Scinary Information Nexus

Welcome back to the Scinary Information Nexus! Pour yourself some mead (or a Texas ale) and join the crew as we tackle some heavy cybersecurity news hitting the K-12 and higher-ed worlds. This week, Richard Martin, Brazos Wortham, Joseph Hamilton, and Mario Ortiz break down the fallout from the Instructure (Canvas) breach. Threat group Shiny Hunters reportedly exploited a cross-site scripting vulnerability, leading to a massive, undisclosed ransom payment. Now, school districts are stuck in a regulatory nightmare: how do you report a breach when you don't even know what student data was compromised? We also talk about the debate over state bans on Chinese-owned technology like Lenovo. While Texas Cyber Command maintains a strict Prohibited Technologies list for state agencies, Lenovo currently remains unbanned despite federal security warnings. We look at the reality of outright hardware bans versus just blocking network traffic. Plus, we clear up the dangerous confusion between Lenovo-owned Motorola Mobility and American-owned Motorola Solutions (which emergency services use). Expanding these state mandates could be a devastating financial hit to public schools already dealing with budget deficits. In this episode, we discuss: How Shiny Hunters breached Instructure via a "Free for Teacher" account The regulatory nightmare of reporting K-12 data breaches Why easily guessable passwords make brute-forcing simple Texas Cyber Command's recent updates to the Prohibited Technologies list The danger of banning network domains instead of replacing vulnerable hardware Why confusing Motorola Mobility with Motorola Solutions could panic police and emergency services How state mandates impact independent school districts that are already struggling Does the state's approach to cybersecurity actually make schools less secure? Let us know your thoughts in the comments! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ 00:00 Intro 02:15 The Canvas Ransomware Breach 34:15 Texas Cyber Command's Lenovo Ban Cybersecurity #InfoSec #Ransomware #EdTech #TxRamp

Welcome back to the Scinary Information Nexus! We kick off a rainy Texas Friday with some Blackberry Melomel from Texas Meadworks and a little banter before getting into some wild government tech news. This week, Richard, Joseph, Mario, and Brazos break down some highly unusual, militaristic solicitations from the newly formed Texas Cyber Command. What does it mean to establish "operational maneuver" or take back "sovereign IP terrain"? We translate the military jargon into standard cybersecurity terms and look at the reality of this massive, $100+ million project to build a centralized data lake for state endpoints. We talk through the privacy concerns, the "honeypot" risk of building a single massive data repository, and whether mega-contractors like Palantir are the real winners. Later, we look at the open-source supply chain hacks hitting platforms like NPM, PyPI, and Docker Hub. We discuss how malicious package updates quietly scrape API keys, the conspiracy theories behind Team PCP, and why the trend of vibe coding makes dependency management more dangerous than ever. If you're a developer, you might want to double-check what you're deploying. In this episode: Tasting Texas Meadworks Blackberry Melomel Decoding Texas Cyber Command's aggressive solicitations The reality of the estimated $100M+ state data lake and endpoint logging RFP The privacy implications and honeypot risks of a centralized state cybersecurity solution How open-source supply chain attacks on Docker Hub, PyPI, and NPM work Why AI-assisted vibe coding creates a dependency management nightmare The urgent need for developers to fork and audit dependencies Drop your thoughts in the comments: are centralized government data lakes a security necessity or a massive privacy risk? Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #VibeCoding #OpenSource

Welcome back to Scinary Information Nexus! Pierre Vivoni steps in for Brazos this week, joining Mario Ortiz and Richard Martin. We start things off with a mystery brew, react to some wild comments from last week, and share a field trip story involving pawn shop laptops, OSINT, and the surprising power of BitLocker. We also talk about "techno-feudalism" and the massive power held by tech monopolies. We cover the influence of the PayPal Mafia, Palantir's ties to the DoD, and how AI companies hoarding hardware are driving up SSD and RAM costs. Plus, we look at the backlash against Microsoft's AI tools acting like telemetry spyware and reports of open-source models secretly exfiltrating data. Later, we get into why so many people still think "the cloud" is magic, and why relentless tech marketing is to blame for disconnecting the public from basic IT realities. We finish out the episode talking about free will and weekend plans involving OPNsense routers. In this episode, we discuss: Pawn shop forensics: What happens when you try to crack un-wiped laptops? Why BitLocker is surprisingly effective against unauthorized access The PayPal Mafia and Palantir's deep connections to government infrastructure How AI hardware hoarding is driving up the price of SSDs and RAM Reports of deceptive open-source projects secretly exfiltrating data Why tech marketing wants you to think the internet is magic Upgrading home networks with OPNsense firewalls Do you think tech marketing is intentionally misleading consumers? Let us know in the comments! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #OSINT #OPNsense #ThreatIntel

