Security Squawk - The Business of Cybersecurity

Bryan Hornung Reginald Andre & Randy Bryan

Security Squawk is a business podcast dedicated to helping business people fight the war against cyber criminals.

  1. 6d ago

    Medtronic Breach Hits 9M, and an AI Just Ran Its Own Ransomware Attack

    Your Social Security number and health history could be sitting on a criminal's hard drive right now, and you wouldn't find out until the letter shows up in your mailbox. That's exactly what happened to nine million Medtronic customers. This week, a global medical giant, a city right outside Atlanta, and an attack run start to finish by artificial intelligence all point to the same uncomfortable lesson. *Nobody is too small to hack, and the basics still decide who survives.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week's stories for executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. First up, Medtronic. The company that makes pacemakers and insulin pumps is now notifying about nine million people that their names, birth dates, Social Security numbers, and health information were stolen by a crew called ShinyHunters. Here's the part that should worry every business owner: ShinyHunters didn't need a genius hack to get in. They called an employee, pretended to be tech support, and talked their way past the front door, the same move that works on your team. Even a company this size is looking at a cleanup that averages 279 days for a healthcare breach, and a small business doesn't have that kind of runway. Then we bring it home. On June 8th, the City of Acworth, right here in Cobb County, got hit hard enough to call in outside cybersecurity pros and law enforcement. Weeks later, the city still won't say what kind of attack it was or whether any data walked out the door. The good news buried in the story: everything was restored with no lasting disruption, which almost always means one thing, working backups. Government ransomware jumped about 65 percent in the first half of 2025, and attackers hunt small cities for the same reason they hunt small businesses: thin teams and tight budgets. We close with the one that keeps us up at night. Researchers at Sysdig say they caught the first ransomware attack run entirely by an AI, no human at the keyboard. It broke in, stole credentials, locked up a database, and wrote its own ransom note. When one login failed, it diagnosed the problem, rewrote its own code, and was back in within about 31 seconds. And in this case, even paying the ransom may not have brought the data back, which means backups are not your plan B anymore, they are your plan A. Three very different targets. One playbook that decides who walks away fine and who doesn't. In this episode, we discuss: • The Medtronic breach that exposed Social Security numbers and health data for about nine million people • Why a cyberattack on the City of Acworth is a preview of what hits small businesses • The first ransomware attack researchers say was run entirely by an AI, with no human directing it • Why the size of the target stopped mattering a long time ago • The three boring fundamentals, backups, multi-factor, and patching, that decide how every one of these stories ends • What business owners should actually check this week before they need it Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Medtronic #ShinyHunters #DataBreach #Ransomware #AI #Acworth #SmallBusiness #VendorRisk #MSP #BusinessRisk

  2. Jun 29

    Insurance Regulator Breached, Security Firm Insider Scandal, CEOs Demand Hours-Not-Days Recovery

