Defensive Security Podcast Episode 352

Please consider supporting the DefSec podcast here.

This week’s stories:

https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/

https://www.bleepingcomputer.com/news/security/openclaw-ai-agent-found-falling-for-phishing-attacks-spills-user-data/

https://www.cybersecuritydive.com/news/cisa-vulnerability-remediation-prioritization-directive/822504/

https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/

https://doublepulsar.com/an-update-on-fortibleed-whats-happening-with-victim-orgs-c0671a50e7f4

Defensive Security Podcast Episode 351

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.theregister.com/cyber-crime/2026/06/05/if-you-dont-fall-for-these-extortionists-calls-theyll-show-up-with-usb-sticks/5251891

https://thehackernews.com/2026/06/only-10-of-socs-say-theyre-getting.html?m=1

https://arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/

https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/

https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/

https://www.cybersecuritydive.com/news/ai-cybersecurity-hype-reality-check-gartner/821867/0:0

Defensive Security Podcast Episode 350

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

  • https://www.darkreading.com/threat-intelligence/ai-assisted-exploit-development-scanner-detection
  • https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/
  • https://www.bleepingcomputer.com/news/security/palo-alto-globalprotect-vpn-auth-bypass-flaw-now-exploited-in-attacks/
  • https://techcrunch.com/2026/05/29/microsoft-under-fire-for-threatening-security-researcher-with-criminal-investigation/
  • https://www.darkreading.com/application-security/megalodon-malware-infects-thousands-github-repos

Defensive Security Podcast Episode 349

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

  • https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html
  • https://www.tenable.com/blog/key-findings-from-the-verizon-dbir-2026
  • https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
  • https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
  • https://www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/
  • https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html

Defensive Security Podcast Episode 348

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799

Defensive Security Podcast Episode 347

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

  • https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/
  • https://www.theregister.com/security/2026/05/06/1-in-8-workers-say-selling-company-logins-is-justifiable/5231104
  • https://www.theregister.com/security/2026/05/02/ai-digs-up-decades-of-code-debt-patch-up/5219734
  • https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111
  • https://www.securityweek.com/cyber-insurance-data-gives-cisos-new-ammo-for-budget-talks/

Defensive Security Podcast Episode 346

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

  • https://www.darkreading.com/cloud-security/csa-cisos-prepare-post-mythos-exploit-storm
  • https://www.csoonline.com/article/4159292/insurance-carriers-quietly-back-away-from-covering-ai-outputs.html
  • https://www.livescience.com/technology/artificial-intelligence/hackers-used-ai-to-steal-hundreds-of-millions-of-mexican-government-and-private-citizen-records-in-one-of-the-largest-cybersecurity-breaches-ever
  • https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/
  • https://cybermagazine.com/news/how-cybercriminals-breached-gta-maker-rockstar

Defensive Security Podcast Episode 345

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

  • https://www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized
  • https://www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/
  • https://www.bleepingcomputer.com/news/security/google-new-unc6783-hackers-steal-corporate-zendesk-support-tickets/
  • https://www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues
  • https://www.businessinsider.com/mercor-lawsuits-data-breach-2026-4

Defensive Security Podcast Episode 344

Please consider supporting the DefSec podcast here.

Links to stories:

  • https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
  • https://www.theregister.com/2026/03/27/security_boffins_harvest_bumper_crop/
  • https://thehackernews.com/2026/03/the-hidden-cost-of-cybersecurity.html?m=1
  • https://www.theregister.com/2026/03/24/trivy_compromise_litellm/
  • https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html?m=1

Defensive Security Podcast Episode 343

Please consider supporting the DefSec podcast here.

Here are the links we discuss this week:

  • https://www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
  • https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
  • https://www.csoonline.com/article/4147833/cisa-urges-it-to-harden-endpoint-management-systems-after-cyberattack-by-pro-iranian-group.html
  • https://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/
  • https://techcrunch.com/2026/03/21/delve-accused-of-misleading-customers-with-fake-compliance/