Crestvale Newsroom
Crestvale
0
Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.
Episod
-
Linux Bad Epoll bug roots servers fast 05.07.2026 5minSend us Fan Mail A critical Linux kernel flaw, a surge in malicious open source packages, and a high-profile breach all point to the same shift: attackers are focusing on identity, tokens, and trusted workflows instead of traditional perimeter defenses. For security and IT leaders, this changes where risk actually lives. Patch speed is now a primary control. Developer environments are active attack surfaces. And a single leaked credential can expose far more than expected if access is not ti...
-
ServiceNow unauth API bug exposed enterprise data 04.07.2026 6minSend us Fan Mail A quiet fix to a ServiceNow API exposure is raising a louder question about trust in the SaaS control plane. When systems that power identity, tickets, and internal context leak without authentication, the blast radius extends far beyond a single tool. This episode breaks down why delayed disclosure changes your response window, and why you should treat core SaaS platforms and build systems as breach critical. It also looks at how autonomous ransomware is compressing attack ...
-
CISA adds SharePoint RCE CVE-2026-45659 to KEV 03.07.2026 6minSend us Fan Mail A critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered. This episode breaks down what these shifts mean in practice. From emergency patching decisions to the growing legal weight of compliance ...
-
Tomcat auth bypass breaks security-constraint protections 02.07.2026 6minSend us Fan Mail Authentication controls failing silently is a different kind of risk. Today's episode breaks down how newly disclosed Apache Tomcat vulnerabilities allowed attackers to bypass protections that teams believed were enforced, and why this changes how you validate access controls. For security and IT leaders, the shift is clear. Configuration is no longer proof of enforcement. You need to test real access paths, verify behavior, and assume gaps exist until proven otherwise. At t...
-
EY grads accused of PM bank snooping 01.07.2026 6minSend us Fan Mail Today's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link. For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendors are becoming more consequential than perimeter threats. From financial filings to endpoint security...
-
ACSC warns FortiBleed: rotate creds, enforce MFA 30.06.2026 6minSend us Fan Mail Credential-based security is breaking in multiple directions at once. Old passwords are being reused to breach networks, unpatched ERP systems are getting exploited in the wild, and attackers are shifting toward token theft that bypasses traditional login defenses entirely. For security and IT leaders, this is a shift from protecting logins to continuously validating identity across sessions, systems, and now AI-driven actors. The common thread is clear: identity is the new ...
-
UK banks pilot consent-led reusable digital ID 29.06.2026 6minSend us Fan Mail Banks are moving into identity, and that could reshape how authentication and onboarding work across the digital economy. A new UK pilot shows how bank-verified identity attributes may become reusable across services, shifting control away from fragmented KYC systems. For security and IT leaders, this signals a change in where trust lives. Identity may consolidate around institutions that already hold strong signals, while access to advanced AI tools becomes uneven and emplo...
-
Bucket hijacking silently reroutes cloud audit logs 28.06.2026 5minSend us Fan Mail A new cloud attack pattern is quietly undermining one of the most trusted parts of your security stack: logging. By deleting and recreating storage buckets, attackers can reroute audit logs without triggering alerts, leaving teams blind while data continues to flow. This matters because detection, response, and forensics all depend on trustworthy telemetry. At the same time, access to advanced AI security models is becoming restricted by governments, creating uneven capabili...
-
Amazon Q repo bug steals AWS creds 27.06.2026 6minSend us Fan Mail AI developer tools and modern supply chains are introducing new paths to credential theft and account compromise. Today's episode focuses on how routine actions like opening a repository or running a build can now trigger silent execution and expose sensitive access. For security and IT leaders, the shift is structural. Trust boundaries are moving closer to developer workflows, build systems, and browser sessions. That means traditional controls like MFA, dependency scanning...
-
Five Eyes: frontier AI cyber risk soon 25.06.2026 5minSend us Fan Mail Frontier AI is collapsing the time between vulnerability discovery and exploitation, and security teams are running out of buffer. This episode breaks down the latest warning from Five Eyes cyber agencies and what it means for how quickly organizations need to act. The shift is not about new tools. It is about speed, identity control, and treating cyber risk as a core business function. When attackers can automate discovery and movement, delays in patching and weak access co...
-
White House sets 2030, 2031 PQC deadlines 24.06.2026 6minSend us Fan Mail Post-quantum cryptography just moved from long-term planning into near-term compliance. The US government has set firm deadlines that will ripple across contractors, vendors, and global standards, forcing organizations to confront how little they actually know about their own cryptographic footprint. This matters because most teams are not prepared for the operational side of this shift. Inventorying cryptography, managing keys, and migrating systems under deadline pressure ...
