September 22, 2025 • 15 mins
Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered
Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security.
00:00 Introduction and Overview
00:55 Microsoft's Extinction Level Vulnerability
05:19 European Airports Cyber Attack
08:20 SpamGPT: AI for Cyber Criminals
09:53 Shadow Leak: Zero Click AI Vulnerability
12:09 Trade Ogre Takedown
14:50 Conclusion and Upcoming Events
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:01):
Extinction level identity vulnerabilityin Microsoft's Entra Cyber attack
hits major European airports . SpamGPT gives cyber criminals.
An AI powered CRM zero clickAI vulnerability . Canadian
Police, slay Trade, OG cryptoplatform, and Seizes 40 million.
(00:23):
This is cybersecurity today, and I'myour host, David Shipley, coming to you
from beautiful Fall like Fredericktonon this the last day of summer, 2025.
Now.
Fair warning, if you're feeling good afterJim's feel good Friday, good News Edition.
Well take a big sip of your coffee,tea, or wake up beverage of choice
(00:47):
and buckle up for a crash back tocyber dystopian reality with me.
Let's start with Microsoft'sextinction level cloud vulnerability
in its intra ID system that couldhave let a hacker gain access to
any corporate tenant on the planet.
(01:08):
You heard that right?
Tracked is CBE 20 25 55 2 4 1, andcoined one token to rule them all by
security researcher, Dirk, Jan Mo.
This vulnerability would've givenattackers global administrator
access across any corporate tenantexcept maybe for national government
(01:30):
ones in separate cloud instances.
Yeah, you heard that right?
The problem involved two things,so-called actor tokens and a legacy
API called the Azure AD Graph API.
So what are these actor tokens?
Think of them as special backend tokens.
(01:51):
Microsoft uses for internal service toservice work, almost like secret passes.
Their own services show each other.
The issue.
These actor tokens could be used topretend to be any user in any Entra
ID tenant, even global admins, becausethe legacy graph API didn't check these
(02:11):
carefully enough and didn't check whichtenant the request was coming from.
Those tokens were accepted across tenants.
Technically speaking, the tokensincluded fields like net ID and internal
identifier for the user and weren'tproperly signed when used with graph.
And in some cases that meant youcould craft a token in one tenant
(02:34):
and trick it into impersonatingsomeone in another tenant.
This bypass normal security controls,like conditional access and wait
for it no logs would show the tokenissuance or usage in your victim tenant.
I wanna directly quote Dirk's blogbecause, well, he said it perfectly.
(02:57):
Quote actor Token design is somethingthat should never have existed.
It lacks almost every security controlthat you would want, including there are
no logs when actor tokens are issued.
Since these services can craft unsignedimpersonation tokens, without talking
to Entra ID, there are also no logs
(03:19):
when they are created or used, they cannotbe revoked within their 24 hour validity.
They completely bypass any restrictionsconfigured in conditional access,
and we have to rely on logging fromthe resource provider to even know
these tokens were used in the tenant.
(03:40):
So what did Microsoft do when they werenotified by the researcher this summer?
Once notified, the good news is theydid fix the vulnerability within
days and issued CVE 20 25 55 2 41,and blocked applications from using
actor tokens within the graph APIwhen issued via service principles.
Now, why this matters should bepretty obvious, but worth saying.
(04:05):
If these were exploited, an attacker couldread or change everything in a compromised
tenant, users roles, settings, policies,read emails, files, cats and dogs.
This is not good, and because much ofthis would leave no trace, it's huge risk.
So what do we do now?
(04:28):
Well, one would hope that if this flawwas found to have been actively used.
When Microsoft checked its own logsfor however long those logs went back
for however long this flaw existed,the customers would be notified by now.
So I'm hoping this truly wasan undiscovered nightmare,
(04:48):
but we may never know now.
Dirk's blog is a great readfor your security team.
I'm sure it's gonna make their day.
And the good news is incident teams aregonna wanna read it and work through
the IOCs that have been made available.
