
Crestvale Newsroom
Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.
Episodes
CISA adds SharePoint RCE CVE-2026-45659 to KEV
Send us Fan MailA critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered.
This episode breaks down what these shift
Tomcat auth bypass breaks security-constraint protections
Send us Fan MailAuthentication controls failing silently is a different kind of risk. Today's episode breaks down how newly disclosed Apache Tomcat vulnerabilities allowed attackers to bypass protections that teams believed were enforced, and why this changes how you validate access controls.
For security and IT leaders, the shift is clear. Configuration is no longer proof of enforcement. Yo
EY grads accused of PM bank snooping
Send us Fan MailToday's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link.
For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendor
ACSC warns FortiBleed: rotate creds, enforce MFA
Send us Fan MailCredential-based security is breaking in multiple directions at once. Old passwords are being reused to breach networks, unpatched ERP systems are getting exploited in the wild, and attackers are shifting toward token theft that bypasses traditional login defenses entirely.
For security and IT leaders, this is a shift from protecting logins to continuously validating identity acro
UK banks pilot consent-led reusable digital ID
Send us Fan MailBanks are moving into identity, and that could reshape how authentication and onboarding work across the digital economy. A new UK pilot shows how bank-verified identity attributes may become reusable across services, shifting control away from fragmented KYC systems.
For security and IT leaders, this signals a change in where trust lives. Identity may consolidate around instituti
Bucket hijacking silently reroutes cloud audit logs
Send us Fan MailA new cloud attack pattern is quietly undermining one of the most trusted parts of your security stack: logging. By deleting and recreating storage buckets, attackers can reroute audit logs without triggering alerts, leaving teams blind while data continues to flow.
This matters because detection, response, and forensics all depend on trustworthy telemetry. At the same time, acces
Amazon Q repo bug steals AWS creds
Send us Fan MailAI developer tools and modern supply chains are introducing new paths to credential theft and account compromise. Today's episode focuses on how routine actions like opening a repository or running a build can now trigger silent execution and expose sensitive access.
For security and IT leaders, the shift is structural. Trust boundaries are moving closer to developer workflow
Five Eyes: frontier AI cyber risk soon
Send us Fan MailFrontier AI is collapsing the time between vulnerability discovery and exploitation, and security teams are running out of buffer. This episode breaks down the latest warning from Five Eyes cyber agencies and what it means for how quickly organizations need to act.
The shift is not about new tools. It is about speed, identity control, and treating cyber risk as a core business fun
White House sets 2030, 2031 PQC deadlines
Send us Fan MailPost-quantum cryptography just moved from long-term planning into near-term compliance. The US government has set firm deadlines that will ripple across contractors, vendors, and global standards, forcing organizations to confront how little they actually know about their own cryptographic footprint.
This matters because most teams are not prepared for the operational side of this
OpenAI Daybreak moves from bugs to patches
Send us Fan MailSecurity is shifting from finding vulnerabilities to fixing them at machine speed. OpenAI's latest moves signal that automated remediation is becoming the new baseline, not an advantage.
For security and IT leaders, this changes how teams should operate. Backlogs are no longer acceptable, and tools that cannot generate and apply fixes will fall behind. At the same time, AI is
GentleKiller uses BYOVD to kill EDRs
Send us Fan MailRansomware operators are no longer trying to evade detection. They are disabling endpoint defenses at the kernel level before attacks even begin, changing how security teams need to think about control and visibility.
This shift matters because many security strategies assume tools will stay active long enough to respond. At the same time, law enforcement is exposing how ransomwar
Gravity SMTP flaw leaks WordPress API keys
Send us Fan MailA WordPress plugin flaw is exposing API keys, and attackers are already using it to move beyond simple exploits into account takeover and lateral access. This is not just a CMS issue. It is a reminder that secrets management failures can quickly become identity incidents.
For security and IT leaders, the takeaway is immediate. Email infrastructure, API keys, and integrations now s
Klue breach weaponized OAuth tokens into CRM exfiltration
Send us Fan MailA breach at Klue shows how attackers are shifting away from breaking core systems and instead exploiting trusted integrations. By stealing OAuth tokens, they turned normal API access into a high-speed data exfiltration path inside Salesforce environments.
