Josh and Robbie run duos on the pod this week, looking into early information around the recent Citrix vulnerability (CVE-2025-5777) dubbed Bleed 2 for it's similarity to the 2023 vulnerability. Bleed 2 has opened old wounds, and there h...

Join Josh, AJ and Robbie as they unpack recent developments in the threat landscape, including: US gov bans whatsapp for official use, Russia targets Ukraine using Signal. McLaren Ransomware details disclosed and a look inside a disinformation ...

Gen AI, LLMs and new applications of AI have created novel attack surfaces for attackers to probe, often looking to exfiltrate the hoards of sensitive data held in vector data stores. Luckily, the researchers got there first this time and disco...

We're back! And it's been a busy week for cyber security news. Josh, AJ, Robbie and Vaughan, incident responders and SOC leaders gather to discuss a new Ticketmaster data dump reminiscent of a similar dump in 2024, details on a supply chain com...

We're back, the ET guys share where they've been hiding these last few weeks before rounding up the spike in different data breaches that have occurred in our absence. After TCS declare an internal investigation connected to the M&S breach,...

The Scattered Spider threat actor (also known as Octo Tempest among other names) has been attributed to some high profile breaches as part of a concerted campaign against retail organisations. with PCI DSS 4.0 having just come into full enforce...

It's an Empirical full house as Josh, Robbie, Vaughan and AJ shine their expertise on some of the key stories of this week. Join us as we analyse the massive power outage that impacted Portugal, Spain and other regions and why this could be an ...

Special guest and AppSec team lead Andrew OE joins the CyberSpace team to share his specialist focus on testing, breaking and securing applications using various techniques including SAST, DAST, fuzzing, CI/CD integrations and more. At the end ...

Everyone is back for a full house episode, as Josh, Robbie, Vaughan and AJ discuss a ransomware attack on a dialysis provider, the consequences of the Hertz Cleo zero-day breach and the implications of China naming alleged NSA agents involved i...

Josh and Robbie are joined by special guest Andrew OE, AppSec Engineering leader and friend of Empirical, to discuss the shift in Hunters International's operations, the infamous ransomware as a service group formerly known as Hive, as well as ...

Josh, AJ and Vaughan ask themselves why Oracle are denying the breach, despite Vaughan having first hand insights into organizations with compromised cloud credentials and other researchers and security companies coming forward with the same. A...

Josh is joined by Vaughan and a refreshed AJ after his holiday. Using their experience on the frontlines of incident response, they talk about the security implications of using signal that people might not have considered, the Oracle breach (o...

Josh, Robbie and Vaughan look at developments in the threat landscape this week, including an SSRF campaign from 4000s unique IPs, an SSRF vulnerability in ChatGPT's infrastructure and the GitHub supply chain attack that leaked secrets.

Josh, Robbie and AJ discuss the recent attack on the Polish space agency, a developer who tried to enact revenge when he was fired, a win for the good guys and the 2022 LastPass breach's involvement in crypto heists.

Welcome back! For season 2 of the Cyber Space podcast. Four cyber security experts unpick some key developments in the threat landscape, including unpicking the Bybit hack where 1.5 trillion dollars of Ethereum was stole, how AI models leaked 1...

On this episode of Cyber Space, Josh tells the others about a reckless penetration tester who decided he should hack local businesses in order to create business for himself. He's currently facing jail time for it, so where is the line between ...

The Empirical Training gang dive into a sophisticated attack where a state sponsored actor managed to compromise a Wifi network from the other side of the world, before they take a closer look at some reports on the similarities and shared capa...

Join Robbie, AJ and Josh as they take questions from the community on what it takes to be a SOC analyst, the moment they felt like they made it! And the moment's they are humbled...We then dive into the T-Mobile breach, reported to be c...

All four of the Empirical Trainers sit down to discuss the latest threats they've been facing in their SOCs. Securing S3 buckets has been an issue since they existed, and new developments have seen an increase in success for S3 buc...

There's a lot to be scared about in cyber security, ransomware actors, payment of ransoms, 23 and me genome mapping company breach, and critical incidents coming in at 5:25pm.Josh and Robbie, former SOC analyst together and present day ...

Price's Law, also known as Price's Square Root Law, is a rule of thumb that states that the square root of the total number of people in a group will achieve 50% of the results - but how does this play out in cyber security? Join t...

Josh and Robbie are joined by James Gallen, Tech and Cyber Security recruiter for this part two of a recruiter ask me anything. Our community ask James for tips and tricks to success in getting security roles, while he shares some wins from peo...

Josh has been deep in the emerging Linux CUPS threat, with four mysterious CVEs touted to drop in October, all of a sudden the researcher made proof of concept exploits public, forcing developers hands to release advisories on the fixes and sec...

Kaspersky customers woke up this week to find that their anti-virus had been uninstalled and replaced with UltraAV. This caused panic that threat actors has uninstalled endpoint protection controls as part of an attack, and although this wasn't...

Robbie has been working on creating insider threat detections for suspicious employees that may be taking competitive sensitive data from their employer just before some mass lay offs. The boys discuss the challenges of insider threat detection...