This is the Friday Rollup for September 29th through October 3rd, 2025. It was a week of edge-device pressure, identity weak spots, and evolving email tradecraft. We cover Red Hat’s internal GitLab intrusion, Outlook’s move to block inline SVG lures, and a critical DrayTek router RCE. We track Allianz Life’s SSN breach and CERT-UA’s CABINETRAT via Excel XLLs, plus a broader pivot from Office macros to ZIP-packed LNK files. You’ll hear why a federal shutdown slowed CISA’s KEV cadence, how OpenShift AI, OpenSSL, and OneLogin issues landed, and where Windows 10’s October 14th end-of-life raises stakes. From DNS hijacks and Exchange espionage to Cisco exposure and a long-running VMware zero-day, the signals were clear.

Ransomware is no longer just about malicious code—it’s about business models, negotiation tactics, and the psychology of fear. In this episode, we break down how ransomware gangs operate like startups, with affiliates, commissions, customer service desks, and even loyalty programs. You’ll learn how they choose victims, manipulate negotiations with countdown clocks and empathy language, and sustain their criminal economy through double extortion and crypto laundering.

By listening, you’ll sharpen your ability to recognize the psychological games attackers play, improve your response strategies under pressure, and strengthen your team’s readiness to disrupt the ransomware cycle. You’ll gain insight into building resilience through backups, playbooks, and cultural readiness while learning how to turn ransomware defense from panic-driven reaction into disciplined preparation.

Produced by BareMetalCyber.com.

In this episode, we expose the illusion of security created by SMS-based multi-factor authentication. Listeners will learn why text-message codes fail to deliver true two-factor protection, how attackers exploit SIM swaps, phishing kits, and MFA fatigue, and why compliance checkboxes don’t equal resilience. The episode unpacks the vulnerabilities in telecom infrastructure, the psychology attackers weaponize, and the step-by-step path toward phishing-resistant authentication that organizations can trust.

Beyond awareness, this episode sharpens critical security skills. Listeners will come away better equipped to evaluate MFA options, spot weak fallback mechanisms, and design identity systems that prioritize phishing resistance over convenience. Leaders and practitioners alike will gain practical insights on segmenting users, strengthening recovery processes, and guiding organizations up the maturity ladder from SMS toward cryptographic passkeys. It’s not just a story about what’s broken—it’s a roadmap to building authentication that actually holds. Produced by BareMetalCyber.com.

In this episode, we explore the strange yet critical world of adversarial machine learning—where tiny, unseen manipulations can fool AI systems into making dangerous and bizarre mistakes. From autonomous cars misinterpreting road signs to AI-driven medical devices misdiagnosing patients, we uncover real-world scenarios illustrating how subtle digital tweaks can create major real-life consequences.

We’ll also discuss how cybersecurity experts and AI professionals fight back, detailing the essential strategies, red-team testing practices, and educational initiatives necessary to build resilient and trustworthy AI systems. Tune in to discover how adversarial threats could reshape our future, and why securing AI is more important than ever.

Will AI trigger the first white-collar recession—or just change what those jobs look like? This episode follows the quiet early tells—executive hiring freezes, six-figure postings sliding, silent software seat cuts, and a surge of offboarding tickets—to explain how task-level automation can thin openings, flatten wages, and hollow out the rungs juniors used to climb. We separate headline panic from real indicators and show how experience, not just efficiency, keeps organizations resilient when the economy cools.

Then we get practical for security teams. Even if your job survives, your attack surface won’t: agents, connectors, machine identities, and poisoned inputs expand risk while separation of duties quietly erodes. We lay out the guardrails—least privilege for agents, dual control on irreversible changes, auditable prompts and outputs, drift monitoring—and the career moats that make you hard to replace: incident command under uncertainty, adversary thinking, clear risk communication, and a toolsmith mindset that makes AI safer for everyone else.

In this episode of BareMetalCyber, we delve into the shadowy world of state-sponsored cyber sabotage, examining how nations increasingly leverage digital attacks for espionage, economic disruption, and geopolitical advantage. We explore sophisticated hacking tactics—from zero-day exploits and psychological warfare to supply chain infiltration—and reveal why attribution remains so notoriously difficult in today's digital conflicts.

Along the way, we discuss practical defensive strategies that organizations can adopt to protect themselves against nation-state cyber threats, emphasizing proactive defense, incident response preparedness, and strategic alignment with national cybersecurity efforts. Join us to uncover how nation-states conduct covert digital operations and what your organization can do to defend itself in this rapidly evolving threat landscape.

In this episode of BareMetalCyber, we narrate the article Ctrl+Alt+Comply: The Wild World of Cyber Regulations, taking you through the tangled web of international cybersecurity compliance. From the rigid power moves of the EU’s GDPR to the complex demands of China’s PIPL and the legislative chaos of U.S. state laws, we explore how the world governs digital risk—and how organizations are expected to keep up.

We break down the frameworks, enforcement quirks, political motivations, and the sheer absurdity of cross-border data rules—all while offering actionable insight on surviving and thriving in a fractured compliance landscape. Whether you're leading a security team or just trying to understand why your inbox is full of cookie policy updates, this is the episode you don’t want to miss.

In today's episode, we dive into the dark side of our increasingly connected world, exploring how ordinary IoT devices—like coffee makers, fish tanks, and even printers—have turned sinister, unleashing unexpected chaos on unsuspecting networks. We'll examine unforgettable stories of IoT gone rogue, like the Mirai botnet's internet-crashing exploits, the casino hacked through an innocent-looking fish tank, and how everyday gadgets become covert spy tools in the hands of cyber attackers.

Then, we'll equip you with practical strategies and actionable advice on securing your IoT devices. From effective firmware management and Zero Trust frameworks to user training and predictive security technologies, we’ll cover what it takes to build an IoT fortress capable of standing up to the most sophisticated cyber threats.