This matters because most organizations do not tightly manage their integrations, token lifecycles, or non-human identities. At
Cisco patches critical ISE command-exec flaw
Send us Fan MailCisco's latest ISE vulnerability is a reminder that when identity infrastructure breaks, everything behind it is exposed. At the same time, CISA is redefining how quickly organizations are expected to respond to real-world threats, with patch timelines shrinking to days when exploitation is active.
This episode breaks down what it means when your network access control layer
FortiBleed breaches 30k–73k Fortinet devices
Send us Fan MailCredential reuse just turned tens of thousands of edge devices into an attack platform. This episode breaks down how Fortinet systems were accessed without exploits, and why identity at the perimeter is now the real control plane.
For security and IT leaders, the pattern is clear. Weak authentication at internet-facing systems is no longer a gap, it is a direct entry point. At the
GitGuardian scans dev laptops for plaintext secrets
Send us Fan MailThe security boundary is shifting from systems to identities, and endpoints are now at the center of that change. Developer machines are increasingly becoming the easiest path into production environments as credentials leak through logs, caches, and AI tooling.
This matters because traditional security models still separate endpoint protection from identity control. That gap is n
NewCore raises $66M for AI agent IDs
Send us Fan MailAI agents are rapidly becoming first-class actors inside enterprise environments, and identity systems are struggling to keep up. This episode looks at NewCore's $66 million bet on rebuilding identity for a world where agents outnumber employees, and why that shift is already underway.
For security and IT leaders, this is not just a tooling change. It is a shift in what ident
Microsoft pulls 73 GitHub repos after malware
Send us Fan MailA supply chain attack targeting developer tools forced Microsoft to remove dozens of GitHub repositories, highlighting a shift in where real risk now sits. This episode breaks down how attackers are moving closer to credentials through trusted workflows, and why AI development environments are becoming a high value target.
For security and IT leaders, the implication is direct. De
US export controls shut off Anthropic models
Send us Fan MailAI access is no longer just a product feature. It is becoming controlled infrastructure. In this episode, we break down how U.S. export controls forced Anthropic to shut down major models globally, and what that signals for any team relying on third-party AI.
The shift has real consequences. Security workflows can stop overnight. Vendor risk now includes geopolitical decisions. An
CISA orders Ivanti Sentry patch by Sunday
Send us Fan MailCISA just enforced a seventy two hour patch deadline for actively exploited infrastructure, and that single move signals a broader shift in how fast security teams are expected to operate.
This episode breaks down what that means in practice, from Ivanti Sentry exposure to the growing expectation that internet-facing systems must be treated as compromised almost immediately. It al
South Korea fines Coupang $400M after breach
Send us Fan MailA record fine against Coupang signals a shift in global privacy enforcement, with regulators willing to apply maximum penalties across borders after insider-driven breaches.
For security and IT leaders, this changes how breach risk is modeled. Insider access is now a primary threat vector, and global enforcement is no longer theoretical. At the same time, Shadow AI and developer-t
ServiceNow bug exposed customer instance data online
Send us Fan MailA ServiceNow vulnerability exposed how quickly SaaS platforms can become part of your attack surface, while new federal guidance is shrinking vulnerability response windows to just three days.
This episode breaks down what the ServiceNow incident means in practice, why CISA's seventy two hour remediation expectation is a major shift, and how AI agents are quietly expanding id
Anthropic adds mandatory 30-day traffic retention
Send us Fan MailFrontier AI access is starting to look like a gated system, and the price is visibility. Anthropic's latest model release makes thirty day data retention a requirement, signaling a broader shift in how advanced AI will be governed and consumed.
For security and IT leaders, this is not just a policy change. It directly affects how AI can be used in sensitive workflows, what da
Check Point VPN flaw bypasses passwords in IKEv1
Send us Fan MailToday's episode focuses on two failures that point to the same root issue: identity controls breaking under outdated assumptions. A Check Point VPN flaw shows how legacy configurations like IKEv1 can silently become open doors, while Meta's AI-powered recovery flow demonstrates how automation can bypass core verification entirely.
