Below are some interesting points I found from podcasts listened to during December 2025

Security Now! #1054: Bots in the Belfry

Key Points:

• Scattered Lapsus$ Hunters vs. Salesforce Ecosystem: A new threat actor amalgam (Scattered Spider, Lapsus$, and ShinyHunters) has targeted third-party tools with API access to Salesforce data—specifically Gainsight. While Salesforce and its customers reported no direct platform breach, the incident highlights a massive supply-chain risk: the security of external services that possess high-level API permissions to sensitive customer environments.
• Cisco’s Pivot to Secure-by-Design: Cisco has announced a significant shift in its device design philosophy. This move transitions from merely warning users about insecure defaults to removing insecure features entirely. The goal is a “secure networking” environment where devices are hardened by default, requiring less manual intervention from engineers to maintain a secure baseline.

Reference: Security Now! #1054 Show Notes

Laketec: The Network Buzz — The Future of E-Rate

Key Points:

• E-Rate Foundations: Established as part of the Telecommunications Act of 1996 (starting in 1998) and overseen by the FCC, E-Rate provides vital funding for schools and libraries. It is funded via the Universal Service Fee on consumer phone bills rather than through general tax revenue.
• Funding Categories: The program is divided into Category 1 (connectivity to the building) and Category 2 (internal connections/managed internal broadband services).
• Expansion of Access: Since 2015, the program has evolved to ensure that every eligible applicant has a predictable path to funding, focusing on modernizing classroom connectivity and, more recently, looking at cybersecurity pilot programs.

Reference: The Future of E-Rate with Dan Rivera

• Podcasts