Podcasts about Malicious

Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.  

Australia recorded the highest number of data breach reports last year since monitoring began in 2018. The latest Notifiable Data Breaches Report found 69 per cent of those data breaches were due to malicious or criminal attacks, with 29 per cent derived from human error. Most personal information in the breaches was contact information, identity data, or financial or health information, which hackers could use to blackmail companies or impersonate individuals. Professor Toby Murray, from the School of Computing and Information Systems at the University of Melbourne, has advice for how to protect yourself from data breaches.

AFCEA'S TechNet Cyber conference held in Baltimore, Maryland was the perfect opportunity to sit down with Greg Carl, Principal Technologist from Pure Storage. Pure Storage is used by 175 federal agencies.  Time to sit down from a subject matter expert and explain their value proposition. Today's federal government is attempting to accomplish digital modernization through a move to the cloud and, at the same time, reduce staff.  To multiply the risk associated with this endeavor, we see an increase in cyber attacks on data at rest, in transit, and while in use.  Greg Carl drills down on how Pure Storage can help federal leaders in several areas, he begins with Retrieval Augmented Generation, RAG. People have jumped into AI without knowing how to structure a large language model, the popular LLM.  RAG focuses on text generation and tries to make sure the data collected is accurate, relevant, and contextually aware. Pure Storage asks, if RAG protects the results of a query, what protects the “Retrieval” part of RAG.  We know LLMs are being attacked every day.  Malicious code could be placed in a LLM, and the RAG system might not know. A decade ago, backups were child's play.  A server down the hall, a backup appliance.  Today, one needs an agile cloud solution to perform continuous backups in a hybrid world.  One way to gain resilience is to use immutable backups where the attacked system can be restored and not lose valuable time. Speed and security handling important data activities can reduce costs for federal leaders by improving accuracy of LLMs and speed the time to recover after an attack. Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Dumbline visits a Mount Pleasant, Michigan, high school, where two teens are tortured by a mysterious — and moronic — cyberbully. But as we know, dumb dumbs can't hide behind a screen forever. As the teens' mental states crumble like a house of cards, one sloppy suspect's poorly hidden ruse does, too. Don't miss the end of the episode for everyone's favorite segment, Get to Know Maria! Catch new episodes bi-weekly on Wednesdays. Don't forget to rate, review, and subscribe wherever you get your podcasts. Follow @DumblinePodcast on TikTok, Instagram, and Facebook for even more great content. Show Notes

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

New City in Texas… Zelle down for a while-not hacked… Panic Buttons in NYC… Kentucky Derby recap… Gaga in Rio sets record… Met Gala happening… Email: ChewingTheFat@theblaze.com TV show recaps and cancellations… Who Died Today: Charles “Charley” Scalies Jr. 84 / My death headline from the future… Six Flags Maryland shutting down… Measles and possible consequences… Prince Harry loses and wants reconciliation… William to strip titles from Harry and Meghan... Joke of The Day… www.blazetv.com/jeffy Promo code: Jeffy… Nicole Shanahan joining The Blaze… (466) Nicole Shanahan - YouTube Learn more about your ad choices. Visit megaphone.fm/adchoices

Steganography Analysis With pngdump.py: Bitstreams More details from Didiear as to how to extract binary content hidden inside images https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904 Using Trusted Protocols Against You: Gmail as a C2 Mechanism Attackers are using typosquatting to trick developers into installing malicious python packages. These python packages will use GMail as a command and control channel by sending email to hard coded GMail accounts https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism Security Brief: French BEC Threat Actor Targets Property Payments A French business email compromise threat actor is targeting property management firms to send emails to tenents tricking them into sending rent payments to fake bank accounts https://www.proofpoint.com/us/blog/threat-insight/security-brief-french-bec-threat-actor-targets-property-payments SANS.edu Research Journal https://isc.sans.edu/j/research

We would love to hear from you! Please send us your comments here. --------Thank you for listening! Your support of Joni and Friends helps make this show possible. Joni and Friends envisions a world where every person with a disability finds hope, dignity, and their place in the body of Christ. Become part of the global movement today at www.joniandfriends.org. Find more encouragement on Instagram, TikTok, Facebook, and YouTube.