    The group that holds the financial filings for the entire U.S. insurance industry just got cracked open, and 3.1 terabytes of its data landed on the dark web. The break-in came through a software bug nobody could have patched in time. If a central regulator can be hit this way, the vendors and partners holding your data can too. *The breach comes through trust. Survival comes through speed.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week's stories for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. First, the NAIC, the body where insurers in all fifty states file their financials, confirmed attackers got in, and a crew called ShinyHunters claims it stole 3.1 terabytes and dumped the whole haul when the ransom went unpaid. The way in was a zero-day, a flaw with no fix available, sitting inside Oracle's PeopleSoft software that the NAIC ran. Here is the part that should worry every owner: after the breach, credit rating agencies cut their data feeds to the NAIC, which froze a routine industry function for everyone downstream. One vendor's bug became hundreds of companies' problem, and "we're all patched" did nothing to stop it. Next, a story about the person already inside. A former analyst at Huntress, a security company that thousands of small businesses and their IT providers trust to catch hackers, claims a coworker fed information to a ransomware criminal, and that the company stayed quiet ahead of a planned IPO. The CEO calls it a teammate's poor judgment, not a betrayal, and says no, this is not what it looks like. We are careful here, because this is an allegation and the evidence has not been made public, but the lesson lands either way: the threat your firewall cannot stop is a trusted person with access, including the outside provider holding the keys to your network. Finally, the demand from the corner office. A new survey from Cohesity found two-thirds of CEOs now want to hear about an attack within thirty minutes, and more than 80% say someone's job is on the line if recovery drags. The reality check is humbling: only 19% of ransomware victims got back up within a day last year, and a typical attack still caused about 24 days of disruption. The good news is recovery is getting faster and cheaper for companies that actually plan and rehearse it. Recovery time is no longer an IT footnote. It is a board-level number with names attached. Three different doors, one pattern. A trusted vendor, a trusted insider, and your own readiness. The breach keeps arriving through something you already trusted, and the only thing that softens the blow is how fast you catch it and come back. • A zero-day in Oracle PeopleSoft let ShinyHunters claim 3.1 terabytes from the NAIC, and the fallout froze part of the insurance industry. • A former Huntress analyst alleges a coworker leaked information to a ransomware criminal, and the company disputes it. • Why insiders and outside IT providers are the risk your firewall was never built to catch. • A new survey shows CEOs now expect recovery in hours, with jobs on the line if it takes days. • The thread tying it together: the breach comes through trust, and survival comes through speed. • What owners should do this week: map who holds your data, vet your IT provider's insider controls, and set a recovery-time target you actually test. Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #DataBreach #Ransomware #InsiderThreat #Oracle #ShinyHunters #VendorRisk #MSP #CyberResilience #BusinessRisk #SMB

  3. Jun 24

    NSA Gets Secret AI, 3 Million Texans Exposed & 75,000 Firewalls Hit

    The government just put an AI company inside the NSA. Not to defend networks. To help find ways into them. At the same time, more than 3 million Texans had their driver's license and passport data exposed through a third-party vendor, and attackers harvested credentials from 75,000 Fortinet firewalls around the world, then organized the victims by how much money they were likely worth. Three stories. One uncomfortable reality: *The most powerful security tools are being locked up while your biggest risks are still the basics.* On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down what business owners, executives, IT leaders, and MSPs need to understand about AI, vendor risk, and the growing gap between the tools governments get and the threats businesses still face every day. Story 1: Anthropic Inside the NSA The Financial Times reported that Anthropic, the company behind Claude, embedded engineers inside the NSA to deploy a frontier AI model called Mythos. The same company that was previously flagged as a supply chain risk is now helping deploy one of the most advanced cyber-focused AI systems in government. Anthropic says the model is too dangerous for broad release. That raises a bigger question: If the most capable AI tools are increasingly treated as national-security assets, what happens when the tools your business depends on become tools you can no longer access? Story 2: 3 Million Texans Exposed Through a Vendor The Texas Parks and Wildlife Department disclosed a breach affecting more than 3 million people after attackers compromised a third-party vendor responsible for hunting and fishing license systems. Exposed data reportedly includes: • Driver's license information • Passport numbers • Home addresses • Phone numbers • Email addresses Officials emphasize that Social Security numbers were not exposed. That's missing the point. A driver's license, passport, address, and contact information already provide everything many criminals need for identity theft, fraud, and account takeover. The lesson is simple: Your security is only as strong as the vendors holding your data. Story 3: 75,000 Fortinet Firewalls Compromised Researchers disclosed a campaign that harvested administrator and VPN credentials from roughly 75,000 Fortinet firewalls across 194 countries. The attackers didn't just collect passwords. They categorized victims by: • Country • Industry • Company size • Estimated revenue In other words, they built a target list. Researchers say the infrastructure remains active and continues collecting credentials. If your organization uses Fortinet equipment, this is not a "someday" problem. This is a this-week problem. In This Episode • Why Anthropic's NSA deployment matters to every business using AI • Whether cybersecurity will become the justification for restricting advanced AI capabilities • How a third-party vendor exposed more than 3 million Texans • Why "no Social Security numbers were stolen" is often the wrong question • How attackers harvested credentials from 75,000 Fortinet devices • The immediate actions Fortinet customers should take • Why cybersecurity still comes down to fundamentals, even as AI transforms the battlefield The Bottom Line Most businesses worry about futuristic threats. Meanwhile, attackers are still winning through vendors, passwords, exposed systems, and concentration risk. The technology is changing fast. The fundamentals are not. Security Squawk is a weekly podcast and livestream focused on cybersecurity, business risk, ransomware, AI, vendor risk, and executive decision-making. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #NSA #AI #Claude #Fortinet #DataBreach #VendorRisk #IdentityTheft #BusinessRisk #MSP #Ransomware #AIRegulation