And I imagine my CISO is going to workthis particular nightmare scenario
(05:10):
into our next executive tabletop, whichis going to be another white knuckle,
dungeons and dragons fun for all of us.
So let's move on from thisnightmare in the cloud to one
that's grounded flights and causedchaos at major European airports.
This weekend after a cyber attack,crippled check-in systems this
(05:32):
weekend, hackers appear to havetargeted check-in systems and thrown
travel plans into disarray for tensof thousands of people forcing major
airports like Heathrow and Brussels tocancel flights continuing into Monday.
So what happened starting Friday,airports across Europe began experiencing
issues with passenger check-insystems supplied by Collins Aerospace.
(05:56):
These systems are crucial for gettingpassengers checked in and their bags
processed and without them, thingsgo off the rails pretty quickly.
By Sunday, Brussels airport washit the hardest with nearly 20%
of scheduled departures canceled,and they warned airlines to cancel
up to 50% of flights for Monday.
(06:16):
Meanwhile, airports like London, Heathrow,the busiest airport in Europe, reported
that the majority, not all, the majorityof flights continued thanks to quick work
from airlines and their tech teams, butit's clear it's been a massive disruption.
Dublin Airport said they expectedto operate normally, but other
(06:37):
airports were working to managepassenger flow while trying to fix
and work through the software issues.
So the tech behind this is made byCollins Aerospace and it provides a
software that powers the check-in Systems.
Collins is a subsidiary of RTX,formerly known as Raytheon Technologies.
By Saturday, the company confirmed it wasaware of a cyber related disruption and
(07:01):
said it was working hard to fix the issue.
RTX explained, while the impactwas mostly limited to electronic
check-ins and baggage drops, uh, theysaid it could be mitigated by the
airlines moving tin manual operations.
I am not sure who in the PR departmentthought that was a great line, but I
hope they take a chance to walk intoa major modern airport sometime soon
(07:26):
and take a good look around at all theautomated terminals that replaced humans
and manual processes a long time ago.
I'm sure the absolute exhaustedand harried airline staff that have
been surviving this weekend wouldappreciate them taking that look.
This incident is a stark reminderof just how vulnerable the aviation
(07:47):
sector is to cyber attacks.
The aviation industry saw a 600%increase in cyber attacks last year.
According to a report by Telus.
The trend is clear.
As air travel becomes more connectedand uses more cloud services, the
risks from cyber continue to go up.
So.
While we're getting a 2010 style fail,well for online check-ins from one of
(08:11):
the world's top aviation suppliers,we're also getting news of powerful new
business productivity tools for criminals.
Yeah, meet spam GPTA new productivitytool for hackers that automates the
process of crafting phishing, emails,scams, and other malicious campaigns.
And what makes this so alarming isn'tit's built using GPT technology making
(08:36):
phishing attempts feel more convincing,more personalized, and harder to spot.
It's essentially a customerrelationship management or CRM
system for cyber criminals.
That means they're not just firing offrandom phishing emails or scripting
and forgetting they have a full-blownmarketing campaign management
(08:57):
system for their illegal activities.
Think HubSpot for crooks
now with features like email automationtargeting specific victims and tracking
success rates, SpamGPT is offeringcriminals tools previously only
available to legitimate businesses.
. This is part of the AI game changerfor the cyber criminal ecosystem,
(09:20):
and it streamlines and scales upoperations, helping them become
even more efficient and widespreadbecause, you know, cyber criminals were
having a productivity crisis or not.
Just one point.
Dear Criminals, could you dome just one favor, could you
please rebrand this to be Phish?
(09:42):
GPT Spam is supposed to beunwanted, but legitimate commercial.
Email your stuff, it ain't that.
Cyber threat Researchers atRadware recently uncovered
a serious vulnerability.
They've dubbed Shadow leak.
It's a zero click flaw in OpenAI'sdeep research agent, and it means
(10:05):
an attacker can trigger that agentwithout any interaction from the user.
Here's how it works.
A malicious actor sends acarefully crafted email containing
invisible instructions, whiteon white text, tiny fonts
hiding the material usingCSS tricks to a human.