"For the first time in over a decade, bots now outnumber humans on the internet — and a growing percentage are built to defraud, disrupt, and deceive." — Tim Chang, Global VP & GM, Application Security, Thales In a sobering conversation with Technology Reseller News, Tim Chang of Thales shared key insights from the 2025 Imperva Bad Bot Report, a deep dive into the increasingly dangerous world of automated internet traffic. According to the report, 51% of all web traffic in 2024 was generated by bots, marking the first time bot traffic has surpassed human traffic. Even more concerning, 37% of all traffic is now classified as “bad bot” activity — a significant increase from 32% the previous year. Thales, a global leader in digital identity and cybersecurity with over 80,000 employees worldwide, acquired Imperva two years ago. Together, the teams behind the Imperva Threat Research division are shining a light on the surge in bot-driven attacks — from simple web scrapers to polymorphic, AI-enhanced bad bots capable of account takeovers and API abuse. Telecom Under Attack Among the most targeted sectors? Telecom and ISPs, which now account for more than half of bad bot traffic. Chang explained that this is unsurprising given the critical infrastructure telecom supports and the high volume of customer data flowing through these systems. Key takeaways from the report include: 51% of all internet traffic is now automated. 37% of global traffic comes from bad bots — a 7-point rise in one year. 40% increase in account takeover (ATO) attacks, often using stolen or brute-forced credentials. Telecom ranks as the second-most targeted vertical, just behind financial services. 55% of all telecom traffic is now made up of bad bots. Chang emphasized that these bots are increasingly using AI to evade detection, shifting IP addresses, mimicking human behavior, and attacking not just websites but APIs — which lack visual interfaces and are harder to monitor. 10 Recommendations to Reduce Risk To help organizations defend against this growing threat, Thales provides a set of 10 actionable recommendations, ranging from understanding your attack surface and deploying bot management tools, to tightening MFA usage and adopting a multi-layered defense strategy. Chang also offered a strategic reminder: don't play all your cards at once — adversaries are evolving just as quickly, and a staggered, adaptive defense is critical. Access the full 2025 Imperva Bad Bot Report: Download the Report from Thales/Imperva

Settle in for two full hours of nonstop Malicious Compliance, packed with dumb rules, clueless bosses, and glorious backfires. Each story builds to a perfect payoff, from corporate meltdowns to everyday workplace rebellions, giving you a front-row seat to karmic justice in action. Hit play during your commute or let it run while you work and watch the hours fly by. If you want more daily chaos, remember to follow/subscribe and join the Karma Crew for exclusive deep cuts.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Hollywood, 1958. Glamour. Fame. Scandal. But behind the velvet curtains of silver screen royalty, a violent storm was brewing. Johnny Stompanato- charming, dangerous, and deeply entangled with one of Hollywood's biggest stars- would soon be found dead on the floor of a Beverly Hills mansion. Was it an accident based on a misunderstanding, a mother's desperate act, or something far more sinister? Today, we unravel the sensational murder that rocked Tinseltown, and left the world wondering what really happened behind Lana Turner's closed doors. We're coming to CrimeCon Denver! Use our code CRIMEWEEKLY for 10% off your tickets! https://www.crimecon.com/CC25 Try our coffee!! - www.CriminalCoffeeCo.com Become a Patreon member -- > https://www.patreon.com/CrimeWeekly Shop for your Crime Weekly gear here --> https://crimeweeklypodcast.com/shop Youtube: https://www.youtube.com/c/CrimeWeeklyPodcast Website: CrimeWeeklyPodcast.com Instagram: @CrimeWeeklyPod Twitter: @CrimeWeeklyPod Facebook: @CrimeWeeklyPod ADS: 1. https://www.PDSDebt.com/CrimeWeekly - Get your FREE debt assessment today! 2. https://www.Ollie.com/CrimeWeekly - Use code CRIMEWEEKLY and get 60% off your first box! 3. https://www.FastGrowingTrees.com - Use code CRIMEWEEKLY and get an additional 15% off! 4. https://www.HelixSleep.com/CrimeWeekly - Get 20% off sitewide! 5. https://www.EatIQBAR.com - Text WEEKLY to 64000 for 20% off ALL IQBAR products and FREE shipping!