Welcome back to the Scinary Information Nexus! This week, Richard, Joseph, Brazos, and Hunter kick things off with a look at a recent CISA advisory about Iranian threat actors targeting U.S. critical infrastructure. We break down the reality of operational technology (OT) vulnerabilities. Even though nation-state attacks are increasing, the root causes are usually the same: unpatched legacy systems, exposed PLCs, and missing MFA. Then, we get into some cybersecurity conspiracy theories. The crew talks about the "Death of the Internet" driven by AI bots, the FCC's push for U.S.-assembled networking equipment, and the third-party doctrine. Under this doctrine, tech giants can legally hand over your user data to the government without a warrant. We also ask the real questions: Are all EDR platforms just secret government backdoors? From modern tech surveillance to the Snowden leaks, we talk about what it actually takes to maintain online privacy today, or if going totally off-grid is the only option left. Topics covered: The latest CISA advisory on Iranian actors hitting critical infrastructure Why patching and MFA are still failing in OT environments Conspiracy theories: AI bots and the "Death of the Internet" FCC restrictions on foreign routers and supply chain realities How the third-party doctrine bypasses your Fourth Amendment protections Are EDR platforms actually government backdoors? Modern surveillance and escaping the grid Is it still possible to maintain your online privacy, or is going off-grid the only option? Let us know your thoughts in the comments below! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ 00:00 Intro 01:45 CISA Advisory & Infrastructure Threats 24:25 Conspiracy Theories: Death of the Internet 28:00 Router Bans & Supply Chain Realities 36:00 Third-Party Doctrine & Digital Privacy 43:55 Are EDR Platforms Government Backdoors? 48:10 Escaping the Grid & Tech Surveillance Cybersecurity #InfoSec #Privacy #EDR #Surveillance #Hacking #CISA #SupplyChain

Welcome back to the Scinary Information Nexus! Settle in, because we have a massive week of cybersecurity news to unpack covering bizarre arrests, cloud nightmares, and inside threats. This week, Richard, Joseph, Mario, and Brazos kick things off with the breaking overnight news: a Supermicro co-founder has been arrested for allegedly smuggling $2.5 billion in Nvidia GPUs to China. We debate the real motives - was it just about the money, or is there a deeper, darker reason behind the black market hustle? Then, we revisit the devastating Stryker attack. The team uncovers how the threat actors didn't use crazy malware to wipe the devices, but instead bypassed MFA and simply used a built-in Microsoft Intune feature to destroy the network. We discuss why a "two-key" admin approval system is desperately needed. Finally, we share a terrifying real-world case study we're actively working on: A K-12 school had their entire Google Workspace completely deleted by Google without warning. After a super admin account was compromised to send bulk spam, Google's automated systems nuked the domain—leaving the school completely locked out of email and Drive. In this episode, we discuss: The $2.5 Billion Super Micro scandal: Smuggling GPUs to China. The Stryker Attack: How attackers used Microsoft Intune against them. The desperate need for multi-admin approval in cloud environments. Social Engineering in action: Brazos’s run-in with a fake sheriff. The Google Workspace Nightmare: What happens when an automated system permanently deletes your domain. The dangerous illusion of the "Shared Responsibility" cloud model. Could your entire infrastructure be wiped by a single rogue button? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #Podcast #TechNews

Welcome back to the Scinary Information Nexus! After a category 4 hangover (and some failed attempts to lock him out), Richard is back in the studio with the team to discuss a massive development in critical infrastructure security. This week, we are breaking down the devastating cyberattack on Stryker, a major medical device manufacturer. After an Iranian-backed hacktivist group triggered a catastrophic breach, 70 global offices were shut down and 20,000 machines were wiped. We discuss why Stryker was targeted, the brutal reality of employees having their personal cell phones completely wiped via the company's MDM, and the terrifying differences between financial ransomware gangs and nation-state actors bent purely on destruction. Plus, Mario and the team dive into live stock market tracking to uncover a highly suspicious multi-million dollar stock dump by insiders just weeks before the attack. Was it a coincidence, or the ultimate insider threat? In this episode, we discuss: The Stryker Breach: How Iranian hacktivists took down 20,000 machines globally. BYOD Nightmare: Why connecting your personal phone to company portals can result in total data loss. Cyber Warfare Motives: Sabotage and defacement vs. financial extortion. The "Radicalization Pipeline": How terrorist groups grow (explained via Taylor Swift and Sex and the City fans). Live Conspiracy Theory: Tracking massive insider stock sell-offs right before the breach. A quick teaser for next week's highly anticipated Google discussion. If a nation-state decides your company is their next target, do you stand a chance? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #Stryker #Hacktivism #DataBreach #InfoSec

Welcome back to the Scinary Information Nexus! The inmates are running the asylum this week as Richard steps out, leaving Brazos, Joseph, Hunter, and Mario to take the wheel. With all four of the guys having acted as Security Operations Center (SOC) Managers at some point in their careers, the team leverages their shared history to pull back the curtain on what it really takes to run a true SOC. The team kicks things off by calling out "reseller" SOCs that rely purely on automated ticket generation, detailing why immediate human action and response times are critical when the defecation meets the oscillation. We also tackle the elephant in the room: AI. Is it a silver bullet that will replace an analyst, or just an expensive tool running on limited context? Later, the guys debate the merits of hiring generalist analysts versus specialized experts, sharing how correlating data across multiple platforms creates true defense-in-depth. Finally, we offer invaluable, realistic advice for anyone trying to break into the cybersecurity field, and close out by revealing the absolute hardest parts of being a manager. In this episode, we discuss: The Fake SOC Epidemic: What defines a "Real" SOC vs. a reseller rebundling alerts. Why AI won't replace human analysts (and why its lack of context leaves you vulnerable). The "Jack of All Trades" vs. Specialist Analyst debate: Which is better? Breaking into the Industry: Why a home lab, networking, and a degree are still critical. Why soft skills and report writing are the most underrated skills in IT. The absolute hardest parts of managing a SOC, from fighting complacency to avoiding alert fatigue. Want to know what it really takes to secure a network? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InformationSecurity #TechPodcast #InfoSec #CareerAdvice #Homelab

