toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

276
active users

#cyberaware

0 posts0 participants0 posts today

AI is the new attack surface—are you ready?

From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.

Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:

▪️ The rise of shadow AI (yes, your team is probably using it!)
▪️ Real-world examples of AI misconfigurations and account takeovers
▪️ What to ask vendors about their AI usage
▪️ How to update your incident response plan for deepfakes
▪️ Actionable steps for AI risk assessments and inventories

Don’t let your AI deployment become your biggest security blind spot.

Watch now: youtu.be/R9z9A0eTvp0

Just released! Our Top Cybersecurity Control selection for Q2 2025 is Continuous Vulnerability Management (CVM).

Why CVM? We’ve analyzed the trends, and today’s threat landscape demands more than periodic scans and reactive fixes. Attackers are exploiting new vulnerabilities within hours, sometimes minutes, of disclosure. You need a program that’s always on, and it’s also becoming a compliance necessity.

Read the analysis on why CVM is the top control for Q2 and how to put it into action: lmgsecurity.com/why-continuous

Continuous vulnerability management image
LMG SecurityWhy Continuous Vulnerability Management Is the Top Cybersecurity Control for Q2 2025 | LMG SecurityContinuous vulnerability management is critical to combat today's cybersecurity threats. Learn why it's our top control for Q2 2025 and how it can reduce your risk.

Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?

These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.

Join us as we unpack:
▪ What “high-agency behavior” means in cutting-edge AI
▪ How API access can expose unpredictable and dangerous model actions
▪ Why these findings matter now for security teams
▪ What it all means for incident response and digital trust

Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!

Register today: lmgsecurity.com/event/cybersid

june25 cyberside chats live!
LMG SecurityCyberside Chats: Live! When AI Goes Rogue: Blackmail, Shutdowns, and the Rise of High-Agency Machines | LMG SecurityIn this quick, high-impact session, we’ll dive into the top three cybersecurity priorities every leader should focus on. From integrating AI into your defenses to tackling deepfake threats and tightening third-party risk management, this discussion will arm you with the insights you need to stay secure in the year ahead.

Almost every organization is using some type of AI, but are you securing it?

Download our free tip sheet: Adapting to AI Risks: Essential Cybersecurity Program Updates

From deepfake response plans to AI-specific access controls, this checklist helps you modernize your cybersecurity program and stay ahead of emerging threats.

Check it out: lmgsecurity.com/resources/adap

Is your data a security risk?

Organizations are rapidly embracing AI and cloud transformation, resulting in massive data consolidation. But with increased data comes increased risk. Are your sensitive datasets secure, or are you unknowingly exposing your organization?

In this video, we dive into:
🔹 Why security and SIEM tools are driving the growth of data lakes
🔹 Hidden risks from shadow data and shadow IT
🔹 Practical asset management challenges and tips to reduce your risk

Watch now for data and asset management tips! youtu.be/jYkW1GHmzEE

What happens to your digital world when you die?

In this noteworthy episode of Cyberside Chats, “Afterlife Access: Cybersecurity Planning for When You’re Gone,” we’re tackling this question that most people overlook.

Special guest @tompohl joins @sherridavidoff to explore the privacy and cybersecurity challenges of death and incapacity—from encrypted files and password managers to social media and smart devices.

Learn practical steps for protecting your digital legacy, including how to:

✔️ Create a secure digital inventory
✔️ Set up emergency access in password managers
✔️ Choose and prepare a digital executor
✔️ Plan your online presence after death
✔️ Build policies for organizational continuity

Don’t miss this timely conversation.
▶️ Video: youtu.be/gkFm_FowimI
🎧 Podcast: chatcyberside.com/e/navigating

Deepfake Danger: FBI Issues Urgent Warning on AI Voice Attacks

Since April, cybercriminals have been using AI-generated voice deepfakes to impersonate senior U.S. officials in phishing attacks that target current and former government personnel.

The FBI’s latest alert warns of growing threats from vishing (voice phishing) and smishing (SMS phishing), where attackers use cloned voices and fake texts to build trust, then trick victims into handing over sensitive data or access.

One tactic? Sending links that move the conversation to other messaging platforms, then hijacking accounts to target additional contacts.

You can't assume messages or even video calls are real these days, so always verify sensitive requests through another known communications channel! These attacks underscore the need for stronger verification protocols, staff training, and multi-layered defenses. Contact us if you need help implementing these proactive cybersecurity controls.

Read the full article: bleepingcomputer.com/news/secu

Are your defenses ready for the quantum future?

Quantum computing and cybersecurity are on a collision course—and it's time to start thinking about the impacts it will have on your organization.

Check out our latest blog to learn what quantum computing means for your organization, the NIST standards, how to protect your data, and what steps to take right now to stay ahead of the curve.

Read more: lmgsecurity.com/quantum-comput

LMG SecurityQuantum Computing and Cybersecurity: How to Secure the Quantum Future | LMG SecurityQuantum computing and cybersecurity are colliding—are you ready? Learn how emerging quantum threats could break today’s encryption and how to stay secure in a post-quantum world.

The hackers got hacked! In an ironic twist, LockBit, the infamous ransomware-as-a-service gang, was breached. Watch the new episode of Cyberside Chats as @sherridavidoff and @MDurrin share the details and explain what it means for cyber defenders.

We explore what was leaked, why it matters, and how this incident compares to past takedowns like Conti. You'll also get the latest insights into the 2025 ransomware landscape, from victim stats to best practices for defending your organization.