  4. Jun 16

    The Government Just Switched Off Anthropic's AI — Plus a $1.9B AI Scam and Russia in Your Router

    What happens to your business when the AI tool you rely on gets shut off overnight, not by a hacker, but by the U.S. government? Last Friday, Anthropic, the maker of Claude, pulled its two newest AI models offline within hours of a letter from Washington. This is the first time that has ever happened to a leading AI company, and it should change how every owner thinks about the tools they depend on. *Every tool you depend on is a switch someone else can flip.* Bryan Hornung, Randy Bryan, and Reginald Andre break down this week's stories for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. First up: Anthropic. The Commerce Department ordered the company to block its newest models, Fable 5 and Mythos 5, for any foreign national, citing national security. Anthropic couldn't separate who was allowed from who wasn't fast enough, so it shut the models off for everyone just six days after launching them. And the trigger reportedly wasn't a foreign spy at all. It was a warning from a competitor, Amazon, which demonstrated a way to bypass the model's safeguards. If your company has wired a critical process to a single AI vendor, you just watched how fast that capability can vanish. Next, the FBI disrupted one of the largest AI-powered scam operations ever seen. A China-based crime ring called "Outsider Enterprise" used artificial intelligence to write flawless scam texts and blasted out 2.5 million of them in two weeks while impersonating brands people trust through AT&T, T-Mobile, and Verizon. Authorities tied more than one million fake web addresses and 3.8 million stolen credit cards to the operation, with an estimated $1.9 billion in losses. The old advice to "watch for typos" is dead. These messages are clean, personal, and look exactly like the real thing. If your brand gets impersonated, your customers pay the price and your reputation takes the hit. Finally, Russia's military intelligence is hiding inside everyday routers. The group known as Fancy Bear has been quietly taking over the inexpensive routers small offices and remote workers buy off the shelf, including MikroTik, TP-Link, and Ubiquiti EdgeRouters, and using them to steal Microsoft 365 logins in transit. They even hide their commands inside normal cloud services so nothing looks suspicious. At its peak, researchers counted more than 18,000 infected connections across 120 countries. The scariest part: they steal the login token, allowing them to bypass multi-factor authentication and remain logged in even after the password is changed. Three stories. One thread. A government order, a billion-dollar scam ring, and a foreign intelligence unit all reached into technology many organizations assumed they controlled. In this episode, we discuss: • Why the government forced Anthropic to pull its newest AI models and what it means for your business • How an AI-powered crime ring scammed people out of an estimated $1.9 billion • Why the router in your closet might be working for Russian intelligence • How "restrict some" quietly becomes "shut it all off" • Why stolen login tokens can bypass your multi-factor authentication • What concentration risk means when you bet your operation on a single vendor • The Monday-morning moves that actually protect your business Security Squawk is a weekly podcast and livestream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk Subscribe | Like | Share #SecuritySquawk #CyberSecurity #Anthropic #AI #FBI #Phishing #Smishing #FancyBear #VendorRisk #BusinessRisk #SMB #MFA

  5. Jun 9

    DentaQuest Breach Exposes 2.6 Million — and Why "Confident" Small Businesses Keep Getting Hit