-
OpenAI Daybreak moves from bugs to patches 23.06.2026 5minSend us Fan Mail Security is shifting from finding vulnerabilities to fixing them at machine speed. OpenAI's latest moves signal that automated remediation is becoming the new baseline, not an advantage. For security and IT leaders, this changes how teams should operate. Backlogs are no longer acceptable, and tools that cannot generate and apply fixes will fall behind. At the same time, AI is moving into enforcement layers, supply chain breaches are exposing sensitive data outside traditiona...
-
GentleKiller uses BYOVD to kill EDRs 22.06.2026 5minSend us Fan Mail Ransomware operators are no longer trying to evade detection. They are disabling endpoint defenses at the kernel level before attacks even begin, changing how security teams need to think about control and visibility. This shift matters because many security strategies assume tools will stay active long enough to respond. At the same time, law enforcement is exposing how ransomware depends on large-scale identity fraud to turn crypto into cash. Together, these trends point t...
-
Gravity SMTP flaw leaks WordPress API keys 21.06.2026 5minSend us Fan Mail A WordPress plugin flaw is exposing API keys, and attackers are already using it to move beyond simple exploits into account takeover and lateral access. This is not just a CMS issue. It is a reminder that secrets management failures can quickly become identity incidents. For security and IT leaders, the takeaway is immediate. Email infrastructure, API keys, and integrations now sit directly on the identity boundary. At the same time, vendor risk and AI cost control are beco...
-
Klue breach weaponized OAuth tokens into CRM exfiltration 20.06.2026 6minSend us Fan Mail A breach at Klue shows how attackers are shifting away from breaking core systems and instead exploiting trusted integrations. By stealing OAuth tokens, they turned normal API access into a high-speed data exfiltration path inside Salesforce environments. This matters because most organizations do not tightly manage their integrations, token lifecycles, or non-human identities. At the same time, a critical Splunk vulnerability is already being exploited, and AI is now acting...
-
Cisco patches critical ISE command-exec flaw 19.06.2026 6minSend us Fan Mail Cisco's latest ISE vulnerability is a reminder that when identity infrastructure breaks, everything behind it is exposed. At the same time, CISA is redefining how quickly organizations are expected to respond to real-world threats, with patch timelines shrinking to days when exploitation is active. This episode breaks down what it means when your network access control layer becomes a pivot point, and why risk-based patching is quickly becoming the standard across both gover...
-
FortiBleed breaches 30k–73k Fortinet devices 18.06.2026 6minSend us Fan Mail Credential reuse just turned tens of thousands of edge devices into an attack platform. This episode breaks down how Fortinet systems were accessed without exploits, and why identity at the perimeter is now the real control plane. For security and IT leaders, the pattern is clear. Weak authentication at internet-facing systems is no longer a gap, it is a direct entry point. At the same time, AI platforms are shifting enforcement into runtime, where actions can be stopped bef...
-
GitGuardian scans dev laptops for plaintext secrets 17.06.2026 6minSend us Fan Mail The security boundary is shifting from systems to identities, and endpoints are now at the center of that change. Developer machines are increasingly becoming the easiest path into production environments as credentials leak through logs, caches, and AI tooling. This matters because traditional security models still separate endpoint protection from identity control. That gap is now where most real-world breaches are happening. At the same time, active exploitation of Fortin...
-
NewCore raises $66M for AI agent IDs 16.06.2026 6minSend us Fan Mail AI agents are rapidly becoming first-class actors inside enterprise environments, and identity systems are struggling to keep up. This episode looks at NewCore's $66 million bet on rebuilding identity for a world where agents outnumber employees, and why that shift is already underway. For security and IT leaders, this is not just a tooling change. It is a shift in what identity means. Unmanaged AI agents introduce invisible access, persistent permissions, and new attack pat...
-
Microsoft pulls 73 GitHub repos after malware 15.06.2026 6minSend us Fan Mail A supply chain attack targeting developer tools forced Microsoft to remove dozens of GitHub repositories, highlighting a shift in where real risk now sits. This episode breaks down how attackers are moving closer to credentials through trusted workflows, and why AI development environments are becoming a high value target. For security and IT leaders, the implication is direct. Developer machines, repositories, and third party access paths now function as part of your identi...
Popular di
Podcast ini turut muncul dalam senarai podcast negara-negara ini.