Welcome back to the Scinary Information Nexus! Richard, Joseph, and Brazos are back in the studio (with Richard’s mic volume officially audited and validated) to tackle a massive topic for the K-12 sector: E-Rate funding. This week, we are joined by special guest Ginnie Harwood, founder of Bespoke Consulting and a veteran of the EdTech and E-Rate space. Ginnie walks us through the 30-year evolution of the FCC’s E-Rate program, jumping from 1996 phone lines to modern-day cloud networks. We pull back the curtain on the competitive bidding process, discussing how some vendors "game the system" by writing hyper-specific RFPs to lock out the competition, and the headache of cost-allocating firewall hardware from its cybersecurity licensing. The crew naturally pivots to the FCC's new $200M Cybersecurity Pilot Program. Is it actually helping the small, rural schools that need it the most, or are massive 150,000-student districts swooping in to claim the cash? In this episode, we discuss: Ginnie’s journey from selling fiber optics to building massive E-Rate consulting departments. The mechanics of E-Rate, USAC, and the Universal Service Fund tax. The "Rigged RFP": How vendors legally edge out competition during the bidding process. The nightmare of hardware vs. licensing: Why firewalls are funded, but UTM isn't. The FCC $200M Cybersecurity Pilot Program: The good, the bad, and the controversies. ECF, COVID-19 connectivity, and pallets of fully-funded Chromebooks. Why E-Rate compliance isn't just about cost - it's about knowing the gray areas. Are the federal funds actually leveling the playing field for education? Let's discuss. Connect with Ginnie Harwood & Bespoke Consulting: https://www.bespokeconsulting.net Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ cybersecurity #edtech #fcc #informationsecurity #infosec

Welcome back to the Scinary Information Nexus! After last week's lost episode (thanks to some corrupted files), Richard, Joseph, Mario, and Hunter are back in the studio-while Brazos is off spreading the good word in Tennessee. This week, the team tackles "Alert Fatigue." If your Security Operations Center (SOC) is blasting you with a thousand alerts a day, are you actually secure, or are you just being conditioned to ignore the warning sirens? We dive into the philosophy behind how Scinary built its SOC, the difference between "Alert Fatigue" and "Data Fatigue," and why picking up the phone to talk to your IT director is sometimes the best cybersecurity tool you can have. Then, the guys drop the hammer on private equity firms and the "enshittification" of corporate tech. From Tenable (Nessus) quietly hiding web application plugins behind an exorbitant paywall, to Ivanti gutting their engineering teams right before suffering catastrophic VPN vulnerabilities, the truth about corporate cybersecurity might make your blood boil. Plus, stick around for the end as the guys recount a hilarious team outing in Waco involving terrible hotdogs, a brutally fast chess match, and a trip to Benny's Hog Shed. In this episode, we discuss: Alert Fatigue vs. Data Fatigue: What's the difference? Why Scinary refuses to be a "black box" SOC. The nightmare scenario of a student configuring "Shadow IT" environments. Enshittification: How private equity is ruining security tools. Tenable's secret paywalls and our search for OpenVAS alternatives. Why CISA ordered federal agencies to rip out Ivanti VPNs. Team building in Waco: Wienerschnitzel regrets and chess dismantling. Are you worn out by your security alerts? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ AlertFatigue #Cybersecurity #InfoSec #Tenable #Nessus #Ivanti #PrivateEquity #SOC #CybersecurityPodcast #ThreatHunting

We start off with Richard, Mario, Brazos, and Joseph covering some heartwarming news about the Central Texas Cyber Hub and some heart-wrenching news about the current state of the AI stock market bubble. Then, things went off the rails. After a discussion that was slightly too controversial for the internet (involving decrypted redactions), we had to cut the feed. Blocking out the "glitch," we pick up on Day 2 where Mario has been replaced by Pierre Vivoni ("It wasn't a government coverup, we swear"). Pierre helps us break down one of the wildest misconfigurations we've seen in a while: a Domain Controller "rawdogging" the internet. This leads to a deep dive into the realities of working in a SOC, why "make it work" culture creates security nightmares, and the dystopian rise of Flock cameras and mass surveillance. In this chaotic episode, we discuss: Education: Bringing cybersecurity to rural schools in Marlin, TX. Finance Corner: Why the AI bubble is deflating (and Richard's failed gold investments). The Incident: Finding a Domain Controller with a public IP address (and Pierre's legendary quote). SOC Reality: Why cybersecurity is 90% logs and 10% adrenaline (sorry, Hollywood). Surveillance: The rise of Flock cameras, license plate readers, and the "Cheetos bag gun" detection failure. Privacy Hypocrisy: Why are we banning TikTok but allowing private companies to build nationwide surveillance networks? Don't forget to like, subscribe, and let us know in the comments if you think Mario is actually in a government black site. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ cybersecurity #infosec #aibubble #techstocks #surveillance #privacy #networksecurity #podcast

Welcome back to the Scinary Information Nexus! It's a breakfast stout kind of morning as Richard, Brazos, Mario, and Joseph sit down to tackle the latest news coming out of the Texas Governor's office and a heavy topic that plagues our industry. First up, we discuss the expanded list of prohibited technologies for Texas state agencies. From TP-Link routers to shopping apps like Temu and Shein, the state is cracking down on Chinese-affiliated tech. But is this actually securing our data, or is it just "privacy theater" while data brokers still sell our info to the highest bidder? Then, we get real about Burnout. The team shares personal, unfiltered stories about the toll this industry takes-including the infamous "Air Conditioner Incident," the feeling of "Hot Brain," and why so many IT professionals fantasize about quitting to become restaurant managers. We discuss the difference between "Burnout of Love" (obsession) vs. emotional exhaustion, and how to survive through rest, delegation, and disconnecting. In this episode, we discuss: Texas Executive Order: Banning TP-Link, Temu, and Chinese AI. Why banning TikTok doesn't necessarily solve the data privacy problem. The financial burden of "Rip and Replace" for underfunded schools and local governments. Defining Burnout: When you'd rather end up in the hospital than go to work. The "Air Conditioner Incident": A lesson in leadership and stress. "Hot Brain" and Data Fatigue during internal assessments. How to survive: The importance of hobbies that have nothing to do with screens. Why Richard believes what we do truly matters. Are you feeling the IT burnout? Let us know in the comments how you cope. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ cybersecurity #burnout #mentalhealth #privacy #infosec #podcast