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Artificial Intelligence can be applied to code generation, predictive analytics, and what is called “generative” AI. " Generative means the AI can look at a library of information (Large Language Model) and create text or images that provide some value. Because the results can be so dazzling, many forget to be concerned about some of the ways the starting point, the LLM, can be compromised. Just because LLMs are relatively new does not mean they are not being attacked. Generative AI expands the federal government's attack surface. Malicious actors are trying to poison data, leak data, and even exfiltrate secure information. Today, we sit down with Elad Schulman from Lasso Security to examine ways to ensure the origin of your AI is secure. He begins the interview by outlining the challenges federal agencies face in locking down LLMs. For example, a Generative AI system can produce results, but you may not know their origin. It's like a black box that produces a list, but you have no idea where the list came from. Elad Shulman suggests that observability should be a key element when using Generative AI. In more detail, Elad Shulman details observability from a week ago vs. observability in real-time. What good is a security alert if a federal leader cannot react promptly? Understanding the provenance of data and how Generative AI will be infused into future federal systems means you should realize LLM security practices.  

What's the best thing small businesses can do to improve their security posture?

In this Malicious Compliance episode, one woman takes silence to the next level when her rude former teacher ignores a warning and ends up paying the smelly price. From following orders to the letter at work to choosing not to show up when family draws lines, these stories prove that sometimes the best revenge is simply doing exactly what you're told. Featuring clueless bosses, petty pricing drama, and one Easter lunch that didn't go as planned, this lineup is all about what happens when you obey… and let everything fall apart.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Oliver's reflection had always been a little off — but he didn't expect it to steal his life for a day of pranks.Find more family-friendly frights and creepy games to play on our website at http://MicroTerrors.com!Facebook page: https://www.facebook.com/microterrorsOther stories, novels, and more from author Scott Donnelly: https://amzn.to/3LymHaUOther narrations, podcasts, and audiobooks from voice artist Darren Marlar: https://WeirdDarkness.com= = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Weird Darkness©, 2025Micro Terrors: Scary Stories for Kids™, 2025#scarystories #halloweenstories #halloweenkids #storiesforkids #kidsstories #scarystoriesforkids #microterrorshttps://weirddarkness.com/microterrors-maliciousmirror

The U.S. military has a vested interest in the security of the nation's critical transportation infrastructure. During a conflict, America's adversaries are likely to attack U.S. critical infrastructure in an attempt to constrain Washington's policy options, including its capacity to mobilize the armed forces. Over the past year, the intelligence community has revealed how deeply Chinese hackers known as Volt Typhoon penetrated U.S. transportation, energy, and water systems. Meanwhile, other Chinese Communist Party (CCP) malicious cyber operations, including Flax Typhoon, hijacked cameras and routers. Salt Typhoon burrowed deep into U.S. telecommunications networks; Silk Typhoon compromised U.S. Treasury networks.These hacks have uncovered a dangerous truth: the cybersecurity of the critical air, rail, and maritime infrastructure that underpins U.S. military mobility is insufficient. In addition to enabling disruption, compromising critical infrastructure would allow U.S. adversaries to amass information about the movement of goods and military equipment – and impede America's ability to deploy, supply, and sustain large forces.To explore these themes and more, the Foundation for Defense of Democracies hosts Gen. (Ret.) Mike Minihan, former commander, Air Mobility Command; RADM (Ret.) Mark Montgomery, senior director, FDD's Center on Cyber and Technology Innovation; and Annie Fixler, director and research fellow, FDD's Center on Cyber and Technology Innovation. The conversation is moderated by Bradley Bowman, senior director, FDD's Center on Military and Political Power.For more, check out: https://www.fdd.org/events/2025/04/17/persistent-access-persistent-threat-ensuring-military-mobility-against-malicious-cyber-actors/

