISA’s KEV cadence, how OpenShift AI, OpenSSL, and OneLogin issues landed, and where Windows 10’s October 14th end-of-life raises stakes. From DNS hijacks and Exchange espionage to Cisco exposure and a long-running VMware zero-day, the signals were clear.

Ransomware is no longer just about malicious code—it’s about business models, negotiation tactics, and the psychology of fear. In this episode, we break down how ransomware gangs operate like startups, with affiliates, commissions, customer service desks, and even loyalty programs. You’ll learn how they choose victims, manipulate negotiations with countdown clocks and empathy language, and sustain their criminal economy through double extortion and crypto laundering.

By listening, you’ll sharpen your ability to recognize the psychological games attackers play, improve your response strategies under pressure, and strengthen your team’s readiness to disrupt the ransomware cycle. You’ll gain insight into building resilience through backups, playbooks, and cultural readiness while learning how to turn ransomware defense from panic-driven reaction into disciplined preparation.

Produced by BareMetalCyber.com.

In this episode, we expose the illusion of security created by SMS-based multi-factor authentication. Listeners will learn why text-message codes fail to deliver true two-factor protection, how attackers exploit SIM swaps, phishing kits, and MFA fatigue, and why compliance checkboxes don’t equal resilience. The episode unpacks the vulnerabilities in telecom infrastructure, the psychology attackers weaponize, and the step-by-step path toward phishing-resistant authentication that organizations can trust.

Beyond awareness, this episode sharpens critical security skills. Listeners will come away better equipped to evaluate MFA options, spot weak fallback mechanisms, and design identity systems that prioritize phishing resistance over convenience. Leaders and practitioners alike will gain practical insights on segmenting users, strengthening recovery processes, and guiding organizations up the maturity ladder from SMS toward cryptographic passkeys. It’s not just a story about what’s broken—it’s a roadmap to building authentication that actually holds. Produced by BareMetalCyber.com.