An underground forum post breaks down how hackers scan, exploit, and cash out on vulnerabilities — and it reads like a step-by-step guide. Meanwhile, Microsoft is catching heat for stonewalling a researcher who found real zero-days, and a new phishing campaign is hitting small businesses through the platforms they trust most.

The OG crew — Joshua Schmidt, Eric Brown, and Nick Mellem — digs into this week's biggest cybersecurity headlines with sharp takes and real-world context that practitioners can actually use.

🗞️ This week's stories:

• Underground hacker forum "Hacking for Profit" breaks down the full vulnerability exploitation playbook — and what it means for your security gaps
• Gray hat researcher Chaotic Eclipse discloses zero-days to Microsoft, gets stonewalled on bug bounty, and now July 14th Patch Tuesday just got interesting
• Third-party plugins and open source tools: the supply chain risk hiding in your dev pipeline (and tools like Akido and Veracode that help)
• Meta Business Suite phishing campaign targeting SMBs — and a live near-miss story from Joshua himself
• SMS phishing: a new IT Audit Labs team member got hit on day three, before his welcome post even went live

Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the intel to do it. Like, share, and subscribe for weekly cybersecurity coverage.

#cybersecurity #infosec #bugbounty #phishing #zerodayvulnerability #supplychainsecurity #microsoftsecurity #ethicalhacking #ciso #itauditlabs

What happens when a deepfake video becomes probable cause? Law enforcement agencies are already grappling with AI-generated evidence, doxing attacks on officers, and a training gap that's growing wider every six weeks. If the justice system can't keep up with the AI threat curve, the consequences won't just be policy problems — they'll be people's lives.

In this episode of The Audit, former firefighter-paramedic turned strategic communications consultant Braden Frame — founder of Modern Cartographers and Modern Fortis — joins co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum to break down the rapidly evolving AI threat landscape facing law enforcement and public safety. Braden draws a sharp parallel between law enforcement's slow adoption of social media a decade ago and the AI reckoning happening right now — and why that delay could be catastrophic this time around.

🔍 What We Cover:

• How AI-generated fake evidence is already entering courtrooms — and why it'll only get harder to detect
• Why law enforcement is repeating its social media mistakes with AI adoption
• The guardrails debate: Venice AI, unregulated tools, and who pays the price when there are no limits
• Doxing attacks on officers and public servants — and how to defend your personal information
• AI in the field: body cam transcription, paramedic decision support, and where the tech actually works today
• Authenticity as a weapon: why real human voices will matter more than ever in the age of AI slop

Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

#AI #cybersecurity #lawenforcement #deepfakes #doxing #publicsafety #infosec #artificialintelligence #AIthreats

What would you do if ransomware told you not only that your data was gone — but that it was encrypted with a quantum-safe algorithm and you have 72 hours to pay? That's not a hypothetical anymore.

In this live news episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum are joined by IT Audit Labs member Bill Harris for a rapid-fire breakdown of the week's most important cybersecurity stories — and a few conversations that went places nobody expected.

🎯 Stories & Topics Covered:

• Iranian Cyber Group Handala Targets U.S. Troops — WhatsApp-based psychological ops against service members in Bahrain, and what OPSEC looks like when soldiers can't leave their phones at home
• Agentic AI Risk Goes Live — A real incident where an AI deleted a production database in 9 seconds, and why "trust but verify" has never mattered more
• Quantum-Safe Ransomware (Kyber) — The first confirmed ransomware family using NIST's post-quantum cryptographic standards, and why it's more marketing than menace — for now
• Robinhood Email Exploit via Gmail Dot Trick — How threat actors weaponized a years-old stolen email list using a quirk in how Google and Robinhood handle email addresses differently
• Bitwarden/Checkmarks Supply Chain Attack — Why even security-first tools aren't immune, and how Bitwarden's 90-minute response time became a case study in breach communication
• Apple's AI Strategy: Late on Purpose? — Is Apple sitting out the AI arms race, or quietly building something nobody's seen yet?
• Eric's AI Email Vision — A live whiteboard idea for using agentic AI as a personal email firewall that could eliminate phishing at the infrastructure level

Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

#cybersecurity #ransomware #postquantum #AI #infosec #ethicalhacking #supplychain #phishing #NIST #agentic #bitwarden #OPSEC #cyberdefense #ITaudit #TheAudit