All topics
The process of developing and deploying exploits is a complex and controversial one and it’s often a black box to outside observers. To help shine a light on how this all works, Caitlin Condon of VulnCheck joins Dennis Fisher for a deep dive into the zero day exploit landscape, what goes into exploit development, and […]
Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who’s exploiting what, then we discuss Microsoft’s disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our […]
Out of 42 unique zero days tracked by Google in 2025, 18 were attributed to CSVs, while 15 were linked to state-sponsored espionage groups.
Without context, the KEV catalog is just a very large collection of data. Tod Beardsley is the former CISA KEV section chief, and he recently released a paper called KEVology that provides key context and evaluates the value of certain enrichment signals.
Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data […]
This week Lindsey rejoins Dennis to talk about the attacks targeting a zero day in Cisco’s Catalyst SD-WAN Controller (2:17), Google’s disruption of a China-linked cyber espionage campaign targeting telecom infrastructure (6:30), and the new cyber developments on everyone’s favorite tech show, The Pitt (13:13)!
