The Jerich Show Podcast

In this episode of The Jerich Show, Erich Kron and Javvad Malik dive headfirst into the week’s most curious, cringeworthy, and critical cybersecurity stories.

First up: a global honeypot powered by over 5,300 compromised Cisco devices—courtesy of the ViciousTrap botnet. Then, it's schadenfreude central as the developers of DanaBot malware accidentally infect themselves. Karma, meet keyboard.

We’ll also unpack Europol’s massive takedown of ransomware infrastructure, which led to the seizure of 300 servers and €3.5 million in crypto. Not to be outdone, two ATM heist suspects made their arrest even easier... by taking selfies mid-crime.

And finally, the UK’s NCSC shows us how to securely retire old tech—because tossing servers in the skip just isn’t secure policy.

Join Erich and Javvad for sharp takes, security snark, and the cybersecurity fails you’ll want to learn from (or at least laugh at).

In this episode of The Jerich Show, join your favorite cybersecurity duo, Erich Kron and Javvad Malik, as they dive into some truly wild cybercrime stories making headlines around the globe. Hackers who've been terrorizing UK retailers have hopped the pond to target US companies, while Japan's bold plan to double its cybersecurity workforce might mean saying sayonara to tough certifications. Meanwhile, the EU arms defenders with a shiny new vulnerability database, and the discovery of rogue communication devices lurking in Chinese-made solar inverters sparks fresh paranoia. Plus, could your CPU itself soon be held hostage by ransomware? Tune in for laughs, insights, and a healthy dose of cyber skepticism!

Stories from the show:

Hackers behind UK retail attacks now targeting US companies
https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/

Japan aims to double cybersecurity specialists by 2030, relax certification requirements
https://asianews.network/japan-aims-to-double-cybersecurity-specialists-by-2030-relax-certification-requirements/

EU launches vulnerability database to tackle cybersecurity threats
https://therecord.media/eu-launches-vulnerability-database

CPU microcode hack could infect processors with ransomware directly
https://www.techradar.com/pro/security/cpu-microcode-hack-could-infect-processors-with-ransomware-directly

‘Rogue’ communication devices found on Chinese-made solar power inverters
https://www.utilitydive.com/news/rogue-communication-devices-found-on-chinese-made-solar-power-inverters/748242/

In this episode, Erich and Javvad discuss how Lockbit appears to be hacked again, Qlin makes a jump to #1 in the ransomware game, Google gets serious against scams with Gemini, and more!

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html

LockBit ransomware gang hacked again

https://www.computing.co.uk/news/2025/security/lockbit-ransomware-gang-hacked-again

UK Cyber Insurance Claims Second Highest on Record

https://www.infosecurity-magazine.com/news/uk-cyberinsurance-claims-second/

Erich and Javvad recap the top stories in Cybersecurity this week including the cyber attack on Iran and a huge DD0S attack. All this and More

Erich and Javvad summarize this week’s cyber soap opera and bring you a tangled web of digital deceit, artificial “intelligence,” and just enough government extradition drama to keep things spicy.

From Spain With Wire Fraud: Alleged “Scattered Spider” member Tyler Buchanan thought sunny Spain was a safe hideout—until the long arm of U.S. justice said hola. Extradited for allegedly scamming Caesars and MGM, his toolkit included SIM swapping and social engineering. Welcome to America, Tyler—hope you like federal courtrooms.

Phishing with Google’s Seal of Approval: Meanwhile, phisherfolk are reusing Google's DKIM signatures like they’re leftover lasagna—slapping them onto spoofed emails from no-reply@accounts.google.com and tricking even the most paranoid clickers. The result? Legit-looking credential traps hosted on Google Sites. It's like gourmet phishing, served with a side of irony.

Darcula Gets a Brain Upgrade: And if you thought cybercrime required effort, think again. The Darcula phishing kit now uses generative AI to do all the heavy lifting. Bad grammar and clunky templates? Gone. Now, even your cousin Steve with zero hacking skills can impersonate a bank in 100 languages. Thanks, AI.

Tune in for a romp through the latest digital deceptions, complete with dark web drama and facepalms galore. Stay sharp—because the hackers definitely are.

In this episode Erich and Javvad discuss a cyber professor that went away, a ransomware group hacks back, passwords are still poor, and more!

In this episode, Erich and Javvad discuss a breach of a sperm bank in California, an 9-year old Microsoft vuln that they feel is too unimportant to patch (although it's being exploited), and a hack of over 2000, Wordpress sites

In this episode, Erich and Javvad discuss the VSCode extensions that was used by millions, and that Microsoft wrongly removed, Roblox tells parents if they want safe kids, that's a 'you' problem, and the UK says cyberpros need to make more than the PM. This and more!

In this episode, Erich and Javvad talk about a confirmed ransomware campaign through snail mail, 60% of cyber pros looking to change employers, 12 Chinese hackers charged by the US, 1.4TB dataset stolen, and more

In this episode, Erich and Javvad discuss an AI voice scam, the Steam game PirateFi turning out to be info-stealing malware, HCRG hack/ransomware and a Palo Alto firewall vulnerability. All of this and more!