The email looks totally innocent, butdeep research parses everything and
(10:28):
reads through the instructions, thosehidden instructions then become indirect,
prompt injections and become convertedcommands that tell the agent to sift
through the victim's Gmail data andexfiltrate it to an external server.
Crucially, this flaw doesn't relyon the user clicking on anything
or rendering an image locally.
(10:48):
. Everything happens in OpenAI'scloud environment automatically
because of the agent, and
that bypasses many of the typicalsecurity controls that would be
watching for this on the client device.
Once deep research is asked to analyzethe user's Gmail, the agent obeys the
hidden instructions, encodes privateinformation into basic 64, and sends
(11:09):
it out using tools like browser open.
OpenAI was notified about thevulnerability via responsible
disclosure back in June and patchedthe vulnerability in August.
However, the potential attacksurface here is very broad.
This won't be the last time we see this,and any connector that deep research or
similar agents support, think things likeGoogle Drive, outlook, Dropbox, et cetera.
(11:33):
These will be continuous targets.
Shadow leak underscores a critical lesson.
As AI agents gain capability, theyalso broaden the attack vectors.
And given that AI can be socialengineered as well as, and perhaps even
better than humans, who at least wecan give security awareness training
to this new age, agentic revolutionis going to lead to more sleepless
(11:55):
nights for more security teams Now.
In fairness, that's a lotof bad news for one morning.
So in the spirit ofJim's feel Good Friday.
Here's a Compensating Control Monday.
Good news story, kind of theMounties, the Royal Canadian Mounted
Police just took down trade ogre.
(12:16):
Now, if you're thinking.
What is this trade og, this cryptoplatform And, and why would a legitimate
platform call itself trade Ogre?
Trade er wasn't yourtypical crypto exchange.
It lived in the shadows and had no KYC.
No know your customer, noidentity checks just a haven for.
You know, things like privacy coinslike Monero and other crypto, and
(12:39):
by the way, that lack of KYC knowyour customer is a huge red flag.
KYC is a rule that forcesbanks and legitimate exchanges
to verify who you are.
Driver's license,passport, proof of address.
It's the same reason you can't justwalk into a bank, open an account
under John Doe and start movingmillions of dollars without KYC.
(13:00):
Regulators can't trace where moneycomes from or where it goes to.
And that makes an exchange likeTrade Ogre the perfect laundromat
for dirty crypto for hobbyists.
I'm sure the platform felt edgy.
For criminals, it felt perfect, but inJune, 2024, Canada's money laundering
investigative team, or Emli, which soundslike it belongs in a spy thriller, got
(13:23):
a tip from Europol by late July, tradeOgre vanished website, gone, users left
hanging, exit scam, or something bigger.
We got our answer this month.
The RCMP announced a dismantled Trade Ogreand seized more than 40 million in crypto.
That's the largest asset seizure tied toa crypto exchange in Canadian history.
(13:45):
The takedown is a reminder.
Anonymity cuts both ways.
On one side, privacy advocates and smalltime traders value their privacy on the
other ransomware, gangs, fraudsters, andorganized crime when you build an exchange
on the no questions asked Principle.
Don't be surprised when lawenforcement knocks on your door
showing up with all the questions.
(14:06):
The trade Ogre saga proves thatKYC isn't just about paperwork.
It's an important guardrail that keepsfinancial institutions and markets from
turning into a free for all for criminals.
And given Canada is super sensitive aboutaccusations around money laundering right
now, it's good to see this kind of action.
If you haven't been following the Maplemoney washing, we've had some big issues
(14:30):
involving some of our big banks, Chineseorganized crime, even provincial lottery,
corporations, real estate, you name it.
We've been politely enabling it.
Think of all the worst Hollywood,Swiss banking stereotypes and dress
it up in red plaid with a smile.
And that was us.
good news is not so much anymore.
Those are your updates forMonday, September 22nd.
(14:53):
Happy last day of summer.
I'll be back October 6th afterI hopefully return from a
hopefully relaxing trip to Europe.
So pumped to be flying right now.
