Iron Mountain Incorporated is a global information management company with a long history in data storage, records management, backup and recovery, and secure shredding, serving a massive worldwide customer base. In early February 2026, a cybercrime group calling itself Everest claimed on its dark web leak site that it had stolen approximately 1.4 TB of…
Category: Information Security
AI, Apps, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, hacking, Information Security, malware
Forget Firewalls — Hack the Supplier: The Iberia Attack Blueprint Revealed
On 23 November 2025, Iberia disclosed a security incident stemming from an unauthorized access to the systems of a third-party supplier / vendor.The airline communicated to impacted customers that certain personal data may have been exposed. According to the notification, exposed information may include first and last name, email address, and loyalty-card identification numbers (Iberia…
cyber security, Global Security News, Information Security
4 reasons to get CISMP qualified
Awarded by BCS, The Chartered Institute for IT, the CISMP (Certificate in Information Security Management Principles) provides a practical grounding in how information security is managed across organisations. The certification provides a common entry point for professionals looking to transition into cyber security, risk management or compliance roles. It is also widely used by employers…
AI, Apps, Compliance, Cybersecurity, data breach, Data Breaches, Exploits, F5, forensics, Global Security News, Government & Policy, Information Security, Network Security, Risk Management
Think Your Firewall Is Safe? The F5 Hack Proves It’s the Perfect Trojan Horse
In what is being described as one of the most consequential cyber-espionage operations of the year, US technology vendor F5 Networks has confirmed that nation-state threat actors successfully infiltrated its internal environment, stealing source code and vulnerability intelligence related to its flagship BIG-IP product line — a core networking and application delivery system used by…
AI, Apps, china, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, Information Security, malware, vulnerabilities, vulnerability
Microsoft SharePoint Zero-Day EXPLAINED — How Hackers Got In Without a Password
Two previously unknown zero-day vulnerabilities in Microsoft SharePoint Server (on-premises) are being actively exploited in the wild as part of a highly coordinated espionage campaign. Microsoft has linked these attacks to China-based APT actors, and at least 75 organizations worldwide have confirmed breaches. The flaws, identified as CVE-2025-53770 and CVE-2025-53771, enable unauthenticated remote code execution…
cyber security, data protection, Global Security News, Information Security, ISMS, ISO 27001
Information Security vs Cyber Security: The Difference
You’ll often see the terms cyber security and information security used interchangeably. That’s because, in their most basic forms, they have the same aim: protecting the confidentiality, integrity and availability of information. This is also known as the ‘CIA triad’: Confidentiality: Protecting information from falling into the wrong hands. Integrity: Making sure the information is – and remains –…
AI, Cybersecurity, Exploits, Global Security News, Important, Information Security, Risk Management, Tutorials, vulnerabilities
How to Easily Escalate to Root on Linux Using the Latest Sudo Vulnerabilities
A newly disclosed pair of critical vulnerabilities in Sudo — the powerful Unix/Linux command-line tool that allows users to run commands as root — poses a significant local privilege escalation threat. These flaws impact major Linux distributions and allow unprivileged local users to gain root access, thereby compromising system integrity. Summary of the Vulnerabilities The…
AI, cyber security, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Information Security, Network Security
BreachForums Is DEAD — Cybercrime’s Biggest Empire Just Got Crushed!
A coordinated law enforcement operation in France has resulted in the arrest of key figures behind BreachForums, one of the most active and influential marketplaces for cybercriminals in recent years. The takedown marks a significant disruption in the cybercriminal economy, highlighting both the global reach of modern threat actors and the increasing sophistication of cross-border…
AI, Compliance, Cybersecurity, data breach, Data Breaches, Endpoint, Exploits, Global Security News, Information Security, Network Security, Risk Management, victoria secret
Victoria’s Secret Hit by Cyberattack — Here’s What They’re Not Telling You
Victoria’s Secret, the globally recognized lingerie and fashion retailer, has taken its U.S. e-commerce website offline and limited some in-store services following a confirmed cybersecurity incident. While details remain sparse, the nature and scale of the response strongly suggest a potential data breach or cyberattack affecting both digital and physical retail operations. On the evening…
cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Facebook, Global Security News, Information Security, infosec, internet security, online safety, Podcast, Podcasts, privacy, privacy laws, SBN News, Security, Security Bloggers Network, Social Media Awareness, Social Media Risks, Social Media Security, Tech Podcast, Technology, Weekly Edition, XSS
Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009
Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see…
AI, APAC, Apps, cyber security, Cybersecurity, Data Breaches, Exploits, Global Security News, helm, Information Security, Network Security, Risk Management, Tutorials
You Trust Your Helm Charts — Here’s Why That’s a Huge Mistake That Could Lead to a Cloud Breach
Helm has revolutionized how Kubernetes applications are deployed. A single helm install can launch a fully functioning stack in seconds. But a new report by Microsoft Defender for Cloud reveals a disturbing truth: many Helm charts are insecure by default, and their convenience often comes at the cost of exposure. The report, The Risk of…
23andMe, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, genetic testing, Global Security News, Government Accountability, Information Security, infosec, Legal Challenges, Military Protocol, personal data, Podcast, Podcasts, privacy, Security, Security Bloggers Network, signal, Signal Gate, Technology, Weekly Edition
The 23andMe Collapse, Signal Gate Fallout
In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company’s potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of…