For security and IT leaders, the takeawa
Miasma worm hit 73 Microsoft GitHub repos
Send us Fan MailA new supply chain attack shows that simply opening a code repository can now execute malware inside common developer tools. At the same time, AI search is beginning to surface fraudulent websites, and outages in upstream models are breaking features inside everyday SaaS platforms.
For firm leaders, this is a shift in where risk lives. It is no longer just at the network edge. It
OpenAI adds Lockdown Mode for ChatGPT
Send us Fan MailAI tools are forcing a new tradeoff between capability and control. OpenAI's Lockdown Mode makes that explicit by limiting what ChatGPT can access during sensitive work, rather than trying to eliminate risk entirely.
For professional service firms, this shifts AI from a productivity tool into a governance decision. Leaders now need clear policies for when full capability is a
Fake IT staff hit law firms in-person
Send us Fan MailPhysical access is becoming the new attack vector for professional service firms. Today's episode looks at the rise of ransomware groups showing up in person at law offices, bypassing traditional cybersecurity defenses entirely.
For firm leaders, this shifts the problem from technical controls to operational discipline. Identity verification, front desk protocols, and staff a
Trump AI EO makes patching a compliance issue
Send us Fan MailAI security just became an operational requirement, not a policy discussion. New federal direction is pushing vulnerability management and rapid patching into enforceable territory, with implications that extend well beyond large tech companies.
For professional service firms, this shift will show up in client demands, audits, and engagement terms. The ability to prove disciplined
Ramp Stack launches agentic close for accounting
Send us Fan MailAutomation is moving from assistance to execution inside accounting firms. Ramp's new Stack platform signals a shift where AI agents can run the monthly close end to end, with auditability built in. That changes how work gets done and how firms price it.
For firm leaders, this is not just another tool. It challenges the labor model behind core revenue. At the same time, risks
Workday launches Agent Passport for AI verification
Send us Fan MailAI is moving faster than the systems designed to control it. Today's episode focuses on how governance, verification, and security are becoming the real constraints as firms adopt AI inside sensitive environments.
Workday's new Agent Passport signals a shift from building AI to proving it is safe. At the same time, Cisco and Anthropic are accelerating the pace of vulnera
CaronBletzer launches Atlura practice ops platform
Send us Fan MailA CPA firm just launched a platform it built for itself, and it highlights a deeper shift in how professional service firms are expected to operate. This episode breaks down Atlura and why scheduling, not features, is becoming the center of firm performance.
For firm leaders, the message is direct. Disconnected systems are no longer just inefficient. They are a competitive risk. A
Germany approves draft law for active cyber defense
Send us Fan MailCyber policy, AI cost, and cryptography are all shifting at the same time, and the direction is clear. Governments are moving toward active intervention, AI pricing is normalizing, and post-quantum readiness is becoming an operational requirement.
For professional service firms, this is not abstract. Faster government response means higher expectations for your own security postur
GitHub Copilot shifts to tokens June 1
Send us Fan MailAI costs are becoming variable, security risks are becoming immediate, and governance is becoming mandatory. This episode breaks down GitHub Copilot's shift to usage-based pricing and what it signals for every AI tool your firm is adopting.
For founders and firm leaders, this is about control. Costs that used to be predictable are now tied to behavior. At the same time, a liv
Shadow AI triggers SEC Item 1.05 8-K
Send us Fan MailA single internal AI misuse just triggered a federal disclosure, and it is redefining what counts as a reportable incident. This episode breaks down how "shadow AI" moved from a policy concern to a governance and regulatory risk overnight.
For firm leaders, the implications are immediate. AI usage is now part of your security perimeter, even when no systems fail and no a
Kirkland commits $500M to build AI platform
Send us Fan MailKirkland and Ellis is committing five hundred million dollars to build its own AI platform, signaling a shift from using external tools to owning the systems that deliver legal work. This move ties directly to value based pricing and long term control over how services are produced and sold.
For firm leaders, the implication is clear. Proprietary workflows and institutional knowle
How Cisco is redesigning security for AI threats
Send us Fan MailCisco is moving away from periodic patching and into continuous exposure management, a shift driven by AI attackers moving at machine speed. This episode breaks down what that change means for firms that still rely on slow security rhythms and why the old model no longer holds up.