And I speak at Sector Canada'sversion of Black Hat on why phishing
simulations and training do infact work if you do it properly.
. I've been your host, David Shipley.
(15:14):
Jim Love will be back on Wednesday.
Extinction level identity vulnerabilityin Microsoft's Entra Cyber attack
hits major European airports . SpamGPT gives cyber criminals.
An AI powered CRM zero clickAI vulnerability . Canadian
Police, slay Trade, OG cryptoplatform, and Seizes 40 million.
(00:23):
This is cybersecurity today, and I'myour host, David Shipley, coming to you
from beautiful Fall like Fredericktonon this the last day of summer, 2025.
Now.
Fair warning, if you're feeling good afterJim's feel good Friday, good News Edition.
Well take a big sip of your coffee,tea, or wake up beverage of choice
(00:47):
and buckle up for a crash back tocyber dystopian reality with me.
Let's start with Microsoft'sextinction level cloud vulnerability
in its intra ID system that couldhave let a hacker gain access to
any corporate tenant on the planet.
(01:08):
You heard that right?
Tracked is CBE 20 25 55 2 4 1, andcoined one token to rule them all by
security researcher, Dirk, Jan Mo.
This vulnerability would've givenattackers global administrator
access across any corporate tenantexcept maybe for national government
(01:30):
ones in separate cloud instances.
Yeah, you heard that right?
The problem involved two things,so-called actor tokens and a legacy
API called the Azure AD Graph API.
So what are these actor tokens?
Think of them as special backend tokens.
(01:51):
Microsoft uses for internal service toservice work, almost like secret passes.
Their own services show each other.
The issue.
These actor tokens could be used topretend to be any user in any Entra
ID tenant, even global admins, becausethe legacy graph API didn't check these
(02:11):
carefully enough and didn't check whichtenant the request was coming from.
Those tokens were accepted across tenants.
Technically speaking, the tokensincluded fields like net ID and internal
identifier for the user and weren'tproperly signed when used with graph.
And in some cases that meant youcould craft a token in one tenant
(02:34):
and trick it into impersonatingsomeone in another tenant.
This bypass normal security controls,like conditional access and wait
for it no logs would show the tokenissuance or usage in your victim tenant.
I wanna directly quote Dirk's blogbecause, well, he said it perfectly.
(02:57):
Quote actor Token design is somethingthat should never have existed.
It lacks almost every security controlthat you would want, including there are
no logs when actor tokens are issued.
Since these services can craft unsignedimpersonation tokens, without talking
to Entra ID, there are also no logs
(03:19):
when they are created or used, they cannotbe revoked within their 24 hour validity.
They completely bypass any restrictionsconfigured in conditional access,
and we have to rely on logging fromthe resource provider to even know
these tokens were used in the tenant.
(03:40):
So what did Microsoft do when they werenotified by the researcher this summer?
Once notified, the good news is theydid fix the vulnerability within
days and issued CVE 20 25 55 2 41,and blocked applications from using
actor tokens within the graph APIwhen issued via service principles.
Now, why this matters should bepretty obvious, but worth saying.
(04:05):
If these were exploited, an attacker couldread or change everything in a compromised
tenant, users roles, settings, policies,read emails, files, cats and dogs.
This is not good, and because much ofthis would leave no trace, it's huge risk.
So what do we do now?
(04:28):
Well, one would hope that if this flawwas found to have been actively used.
When Microsoft checked its own logsfor however long those logs went back
for however long this flaw existed,the customers would be notified by now.
So I'm hoping this truly wasan undiscovered nightmare,
(04:48):
but we may never know now.
Dirk's blog is a great readfor your security team.
I'm sure it's gonna make their day.
And the good news is incident teams aregonna wanna read it and work through
the IOCs that have been made available.
And I imagine my CISO is going to workthis particular nightmare scenario
(05:10):
into our next executive tabletop, whichis going to be another white knuckle,
dungeons and dragons fun for all of us.
So let's move on from thisnightmare in the cloud to one
that's grounded flights and causedchaos at major European airports.