This week, Richard, Brazos, Mario, and Joe tear apart the red tape of NIST 800-53, CIS Controls, and state-mandated audits. We discuss the disconnect between legislators in the capital and the reality of a one-person IT department in a small school district. We also address the "Tech Support Brain" vs. "Auditor Brain" phenomenon and answer the burning question: Should you fudge your numbers to avoid looking bad on a state report? (Spoiler: No, and here is why). Plus, we reveal the "Malicious Compliance" strategy - how to use a low compliance score to force your board to finally sign that check for the tools you need. In this episode, we discuss: The absurdity of "one-size-fits-all" government mandates. Why NIST and CIS controls often fail small organizations. The temptation to lie on self-assessments (and why you shouldn't). "Auditor Brain": Dealing with compliance officers who don't understand tech. Strategic Failure: How to use a bad score to get more budget. The Scinary "10 Commandments" of controls. Also... do golden toilets actually have better Wi-Fi? If you are drowning in paperwork and compliance checklists, this episode is for you. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/

From Amazon to Apple, Big Tech is pouring trillions into infrastructure, but who is actually paying the price? The team breaks down how these massive facilities are straining limits on the Texas power grid and consuming alarming amounts of local water - all while residential energy costs skyrocket by 73%. We also discuss why PC gamers and tech enthusiasts are about to suffer as GPU and RAM prices surge due to AI demand. Then, Brazos and Joseph put their investigator hats on. They perform a deep-dive OSINT (Open Source Intelligence) look into "Infrakey" - a company buying up land in Lacy Lakeview, Texas. They uncover a web of shell companies, law firms, and questionable filings that suggest there's more to these land deals than meets the eye. In this episode, we discuss: The "ET STAY HOME" Review: Is it beer or juice? The Trillion Dollar Bet: Why Big Tech is panicked about AI infrastructure. The Utility Crisis: How data centers drain local water aquifers and spike electric bills. Hardware Inflation: Why 32GB of RAM costs 5x what it did last year. Local Corruption?: The controversy of the Lacy Lakeview city council vote. Investigation: Who is behind "Infrakey" and where is the money coming from? The "Lawnmower in the Living Room": Noise pollution and imminent domain fears. Are data centers a boom for the economy or a drain on the community? Let us know your thoughts in the comments. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/

Happy New Year! We made it to 2026 (barely). The Scinary team invites you to the first episode of the year. After recovering from the annual management dinner, Richard, Brazos, Joseph, and Mario crack open some Czech beers and the "Quadfather" to lay out their boldest predictions for the cybersecurity landscape in 2026. We move past the hype to discuss what keeps us up at night: From the inevitable "Log4j" moment for Artificial Intelligence to the crumbling state of cybersecurity insurance. Is the industry about to stop writing policies altogether? We also dive into the economics of tech. Brazos breaks down why the AI market looks suspiciously like the Dot-com bubble (with some Enron vibes thrown in) and why it might finally burst this year. In this episode, we discuss: The "AI Log4j" Prediction: Will a prompt injection attack backdoor everything? Why Microsoft is forcing Copilot on you whether you want it or not. The End of Insurance: Why carriers might stop writing cyber policies in 2026. Ransomware Theory: Did insurance companies actually cause the spike in ransom demands? Critical Infrastructure: Why Richard predicts a major water plant or grid attack this year. "Pig Butchering" Scams: It’s not what you think it is. The AI Economic Bubble: Round-tripping revenue, Nvidia, and the looming market correction. Privacy in 2026: Why smart TVs and appliances are making privacy a thing of the past. Are our predictions too cynical, or are we right on the money? Let us know in the comments! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #2026Predictions #AIBubble #TechNews #Infosec #Ransomware #CyberInsurance #Nvidia #ScinaryNexus #Podcast

We start by roasting ourselves with a look back at the best (and worst) podcast moments of the year, from the "Wayne's East Texas Hog Farming" bit to the time Richard almost died drinking Jalapeno Mead on air. We also share the behind-the-scenes chaos of our travel vlog to Illinois and the team's unfortunate luck with deer collisions in Waco. Then, we get down to business. The team discusses the evolution of Scinary's tech stack this year, specifically the launch of Scinary Connect (XDR) and why the rollout was a "beta within a beta." Pierre breaks down the switch to "Firewall Health Checks" and the common misconfigurations he's finding in Fortigate setups across the state. Finally, we look ahead to 2026: New integrations with SonicWall and Palo Alto, the Central Texas Cyber Hub initiative for K-12 students, and Richard’s crusade to build the perfect Backup & Recovery solution. In this episode, we discuss: The "Jalapeno Mead" Incident: Reliving our favorite podcast clips. Travel Nightmares: The Illinois Vlog and hitting deer in Texas. The evolution of Scinary Connect: Bringing XDR and FortiGate logs together. Why we launched "Block-as-a-Service" for firewalls. Firewall Health Checks: Why "Default Accept" rules are still haunting us. The Central Texas Cyber Hub: Giving rural K-12 students a shot at a cyber career. 2026 Roadmap: Why Backup & Recovery is our next big target. A final security tip: If you don't need the network this holiday, UNPLUG IT. Check out our upcoming webinar "Default to Hacked" on Dec 17th! https://webinar.zoho.com/meeting/register?sessionId=1034168403 Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #YearInReview