For founders and firm leaders, the message is clear. Exposure now grows at the speed of your slowest
Frontier AI now a security asset for boards
Send us Fan MailFrontier AI has crossed an important threshold, and national security experts now want boards to treat the most advanced models as assets that require serious protection. This episode breaks down the policy shift and what it means for professional service firms adopting AI across client work, operations, and security.
For leaders, the implications are direct. Advanced models now c
Microsoft, Uber rethink AI coding tools as costs spike
Send us Fan MailToday's episode focuses on the growing tension inside firms as AI coding tools scale faster than budgets can support. Microsoft and Uber are both pulling back after runaway usage pushed costs far beyond expectations. Their shift is an early signal for professional service firms evaluating how to control consumption before it becomes an uncontrolled expense.
This matters becau
PHP supply chain breach drains cloud keys, logins
Send us Fan MailA hidden compromise in PHP localization packages shows how a small dependency can undermine an entire build pipeline. Attackers rewrote trusted tags and turned routine updates into credential theft paths, hitting cloud keys, developer tokens, and browser logins. For firms that rely on Composer or automated CI workflows, this is a real exposure moment.
This episode breaks down why
California FEHA AI rules make policies mandatory
Send us Fan MailCalifornia's new rules for AI use in hiring raise the risk floor for every employer operating in the state. This episode explains what is changing, why the exposure has already begun, and what firm leaders need to put in place before staff AI use turns into a compliance problem.
We also break down the rise of the system of intelligence, the shift inside modern finance tools,
NY warns AI-fueled cyber risk is board-level now
Send us Fan MailNew York's financial regulator has issued a sharp warning that frontier AI has compressed the cyber threat timeline from years to months. This episode breaks down what the shift means for firms that handle sensitive client data and why board‑level attention is no longer optional.
We explain why this matters for founders and firm leaders, especially as AI driven exploitation b
Tenable OPEN unifies fragmented tools for MSP security
Send us Fan MailTenable's new OPEN platform takes aim at the core problem inside many security programs: fragmented data that slows down action. By unifying exposure details across tools, it offers firms a cleaner path to deliver higher-value remediation without forcing clients to rebuild their stack.
This matters for founders and managing partners because client expectations are shifting fa
Verizon DBIR: vulns now fastest path to breach
Send us Fan MailVulnerability exploitation has now become the fastest way attackers break into organizations, overtaking stolen credentials for the first time in nearly two decades. This episode unpacks what changed, why patching discipline is slipping, and how third‑party exposure is amplifying risk.
For firm leaders, the message is direct. Slow remediation timelines and outdated workflows now c
Databricks puts AI agent tools under strict controls
Send us Fan MailDatabricks is pushing governance down to the tool layer, creating enforceable controls on what AI agents can actually do inside production systems. This shift matters because most real incidents come from over-permissioned tools, not model behavior. The episode explains how this new control plane works and why it changes the risk profile for firms deploying autonomous agents.
For
Why CPAs are central to real AI assurance
Send us Fan MailThis episode explains why accountants are becoming central to AI governance. Most AI systems used in client work cannot be independently verified, and the profession is the only group with the methods to fix that gap. Firms that define credible assurance now will shape the standards others must follow.
This matters for leaders because AI is already embedded in audit work, client s
Claude Mythos helps crack Apple M5 security
Send us Fan MailToday's episode breaks down how a small research team paired with Anthropic's Mythos model to crack Apple's M5 kernel defenses in just five days. It marks a turning point in how quickly targeted exploit research can advance when humans and reasoning engines work together.
For firm leaders, the real story is what this speed means for testing, patching, and vendor ris
AI-fueled cyberattacks jump 89%, staffing lags badly
Send us Fan MailAI driven attacks are moving faster than most security teams can respond, and the gap is widening. Today's episode looks at how exploit timelines have collapsed to hours and what that means for firms still relying on manual patch cycles and traditional staffing levels.
