Yusuf On Security

Security news, opinion and advice

Latest episodes

275 – The Mercor Breach-When Your Security Scanner Becomes the Attack Vector

by Yusuf09/05/2026

Today’s episode is one of those stories that, when you start pulling the thread, the whole thing just keeps unravelling. We are going to talk about the Mercor breach. Now, if that name doesn’t ring a bell, Mercor is a ten-billion-dollar...

Play episode

podcast

274 – Ransomware Hit a Water Plant — Why Your Tap Water Is a Cybersecurity Problem

by Yusuf02/05/2026

So, today’s episode is one of those stories that really does hit home. Not a bank breach. Not some government leak. I want to talk about the water coming out of your tap. On March 14th, 2026, hackers dropped ransomware on a water treatment...

Play episode

podcast

270 – Securing AI – The 3 Frameworks Every Defender Must Know

by Yusuf04/04/2026

If you’ve been watching the cybersecurity space for the last two years, you’ve noticed something. Almost every breach report, every vendor pitch, every board meeting — AI is in the conversation. Sometimes as the hero, sometimes as the...

Play episode

podcast

269 – Cyber Resilience in 2026 – The Skills Gap, Team Readiness, and What Security Leaders Must Do Now

by Yusuf28/03/2026

In this week’s episode, I am joined by my good old friend Shakel Ahmed, a cybersecurity practitioner with over 20 years of experience across some of the most demanding environments in the industry. We are covering the importance of skills and...

Play episode

podcast

268 – The Stryker Attack: How State Sponsored Hackers Weaponised a Microsoft Tool to Wipe 80K Devices

by Yusuf21/03/2026

Just over a week ago, on 11 March 2026, a cyberattack brought one of the world’s largest medical device makers to its knees. Stryker – a $25 billion company that manufactures surgical robots, joint implants and emergency equipment...

Play episode

podcast

266 – Why ClickFix Is Exploding, LLMs Make Terrible Password Generators, and Certificates Are Getting Shorter?

by Yusuf07/03/2026

It has been a little while since my last update episode, and a lot has been happening in the world of cybersecurity. So today I want to catch you up on three things that have been on my radar and, more importantly, should be on yours. First, we are...

Play episode

podcast Uncategorized

265 – The AI Agent Security Crisis – How OpenClaw’s ClawJacked Flaw Compromised 40K Systems

by Yusuf28/02/2026

In late February 2026, a Meta executive lost her entire email inbox when an AI agent she was using deleted everything despite explicit instructions to confirm before taking action. At the same time, over 40K OpenClaw AI agent instances were found...

Play episode

podcast

264 – Inside the Cisco Live SOC-Securing the World’s Biggest Networking Event

by Yusuf23/02/2026

Cisco Live is one of the largest networking and security conferences in the world, bringing together thousands of IT and security professionals for a week of learning, innovation, and hands-on experience — and this year, I was there, working as a...

Play episode

podcast

263 – BGP Hijacking – The Invisible Threat That Can Redirect Your Traffic Anywhere

by Yusuf14/02/2026

On June 27, 2024, millions of people worldwide suddenly couldn’t access one of the internet’s most popular DNS services—not because of a cyberattack in the traditional sense, but because a single network in Brazil convinced the internet...

Play episode

podcast

262 – DORA Explained – What Financial Firms Need to Know About EU’s Cyber Resilience Law

by Yusuf07/02/2026

On January 17, 2025, the European Union’s Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into...

Play episode

podcast

261 – Passkeys in 2026 – Are We Finally Done With Passwords?

by Yusuf31/01/2026

After sixty years of password resets, forgotten credentials, and phishing attacks, the authentication landscape is finally shifting — and 2026 marks the tipping point. In this episode, we break down what passkeys actually are, why over a billion...

Play episode

podcast

260 – From NTLM to Kerberos – Microsoft’s Security Transformation Begins – Part 2

by Yusuf24/01/2026

In Part 1 of this series, we explored why Microsoft is finally saying goodbye to NTLM authentication after more than 25 years of service. We discussed NTLM’s security weaknesses, from relay attacks to weak cryptography, and touched on Kerberos...

Play episode

podcast

259 – From NTLM to Kerberos: Microsoft’s Security Transformation Begins – Part 1

by Yusuf17/01/2026

Today, we’re diving into a significant announcement from Microsoft that will fundamentally change how Windows handles authentication. In this two-part series, we’ll explore Microsoft’s plan to phase out the NT LAN Manager protocol...

Play episode

podcast

258 – React2Shell Mass Exploit and Instagram 17 million breach

by Yusuf10/01/2026

It has been a while since we’ve done a news update episode. So today, we’re diving into two major stories that have been dominating cybersecurity headlines this past week. First, we’ll unpack React2Shell, a critical vulnerability...