    Your dental plan just became your biggest security problem. DentaQuest — one of the largest dental-benefits companies in America — had the personal and health data of 2.6 million people dumped online, and almost none of those people ever chose to do business with them. If you think your own company is too careful for this, the newest numbers say otherwise. *Confidence you can't prove is just exposure wearing a smile.* Bryan Hornung and Randy Bryan break down this week's stories — for the executives, owners, and operators who don't have time to keep up with cyber news but can't afford to be blindsided by it either. (Reginald Andre is out this week — back next episode.) First up: the DentaQuest breach. The extortion crew ShinyHunters stole 234 gigabytes of data, tried to shake DentaQuest down for a ransom, and when the company didn't pay, they dumped the whole thing on a leak site. Inside that pile: names, birthdates, phone numbers, Medicaid IDs, and health-insurance details on 2.6 million people. The detail that should make you angry — researchers found roughly 1.7 million Social Security numbers in a separate folder, and a large share of them appear to belong to children. A stolen kid's SSN is gold to a fraudster, because nobody checks a nine-year-old's credit for ten years. And here's the part every business owner needs to hear: most victims never picked DentaQuest at all — their employer or their state Medicaid program did. Somebody else's vendor became your breach. Then we close on the mirror. A brand-new survey of 4,400 small and mid-size businesses found that owners have never felt more secure — 68% are confident they can stop an attack, and 75% trust they can respond. The problem? 45% of them got breached in the last year anyway. The number that stops you cold: among businesses hit more than once, confidence actually went UP — to 91% in the U.S. Meanwhile two-thirds still don't turn on multi-factor authentication, and only about 17% encrypt their data — the cheap, boring controls that stop most attacks. The average breach at a company under 500 people now runs about $3.31 million. Owners are scared of sci-fi AI malware while the rip current — phishing, weak passwords, no monitoring — is the thing actually pulling them under. Two stories, one crack running through both: somebody assumed they were covered, and the assumption was the vulnerability. The fix isn't more fear or more confidence — it's proof. In this episode, we discuss: • How 2.6 million people got exposed by a company most of them never chose. • Why ShinyHunters' "pay-or-we-leak" model makes your backups useless. • Why a stolen child's Social Security number is worth more than yours. • How small businesses can feel 68% confident and still get breached 45% of the time. • Why getting hit twice somehow makes owners MORE confident — and why that's backwards. • The two cheap controls two-thirds of businesses still skip. • How to replace "I feel secure" with proof you can actually show. Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk

  6. Jun 3

    The Biggest Cybersecurity Threat Isn't Malware Anymore | NYC Hospitals, Carnival & FBI Warning

    Three breaches. No malware. No zero-days. Just trust being exploited. This week on Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three major cybersecurity incidents that reveal a growing reality: attackers are increasingly targeting people, vendors, and physical access instead of technology. NYC Health + Hospitals disclosed a breach affecting 1.8 million individuals after a third-party vendor compromise exposed sensitive patient information, including fingerprints. Carnival Corporation confirmed a cyberattack impacting nearly 6 million people after attackers used social engineering to gain access through an employee account. Meanwhile, the FBI is warning law firms about criminals posing as IT personnel, physically entering offices, deploying malicious USB devices, and stealing privileged client data. These attacks didn't begin with sophisticated malware or advanced exploits. They succeeded because trust was exploited. In this episode, we discuss: • The growing risk of third-party vendor breaches • Why biometric data theft creates permanent consequences • How social engineering continues to defeat security controls • The resurgence of physical intrusion attacks • What CEOs, business owners, IT leaders, and MSPs should be evaluating right now • Why many organizations may be defending the wrong attack surface If your cybersecurity strategy focuses only on networks, endpoints, and firewalls, this episode will challenge some assumptions. Support the show: https://buymeacoffee.com/securitysquawk Subscribe for weekly executive-level cybersecurity analysis focused on business impact, operational risk, and real-world consequences. #CyberSecurity #DataBreach #Carnival #NYCHealthAndHospitals #SocialEngineering #VendorRisk #LawFirmSecurity #CyberAttack #InformationSecurity #MSP #BusinessRisk #SecuritySquawk

