Security Squawk - The Business of Cybersecurity

Hosted by Bryan Hornung Reginald Andre & Randy Bryan

Technology

Website RSS feed

Episodes

276

Latest episode

Jun 2026

Language

EN-US

About the show

Security Squawk is a business podcast dedicated to helping business people fight the war against cyber criminals.

Listen to episodes

60 recent

June 16, 202640 min

The Government Just Switched Off Anthropic's AI — Plus a $1.9B AI Scam and Russia in Your Router

What happens to your business when the AI tool you rely on gets shut off overnight, not by a hacker, but by the U.S. government? Last Friday, Anthropic, the maker of Claude, pulled its two newest AI models offline within hours of a letter from Washington. This is the first time that has ever happened to a leading AI company, and it should change how every owner thinks about the tools they depend on. *Every tool you depend on is a switch someone else can flip.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week's stories for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. First up: Anthropic. The Commerce Department ordered the company to block its newest models, Fable 5 and Mythos 5, for any foreign national, citing national security. Anthropic couldn't separate who was allowed from who wasn't fast enough, so it shut the models off for everyone just six days after launching them. And the trigger reportedly wasn't a foreign spy at all. It was a warning from a competitor, Amazon, which demonstrated a way to bypass the model's safeguards. If your company has wired a critical process to a single AI vendor, you just watched how fast that capability can vanish. Next, the FBI disrupted one of the largest AI-powered scam operations ever seen. A China-based crime ring called "Outsider Enterprise" used artificial intelligence to write flawless scam texts and blasted out 2.5 million of them in two weeks while impersonating brands people trust through AT&T, T-Mobile, and Verizon. Authorities tied more than one million fake web addresses and 3.8 million stolen credit cards to the operation, with an estimated $1.9 billion in losses. The old advice to "watch for typos" is dead. These messages are clean, personal, and look exactly like the real thing. If your brand gets impersonated, your customers pay the price and your reputation takes the hit. Finally, Russia's military intelligence is hiding inside everyday routers. The group known as Fancy Bear has been quietly taking over the inexpensive routers small offices and remote workers buy off the shelf, including MikroTik, TP-Link, and Ubiquiti EdgeRouters, and using them to steal Microsoft 365 logins in transit. They even hide their commands inside normal cloud services so nothing looks suspicious. At its peak, researchers counted more than 18,000 infected connections across 120 countries. The scariest part: they steal the login token, allowing them to bypass multi-factor authentication and remain logged in even after the password is changed. Three stories. One thread. A government order, a billion-dollar scam ring, and a foreign intelligence unit all reached into technology many organizations assumed they controlled. In this episode, we discuss: • Why the government forced Anthropic to pull its newest AI models and what it means for your business • How an AI-powered crime ring scammed people out of an estimated $1.9 billion • Why the router in your closet might be working for Russian intelligence • How "restrict some" quietly becomes "shut it all off" • Why stolen login tokens can bypass your multi-factor authentication • What concentration risk means when you bet your operation on a single vendor • The Monday-morning moves that actually protect your business Security Squawk is a weekly podcast and livestream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #AI #FBI #Phishing #Smishing #FancyBear #VendorRisk #BusinessRisk #SMB #MFA

June 9, 202634 min

DentaQuest Breach Exposes 2.6 Million — and Why "Confident" Small Businesses Keep Getting Hit