This matters because leaders are now responsible for defending against threats that arrive faster than their
FedRAMP 20x pushes firms toward continuous security
Send us Fan MailFedRAMP's move toward continuous validation is reshaping what cloud and software vendors must prove to stay trusted. This episode breaks down how the twenty‑times initiative changes security expectations and why real‑time evidence is becoming the new baseline for federal and commercial buyers.
For firm leaders, the message is clear. Continuous monitoring, automated control ch
AI benchmarks mislead firms on real tax capacity
Send us Fan MailToday's episode explains why AI benchmarks are leading many firms toward the wrong adoption decisions. Leaders are treating model scores as if they reflect real tax production environments, and it is causing some firms to fall a full cycle behind competitors already using agent based workflows.
This matters because the real leverage comes from systems that combine models with
Anthropic embeds Claude in QuickBooks and PayPal
Send us Fan MailAnthropic is putting Claude directly inside QuickBooks, PayPal, and other back office systems. This shift moves AI from something staff experiment with to something embedded in the daily workflow. It raises expectations for responsiveness and reporting in every small firm.
For leaders in professional services, this matters because your clients will adopt these features long before
AI-built zero-day exploit shows cyber offense speeding up
Send us Fan MailAI‑assisted offense is no longer theoretical. Today's episode breaks down Google's confirmation that attackers used AI to build a zero‑day aimed at a widely used admin platform, and why this marks a turning point in how fast defenders must operate.
We explain why professional service firms now face compressed timelines for patching, detection, and credential hygiene, and
AI tools quietly hollowing out your junior talent
Send us Fan MailToday's episode looks at a growing risk inside professional service firms: AI tools are accelerating junior work, but they are also weakening the reasoning skills needed for long‑term talent development. Early pilots show that answer‑first tools make juniors defer instead of analyze, which can hollow out the partner pipeline over time.
This matters because the firms adopting
California begins surprise cyber audits this year
Send us Fan MailCalifornia has started surprise cybersecurity audits years ahead of the formal certification window, creating pressure for any firm holding meaningful data on Californians. These audits can escalate directly into enforcement, and regulators are now examining governance, vendor decisions, data flows, and AI use with far more scrutiny.
For founders and managing partners, this means
Canvas ransomware shows your single-vendor SaaS exposure
Send us Fan MailToday's episode looks at how the ransomware attack on Canvas exposed the fragility that comes from relying on a single SaaS provider. One breach froze entire institutions, showing leaders why vendor risk management can no longer be treated as an afterthought.
We explain why shorter certificate lifespans from Let's Encrypt raise the stakes for firms that depend on automat
QuickBooks Workforce reshapes HCM and payroll for SMBs
Send us Fan MailIntuit is reshaping the small business back office by turning QuickBooks into a full people management platform. With hiring, onboarding, time tracking, benefits, and payroll now under one roof, advisors will feel new pressure to understand how these tools change workforce planning, cash flow, and compliance.
For professional service firms, the shift matters because clients will e
Trust prompts in AI CLIs can execute code
Send us Fan MailToday's episode dives into a new supply chain weakness hiding inside AI coding tools. A single trust prompt in four major command line assistants can trigger code execution on developer machines and inside continuous integration pipelines. This creates a quiet but serious path for credential theft and file access.
For professional service firms, this matters because AI coding
Palo Alto firewall zero‑day: root access risk now
Send us Fan MailToday's episode focuses on the Palo Alto firewall zero day that grants attackers root access when portals are exposed to the open internet. With patches weeks away, configuration changes are the only reliable defense, and firms with exposed systems face immediate risk.
This matters because a compromised firewall is one of the most damaging footholds an attacker can gain. Prof
OpenAI, PwC turn finance into agentic AI lab
Send us Fan MailOpenAI and PwC are turning finance into a proving ground for autonomous agents, signaling that procurement, tax, and close processes may soon run with far fewer human touch points. This episode breaks down what that shift means for firms that support corporate finance teams and why expectations around workflow design are about to change.
For leaders in accounting, law, and advisor
Wall Street’s $1.5B Anthropic JV targets clients
Send us Fan MailToday's episode looks at a major shift in how AI will reach mid‑market companies, as Anthropic moves toward a multibillion‑dollar joint venture with major private equity firms. This partnership creates a direct channel to roll out AI across entire portfolios, speeding adoption and raising expectations for every company that serves these clients.