BBC scam expert Nick Stapleton and Prof Kevin Curran cyber security expert discuss

On this week's episode, we're doing something a bit different.  This time, Todd takes a look at four, yes four, films that have been on the list of potential candidates for the podcast, but just never quite made the cut. First up we have Malicious, a 1995 erotic thriller starring Molly Ringwald. We follow that up with the 1988 kiddie musical The New Adventures of Pippi Longstocking. Next up is the 1971 film Star Spangled Girl, based on a play by Neil Simon. Then we finish things up with the 1977 Tim Conway comedy The Billion Dollar Hobo. There is no guest this time, just Todd sharing some of his basic thoughts on each of these films. We do still have some trivia questions for our listeners to play along with, and movie recommendation at the end.

From a petty family standoff to a snack-fueled rebellion at work, this episode of Malicious Compliance brings you five stories where following the rules exactly how they were given leads to some very satisfying consequences. Whether it's a power-tripping manager, a clever crew, or a kid with a black berry and a nose full of regret - these people got exactly what they asked for.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Send us a textWelcome to your daily dose of unfiltered chaos, where Peaches breaks down the news like a sledgehammer breaks through PR-approved nonsense. This ain't your polished AFN brief—this is the real rundown, straight from the Ones Ready bunker. Spoiler: if you love taxpayer-funded crop dusters, British police overreach, or beard policies held together by ETP duct tape—you're in for a treat.From the Panama Canal to Star Wars-era missile defense, the DEI purge of Maya Angelou, and the ongoing saga of “Fat Tony” Bauerfein, Peaches' on one today. We're talking about $2B aircraft that couldn't win a dogfight with a Pelican, the kind of “malicious compliance” that gets classics deleted from Navy libraries, and how shadow banning is the new way to say “you're winning.”

Philippe is the Founder of CrowdSec, an open-source multiplayer firewall that analyzes visitor behavior and provides an adapted response to all kinds of attacks. It leverages crowdsourced power to generate a global IP reputation database that protects the user network. As of today, CrowdSec boasts 250k+ user installations from 185+ countries and 50M+ malevolent IPs blocked. The CrowdSec community's users include governments, major e-commerce actors, media and financial institutions, armed forces, universities, hospitals, research centers, and others—the company raised $15M+ in series A funding just last year! The company's ingenious software is built on the idea of “safer together.” Not only does CrowdSec block individual user attacks, but it also identifies each malevolent IP address during an attack. It uses this information to protect everyone in the CrowdSec community from future attacks. Philippe received an MBA in Computer Sciences from EPITA. He has created five start-up companies and is a seed investor in ten others. He is on the front line of major innovations in tech use and security, and he loves to share his wealth of knowledge in podcasts and public speaking events. Philippe loves to discuss: The most significant issue facing cybersecurity is how open-source cybersecurity platforms combat them. Why multiplayer firewalls can help limit zero-day attacks and minimize cyberwar from attempting to “divide and conquer” businesses. Why does Philippe believe malevolent IP attacks are growing in size, and how can everyday users equip themselves to protect their data? https://crowdsec.net/ https://www.linkedin.com/in/philippehumeau/?originalSubdomain=fr&original_referer=https%3A%2F%2Fwww.google.com%2F

Filmmaker John Fallon makes his way into the Concessions lake house to air Jared's dirty laundry.Check out MALICIOUS now on Tubi.John Fallon is a writer/director/actor/producer with dozens of film credits and the founder of Arrow in the Head, part of the JoBlo.com movie network, a pioneer of online film commentary and journalism that exists today on YouTube in the form of JoBlo Horror Originals.PLEASE LIKE/RATE/REVIEW WHEREVER YOU LISTEN TO PODCASTS.Find us on Threads and Instagram @jaredconcessions @officialjohnfallon

maliciouscompliance where On the receiving end by private individual Malicious compliance in response to weaponized incompetence Do It Your Way? Okay. Fiscal responsibility - all right then Public Sector Employee With Questionable Bosses Want updates for every single thing? Ok. No Problem! “we just followed the rules» Not allowed in the kitchen? Ok. I will work on THAT Saturday YOU put me on the roster. Hosted on Acast. See acast.com/privacy for more information.

