The Amazon Q AI Hack: A Wake-Up Call for Developer Tool Security

Nearly 1 million developers unknowingly downloaded malicious code—and it took 6 days before anyone noticed.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin dive into the Amazon Q AI Hack, a stark reminder of how vulnerable our software development tools truly are. From GitHub misconfigurations to supply chain breaches, we’ll explore:

🔹 How a single GitHub token compromise allowed a hacker to inject destructive AI prompts
🔹 Why popular AI tools like Copilot, Gemini, and Q are not as safe as you think
🔹 Supply chain attack lessons from SolarWinds, XZ Utils, and NotPetya
🔹 Best practices to secure your build pipelines and vet third-party developers

🎥 Watch the video: https://youtu.be/qHQ4jdZ7mwI
🎧 Listen to the podcast: https://www.chatcyberside.com/e/unmasking-the-amazon-q-ai-hack-the-hidden-dangers-in-software-development

#Cybersecurity #SupplyChainSecurity #AItools #DevSecOps #AmazonQHack #GitHubSecurity #Infosec #CybersideChats #LMGSecurity

Iranian cyberattacks are ramping up—and they’re hitting critical infrastructure, defense, and businesses. From AI-generated phishing and deepfake propaganda to wiper malware targeting ICS and backups, Iranian threat actors are evolving fast.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the latest threats, real-world incidents, and what your organization can do to prepare.

🎥 Watch the video: https://youtu.be/vC29SaWdqG4

🎧 Listen to the podcast: https://www.chatcyberside.com/e/the-title-of-cschats_308hyzz/

#Cybersecurity #WiperMalware #AIphishing #MFA #PatchTuesday #CriticalInfrastructure #CybersideChats #CISO #cyberattacks #IT #Infosec #ITsecurity #ThreatIntel

Leaked and Loaded: DOGE’s API Key Crisis

One leaked API key exposed 52 private LLMs and potentially sensitive systems across SpaceX, Twitter, and even the U.S. Treasury.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the DOGE/XAI API key leak. They share how it happened, why key management is a growing threat, and what you should do to protect your organization from similar risks.

🎥 Watch the video: https://youtu.be/Lnn225XlIc4

🎧 Listen to the podcast: https://www.chatcyberside.com/e/api-key-catastrophe-when-secrets-get-leaked/

#APIsecurity #Cybersecurity #DevSecOps #PenetrationTesting #LMGSecurity #CybersideChats #IncidentResponse #VendorRisk #KeyLeak #CISO #ITsecurity #DFIR #Pentest

Holiday Horror Stories: Why Hackers Love Long Weekends!

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down real-life cyberattacks that hit during holiday weekends, including the infamous Kaseya ransomware attack and the MOVEit data breach.

You’ll hear:
• Why 91% of ransomware attacks happen outside business hours
• How hackers strategically time attacks around holidays—when your staff is least prepared
• Lessons from Krispy Kreme, Target, and even the Bank of Bangladesh
• Practical takeaways to harden your defenses before the next long weekend

📽️ Watch the video: https://youtu.be/pCuYx9nPXgk
🎧 Listen to the podcast: https://www.chatcyberside.com/e/cyber-attacks-on-holiday-weekends-a-growing-threat/

Plan ahead. Patch before you relax, and test your holiday response plan. Contact us if you need help with testing, policy development, or training.

#Cybersecurity #Ransomware #IncidentResponse #HolidayCyberAttacks #InfoSec #CybersideChats #LMGSecurity #CISO #RiskManagement #Kaseya #MOVEit #CyberThreats #Cyberaware #Cyber

Is your organization ready for Iran’s Cyberattack Surge?