Welcome back to the Scinary Information Nexus! After Richard lost all his wisdom (literally, from a wisdom tooth removal) and with Joseph Hamilton out celebrating the birth of his new baby boy, the team is back to tackle corruption and controversy in the cybersecurity industry. First, the guys break down the shocking federal indictment of cybersecurity insiders—including ransomware negotiators and incident response managers from major firms—for allegedly colluding with the Black Cat (ALPHV) ransomware group. Is this an anomaly, or a sign of a much deeper problem within the cyber insurance and incident response world? We discuss the fraud triangle and the troubling incentives at play. Then, we dive headfirst into the main event: "AI Slop." Richard, Mario, Pierre, and Brazos pull apart the now-deleted research paper from MIT and vendor Safe Security that falsely claims "80% of ransomware attacks are AI-driven." Citing research from Kevin Beaumont and Marcus Hutchins, they expose how this marketing piece, disguised as academic research, uses defunct malware groups and nonsensical data to create a problem that only the vendor can solve. In this episode, we discuss: The Black Cat Indictment: When your ransomware negotiators are in on the scam. How the "Fraud Triangle" (Motive, Opportunity, Rationale) explains insider threats. Deconstructing the MIT & Safe Security "AI Slop" research paper. Why the "80% AI-driven ransomware" claim is pure nonsense. How defunct malware like Emotet ended up in a 2025 AI study. The danger of prestigious institutions lending their credibility to marketing stunts. Thoughts on a dentist who is also a certified "Whiskey Master" (thanks to our sponsor, Greg Babbitt!). Has the AI hype bubble reached the point where our most trusted institutions are selling snake oil? Let's get into it. A huge thank you to Greg Babbitt for sponsoring this week's episode with a fantastic bottle of Wild Turkey Kentucky Spirit! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #Ransomware #InsiderThreat #BlackCat #AI #ArtificialIntelligence #MIT #CyberScam #InfoSec #CybersecurityPodcast

Welcome back to a very spooky Scinary Information Nexus! Richard, Joseph, Tye, and Hunter are in full costume for this Halloween special to discuss a truly terrifying event: the day the internet broke. This week, the team tackles the massive AWS outage that took down services from Microsoft to your smart home devices. We break down the technical jargon to explain the "race condition" that caused a critical DNS failure and explore the cascade effect that left companies scrambling. Why were multi-billion dollar firms operating without a failover plan? We also share some of the hilarious real-world consequences, like smart beds trapping their owners in a heated, upright position. Then, we revisit the massive Salesforce data breach with a frightening new update: the threat group "Scattered Lapsus$ Hunters" has leaked data belonging to personnel from the Department of Defense, DHS, ICE, and other critical US government agencies. This leads to a larger discussion on the fragility of our digital world. In this episode, we discuss: The technical cause of the AWS outage: What is a DNS "race condition"? Why competitors like Microsoft were also taken offline. The critical debate: Are we prioritizing efficiency over resiliency? Hilarious IoT failures: When your smart bed turns against you. Update on the Salesforce Breach: US Government data now exposed. The danger of monopolies: How AWS, Google, and AT&T create single points of failure. The importance of having an analog (pen and paper) backup plan. Is our critical infrastructure built on a house of cards? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/

This week on the Scinary Information Nexus, we are honored to welcome a very special guest: Lieutenant Colonel Steven Beseda, United States Army (Retired). With a deep background in both armored forces and Information Operations, Colonel Beseda joins Richard, Brazos, and John to pull back the curtain on the modern battlefield. Forget everything you think you know about traditional warfare. We break down the crucial difference between misinformation and disinformation, exploring how state actors like Russia use it to shape narratives at home and abroad. Using fascinating historical examples-from General Schwarzkopf's classic deception operation in Desert Storm to the unprecedented OSINT (Open-Source Intelligence) coming out of the Ukraine war-we reveal how information has become a primary weapon. The conversation then focuses on one of the world's most critical flashpoints: Taiwan. How is China using information warfare to prep the battlespace and undermine Taiwanese and U.S. resolve? And how does the global reliance on Taiwan's semiconductor industry play into this new era of conflict? In this episode, we discuss: Misinformation vs. Disinformation: A military definition you need to know. Deception Operations: How the U.S. military fooled Saddam Hussein. The Russia-Ukraine War as a live-fire information warfare laboratory. The strategic use of OSINT and platforms like Telegram in modern conflicts. China's doctrine to win without fighting by targeting Taiwan's cognitive space. The shift from Nuclear MAD to a new "Cyber MAD" (Mutually Assured Destruction). The vulnerability of U.S. critical infrastructure to Chinese technology. Soft Power & Economic Warfare: China's "Belt and Road" initiative. Is the next world war one that will be fought not with soldiers and tanks, but with keyboards and data streams? Let's get into it. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ CyberWarfare #Disinformation #InformationWarfare #MilitaryStrategy #China #Taiwan #USArmy #Cybersecurity #OSINT #Geopolitics

