Home Podcasts Crestvale Newsroom
Crestvale Newsroom

Crestvale Newsroom

Crestvale 159 Episodes Jul 3, 2026

Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.

Episodes

CISA adds SharePoint RCE CVE-2026-45659 to KEV Jul 3, 2026 364 Send us Fan MailA critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered. This episode breaks down what these shift
Tomcat auth bypass breaks security-constraint protections Jul 2, 2026 378 Send us Fan MailAuthentication controls failing silently is a different kind of risk. Today's episode breaks down how newly disclosed Apache Tomcat vulnerabilities allowed attackers to bypass protections that teams believed were enforced, and why this changes how you validate access controls. For security and IT leaders, the shift is clear. Configuration is no longer proof of enforcement. Yo
EY grads accused of PM bank snooping Jul 1, 2026 376 Send us Fan MailToday's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link. For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendor
ACSC warns FortiBleed: rotate creds, enforce MFA Jun 30, 2026 385 Send us Fan MailCredential-based security is breaking in multiple directions at once. Old passwords are being reused to breach networks, unpatched ERP systems are getting exploited in the wild, and attackers are shifting toward token theft that bypasses traditional login defenses entirely. For security and IT leaders, this is a shift from protecting logins to continuously validating identity acro
UK banks pilot consent-led reusable digital ID Jun 29, 2026 381 Send us Fan MailBanks are moving into identity, and that could reshape how authentication and onboarding work across the digital economy. A new UK pilot shows how bank-verified identity attributes may become reusable across services, shifting control away from fragmented KYC systems. For security and IT leaders, this signals a change in where trust lives. Identity may consolidate around instituti
Bucket hijacking silently reroutes cloud audit logs Jun 28, 2026 359 Send us Fan MailA new cloud attack pattern is quietly undermining one of the most trusted parts of your security stack: logging. By deleting and recreating storage buckets, attackers can reroute audit logs without triggering alerts, leaving teams blind while data continues to flow. This matters because detection, response, and forensics all depend on trustworthy telemetry. At the same time, acces
Amazon Q repo bug steals AWS creds Jun 27, 2026 370 Send us Fan MailAI developer tools and modern supply chains are introducing new paths to credential theft and account compromise. Today's episode focuses on how routine actions like opening a repository or running a build can now trigger silent execution and expose sensitive access. For security and IT leaders, the shift is structural. Trust boundaries are moving closer to developer workflow
Five Eyes: frontier AI cyber risk soon Jun 25, 2026 330 Send us Fan MailFrontier AI is collapsing the time between vulnerability discovery and exploitation, and security teams are running out of buffer. This episode breaks down the latest warning from Five Eyes cyber agencies and what it means for how quickly organizations need to act. The shift is not about new tools. It is about speed, identity control, and treating cyber risk as a core business fun
White House sets 2030, 2031 PQC deadlines Jun 24, 2026 396 Send us Fan MailPost-quantum cryptography just moved from long-term planning into near-term compliance. The US government has set firm deadlines that will ripple across contractors, vendors, and global standards, forcing organizations to confront how little they actually know about their own cryptographic footprint. This matters because most teams are not prepared for the operational side of this
OpenAI Daybreak moves from bugs to patches Jun 23, 2026 345 Send us Fan MailSecurity is shifting from finding vulnerabilities to fixing them at machine speed. OpenAI's latest moves signal that automated remediation is becoming the new baseline, not an advantage. For security and IT leaders, this changes how teams should operate. Backlogs are no longer acceptable, and tools that cannot generate and apply fixes will fall behind. At the same time, AI is
GentleKiller uses BYOVD to kill EDRs Jun 22, 2026 350 Send us Fan MailRansomware operators are no longer trying to evade detection. They are disabling endpoint defenses at the kernel level before attacks even begin, changing how security teams need to think about control and visibility. This shift matters because many security strategies assume tools will stay active long enough to respond. At the same time, law enforcement is exposing how ransomwar
Gravity SMTP flaw leaks WordPress API keys Jun 21, 2026 353 Send us Fan MailA WordPress plugin flaw is exposing API keys, and attackers are already using it to move beyond simple exploits into account takeover and lateral access. This is not just a CMS issue. It is a reminder that secrets management failures can quickly become identity incidents. For security and IT leaders, the takeaway is immediate. Email infrastructure, API keys, and integrations now s

Recommended