What happens when the tool you download to find vulnerabilities becomes the vulnerability itself? This week we dissect the European Commission breach where attackers exfiltrated 91.7GB of sensitive data through Trivy, a trusted open-source security scanner.

We walk through the anatomy of a supply chain poisoning: how threat actors compromised upstream distribution channels, why traditional "trust but verify" models failed, and the three concrete controls that would have contained the blast radius. From artifact provenance verification to ephemeral CI/CD credentials, this episode translates the incident into an actionable playbook for security architects. If you’re ingesting third-party tools without cryptographic verification, this is the wake-up call you need before your next sprint.

In this episode of Cybersecurity Under Pressure: Real Attacks, Real Problems, we dive deep into the fascinating and destructive world of real-life cyber threats that have reshaped our global digital landscape.

Join us as we explore the infamous Stuxnet worm, a highly sophisticated malware that infiltrated air-gapped industrial control systems to sabotage physical infrastructure, proving that cyberattacks can have devastating real-world consequences.

We also unpack the massive Mirai botnet, which hijacked everyday IoT devices—like cameras and routers—by exploiting weak default passwords to launch some of the largest DDoS attacks in internet history. Finally, we discuss AMNESIA:33, a critical set of vulnerabilities hidden within open-source TCP/IP stacks that silently exposed millions of connected devices and complex supply chains worldwide.

Beyond the attacks, we analyze the real problems organizations face today. From the hidden risks of firmware modifications to the dangerous illusion of safety created by 'compliance-based' paperwork that fails to guarantee actual operational security.

Tune in to discover why shifting to outcome-based security and building robust embedded defenses is no longer optional, but essential for survival in today's threat landscape

In this episode, we dive into the alarming reality of cyber threats in the modern railway sector.

We explore major real-world incidents that prove critical infrastructure is a prime target, from a teenager derailing trams in Łódź, Poland using a reverse-engineered TV remote , to the notorious WannaCry ransomware outbreak that disrupted Deutsche Bahn's passenger information displays .

We also unpack how attackers halted multiple trains across Poland by spoofing unencrypted "radio stop" signals , the severe supply chain breach that paralyzed Denmark's DSB network , and the psychological impact of hackers infiltrating Iranian rail systems to post fake delay notices .

Join us as we break down these vulnerabilities and discuss why shifting from isolated legacy technology to robust, "Zero Trust" architectures and encrypted communications is absolutely essential for passenger safety