Welcome back to the Scinary Information Nexus! This week, we're joined by a special guest from the educational front lines, Greg Babbitt, the Technology Director at Palmer ISD, for a packed episode you can't afford to miss. First, we tackle one of the biggest stories of the year: the Salesforce breach. Richard, Brazos, and Joseph break down how the "Scattered Lapsus Hunters" allegedly compromised giants like Disney, Home Depot, and Google through sophisticated OAuth and API attacks. We discuss the billion-dollar ransom, the responsibility of SaaS providers, and what this means for every company that entrusts their data to a third party. Then, with Greg's expertise, we dive deep into the unique cybersecurity landscape of K-12 education. We explore why the biggest threat is often the human element inside the network and discuss the immense challenges of vetting and securing countless third-party apps and services-from bus routing software to Google Workspace. It's a candid look at the real-world tightrope walk between security, usability, and budget that every school district faces. In this episode, we discuss: The Salesforce Breach: How OAuth tokens and API keys led to a potential catastrophe. The "Scattered Lapsis Hunters" and their tactics. Why companies like Disney can't just blame their vendors. The C-Suite conversation: Communicating reputational risk to non-technical leadership. The "Human Element": Why training isn't enough to stop phishing. Third-Party Risk in K-12: What happens when you have no leverage over your vendors? The "Free" Trap: Uncovering the hidden security costs of Google Workspace for Education. The importance of a "no-blame" culture when security incidents happen. Is your organization truly prepared for the risks buried in your supply chain and your own hallways? Let's get into it. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #Salesforce #DataBreach #K12 #EdTech #InfoSec #ThirdPartyRisk #CybersecurityPodcast #Education #Phishing

Welcome back to the Scinary Information Nexus! This week, we have a very special guest: Daniel Hamilton, a 38-year veteran of the broadcast industry, drone program administrator, and Joseph's dad! Richard, Mario, and Joseph sit down with Daniel to discuss the massive technological changes happening just behind your TV screen. We're talking about ATSC 3.0, or "NextGen TV," the new broadcast standard poised to turn free over-the-air television into a data-driven powerhouse. Learn how your viewing habits could soon be correlated with your online searches to deliver hyper-targeted ads, and what this IP-based system means for your privacy and cybersecurity. Could a hijacked broadcast signal one day be used to push malware directly to your smart TV? Then, the conversation takes to the skies as we tackle the U.S. government's impending ban on Chinese-made drones. As an administrator for a fleet of nearly 500 drones, Daniel gives us a frontline report on the chaos this policy is causing. We break down why this move feels like political theater, cripples industries from journalism to agriculture, and ignores the bigger national security picture of where our technology REALLY comes from. In this episode, we discuss: What is ATSC 3.0 and how will it change "free" TV forever? The end of anonymity: How broadcasters will track what you watch. Geo-targeting alerts: Ending "alert fatigue" during severe weather. The new cybersecurity risks of IP-connected broadcasting. The government's ban on Chinese drones (DJI) and its real-world impact. Why American-made drone alternatives aren't ready to fill the gap. The hypocrisy: Banning consumer drones while critical infrastructure runs on Chinese chips. Will your next drone cost you $25,000? Is a "smarter" TV worth giving up another layer of your personal data? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ NextGenTV #ATSC3 #Cybersecurity #Privacy #DroneBan #DJI #Broadcast #InfoSec #CybersecurityPodcast #NationalSecurity

This week on the Scinary Information Nexus, we're joined by a special guest, Eyal Benishti, the CEO of our email security partner, Ironscales! Richard, Brazos, Joseph, and John sit down with Eyal to discuss the massive shifts in the threat landscape, from the early days of obvious malware attachments (Phishing 1.0) to the sophisticated social engineering attacks that plague businesses today (Phishing 2.0). But the real focus is on the future: What is "Phishing 3.0"? Eyal breaks down how generative AI, deepfake voice and video, and prompt injection attacks are creating a new reality where phishing is no longer confined to email. We explore how attackers are using tools like Teams, Slack, and other communication channels to create persistent, multi-modal attacks that are virtually indistinguishable from legitimate requests. How do we fight back when we can't trust what we see and hear? The answer lies in adaptive, agentic AI. In this episode, we discuss: The origin story of Ironscales and why a new approach to email security was needed. Phishing 1.0 vs 2.0 vs 3.0: The evolution of the attack. Why traditional Secure Email Gateways (SEGs) miss modern threats. Deepfakes & Voice Cloning: The weaponization of generative AI. Agentic AI: How to fight fire with fire. The future of security: Protecting communication, not just email inboxes. Why the "human in the loop" is still critical for training AI models. How your employees can become your strongest defense layer. As AI makes attacks more convincing than ever, how do we rebuild trust in our digital communications? Let's discuss. Connect with our guest, Eyal Benishti, and Ironscales: https://www.ironscales.com/ https://www.linkedin.com/in/eyalbd1 Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ phishing #cybersecurity #AI #infosec #socialengineering #podcast #sysadmin

Welcome back to the Scinary Information Nexus! After a technical mishap involving an unplugged cable (we're looking at you, Mario), the team is back to tackle a topic that affects almost every internet user: online privacy. This week, Brazos, Tye, and Mario dive deep into the privacy policies of the VPNs you see advertised everywhere—from NordVPN to Surfshark. They uncover the fine print that contradicts the "no-log" promises and reveal how everything from your DNS requests to your credit card payment can instantly de-anonymize you. We also discuss what makes a VPN provider like Mullvad trustworthy in a sea of questionable marketing. Then, we turn our sights to PII (Personally Identifiable Information) removal services like Incogni and DeleteMe. Are they the silver bullet for data brokers, or are you paying a premium for a service with a less than 50% success rate? The research might shock you. In this episode, we discuss: The "No-Log" Myth: What your VPN provider isn't telling you. How paying for a VPN by credit card can compromise your identity. The surprising ownership structure behind NordVPN and Surfshark. Shocking research: The 48% success rate and 41% accuracy rate of PII removal services. A trustworthy alternative: What makes services like Mullvad different? Data Brokers 101: How they get your information and why it's so hard to remove. Why you need to ask yourself what you're really using a VPN for. Is your online privacy just a product being sold back to you? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ VPN #Cybersecurity #Privacy #NordVPN #Surfshark #DataBroker #OnlineSafety #InfoSec #CybersecurityPodcast #Mullvad