Your dental plan just became your biggest security problem. DentaQuest — one of the largest dental-benefits companies in America — had the personal and health data of 2.6 million people dumped online, and almost none of those people ever chose to do business with them. If you think your own company is too careful for this, the newest numbers say otherwise. *Confidence you can't prove is just exposure wearing a smile.* Bryan Hornung and Randy Bryan break down this week's stories — for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. (Reginald Andre is out this week — back next episode.) First up: the DentaQuest breach. The extortion crew ShinyHunters stole 234 gigabytes of data, tried to shake DentaQuest down for a ransom, and when the company didn't pay, they dumped the whole thing on a leak site. Inside that pile: names, birthdates, phone numbers, Medicaid IDs, and health-insurance details on 2.6 million people. The detail that should make you angry — researchers found roughly 1.7 million Social Security numbers in a separate folder, and a large share of them appear to belong to children. A stolen kid's SSN is gold to a fraudster, because nobody checks a nine-year-old's credit for ten years. And here's the part every business owner needs to hear: most victims never picked DentaQuest at all — their employer or their state Medicaid program did. Somebody else's vendor became your breach. Then we close on the mirror. A brand-new survey of 4,400 small and mid-size businesses found that owners have never felt more secure — 68% are confident they can stop an attack, and 75% trust they can respond. The problem? 45% of them got breached in the last year anyway. The number that stops you cold: among businesses hit more than once, confidence actually went UP — to 91% in the U.S. Meanwhile two-thirds still don't turn on multi-factor authentication, and only about 17% encrypt their data — the cheap, boring controls that stop most attacks. The average breach at a company under 500 people now runs about $3.31 million. Owners are scared of sci-fi AI malware while the rip current — phishing, weak passwords, no monitoring — is the thing actually pulling them under. Two stories, one crack running through both: somebody assumed they were covered, and the assumption was the vulnerability. The fix isn't more fear or more confidence — it's proof. In this episode, we discuss: • How 2.6 million people got exposed by a company most of them never chose. • Why ShinyHunters' "pay-or-we-leak" model makes your backups useless. • Why a stolen child's Social Security number is worth more than yours. • How small businesses can feel 68% confident and still get breached 45% of the time. • Why getting hit twice somehow makes owners MORE confident — and why that's backwards. • The two cheap controls two-thirds of businesses still skip. • How to replace "I feel secure" with proof you can actually show. Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk

June 3, 202634 min

The Biggest Cybersecurity Threat Isn't Malware Anymore | NYC Hospitals, Carnival & FBI Warning

Three breaches. No malware. No zero-days. Just trust being exploited. This week on Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three major cybersecurity incidents that reveal a growing reality: attackers are increasingly targeting people, vendors, and physical access instead of technology. NYC Health + Hospitals disclosed a breach affecting 1.8 million individuals after a third-party vendor compromise exposed sensitive patient information, including fingerprints. Carnival Corporation confirmed a cyberattack impacting nearly 6 million people after attackers used social engineering to gain access through an employee account. Meanwhile, the FBI is warning law firms about criminals posing as IT personnel, physically entering offices, deploying malicious USB devices, and stealing privileged client data. These attacks didn't begin with sophisticated malware or advanced exploits. They succeeded because trust was exploited. In this episode, we discuss: • The growing risk of third-party vendor breaches • Why biometric data theft creates permanent consequences • How social engineering continues to defeat security controls • The resurgence of physical intrusion attacks • What CEOs, business owners, IT leaders, and MSPs should be evaluating right now • Why many organizations may be defending the wrong attack surface If your cybersecurity strategy focuses only on networks, endpoints, and firewalls, this episode will challenge some assumptions. Support the show: https://buymeacoffee.com/securitysquawk Subscribe for weekly executive-level cybersecurity analysis focused on business impact, operational risk, and real-world consequences. #CyberSecurity #DataBreach #Carnival #NYCHealthAndHospitals #SocialEngineering #VendorRisk #LawFirmSecurity #CyberAttack #InformationSecurity #MSP #BusinessRisk #SecuritySquawk

May 26, 202635 min

7-Eleven Hacked, 143,000 Immigration Records Exposed, FBI Quietly Takes Over From CISA

This Week's Cybersecurity Breakdown 1. CISA Shrinks While the FBI Expands Its Cyber Role The federal cyber response structure is changing in real time: CISA reportedly lost over 1,000 employees Proposed federal budget would cut another $707 million FBI IC3 received 1 million cybercrime complaints in 2025 Reported financial losses climbed to $20.9 billion Raises major questions about how businesses should think about federal cyber support going forward 2. DocketWise Breach Exposes Sensitive Immigration Data A breach at an immigration legal platform continues to grow: Attackers used valid credentials to clone a developer pipeline Victim count increased from 116,000 to more than 143,000 individuals Exposed data includes: Social Security numbers passport data tax IDs medical history Another example of trusted access becoming the attack surface 3. 7-Eleven Confirms ShinyHunters Breach The ongoing Salesforce-linked extortion campaign continues: 185,000 franchise applicants exposed 7-Eleven reportedly refused ransom demands Attackers released a 9.4 GB archive publicly Campaign has now impacted organizations including: Google Cisco Qantas Allianz Adidas TransUnion LVMH The Bottom Line The cybersecurity assumptions businesses relied on even 18 months ago are changing. Federal cyber resources are shifting Trusted vendors continue getting breached Attackers are increasingly using legitimate access instead of sophisticated exploits And many organizations are still operating under incident response plans built for a threat landscape that no longer exists. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, cybercrime, vendor risk, and executive-level cybersecurity strategy.

May 19, 202644 min

OpenAI Devices Hacked, Ozempic Supplier Offline & Change Healthcare Lawsuit

A poisoned software package compromised OpenAI employee devices before security teams could stop it. The company behind critical Ozempic injection components has been offline for weeks after a ransomware attack. And Change Healthcare is now facing another major lawsuit tied to the 2024 breach that crippled healthcare payments nationwide. Three stories. One message: Your business is now exposed to companies you don't control. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three cyber incidents that reveal how third-party trust has become one of the biggest operational risks in business today. This Week's Cybersecurity Breakdown 1. OpenAI, TanStack & the npm Supply Chain Worm A software supply chain attack spread through trusted developer ecosystems at massive speed: 42 npm packages poisoned in six minutes Malware stole GitHub tokens, AWS credentials, and CI/CD secrets OpenAI confirmed two employee devices were compromised ChatGPT Desktop, Codex App, Codex CLI, and Atlas certificates rotated Demonstrates how modern attacks now spread through trusted development infrastructure 2. West Pharmaceutical Ransomware Attack A cyberattack against a company most people have never heard of — but nearly everyone depends on: West Pharmaceutical components are used in roughly 43 billion injectable drug deliveries annually Includes Ozempic, Wegovy, insulin pens, vaccines, and hospital injectables Systems taken offline globally after ransomware deployment Manufacturing disruptions continue weeks later 3. Allied World v. Change Healthcare — The Financial Fallout Begins The legal consequences of the Change Healthcare breach are escalating: Cyber insurer Allied World filed suit seeking more than $1 million in damages Avesis operations were disrupted for roughly 90 days Root cause traced to a low-level Citrix account with no MFA Credentials were reportedly circulating on Telegram prior to the breach The Bottom Line The modern business attack surface is no longer just your company. It's: your software vendors your healthcare clearinghouses your package repositories your pharmaceutical suppliers Every trusted relationship is now a potential point of failure. And when those companies get breached, your business absorbs the consequences. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, supply chain attacks, AI threats, and executive-level cybersecurity strategy.

May 12, 202658 min

AI Built Its First Zero-Day | 275M Student Records Stolen | 90% Hidden Ransomware