AI, ai models, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Information Security, infosec, LLM, North America, Podcast, Podcasts, privacy, Security, Security Bloggers Network, Smart Privacy, Tech Podcast, Tech Policy, Technology, Weekly Edition
Understanding Privacy Changes: eBay’s AI Policy and The Future of Data Privacy
In this episode, host Tom Eston discusses recent privacy changes on eBay related to AI training and the implications for user data. He highlights the hidden opt-out feature for AI data usage and questions the transparency of such policies, especially in regions without strict privacy laws like the United States. The host also explores how…
AI, Application Security, CISO Suite, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Governance, Risk & Compliance, Information Security, infosec, IT Security Collaboration, Managing Cybersecurity Data, penetration testing, PlexTrac, Podcast, Podcasts, privacy, purple teaming, Red Teaming, Risk Management, risk scoring, Security, security best practices, Security Bloggers Network, Social Engineering, Technology, Threat Intelligence, vulnerability remediation, Weekly Edition
From Spreadsheets to Solutions: How PlexTrac Enhances Security Workflows
In this special episode of the Shared Security Podcast, join Tom Eston and Dan DeCloss, CTO and founder of PlexTrac, as they discuss the challenges of data overload in vulnerability remediation. Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful…
AI, Application Security, CISO Suite, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Governance, Risk & Compliance, Information Security, infosec, IT Security Collaboration, Managing Cybersecurity Data, penetration testing, PlexTrac, Podcast, Podcasts, privacy, purple teaming, Red Teaming, Risk Management, risk scoring, Security, security best practices, Security Bloggers Network, Social Engineering, Technology, Threat Intelligence, vulnerability remediation, Weekly Edition
Tackling Data Overload: Strategies for Effective Vulnerability Remediation
In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today.…
CISA, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Firefox Privacy, Global Security News, Government & Policy, Information Security, infosec, internet privacy, mozilla, online security, Podcast, Podcasts, privacy, privacy rights, Putin, Russia, Russian Cyber Threat, Security, Security Bloggers Network, Tech Talk, Technology, Technology News, Trump, Trump Administration, US Cyber Command, Weekly Edition
Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes
In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. **…
Apple, Canada, CISA, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, doge, encryption, Encryption Backdoor, Endpoint, Episodes, Global Security News, Government, Impact, Incompetence, Information Security, infosec, Jokes, national security, phishing, Podcast, Podcasts, privacy, SBN News, Security, Security Bloggers Network, Technology, Trump, uk, Weekly Edition
Cybersecurity Impact of DOGE, Apple’s Stand Against Encryption Backdoors
In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the…
Apple, Canada, CISA, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, doge, encryption, Encryption Backdoor, Endpoint, Episodes, Global Security News, Government, Impact, Incompetence, Information Security, infosec, Jokes, national security, phishing, Podcast, Podcasts, privacy, SBN News, Security, Security Bloggers Network, Technology, Trump, uk, Weekly Edition
Cybersecurity Impact of DOGE, Apple’s Stand Against Encryption Backdoors
In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the…
cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Employee Cyber Confidence, Encryption Debate, Episodes, Global Issues, Global Security News, Government Backdoors, Information Security, infosec, Podcast, Podcasts, privacy, Security, Security Bloggers Network, social media, Stalking, Technology, UK Investigatory Powers Act, Weekly Edition
UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking
In this episode, we discuss the UK government’s demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse…
Careers, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Hiring Managers, Information Security, infosec, Job Market, Job search, Job Skills, Networking, Podcast, Podcasts, privacy, professional development, recruiting, Recruitment Strategies, Resume Tips, Salary Transparency, Security, Security Bloggers Network, Technology, Weekly Edition, Workforce Shortage
Careers in Cybersecurity: Myths and Realities with Kathleen Smith
In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job market research and recruiting. She discusses challenges such as distinguishing between genuine workforce shortages and…
AI, Application Security, china, cyber security, cyber threat, Cyberlaw, Cybersecurity, Data Privacy, Data Security, deepseek, DevOps, Digital Privacy, Episodes, Global Security News, Government, Information Security, infosec, law enforcement, open source, Podcast, Podcasts, police, privacy, Security, Security Bloggers Network, Technology, Technology Policy, Weekly Edition
Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI
In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies’ stock prices. Join us as we…
cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Gravy Analytics, Gravy Analytics Breach, Information Security, infosec, Location Data Leak, Personal Data Auction, Podcast, Podcasts, privacy, Privacy Legislation, Real-Time Bidding, Security, Security Bloggers Network, Smart Cars Security, subaru, Subaru Starlink Vulnerability, Subaru Vehicle Controls, Technology, Vehicle Hacking, Vulnerability Exploitation, Weekly Edition
Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed
In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru’s Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host…
AI, Anthropic, ChatGPT, Claude, cyber security, cyber threat, Cybersecurity, Data Privacy, data protection, Data Security, Digital Privacy, Episodes, gemini, generative ai, Global Security News, Information Security, infosec, Podcast, Podcasts, privacy, Privacy Policies, Safety in AI, Security, Security Bloggers Network, Tech Ethics, Tech Podcast, Technology, Weekly Edition
AI Privacy Policies: Unveiling the Secrets Behind ChatGPT, Gemini, and Claude
Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom Eston discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights…
2025, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Happy New Year, Information Security, infosec, New Year, phishing, Podcast, podcasting, Podcasts, Port 83, predictions, privacy, Security, Security Bloggers Network, Social Engineering, Technology, Weekly Edition, Year End Reflections
2024 Year in Review: What We Got Right and Looking to 2025
In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions…