This week on Brutally Honest Security, host Eric Taylor flags a timely and critical risk: the surge in holiday-season scams.

As festive shopping, deliveries, and goodwill ramp up, so do scams targeting unsuspecting shoppers, families, and well-meaning gift-givers.

Topics covered:

🎯 The most common holiday scams - from fake retail sites and spoofed delivery notices to phishing & smishing, fake charities, and “too-good-to-be-true” deals - help your friends and family to stay safe this holiday season!

🔎 How to vet a suspicious link, website, or message - explain what to look for to determine if it’s legit or a trap. Fake logos, odd URLs, spelling errors, or pressure to act fast? All red flags.

👥 Why you should share what you know - warning friends, family, and coworkers about scams can save someone from getting hooked. A little awareness can ripple far and wide.

No script. No limits. If it matters in cyber, it’s fair game.

👉 Tune in every Monday to cut through the noise of the past week and walk away with the fixes and priorities that actually reduce risk.

Follow Barricade Cyber Solutions:

• Connect on LinkedIn: https://linkedin.com/company/barricadecyber
• Eric’s LinkedIn: https://linkedin.com/in/ransomware
• Listen to this podcast on Transistor.fm (or your favorite podcast platform): https://brutallyhonestsecurity.transistor.fm

Visit https://barricadecyber.com to learn about our mission to help businesses be safer tomorrow than they are today.

© 2025 Barricade Cyber Solutions

In Episode 4 of Brutally Honest Security, host Eric Taylor takes aim at one of the most revealing cyber-incidents of the year: the Information Commissioner’s Office’s £14 million penalty against Capita plc and subsidiary CPSL following a breach that exposed 6.6 million individuals and almost one terabyte of data. 

You’ll hear:
• 📉 How an infected file on a single device triggered an attacker from infiltration to lateral movement — and why a 58-hour delay in response turned a manageable intrusion into a massive data exfiltration event. 
• 🛡 The broader lesson for data processors and controllers: whether it’s pension data, staff records or client data — security posture and response speed matter.
• 🚨 Why this isn’t just a UK story: global organizations processing millions of records must heed this kind of fallout, not as a rare event — but as a warning.

No script. No limits. If it matters in cyber, it’s fair game.

Tune in every Monday to cut through the noise of the past week and walk away with the fixes and priorities that actually reduce risk.

👉 Follow Barricade Cyber Solutions:
- Connect on LinkedIn: https://linkedin.com/company/barricadecyber
- Eric's LinkedIn: https://linkedin.com/in/ransomware
- Listen to this podcast on Transistor.fm (or your favorite podcast platform): https://brutallyhonestsecurity.transistor.fm

Visit https://barricadecyber.com to learn about our mission to help businesses be safer tomorrow than they are today.

© 2025 Barricade Cyber Solutions

Eric Taylor slices through the week’s noise in Brutally Honest Security — no spin, only sharp, actionable insight.

This episode covers the crucial headlines every security pro should know:

🔧 Microsoft’s October Patch Tuesday: a record-scale release — 172 vulnerabilities patched, including multiple zero-days — and why patch prioritization matters now more than ever. https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-october-2025

🐙 Qilin’s hybrid attack: a new play combining Linux payloads and BYOVD exploitation that raises cross-platform risk for enterprises. https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html Bonus story: https://www.infosecurity-magazine.com/news/qilin-ransomware-40-cases-monthly/

🔐 F5 hack alarm: defenders warn the F5 compromise exposes broad supply-chain and infrastructure risk — and what your org should check first. https://www.reuters.com/sustainability/boards-policy-regulation/cyber-defenders-sound-alarm-f5-hack-exposes-broad-risks-2025-10-20

📱 Smishing at scale: a global smishing triad tied to ~194,000 malicious domains — why SMS remains an ideal entry vector and how to blunt it. https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

🐛 MuddyWater & backdoors: a widespread campaign hitting MEA government entities with persistent backdoors — a reminder to watch telemetry and lateral-movement indicators. https://www.darkreading.com/cyberattacks-data-breaches/muddywater-100-gov-entites-mea-phoenix-backdoor

🧩 Plus: data leaks (Toys ’R’ Us Canada), quantum-preparedness calls for financial firms, and a new browser exploit that can plant persistent hidden commands in AI-powered browsing environments. https://www.securityweek.com/toys-r-us-canada-customer-information-leaked-online

EPSS Look Up Tool: https:epsslookuptool.com

Expect blunt breakdowns, practical remediation tips, and the decision-ready takeaways CISOs, incident responders, and security teams need to act now.

No script. No limits. If it matters in cyber, it’s fair game.

Tune in every Monday to cut through the noise of the past week and walk away with the fixes and priorities that actually reduce risk.

👉 Follow Barricade Cyber Solutions:
- Connect on LinkedIn: https://linkedin.com/company/barricadecyber
- Eric's LinkedIn: https://linkedin.com/in/ransomware
- Listen to this podcast on Transistor.fm (or your favorite podcast platform): https://brutallyhonestsecurity.transistor.fm

Visit https://barricadecyber.com to learn about our mission to help businesses be safer tomorrow than they are today.

© 2025 Barricade Cyber Solutions