Watch or listen now and get practical takeaways to strengthen your ransomware response playbook.

Watch: youtu.be/xr-8GhazgME
Listen: chatcyberside.com/e/lockbits-o

File Transfer Tools Under Fire

Secure file transfer vulnerabilities are fueling massive breaches—and insurers are tightening the rules. In just 9 minutes, get expert insights on:

✅ The ripple effect of the CrowdStrike outage
✅ How the Cleo breach by the Clop gang impacts your data
✅ AI’s role in faster exploits and leaked code weaponization
✅ How cyber insurance is evolving
✅ What your team can do to stay protected

From MoveIt to Cleo, file transfer tools are prime targets. Don’t become the next headline.

Watch now: youtu.be/vAm5N8c2EGk

2025 Ransomware Trends You Need to Know

Ransomware isn’t slowing down—in fact, it’s evolving faster than ever in 2025. Watch our new video for details on ransomware trends, including:

🔹 AI-powered ransomware that evolves faster than defenders can keep up
🔹 A surge in rookie attackers using leaked playbooks and dark web kits
🔹 The 2025 must-have proactive prevention strategies

Watch now for the details! youtu.be/r4_ePm3swE0

The FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.

Watch the full Cyberside Chats episode to hear @sherridavidoff and @MDurrin 's insights on:

🔹 The FBI’s May 2025 alert
🔹 TheMoon malware and the Faceless proxy service
🔹 What these botnets mean for your enterprise
🔹 What you need to do now to stay protected

🎥 Watch the video: youtu.be/x_40BlvWsHk
🎧 Listen to the podcast: chatcyberside.com/e/outdated-r

Congratulations to @sherridavidoff and @MDurrin for an amazing session at #RSAC! PCWorld called their session on Evil AI and hacker tools like WormGPT “a glimpse into a mirror universe” that provided an “aha” moment about how AI is already impacting cybersecurity.

In a packed room at RSA, Sherri and Matt demonstrated how rogue AI tools are already finding vulnerabilities faster than many defensive systems and how the cybersecurity community must adapt.

Read PCWorld's full article: ow.ly/M6gz50VMXGo

PCWorldI saw how an “evil” AI chatbot finds vulnerabilities. It’s as scary as you thinkThese rogue AI chatbots don't just find vulnerabilities, but exploits for those weaknesses, too.

AI is making #cyberattacks faster and easier. Are you ready?

In our latest podcast, Hacker AI: Smarter Attacks, Faster Exploits, Higher Stakes, @sherridavidoff and @MDurrin dive into how cybercriminals are weaponizing AI to launch more convincing, scalable attacks—from deepfake scams to AI-assisted exploit development.
You'll hear about original research using real underground AI tools like WormGPT, plus field-tested strategies you can put into action today to defend your organization.

🎥 Watch the full episode: youtu.be/QfhmG7QxTdI
🎧 Listen on your favorite podcast app: chatcyberside.com/e/ai-in-cybe

Cybercriminals are using Google Ads to hijack accounts, steal data, and clone websites using AI—and it’s happening faster than you think.

Want to keep your company safe? Watch our latest video: Malvertising Attacks: How Google Ad Spoofed Account Attacks Work. You'll learn how these attacks work, why phishing is moving beyond email, and what practical steps you can take to defend your organization. youtu.be/Q_qTvyVlGwc

Microsoft 365 credential theft is evolving quickly!

Attackers are no longer just stealing your login—they’re using your own AI tools like Microsoft Copilot to accelerate fraud from inside your environment.

Our 4-minute video breaks down how threat actors are targeting Microsoft 365 accounts and weaponizing Copilot, Teams, SharePoint, and more to perform rapid reconnaissance, commit fraud, and exploit centralized trust systems.

Watch now to learn:

▪ How Copilot can be used against you
▪ Real phishing tactics mimicking Microsoft 365, Adobe & DocuSign
▪ Why SSO, OAuth, and poor access controls can make attacks worse
▪ What your organization must do to stay ahead

Watch the video! youtu.be/zaBwxy1Gjhc

How your team responds to a data breach can make a $1.5 million difference in damages. In our latest blog, Security Consultant Derek Rowe answers frequently asked questions about critical incident response training. This FAQ covers everything from what to look for in a class and how to grade your IT training maturity, to how IT training impacts compliance and BCDR.

Don’t wait for an attack to find out how prepared your team is. Read the blog: lmgsecurity.com/critical-incid

LMG SecurityCritical Incident Response Training: Your Top Questions Answered | LMG SecurityGet answers to your top questions about critical incident response training, and why it’s essential for cybersecurity success in 2025!

Register for Cyberside Chats: Live! Quantum Shift: How Cybersecurity Must Evolve Now!

Quantum computing is on the horizon, and it has the potential to revolutionize the way we think about cybersecurity. Join our April 23rd live session where cybersecurity experts @sherridavidoff and @MDurrin will dive into the implications of quantum technology on encryption and data security. Learn what steps security leaders should take today to prepare for this disruptive shift.

Don’t miss out on this opportunity to ask questions and stay ahead of emerging threats. Register now!

lmgsecurity.com/event/cybersid

LMG SecurityCyberside Chats: Live! Quantum Shift: How Cybersecurity Must Evolve Now | LMG SecurityIn this quick, high-impact session, we’ll dive into the top three cybersecurity priorities every leader should focus on. From integrating AI into your defenses to tackling deepfake threats and tightening third-party risk management, this discussion will arm you with the insights you need to stay secure in the year ahead.