Iranian cyber operations are escalating in 2025, targeting critical infrastructure, defense contractors, and global businesses with increasingly destructive tactics. Join our Live #CybersideChats episode on July 23rd at 2pm ET, and cybersecurity experts @sherridavidoff and @MDurrin will break down:

• The latest Iranian cyber campaigns
• AI-driven hack-and-leak operations
• How to prepare and defend your organization

Register now: https://www.lmgsecurity.com/event/cyberside-chats-live-irans-cyber-surge-attacks-intensify-in-2025/

#Cybersecurity #ThreatIntelligence #IranCyber #DDoS #HackAndLeak #CyberResilience #CybersideChats #LMGSecurity #CISO #Cyberaware #DFIR #ITsecurity #Infosec

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: https://youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: https://www.chatcyberside.com/e/executive-order-shockwave-the-future-of-cybersecurity-unveiled/

#FederalCybersecurity #CyberExecutiveOrder #CybersecurityPolicy #ExecutiveOrder #CISOs #CyberCompliance #SupplyChainSecurity #ZeroTrust #PostQuantum #LMGSecurity #Cybersecurity #CyberRisk #SecureSoftware #CybersideChats #RiskManagement

Ransomware without the ransomware?

In this new episode of Cyberside Chats, @sherridavidoff and @MDurrin unpack the evolving trend of data-only extortion, where threat actors skip the encryption and go straight to blackmail.

From the rebrand of Hunters International to World Leaks, and the rise of extortion-as-a-service, this episode reveals how modern cybercriminals are getting more efficient—and more ruthless.
Watch or listen for strategies to reduce your risk!

📽️ Watch the video: https://youtu.be/eCQXhhdyC-s
🎧 Listen to the podcast: https://www.chatcyberside.com/e/the-rise-of-ransomware-less-extortion-a-new-cyber-threat/

#Cybersecurity #DataExtortion #Ransomware #IncidentResponse #RiskManagement #CISO #LMGSecurity #CybersideChats #CyberInsurance #ThreatIntelligence #InfoSec

Can Your AI Be Hacked by Email Alone?

No clicks. No downloads. Just one well-crafted email, and your Microsoft 365 Copilot could start leaking sensitive data.

In this week’s episode of Cyberside Chats, @sherridavidoff and @MDurrin discuss EchoLeak, a zero-click exploit that turns your AI into an unintentional insider threat. They also reveal a real-world case from LMG Security’s pen testing team where prompt injection let attackers extract hidden system prompts and override chatbot behavior in a live environment.

We’ll also share:

• How EchoLeak exposes a new class of AI vulnerabilities
• Prompt injection attacks that fooled real corporate systems
• Security strategies every organization should adopt now
• Why AI inputs need to be treated like code

🎧 Listen to the podcast: https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624
🎥 Watch the video: https://youtu.be/sFP25yH0sf4

#EchoLeak #Cybersecurity #AIsecurity #Microsoft365 #Copilot #PromptInjection #CISO #InsiderThreats #GenAI #RiskManagement #CybersideChats

What Happens When AI Goes Rogue?

From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.

In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:

• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability

📺 Watch the video: https://youtu.be/k9h2-lEf9ZM
🎧 Listen to the podcast: https://www.chatcyberside.com/e/ai-gone-rogue-from-schemes-to-whistleblowing/?token=a0a79bc031829d23746df1392fa6122a

#AIsecurity #RogueAI #ZeroTrust #Cybersecurity #CybersideChats #LMGSecurity #AIWhistleblower #AIgoals #LLM #ClaudeAI #ApolloAI #AISafety #CISO #CEO #SMB #Cyberaware #Cyber #Tech

Retail breaches are back — and they’ve evolved.

It’s not just about stolen credit cards anymore. In this new episode of Cyberside Chats, @sherridavidoff and @MDurrin dig into the latest wave of retail cyberattacks — from ransomware shutting down pharmacies to credential stuffing hitting brand loyalty programs.

We'll cover:
• Why names, emails, and access tokens are now prime targets
• How third-party SaaS tools are exposing retailers
• The #1 priority for securing customer-facing systems
• What every organization can learn from the 2013 “Retailgeddon”
• Why testing your incident response plan for downtime is a must

🎥 Watch the video: https://ow.ly/C2iQ50W6ueV
🎧 Listen to the podcast: https://ow.ly/FSnI50W6ueW

#Cybersecurity #RetailBreach #CybersideChats #Ransomware #CredentialStuffing #ThirdPartyRisk #IncidentResponse #InfoSec #RetailSecurity #Cyberattacks #Retail