Sorry for dropping two episodes in the feed in one day, but we also needed to find time to talk about the critical zero-day vulnerability in Apache HTTP Server. An attacker could exploit this vulnerability to perform path traversal and eventually remote code execution. Patch for this one as soon as possible, and use the Snort rule we have available now.
Feb 26
Holding the line: Service provider security
Service providers are the backbone of modern connectivity — but why are they such attractive targets for cyber actors, and what happens when critical networks go down? In this episode, Martin Lee joins Amy to explore the shifting threat landscape for service providers, asking how ... Show More
29m 12s
Aug 2024
Episode 85: Practical Applications of DEFCON 32 Web Research
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus w ... Show More
1h 30m
Jun 2025
A tale of two botnets. [Research Saturday]
This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in W ... Show More
21m 55s
Jul 2024
PP021: Critical Vulnerabilities, AI-Assisted Scams, Compromised VPNs, and More Security News
It’s an all-news episode for this week’s Packet Protector podcast. We cover critical vulnerabilities in the MOVEit file transfer software and in thousands of ASUS routers, and a remote code execution vulnerability in a Windows wireless driver that you really should patch. We disc ... Show More
36m 42s
May 2025
Triofox and the key to disaster. [Research Saturday]
This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gl ... Show More
19m 26s
Feb 2024
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deceptio ... Show More
1h 39m
<p>In this episode from KubeCon Paris 2024, we spoke to <a href="https://www.linkedin.com/in/degio/" target="_blank" rel="noopener noreferer">Loris Degioanni,</a> Co-Founder and CTO of <a href="https://sysdig.com/" target="_blank" rel="noopener noreferer">Sysdig</a> about Open So ... Show More