Play episode

podcast

257 – Jaguar Land Rover Cyberattack-How the Breach Disrupted Production and Exposed Sensitive Data

by Yusuf03/01/2026

In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the...

Play episode

podcast

231 – A Crash Course in Vendor Risk: Lessons from the CrowdStrike Outage

by Yusuf05/07/2025

Today, we’re focusing on the critical lessons from one of the most disruptive IT failures in recent memory: the global outage triggered by a CrowdStrike software update on July 19, 2024. While the headlines focused on grounded flights and downed...

Play episode

podcast

230 – Security Of iOT

by Yusuf28/06/2025

This week on YusufOnSecurity, we’re diving into a topic that’s become increasingly critical as our world grows more connected: the security of the Internet of Things, or IoT. From smart thermostats and wearable fitness trackers to industrial sensors...

Play episode

podcast

229 – What is FIPS 140-3?

by Yusuf21/06/2025

In today’s interconnected world, the security of our digital infrastructure relies heavily on cryptography—the science of protecting information by transforming it into unreadable formats for unauthorized users. But how do we know the cryptographic...

Play episode

podcast

228 – How the Emergence of AI-Powered Malware works

by Yusuf14/06/2025

In today’s episode is about a seismic shift in the world of cyber threats. The emergence of AI-powered malware. We’ll unpack how this new breed of malware works, the science behind it, real-world incidents, and what the latest academic research...

Play episode

podcast

227 – Is UTM Still Relevant?

by Yusuf07/06/2025

Today, we’ll answer a pressing question in cybersecurity: Is UTM still relevant in 2025? We’ll trace the origins of UTM, explain why it was created, break down its core features, compare it to newer technologies, and finish by busting a common...

Play episode

Latest from the blog

Blog

What will it take?

15/02/2023

A great piece on what it will take to improve the safety of the connected world. Read it here.

Blog

Extended detection and response (XDR)

31/12/2022

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Blog

Network Detection and Response – NDR

07/11/2022

Organizations are increasingly considering response capabilities within NDR solutions for dealing with threats detected through network traffic...

Blog

A new versatile malware toolkit against Industrial Control Systems emerged

16/04/2022

A new malware kit to compromise ISC (Industrial Control Systems) is detailed in this whitepaper by Dragos.

Blog

Log4j Vulnerabilities

16/12/2021

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Blog

Facebook, Instagram and WhatsApp are down

04/10/2021

This is a developing story and the why is still a mystery. We starting to know the how.

Yusuf On Security

Latest episodes

275 – The Mercor Breach-When Your Security Scanner Becomes the Attack Vector

274 – Ransomware Hit a Water Plant — Why Your Tap Water Is a Cybersecurity Problem

270 – Securing AI – The 3 Frameworks Every Defender Must Know

269 – Cyber Resilience in 2026 – The Skills Gap, Team Readiness, and What Security Leaders Must Do Now

268 – The Stryker Attack: How State Sponsored Hackers Weaponised a Microsoft Tool to Wipe 80K Devices

266 – Why ClickFix Is Exploding, LLMs Make Terrible Password Generators, and Certificates Are Getting Shorter?

265 – The AI Agent Security Crisis – How OpenClaw’s ClawJacked Flaw Compromised 40K Systems

264 – Inside the Cisco Live SOC-Securing the World’s Biggest Networking Event

263 – BGP Hijacking – The Invisible Threat That Can Redirect Your Traffic Anywhere

262 – DORA Explained – What Financial Firms Need to Know About EU’s Cyber Resilience Law

261 – Passkeys in 2026 – Are We Finally Done With Passwords?

260 – From NTLM to Kerberos – Microsoft’s Security Transformation Begins – Part 2

259 – From NTLM to Kerberos: Microsoft’s Security Transformation Begins – Part 1

258 – React2Shell Mass Exploit and Instagram 17 million breach

257 – Jaguar Land Rover Cyberattack-How the Breach Disrupted Production and Exposed Sensitive Data

231 – A Crash Course in Vendor Risk: Lessons from the CrowdStrike Outage

230 – Security Of iOT

229 – What is FIPS 140-3?

228 – How the Emergence of AI-Powered Malware works

227 – Is UTM Still Relevant?

Latest from the blog

What will it take?

Extended detection and response (XDR)

Network Detection and Response – NDR

A new versatile malware toolkit against Industrial Control Systems emerged

Log4j Vulnerabilities

Facebook, Instagram and WhatsApp are down

Menu

Recent podcasts

Cybersecurity topics that matter most.

Latest episodes

Latest from the blog

Menu

Recent podcasts