All topics
Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who’s exploiting what, then we discuss Microsoft’s disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our […]
Out of 42 unique zero days tracked by Google in 2025, 18 were attributed to CSVs, while 15 were linked to state-sponsored espionage groups.
The comprehensive effort, which involved seizing 330 active domains, cuts off a critical pipeline for account takeovers that targeted over 500,000 organizations and sent tens of millions of fraudulent emails monthly.
Without context, the KEV catalog is just a very large collection of data. Tod Beardsley is the former CISA KEV section chief, and he recently released a paper called KEVology that provides key context and evaluates the value of certain enrichment signals.
Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data […]
