Explore the complex and rapidly evolving landscape of US state data privacy laws, drawing on insights from recent legislative developments across states like California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, and Texas, plus Washington's focused health data act. We break down the core consumer rights becoming standard nationwide – including the right to access, delete, correct, and opt out of data sales, targeted advertising, and certain profiling. Learn about the heightened focus on sensitive data, such as health information and data from children and teens, often requiring explicit opt-in consent. We discuss key differences like scope thresholds, variations in the definition of "sale", and the emergence of mandatory universal opt-out signals. Understand the differing enforcement approaches by state Attorneys General, the role of cure periods (and their sunsetting in many states), and the limited private rights of action. This episode helps untangle the intricate patchwork, highlights the practical implications for businesses implementing compliance systems, and touches on how consumer expectations and trust are shaped by these new regulations.
 
www.compliancehub.wiki/navigating-the-patchwork-an-in-depth-look-at-u-s-state-comprehensive-privacy-laws/
https://globalcompliancemap.com/
https://generatepolicy.com/
 

Tune in to explore the rapidly evolving cyber threat landscape of 2024 from Huntress 2025 global Cyber Threat Report, where attackers standardized sophisticated techniques across businesses of all sizes. We dissect the significant shifts in ransomware strategies, including the fragmentation of major groups following takedowns like LockBit, Dharma, Hive, and Phobos. Discover how agile affiliate networks like RansomHub and INC/Lynx emerged, offering high payouts and dominating the landscape. Learn about the pivot from traditional encryption to data theft and extortion as a cost-saving tactic due to improved defenses. We'll also break down the most impactful vulnerabilities exploited, including the critical ConnectWise ScreenConnect flaws (CVE-2024-1709 & CVE-2024-1708) that spurred a major campaign, the zero-day CrushFTP vulnerability (CVE-2024-4040), and the continued exploitation of the older ProxyShell Exchange vulnerability (CVE-2021-31207). Finally, we'll cover the pervasive use of abused tools like RATs, RMM software, malicious scripts, LOLBins, and sophisticated phishing techniques that defined attacker methodologies throughout the year. This episode provides crucial insights for defenders navigating this complex and challenging environment
breached.company/navigating-the-new-frontier-key-cyber-threats-exploits-and-tools-of-2024

Delve into the complex and rapidly transforming world of cyber threats. This episode examines notorious ransomware groups like Black Basta, LockBit, BlackCat/ALPHV, Phobos/8Base, Medusa, and Clop, exploring their Ransomware-as-a-Service (RaaS) models and distinctive tactics, techniques, and procedures (TTPs). We also discuss state-sponsored cyber warfare, such as the activities of Iran's APT42 and its impact on critical infrastructure, hacking groups like Scattered Spider, and the individual hacker USDoD, as well as significant law enforcement disruptions like Operation Cronos against LockBit and the arrests of key figures behind Phobos and 8Base. We'll touch upon the emerging challenges of AI-enabled crime and the continuous escalation in the scale and sophistication of cyberattacks.
 
breached.company/global-cybercrime-crackdown-major-law-enforcement-operations-of-2024-2025

In this episode, we dive into the recent developments shaping the cybersecurity landscape as of May 2025. We discuss major incidents like the significant breach of the LockBit ransomware gang, which exposed sensitive data including negotiation messages and user credentials. We'll also explore the growing sophistication of financial cyberattacks, highlighted by the uncovering of the "industrial-scale" FreeDrain cryptocurrency phishing operation targeting digital wallets with sophisticated methods. The episode examines landmark legal actions, such as Meta's $168 million victory against spyware firm NSO Group, signaling a pushback against surveillance abuses. We explore the evolving role of AI, which offers speed in threat detection but also introduces risks from vulnerabilities in AI-generated code and "shadow AI". Finally, we look at how governments and corporations are responding with new initiatives to bolster defenses, including the UK's Cyber Resilience programs, CISA's advisories for critical infrastructure, and corporate innovations like HPE's Secure Gateway for small businesses and Microsoft's patching of critical cloud vulnerabilities. Join us as we unpack these challenges and responses in a dynamic digital world.
www.compliancehub.wiki/cybersecurity-frontlines-recent-breaches-legal-battles-and-the-double-edged-sword-of-ai