A cybersecurity line just got crossed. Google has now confirmed the first known case of hackers using artificial intelligence to build a working zero-day exploit that bypasses two-factor authentication. At the same time, Instructure the company behind Canvas, used by over 9,000 schools worldwide appears to have quietly paid a ransom after ShinyHunters stole 275 million student and teacher records and defaced hundreds of school login pages. And if you think these attacks are rare, new data from BlackFog says otherwise: 90% of ransomware attacks this quarter were never publicly disclosed. Most breaches never make headlines. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three stories that reveal where cybercrime is heading next and why most organizations are less prepared than they think. This Week's Cybersecurity Breakdown 1. Canvas / Instructure Data Breach & Apparent Ransom Payment One of the largest education-sector breaches in recent memory: 275 million records allegedly stolen 3.65 TB of data taken from roughly 8,800+ schools Harvard, Stanford, Columbia, Duke, UNC, and other institutions impacted ~330 Canvas login portals defaced with ransomware messages Instructure later announced it had “reached an agreement” with attackers 2. AI Builds the First Confirmed Zero-Day Exploit Google's Threat Intelligence Group confirmed a major escalation: AI used to create a working zero-day exploit Attack specifically targeted two-factor authentication protections Signals a shift in offensive cyber capabilities previously associated with nation-state actors AI is no longer just assisting attackers it's helping build the attacks themselves 3. BlackFog Q1 2026 Report The Hidden Ransomware Crisis The public only sees a fraction of what's happening: 2,160 undisclosed ransomware attacks vs. 264 disclosed Only 1 in 9 attacks becomes public Average ransom demands surpassed $1 million Data stolen in 96% of incidents before encryption Backups alone are no longer enough The Bottom Line Cybersecurity is entering a new phase. AI is accelerating offensive capabilities Ransomware groups are operating in the shadows And organizations are quietly paying attackers to keep breaches out of public view This isn't just a technology problem anymore. It's an operational reality every business leader needs to understand. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, cybercrime, AI threats, and executive-level cybersecurity strategy.

May 5, 202641 min

TSYS Ransomware Attack, Canvas Data Breach & HIPAA Security Failures Explained

A major U.S. payment processor just got hit by ransomware, again. TSYS, one of the largest payment processors in the country, has been attacked by the Everest ransomware group for the second time in five years. Industry experts warned this was coming. It happened anyway. At the same time, ShinyHunters claims it stole 275 million records from Instructure, the company behind Canvas, the learning platform used by over 9,000 schools. Names, student IDs, and billions of private messages between students and teachers are now at risk. And in healthcare, regulators just fined four companies $1.165 million for ransomware-related failures, not because they were hacked, but because they ignored basic security requirements that have been in place since 2003. In one case, attackers sat inside a network for 16 months undetected. These aren't advanced attacks. These are failures to do the fundamentals. This Week's Cybersecurity Breakdown 1. TSYS Ransomware Attack (Everest Group) A repeat breach at a major payment processor: Systems encrypted and data exfiltrated Second major incident in five years Also impacts Fiserv Raises serious questions about systemic risk in payment infrastructure 2. Instructure / Canvas Data Breach (ShinyHunters) Massive education sector exposure: 275 million records allegedly stolen Student data, IDs, and private communications compromised Root cause: Salesforce misconfiguration Potential impact across 9,000+ schools 3. HHS HIPAA Fines for Ransomware Failures Regulatory enforcement is accelerating: $1.165 million in fines across four companies Failure to complete required security risk assessments One breach went undetected for 16 months OCR has now completed 19 ransomware investigations with the same pattern The Bottom Line These attacks aren't breaking through defenses. They're walking through doors that were never closed. Misconfigurations Missing risk assessments Known vulnerabilities left unpatched This isn't a technology problem. It's an execution problem. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware attacks, and executive-level security insights.

April 28, 202641 min

Hackers Use Microsoft Teams to Break In - VPN Ransomware Surge - KPMG 2026 Warning

A new type of cyberattack is bypassing every security tool you've invested in — and it starts with a simple Microsoft Teams message. No malware. No exploit. No zero-day. Just someone pretending to be IT support. At the same time, new data shows 73% of ransomware attacks are now entering through VPNs, and small businesses are absorbing an average of $422,000 per incident. Meanwhile, KPMG just released its 8 cybersecurity priorities for 2026, sending a clear message to executives: the biggest risk isn't technology — it's leadership. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three critical developments every business leader needs to understand right now. This Week's Cybersecurity Breakdown 1. Microsoft Teams Hack (UNC6692 Attack Campaign) Hackers are impersonating IT support inside Microsoft Teams to gain access to enterprise environments. No software vulnerability exploited Targets C-suite and senior leadership (77% of victims) Uses legitimate platforms like AWS and Heroku to evade detection 2. VPNs Are Now the Front Door for Ransomware (At-Bay 2026 Report) New insurance data reveals a sharp increase in ransomware attacks targeting VPN infrastructure: 73% of attacks originate through VPNs 60% of victims had EDR deployed — and still got hit SonicWall vulnerabilities linked to a significant percentage of attacks Average loss: $422,000 for SMBs 3. KPMG's 8 Cybersecurity Priorities for 2026 A strategic warning for boards, CEOs, and executives: AI is now an attack surface Non-human identities (APIs, service accounts) are a major blind spot Supply chain attacks are becoming the primary entry point Cybersecurity is no longer an IT issue — it's a leadership responsibility The Bottom Line The biggest cybersecurity gap today isn't technical. It's leadership. You can't patch employee trust You can't rely on tools without oversight You can't delegate cyber risk and expect protection If you're running a business, this is required awareness. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware trends, and executive-level security insights.