For founders and firm leaders,
Israel warns CEOs: AI-driven cyberattacks accelerating
Send us Fan MailToday's episode focuses on the growing speed gap between AI driven cyberattacks and the slow operational habits inside many firms. Israel's top cyber official warned CEOs that attackers now operate at machine tempo, and leaders who still rely on manual processes are already behind.
This matters because professional service firms depend on trust, rapid judgment, and stabl
AI erodes Big Law’s leverage model, junior roles
Send us Fan MailThis episode looks at how AI is erasing the junior layers of Big Law and forcing a rethinking of the traditional leverage model. The bottom of the pyramid is shrinking quickly, and firms that depend on junior staff to learn by doing now face a structural gap in training and future leadership development.
For professional service firms, this shift previews what happens when AI abso
US, UK issue strict AI agent security rules
Send us Fan MailGovernments have issued strict new rules on how AI agents can operate inside real workflows, signaling a major shift in what counts as safe deployment. Today's episode breaks down what changed and why these standards now matter for every professional services firm experimenting with automation.
These rules redefine the baseline for agent permissions, identity controls, and ho
Amazon turns Connect into AI agents for firms
Send us Fan MailAmazon is pushing agentic AI directly into hiring, support, and back office workflows through new capabilities in Amazon Connect. This episode breaks down what changed and why professional service firms should pay attention to the speed and cost implications as these tools mature.
For leaders at accounting, law, and advisory firms, the message is clear. These AI agents will compre
Black Ore Tax Autopilot reshapes 2026 tax season
Send us Fan MailBlack Ore's launch of fully autonomous tax return preparation is the clearest sign yet that the work model for tax practices is changing. Instead of AI assistance, firms now have a path to full prep automation with human review layered on top. Early adopters stand to reset their cost structure and capacity planning for the coming season.
This matters because leaders who move
GitHub Copilot moves to AI credit billing June 1
Send us Fan MailGitHub is shifting Copilot to usage-based billing on the first of June, and this is the moment when AI development tools stop being cheap experiments and start acting like real infrastructure. This episode breaks down what the change means for cost visibility, governance, reporting, and performance measurement inside professional service firms.
Leaders will feel this shift in thei
IRS offers Form 907 lifeline on ERC denials
Send us Fan MailThe Internal Revenue Service has created a narrow escape hatch for Employee Retention Credit denials, and firms now have a short window to keep refund claims alive. This episode explains what Form 907 actually does, who qualifies, and why the statute of limitations is the real threat for many clients.
For leaders at accounting, law, and advisory firms, the bigger story is how thes
Microsoft Entra agent role exposed tenant-wide access
Send us Fan MailMicrosoft fixed a dangerous role misconfiguration in Entra that briefly allowed broad takeover of service principals across entire tenants. This episode explains what happened and why firms should treat service principal ownership with the same seriousness as high‑privilege user accounts.
For founders and firm leaders, the deeper issue is the pace at which cloud platforms introduc
MSPs turn Google’s $750m AI push into revenue
Send us Fan MailToday's episode looks at how agentic AI is shifting from experimentation to billable work. Google, Microsoft, and leading security vendors are signaling that firms should turn pilots into repeatable services, with early movers setting the price points clients will adopt.
This matters because clients are no longer paying for AI concepts. They are paying for deployment, governa
Google rolls out Gemini Enterprise Agent Platform
Send us Fan MailGoogle is launching the Gemini Enterprise Agent Platform, a unified control system for building and managing AI agents across an organization. The new platform replaces scattered tools with a single place to handle development, data access, scaling, and governance. For firms planning to operationalize agents, this move sets new expectations for what enterprise AI needs to include.
Turn AI governance into a recurring MSP service
Send us Fan MailThis episode looks at the growing demand for operational AI governance. Acronis introduced a new service that turns AI oversight into a recurring managed offering, giving firms real visibility into client use and the ability to enforce guardrails before problems develop.