  7. May 26

    7-Eleven Hacked, 143,000 Immigration Records Exposed, FBI Quietly Takes Over From CISA

    This Week's Cybersecurity Breakdown 1. CISA Shrinks While the FBI Expands Its Cyber Role The federal cyber response structure is changing in real time: CISA reportedly lost over 1,000 employees Proposed federal budget would cut another $707 million FBI IC3 received 1 million cybercrime complaints in 2025 Reported financial losses climbed to $20.9 billion Raises major questions about how businesses should think about federal cyber support going forward 2. DocketWise Breach Exposes Sensitive Immigration Data A breach at an immigration legal platform continues to grow: Attackers used valid credentials to clone a developer pipeline Victim count increased from 116,000 to more than 143,000 individuals Exposed data includes: Social Security numbers passport data tax IDs medical history Another example of trusted access becoming the attack surface 3. 7-Eleven Confirms ShinyHunters Breach The ongoing Salesforce-linked extortion campaign continues: 185,000 franchise applicants exposed 7-Eleven reportedly refused ransom demands Attackers released a 9.4 GB archive publicly Campaign has now impacted organizations including: Google Cisco Qantas Allianz Adidas TransUnion LVMH The Bottom Line The cybersecurity assumptions businesses relied on even 18 months ago are changing. Federal cyber resources are shifting Trusted vendors continue getting breached Attackers are increasingly using legitimate access instead of sophisticated exploits And many organizations are still operating under incident response plans built for a threat landscape that no longer exists. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, cybercrime, vendor risk, and executive-level cybersecurity strategy.

  8. May 19

    OpenAI Devices Hacked, Ozempic Supplier Offline & Change Healthcare Lawsuit

    A poisoned software package compromised OpenAI employee devices before security teams could stop it. The company behind critical Ozempic injection components has been offline for weeks after a ransomware attack. And Change Healthcare is now facing another major lawsuit tied to the 2024 breach that crippled healthcare payments nationwide. Three stories. One message: Your business is now exposed to companies you don't control. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three cyber incidents that reveal how third-party trust has become one of the biggest operational risks in business today. This Week's Cybersecurity Breakdown 1. OpenAI, TanStack & the npm Supply Chain Worm A software supply chain attack spread through trusted developer ecosystems at massive speed: 42 npm packages poisoned in six minutes Malware stole GitHub tokens, AWS credentials, and CI/CD secrets OpenAI confirmed two employee devices were compromised ChatGPT Desktop, Codex App, Codex CLI, and Atlas certificates rotated Demonstrates how modern attacks now spread through trusted development infrastructure 2. West Pharmaceutical Ransomware Attack A cyberattack against a company most people have never heard of — but nearly everyone depends on: West Pharmaceutical components are used in roughly 43 billion injectable drug deliveries annually Includes Ozempic, Wegovy, insulin pens, vaccines, and hospital injectables Systems taken offline globally after ransomware deployment Manufacturing disruptions continue weeks later 3. Allied World v. Change Healthcare — The Financial Fallout Begins The legal consequences of the Change Healthcare breach are escalating: Cyber insurer Allied World filed suit seeking more than $1 million in damages Avesis operations were disrupted for roughly 90 days Root cause traced to a low-level Citrix account with no MFA Credentials were reportedly circulating on Telegram prior to the breach The Bottom Line The modern business attack surface is no longer just your company. It's: your software vendors your healthcare clearinghouses your package repositories your pharmaceutical suppliers Every trusted relationship is now a potential point of failure. And when those companies get breached, your business absorbs the consequences. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, supply chain attacks, AI threats, and executive-level cybersecurity strategy.

Ratings & Reviews

5
out of 5
5 Ratings

About

Security Squawk is a business podcast dedicated to helping business people fight the war against cyber criminals.

You Might Also Like