Join us for a deep dive into the Global Threat Landscape Report 2025 by FortiGuard Labs. This episode explores the dramatic escalation in cyberattacks, revealing how adversaries are moving faster than ever, leveraging automation, commoditized tools, and AI to gain advantage. We'll shed light on the surge in automated reconnaissance, the evolving darknet ecosystem where credentials and corporate access are traded, and how AI is supercharging cybercrime through tools like FraudGPT and deepfakes. Discover the trends in exploitation volumes targeting exposed systems and IoT devices, the stealthy nature of post-exploitation tactics including lateral movement and C2, and the persistent challenges in securing cloud environments plagued by misconfigurations and identity compromise. We'll also break down the changing adversary landscape, from fragmented ransomware groups and the rise of RaaS on the darknet to the dangerous convergence of hacktivism and ransomware and the ongoing operations of state-sponsored actors. Finally, we'll discuss the critical need for organizations to shift from reactive defense to proactive Continuous Threat Exposure Management (CTEM) to counter this accelerating threat.
breached.company/navigating-the-accelerating-threat-landscape-proactive-defense-in-the-era-of-adversary-acceleration

This podcast delves into the critical insights found within the 2025 Cybersecurity Attacks Playbooks, exploring the diverse and evolving threat landscape organizations face. We examine playbooks covering threats from AI-enhanced phishing and advanced ransomware to the complexities of supply chain compromises, zero-day exploits, and AI-powered malware. We also discuss emerging threats like deepfake social engineering, quantum computing vulnerabilities, and securing IoT devices. Each episode breaks down the essential stages outlined in the playbooks for specific attacks: Preparation to build foundational defenses, Detection to identify threat indicators, Analysis to understand the attack's scope and methods, Containment/Eradication tailored to the specific threat vector, and Recovery to restore operations and resilience. Gain a deeper understanding of modern attack vectors like credential stuffing, fileless malware, rogue access points, SQL injection, steganography-based data exfiltration, and cache poisoning, as well as network attacks like homograph attacks, Denial-of-Service (DoS), and watering hole attacks, and complex infiltrations like island hopping and Advanced Persistent Threats (APTs). Tune in to learn how the playbooks guide organizations through detection, response, and the vital Lessons Learned process to continuously improve their cybersecurity posture.
www.securitycareers.help/navigating-the-2025-threat-landscape-preparing-for-and-responding-to-advanced-cyber-attacks
 

In this episode, we dive deep into the findings of the State of Pentesting Report 2025 to explore the real state of cybersecurity. Organizations may feel confident, but pentesting consistently reveals hidden, exploitable vulnerabilities that automated scanners miss. We'll uncover the most significant risks identified through human-led pentests, from common web and mobile application flaws like Server Security Misconfiguration and Missing Access Control to the rapidly emerging and uniquely challenging security issues in AI and Large Language Models (LLMs). Learn why AI/LLM tests have a significantly higher proportion of serious findings and the specific threats like Insecure Output Handling, Prompt Injection, and Unbounded Consumption. More critically, we'll address the disconnect between perceived security and reality by examining why less than half of all findings ever get resolved and how even serious vulnerabilities often remain open for months or years, far exceeding targeted SLAs. We'll explore the factors influencing this remediation struggle, including criticality, pentest type, organizational size, industry, and internal processes. Tune in to understand the critical need for a programmatic approach to offensive security and the challenges teams face in fixing what pentesters find.
 
www.securitycareers.help/beyond-the-scan-the-hidden-reality-of-unfixed-security-risks-revealed-by-pentesting-data
 

In the dynamic world of cybersecurity, professionals face constant challenges that demand adherence to strict ethical and legal guidelines. This episode delves into the key ethical and legal considerations, such as protecting individual privacy, ensuring robust data protection, maintaining confidentiality, and complying with relevant laws and regulations like GDPR and CCPA. We discuss responsible practices like vulnerability disclosure and the ethical use of cybersecurity tools. Given the ever-evolving landscape of cybersecurity threats and technologies, staying updated is not optional; it's an imperative for success. Join us as we explore why continuous education and professional development are essential strategies for cybersecurity professionals to navigate this complex terrain, adapt to emerging trends, maintain expertise, and uphold trust.
 
https://cisomarketplace.services/careers
www.securitycareers.help/building-cyber-warriors-the-imperative-of-the-evolving-cyber-professional