Yusuf On Security

Security news, opinion and advice

Latest episodes

263 – BGP Hijacking – The Invisible Threat That Can Redirect Your Traffic Anywhere

by Yusuf14/02/2026

On June 27, 2024, millions of people worldwide suddenly couldn’t access one of the internet’s most popular DNS services—not because of a cyberattack in the traditional sense, but because a single network in Brazil convinced the internet...

Play episode

podcast

262 – DORA Explained – What Financial Firms Need to Know About EU’s Cyber Resilience Law

by Yusuf07/02/2026

On January 17, 2025, the European Union’s Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into...

Play episode

podcast

261 – Passkeys in 2026 – Are We Finally Done With Passwords?

by Yusuf31/01/2026

After sixty years of password resets, forgotten credentials, and phishing attacks, the authentication landscape is finally shifting — and 2026 marks the tipping point. In this episode, we break down what passkeys actually are, why over a billion...

Play episode

podcast

260 – From NTLM to Kerberos – Microsoft’s Security Transformation Begins – Part 2

by Yusuf24/01/2026

In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM’s security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos...

Play episode

podcast

259 – From NTLM to Kerberos: Microsoft’s Security Transformation Begins – Part 1

by Yusuf17/01/2026

Today, we’re diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we’ll explore Microsoft’s plan to phase out the NT LAN Manager protocol...

Play episode

podcast

258 – React2Shell Mass Exploit and Instagram 17 million breach

by Yusuf10/01/2026

It has been a while since we’ve done a news update episode. So today, we’re diving into two major stories that have been dominating cybersecurity headlines this past week. First, we’ll unpack React2Shell, a critical vulnerability...

Play episode

podcast

257 – Jaguar Land Rover Cyberattack-How the Breach Disrupted Production and Exposed Sensitive Data

by Yusuf03/01/2026

In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the...

Play episode

podcast

231 – A Crash Course in Vendor Risk: Lessons from the CrowdStrike Outage

by Yusuf05/07/2025

Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed...

Play episode

podcast

230 – Security Of iOT

by Yusuf28/06/2025

This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors...

Play episode

podcast

229 – What is FIPS 140-3?

by Yusuf21/06/2025

In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic...

Play episode

podcast

228 – How the Emergence of AI-Powered Malware works

by Yusuf14/06/2025

In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research...

Play episode

podcast

227 – Is UTM Still Relevant?

by Yusuf07/06/2025

Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common...

Play episode

podcast

226 – Inside A Stealthy Malware Powering Modern Cyber Attacks

by Yusuf31/05/2025

In this week’s episode, we get into some detailed exploration of an up and coming malware. Looking at it closer, it is one of the most advanced post-exploitation code families shaping the cybersecurity landscape in 2025. Over the time we...

Play episode

podcast

225 – What Is a Content Delivery Network—And Do They Really Protect Businesses?

by Yusuf24/05/2025

This week we are exploring what Content Delivery Networks —commonly known as CDNs— are and whether they protect modern businesses. We’ll dive deep into the mechanics of how CDNs work, the technologies behind them, and whether they defend...

Play episode

podcast

All Episodes

by Yusuf17/05/2025

224 – Cisco Talos Year 2024 In Review In this week’s episode, we are looking at the latest Cisco Talos’ 2024 report. In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past...

Play episode

podcast

223 – RSAC 2025 – Part 2

by Yusuf10/05/2025

This is the part 2 of RSAC 2025 episode. If you have not listened to episode 1 (that episode 222), I would suggest you listen to episode 1 before you listen this episode.Before you we get into part 2, lets review what has been happening last week on...

Play episode

podcast

222 – RSAC 2025 – Part 1

by Yusuf03/05/2025

It was RSAC week and it would be remiss of me if I did not give you a highlight on what went on this year, 2025. After all, RSAC has a critical role in security. We will be reviewing the top key announcements from this year’s event, including...

Play episode

podcast Report

221 – FBI’s 2024 Annual Internet Crime Report

by Yusuf26/04/2025

This week’s episode looks at the FBI’s 2024 Annual Internet Crime Report -an analysis that not only highlights the scale of cybercrime but also reveals the evolving tactics of cybercriminals and the staggering financial impact on individuals...

Play episode

Exploits podcast

220 – Watering Hole Attacks: The Hidden Danger of Trusted Spaces

by Yusuf19/04/2025

Imagine visiting your favorite website-one you trust, one you’ve browsed a hundred times before-only to discover it’s become a silent gateway for cybercriminals. What if the real danger wasn’t in suspicious emails or obvious scams, but lurking in...

Play episode

Artificial Intelligence podcast

What is Agentic AI?

by Yusuf12/04/2025

In this week’s episode we are touching an intriguing topic. We’re going to explore Agentic AI, a fascinating area within artificial intelligence that focuses on autonomous systems capable of making decisions and performing tasks without...

Play episode

Latest from the blog

Blog

What will it take?

15/02/2023

A great piece on what it will take to improve the safety of the connected world. Read it here.

Blog

Extended detection and response (XDR)

31/12/2022

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...