This weekend after a cyber attack,crippled check-in systems this
(05:32):
weekend, hackers appear to havetargeted check-in systems and thrown
travel plans into disarray for tensof thousands of people forcing major
airports like Heathrow and Brussels tocancel flights continuing into Monday.
So what happened starting Friday,airports across Europe began experiencing
issues with passenger check-insystems supplied by Collins Aerospace.
(05:56):
These systems are crucial for gettingpassengers checked in and their bags
processed and without them, thingsgo off the rails pretty quickly.
By Sunday, Brussels airport washit the hardest with nearly 20%
of scheduled departures canceled,and they warned airlines to cancel
up to 50% of flights for Monday.
(06:16):
Meanwhile, airports like London, Heathrow,the busiest airport in Europe, reported
that the majority, not all, the majorityof flights continued thanks to quick work
from airlines and their tech teams, butit's clear it's been a massive disruption.
Dublin Airport said they expectedto operate normally, but other
(06:37):
airports were working to managepassenger flow while trying to fix
and work through the software issues.
So the tech behind this is made byCollins Aerospace and it provides a
software that powers the check-in Systems.
Collins is a subsidiary of RTX,formerly known as Raytheon Technologies.
By Saturday, the company confirmed it wasaware of a cyber related disruption and
(07:01):
said it was working hard to fix the issue.
RTX explained, while the impactwas mostly limited to electronic
check-ins and baggage drops, uh, theysaid it could be mitigated by the
airlines moving tin manual operations.
I am not sure who in the PR departmentthought that was a great line, but I
hope they take a chance to walk intoa major modern airport sometime soon
(07:26):
and take a good look around at all theautomated terminals that replaced humans
and manual processes a long time ago.
I'm sure the absolute exhaustedand harried airline staff that have
been surviving this weekend wouldappreciate them taking that look.
This incident is a stark reminderof just how vulnerable the aviation
(07:47):
sector is to cyber attacks.
The aviation industry saw a 600%increase in cyber attacks last year.
According to a report by Telus.
The trend is clear.
As air travel becomes more connectedand uses more cloud services, the
risks from cyber continue to go up.
So.
While we're getting a 2010 style fail,well for online check-ins from one of
(08:11):
the world's top aviation suppliers,we're also getting news of powerful new
business productivity tools for criminals.
Yeah, meet spam GPTA new productivitytool for hackers that automates the
process of crafting phishing, emails,scams, and other malicious campaigns.
And what makes this so alarming isn'tit's built using GPT technology making
(08:36):
phishing attempts feel more convincing,more personalized, and harder to spot.
It's essentially a customerrelationship management or CRM
system for cyber criminals.
That means they're not just firing offrandom phishing emails or scripting
and forgetting they have a full-blownmarketing campaign management
(08:57):
system for their illegal activities.
Think HubSpot for crooks
now with features like email automationtargeting specific victims and tracking
success rates, SpamGPT is offeringcriminals tools previously only
available to legitimate businesses.
. This is part of the AI game changerfor the cyber criminal ecosystem,
(09:20):
and it streamlines and scales upoperations, helping them become
even more efficient and widespreadbecause, you know, cyber criminals were
having a productivity crisis or not.
Just one point.
Dear Criminals, could you dome just one favor, could you
please rebrand this to be Phish?
(09:42):
GPT Spam is supposed to beunwanted, but legitimate commercial.
Email your stuff, it ain't that.
Cyber threat Researchers atRadware recently uncovered
a serious vulnerability.
They've dubbed Shadow leak.
It's a zero click flaw in OpenAI'sdeep research agent, and it means
(10:05):
an attacker can trigger that agentwithout any interaction from the user.
Here's how it works.
A malicious actor sends acarefully crafted email containing
invisible instructions, whiteon white text, tiny fonts
hiding the material usingCSS tricks to a human.
The email looks totally innocent, butdeep research parses everything and
(10:28):
reads through the instructions, thosehidden instructions then become indirect,
prompt injections and become convertedcommands that tell the agent to sift
through the victim's Gmail data andexfiltrate it to an external server.