For professional service leaders, the shift matters because clients are adopting AI faster than internal contro
AI agents trigger security incidents at two-thirds of firms
Send us Fan MailToday's episode breaks down the surge in AI driven security incidents across professional service firms. AI agents are now showing up inside environments without approval, oversight, or controls, and the operational impact is already visible. Firms are facing data exposures, disruptions, and unintended actions because bots with real credentials are making decisions no one is m
Vercel breach shows hidden risk in employee AI
Send us Fan MailToday's episode breaks down the breach at Vercel that started with a single employee connecting a consumer AI app to a corporate account. It is a clear example of how everyday tools create hidden access paths that can bypass even strong security programs.
For firm leaders, the message is direct. OAuth permissions are now a frontline risk. If teams are linking personal AI tool
UK warns boards: AI cyber risk is escalating
Send us Fan MailAI driven cyberattacks are accelerating, and boards are being warned that security can no longer sit in an IT corner. This episode breaks down new guidance from the United Kingdom, fresh model releases from OpenAI, and the latest breach hitting a major hosting provider. The theme running through all of it is simple: attack speed is rising, and governance needs to keep up.
Professi
MFA-bypassing phishing kits surge after Tycoon takedown
Send us Fan MailThis episode breaks down the surge in MFA bypass phishing kits after the Tycoon takedown. The removal of more than three hundred domains did not slow attackers. It pushed them into smaller platforms that copied Tycoon's methods and expanded them. For firm leaders, this shift signals that MFA alone no longer blocks modern credential theft.
This matters because these new kits i
NYDFS cyber attestations tighten MFA, asset proof
Send us Fan MailNew York regulators have tightened cybersecurity attestations, creating immediate downstream pressure on every service firm that works with clients under state oversight. This episode explains what changed, why the new multi factor authentication and asset inventory requirements matter, and how they will influence vendor expectations across accounting, law, and advisory practices.
AmEx buys Hyper, turning cards into AI workflows
Send us Fan MailAmerican Express is buying Hyper to pull AI agents directly into corporate spend workflows. This move signals a shift in how expense management will work, pushing policy enforcement and review into the moment a purchase happens instead of the end of the month.
For professional service firms, this matters because manual expense workflows will soon feel slow and error‑prone compared
Microsoft, Dayshape bring agentic staffing into ERP
Send us Fan MailToday's episode breaks down the move by Microsoft and Dayshape to bring automated staffing directly into the core systems that professional service firms already use. This shift marks a turn away from reactive scheduling and toward continuous, machine‑driven allocation. It has immediate implications for margins, workload balance, and client delivery.
For firm leaders, this ma
CSA warns Mythos will overwhelm patching programs
Send us Fan MailThis episode breaks down why Anthropic's new system called Mythos is forcing firms to rethink their entire security posture. The Cloud Security Alliance warns that the old buffer between discovering a vulnerability and exploiting it is disappearing, and slow patching cycles will not survive the shift.
For leaders in accounting, law, and consulting, this change hits the core o
Commvault turns backup into AI agent control plane
Send us Fan MailToday's episode focuses on how Commvault is repositioning itself from a backup provider to a control layer for AI agents. The company is aiming to solve a growing problem for firms: proving what an agent used, what it touched, and how to reverse its mistakes. As agent use accelerates, this control gap is becoming one of the biggest operational risks for professional service fi
Adobe Reader zero-day makes every PDF risky
Send us Fan MailA new Adobe Reader zero day is being used in live attacks, and it turns everyday PDF handling into a possible breach path. This episode breaks down what the flaw does, why it matters for firms that handle sensitive documents, and what leaders should do before the workday gets going.
This matters because professional service firms rely heavily on PDF workflows. A remote code execut
Recommended

The Rise and Fall of Ruby Franke

Social Media for B2B Growth: LinkedIn Strategy for B2B Marketers

Somewhere in the Skies

Buddhability

Raíces - El Podcast de la Dra María Velasco

Artículos de Abre la Biblia

ANA DE LAS TEJAS VERDES - Libros

Supreme Court Decision Syllabus (SCOTUS Podcast)

the JustPod

Brian Lehrer: A Daily Politics Podcast

The Daily

Doctor Zhivago Slow Read