April 21, 202640 min

Frost & Citizens Bank Ransomware | ShinyHunters Hit Zara, Carnival & 7-Eleven | Vercel Breach

The Everest ransomware group claims it has stolen 250,000+ Social Security Numbers and 3.4 million banking records from Frost Bank and Citizens Bank — and the leak countdown is already ticking. At the same time, ShinyHunters just executed coordinated attacks on Zara, Carnival, and 7-Eleven, while a Vercel breach tied to a compromised AI tool exposed how a single employee action can trigger a multi-million dollar data incident. This isn't theoretical cybersecurity risk — this is happening right now, and it directly impacts your business, your customers, and your exposure to AI-driven threats. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three major cyberattacks shaping the current threat landscape — and what leaders need to understand immediately. This Week's Cybersecurity Breakdown 1. ShinyHunters Cyberattacks (Zara, Carnival, 7-Eleven) One of the most aggressive data breach groups in the world targeted three global brands with a pay-or-leak ultimatum. Carnival: 8.7 million customer records stolen 7-Eleven: 600,000+ Salesforce records compromised Zara: breach originated through third-party vendor Anodot with cloud access 2. Everest Ransomware Attack (Frost Bank & Citizens Bank) A high-impact ransomware operation targeting major U.S. financial institutions: 380+ GB of stolen data posted to a dark web extortion site Includes SSNs, banking data, and unencrypted credit card numbers with CVVs Raises serious questions about data security standards in 2026 3. Vercel Data Breach via AI Tool (Context.ai) A textbook example of modern attack vectors: A single employee connected a compromised AI tool with “Allow All” permissions Attackers gained access to internal systems and are now selling the data for $2 million Highlights the growing risk of AI integrations in enterprise environments Why This Matters These incidents expose three critical realities: Third-party vendors are now primary attack surfaces Ransomware groups are escalating speed and scale AI tools are introducing new, poorly understood security risks If you run a business, manage IT, or rely on cloud platforms — this is required awareness. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of real-world cyber threats, ransomware attacks, and security leadership insights.

April 14, 202649 min

80 Banks Breached via Marquis Software Vendor Chain

A ransomware attack on one software vendor exposed 823,000 people's Social Security numbers and bank account data across 80 community banks — and those banks didn't find out for 74 days. That's just one of three stories on today's Security Squawk that show exactly how the vendor trust chain is failing businesses right now. Bryan, Randy, and Reginald break down: a brand-new extortion crew called UNC6783 that's been hitting "several dozen" high-value corporations — including an alleged Adobe breach of 13 million support tickets — by breaking into their outsourced call centers and help desks instead of the companies themselves. Then Microsoft's new research on the Medusa ransomware group (tracked as Storm-1175), which is exploiting zero-day vulnerabilities before patches even exist and can go from initial access to full ransomware deployment in under 24 hours. And finally, the full Marquis Software story: a fintech vendor breach that cascaded through 80 community banks, led to a ransom payment, and ended with Marquis suing their own firewall vendor SonicWall for gross negligence while defending 36+ consumer class action lawsuits. If you trust vendors with your customer data — and you do — this episode is about what happens when that trust gets broken.