Crucially, this flaw doesn't relyon the user clicking on anything
or rendering an image locally.
(10:48):
. Everything happens in OpenAI'scloud environment automatically
because of the agent, and
that bypasses many of the typicalsecurity controls that would be
watching for this on the client device.
Once deep research is asked to analyzethe user's Gmail, the agent obeys the
hidden instructions, encodes privateinformation into basic 64, and sends
(11:09):
it out using tools like browser open.
OpenAI was notified about thevulnerability via responsible
disclosure back in June and patchedthe vulnerability in August.
However, the potential attacksurface here is very broad.
This won't be the last time we see this,and any connector that deep research or
similar agents support, think things likeGoogle Drive, outlook, Dropbox, et cetera.
(11:33):
These will be continuous targets.
Shadow leak underscores a critical lesson.
As AI agents gain capability, theyalso broaden the attack vectors.
And given that AI can be socialengineered as well as, and perhaps even
better than humans, who at least wecan give security awareness training
to this new age, agentic revolutionis going to lead to more sleepless
(11:55):
nights for more security teams Now.
In fairness, that's a lotof bad news for one morning.
So in the spirit ofJim's feel Good Friday.
Here's a Compensating Control Monday.
Good news story, kind of theMounties, the Royal Canadian Mounted
Police just took down trade ogre.
(12:16):
Now, if you're thinking.
What is this trade og, this cryptoplatform And, and why would a legitimate
platform call itself trade Ogre?
Trade er wasn't yourtypical crypto exchange.
It lived in the shadows and had no KYC.
No know your customer, noidentity checks just a haven for.
You know, things like privacy coinslike Monero and other crypto, and
(12:39):
by the way, that lack of KYC knowyour customer is a huge red flag.
KYC is a rule that forcesbanks and legitimate exchanges
to verify who you are.
Driver's license,passport, proof of address.
It's the same reason you can't justwalk into a bank, open an account
under John Doe and start movingmillions of dollars without KYC.
(13:00):
Regulators can't trace where moneycomes from or where it goes to.
And that makes an exchange likeTrade Ogre the perfect laundromat
for dirty crypto for hobbyists.
I'm sure the platform felt edgy.
For criminals, it felt perfect, but inJune, 2024, Canada's money laundering
investigative team, or Emli, which soundslike it belongs in a spy thriller, got
(13:23):
a tip from Europol by late July, tradeOgre vanished website, gone, users left
hanging, exit scam, or something bigger.
We got our answer this month.
The RCMP announced a dismantled Trade Ogreand seized more than 40 million in crypto.
That's the largest asset seizure tied toa crypto exchange in Canadian history.
(13:45):
The takedown is a reminder.
Anonymity cuts both ways.
On one side, privacy advocates and smalltime traders value their privacy on the
other ransomware, gangs, fraudsters, andorganized crime when you build an exchange
on the no questions asked Principle.
Don't be surprised when lawenforcement knocks on your door
showing up with all the questions.
(14:06):
The trade Ogre saga proves thatKYC isn't just about paperwork.
It's an important guardrail that keepsfinancial institutions and markets from
turning into a free for all for criminals.
And given Canada is super sensitive aboutaccusations around money laundering right
now, it's good to see this kind of action.
If you haven't been following the Maplemoney washing, we've had some big issues
(14:30):
involving some of our big banks, Chineseorganized crime, even provincial lottery,
corporations, real estate, you name it.
We've been politely enabling it.
Think of all the worst Hollywood,Swiss banking stereotypes and dress
it up in red plaid with a smile.
And that was us.
good news is not so much anymore.
Those are your updates forMonday, September 22nd.
(14:53):
Happy last day of summer.
I'll be back October 6th afterI hopefully return from a
hopefully relaxing trip to Europe.
So pumped to be flying right now.
And I speak at Sector Canada'sversion of Black Hat on why phishing
simulations and training do infact work if you do it properly.
. I've been your host, David Shipley.
(15:14):
Jim Love will be back on Wednesday.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.