Welcome to the Scinary Information Nexus! This week, we have a very special guest in the studio: Brian Kane, the Vice President of Global MSP Channels at Threatdown/Malwarebytes. Join us for an insider's look into the trenches of the Managed Service Provider (MSP) world. Brian pulls back the curtain on his 20-year journey, from the scrappy beginnings of building an MSP to advising a global cybersecurity leader. We discuss hilarious war stories about ancient technology, the critical importance of building trust, and why the infamous "Seagull Method" of consulting is so destructive. This episode is a masterclass for anyone looking to start their own IT business or for organizations seeking to find a true technology partner. In this episode, we discuss: 00:00 - Introducing Brian Kane from Threatdown/Malwarebytes 02:35 - The Journey of Starting Your Own MSP 07:03 - Inventing "SHAPE": The Precursor to Modern Managed Services 13:13 - War Story: The $3 Million Machine Running on Windows XP 16:21 - The "Seagull Method" of I.T. Consulting 29:34 - The Hard Truth About an MSP's First Three Years (MRR) 31:23 - The "Dentist Strategy" for Getting Your First Clients 39:28 - Where MSPs REALLY Make Money (Hint: It's Efficiency) 43:03 - When is it Time to FIRE a Client? 48:33 - The Dangerous Gap Between Client Perception and Reality 55:43 - "The Cloud is Just a Computer Somewhere Else": The Shared Responsibility Model If you've ever wondered what it takes to survive and thrive in the I.T. services industry, this is the episode for you. Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ MSP #ManagedServiceProvider #Cybersecurity #ITBusiness #SmallBusinessIT #Threatdown #Malwarebytes #TechPodcast #CybersecurityPodcast #Entrepreneurship

Welcome back to the Scinary Information Nexus! This week, the team cracks open a few beers and pulls back the curtain on the cybersecurity tools they can't live without. From command-line powerhouses to invaluable web utilities, this is the ultimate list of free and open-source tools for both seasoned professionals and aspiring enthusiasts. Plus, we break down two major developing stories: the Texas AG's massive lawsuit against PowerSchools over a student data breach and a sophisticated new EDR bypass technique that every defender needs to know about. Stick around to hear why a simple calculator might be one of the most-used tools in our arsenal. In this episode, we discuss: 00:00 - Intro, Beer Reviews & Upcoming Conferences 05:37 - Texas Sues PowerSchools Over Massive Student Data Breach 14:37 - Can Hackers Bypass Your EDR With Raw Disk Reads? 20:52 - Our Go-To Cybersecurity Tools 22:48 - Richard's List: Nmap, DNSDumpster, Shodan & More 24:18 - Brazos's List: MXToolbox, URLscan.io, and... Calculator 29:10 - Mario's List: CyberChef, 1Password, Wireshark & VSCode 41:12 - Joseph's List: KASM, Metasploit & the Power of a Good EDR 44:18 - Duty Calls... 🪖 From foundational utilities to advanced analysis platforms, this episode is packed with recommendations to build out your own toolkit. What are your go-to tools? Let us know in the comments! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/

Join us for a journey through the past, present, and future of offensive security. Jason shares his 'living off the land' techniques, discusses the very real threat of AI-driven ransomware, and explains why even the most sophisticated EDR solutions might not be enough to stop a determined attacker. Stick around for some hilarious and humbling stories from the scrappy early days of Scinary. In this episode, we discuss: The Rise of AI Ransomware: Is your network ready for polymorphic malware? EDR Evasion: How attackers use simple tools to bypass complex defenses. Living Off The Land: Exploiting MS SQL and other built-in tools. The day Richard deleted a client's entire Active directory. The "Abraham Lincoln" philosophy for running a successful pen test team. War stories from physical penetration tests and red team engagements. From disastrous first jobs to building successful companies, this is an episode you don't want to miss. Let's discuss.

Welcome to the Scinary Information Nexus! This week, we're going full medieval with mead and Viking helmets while exposing the most predatory pricing schemes in cybersecurity. Join Richard Martin, Joseph Hamilton, Mario Ortiz, and Brazos Wortham as they tear apart the industry's worst business practices. From bandwidth-based pricing that increases your bill during DDoS attacks to gamified token systems designed to separate you from your money, we're calling out the vendors who prioritize profit over protection. 🗡️ In this episode, we expose: ClickFix Attacks: Why users keep copying malicious PowerShell commands and how to stop them Bandwidth Pricing Scams: How your security bill skyrockets when you're under attack Token-Based Ripoffs: Why cybersecurity borrowed the worst parts of mobile gaming Email Security Highway Robbery: Charging for every mailbox whether you need protection or not The 90-Day Contract Trap: How vendors lock you in with buried renewal clauses Cost-Plus vs. Predatory: Why simple pricing beats convoluted schemes every time Network Monitoring vs. EDR: Why you need both for complete protection From Texas Mead Works' finest beverages to exposing vendors who can't give you a quote without calling France, this episode covers everything wrong with cybersecurity pricing - and how to avoid getting ripped off. "If you can't tell me what I'm going to pay within 30 minutes, that's a scam." - Richard Martin 🍯 Featured Mead (Texas Mead Works - not a sponsor, but they should be): Blackberry Melomel Jalapeño Mead Dark Wizard Sweet Honey Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ cybersecurity #podcast #infosec #sysadmin

Welcome to the Scinary Information Nexus! This week, the beer is flowing and the IR line is ringing off the hook. Join Richard Martin, Joseph Hamilton, Mario Ortiz, and Brazos Wortham as they pull back the curtain on the chaotic, non-stop world of Incident Response. When an attacker is inside your network, every second counts. The team shares real-world stories from the cybersecurity front lines, breaking down the attacks that are hitting organizations right now and the playbook for how to fight back. In this episode, we expose: The "Oh Sh*t!" Moment: The real stages of Incident Response. The "ClickFix" Attack: How SEO poisoning tricks users into handing over the keys. Business Email Compromise (BEC): How one click can infect an entire network. MFA Isn't Enough: Bypassing security with Adversary-in-the-Middle proxy attacks. Your Biggest Weakness: Why misconfigured SSL-VPNs are a gateway for ransomware. The Great Debate: Who has better logs, Microsoft O365 or Google Workspace? Portable Executables: The reason "no local admin rights" won't save you. Your First Move: What to do (and NOT do) when you find an intruder. From compromised student accounts to brazen attackers who don't bother hiding their tracks, this is an unfiltered look at what it takes to defend a network. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ incidentresponse #cybersecurity #infosec

Welcome to the Scinary Information Nexus! This week, the team tackles a controversial and ethically murky corner of the cyber world: Offensive Security and the temptation to "hack back" When an attacker breaches your network, is fighting back a righteous act of justice or a dangerous form of vigilantism? Join Richard Martin, Joseph Hamilton, Brazos Wortham, and Director of Cybersecurity Operations Tye Valdis as they break down the minefield of digital retaliation. In this episode, we expose: The "Burn the House Down" Dilemma Offensive Security vs. Revenge Hacking: What's the difference? The Attribution Problem: Who are you really attacking? Collateral Damage & Poking the Nation-State Bear Why Hacking Back is ILLEGAL (Computer Fraud and Abuse Act) Real-World Examples: Stuxnet, Microsoft, and the Government Why "Cyber-Batman" Has No Jurisdiction Is taking the fight to the enemy a smart strategy, or will you just end up interfering with an FBI operation and getting yourself in legal trouble? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber OffensiveSecurity #Cybersecurity #EthicalHacking #HackBack #PenetrationTesting #CyberLaw #InfoSec #DEFCON

Welcome to the Scinary Information Nexus! This week, fueled by our friends at Southern Roots Brewing and AdiraNow, we're on camera to pull back the curtain on one of the tech world's most powerful and misunderstood forces: Venture Capital. Join CEO Richard Martin, SOC Managers Mario Ortiz and Joseph Hamilton, and Director of Strategic Initiatives Brazos Wortham as we dissect the high-stakes world of VC funding. We expose: The VC Gamble Is Your Pension at Risk? The TikTok Ban Hypocrisy Hype Over Diligence Exit Strategy Over Everything The Transparency Black Hole Is the tech industry built on a foundation of responsible innovation or just a high-stakes casino game played with other people's money? Join the discussion. This episode is proudly sponsored by: Southern Roots Brewing Company: A Waco staple! For the best craft beer and local vibes, visit our friends at Southern Roots. Tell them Scinary sent you! AdiraNow: The go-to technology partner for local government and education in Oklahoma. Thank you to Dr. Jack Green and Gaitha Milligan for their support (and the Blanton's!). Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber

In this episode we discuss Microsoft's implementation of AI in the form of Copilot and Recall. We also drink beer from Southern Roots Brewing Company in Waco, Texas. https://southernrootsbrewingco.com/

In this episode, we drink beer and tell you what we really think about cybersecurity career paths.

Part 2 of our Vault 7 episode. Joined by our collegue Hunter Isham, Mario and Joseph explore the C.I.A. leak known as Vault 7. This episode has all of the essentials; comparing our favorite 3 letter agencies to each other, trying to figure out what they may be capable of today, and contemplating what that means for everyone else. So come have fun with us as we dive into another Conspiracy riddled leak of national security importance... even though it's a few years too late.

Joined by our collegue Hunter Isham, Mario and Joseph explore the C.I.A. leak known as Vault 7. This episode has all of the essentials; comparing our favorite 3 letter agencies to each other, trying to figure out what they may be capable of today, and contemplating what that means for everyone else. So come have fun with us as we dive into another Conspiracy riddled leak of national security importance... even though it's a few years too late.

On this episode we look into the world of PenTesting and what some of the pitfalls and ethical conundrums mean for the cyber practitioner. Our experts give us first hand anecdotes of what they've experienced in the field while Mario and Joseph try no to derail the episode too much. Come explore the crazy world of red teams, penetration tests, and all things cybersecurity with your Scinary Information Nexus. Mustang Cyber: https://mustangcyber.com Scinary Cybersecurity: https://www.scinary.com

Fair warning, most of this episode is our personal opinions and speculation. That being said we will be going into the information leaked from the A.N.T. catalogue, conspiracies around the Stuxnet worm, and what keeps us up at night when it comes to our big government friends and their wonderful toys. It's a conspiracy nut convention and we're the squirrels. Come joing us on this fun ride into state threat actors.

Introducing!!! Richard Martin!!! Our Managing Partner of Sales joins us to talk about what keeps him up at night and what our clients can do to help him (and them) sleep better. Fair warning he's a man who speaks his mind and the filter doesn't always stay on. That being said, we had a few slip ups in the obscene language department, but we're talking about things that can destroy lives and organizations. Our boss don't play around folks. So come join us on this special episode and hopefully walk away with your own plan of action.