In this episode, I sit down with Peter Schiff, Chief Economist and Global Strategist at Euro Pacific Asset Management and host of The Peter Schiff Show. We break down the U.S. government's sweeping new tariffs and explore their impact on inflation, the U.S. dollar, gold, consumer prices, and the broader markets.#gold #inflation #tariffs #dedollarization #recession-----------Thank you to our #sponsor MONEY METALS. Make sure to pay them a visit: https://bit.ly/BUYGoldSilver------------

Episode 2519 - 50% of gold not deliverable. Hegseth says infantry regardless of sex has to pass same physical test. Women don't have real men to marry. Harvard to combat antisemitism . Malicious imbeciles? Plus much more. Funny show today!

The bite of slander is the bite that will have the strongest tendency to pull us toward the natural response, which means it will also require our greatest reliance on the Holy Spirit to respond supernaturally.  Check out the video version of this sermon. If you've missed any of the messages in this series, you can find them all here. And if you are a pastor, please check out my book When Sheep Bite, which will help you both respond to sheep bites and teach others how to respond as well. ►► Would you please prayerfully consider supporting this ministry? My Patreon supporters get behind-the-scenes access to exclusive materials. ◀︎◀︎

Send us a textADULT SUPERVISION.  Ya girls are talking about a man's chest this week- er…. I mean… a newer movie this week, called “Malicious” (2023)! A home invasion film not done well, but done well enough to keep us a little angry so let's go!    Stay tuned & stay NASTY.  Also, leave ya girls a review on Apple Podcasts and we'll dedicate an episode to your movie pick!

Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790 Malware found on npm infecting local package with reverse shell Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader. https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell Google Patched Google Chrome 0-day Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Researchers uncover a new Windows zero-day. A covert Chinese-linked network targets recently laid-off U.S. government workers. Malicious npm packages are found injecting persistent reverse shell backdoors. A macOS malware loader evolves. DrayTek router disruptions affect users worldwide. A new report warns of growing cyber risks to the commercial space sector. CISA issues four ICS advisories. U.S. Marshals arrest a key suspect in a multi million dollar cryptocurrency heist. Our guest is Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about creating a networking directory for former government and military professionals. The UK's NCSC goes full influencer to promote 2FA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about the importance of networking and creating a directory for former government and military professionals. Selected Reading New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials - Unofficial Patch (cybersecuritynews) Exclusive: Secretive Chinese network tries to lure fired federal workers, research shows (Reuters) New npm attack poisons local packages with backdoors (bleepingcomputer) macOS Users Warned of New Versions of ReaderUpdate Malware (securityweek) DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop (cybersecuritynews) ENISA Probes Space Threat Landscape in New Report (Infosecurity Magazine) CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS (cybersecuritynews) Crypto Heist Suspect "Wiz" Arrested After $243 Million Theft (hackread) NCSC taps influencers to make 2FA go viral (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/blog/ FBI Warns of File Converter Scams File converters may include malicious ad ons. Be careful where you get your software from. https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam VSCode Extension Includes Ransomware https://x.com/ReversingLabs/status/1902355043065500145

This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering. In the enterprise security news, Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-399

This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering. In the enterprise security news, Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-399

In this episode of the Karma Stories Podcast, host Rob dives into three gripping tales from the Malicious Compliance subreddit. The first story features Sid Witt dealing with a clueless senior manager, Colette, who orders a redundant report. Sid cleverly fabricates errors in the report, highlighting managerial incompetence. The second tale recounts a night supervisor in a psychiatric hospital who exposes the dangerous micromanagement of a departmental director during a fire alarm. The final story involves a software engineer who forces management to confront an impractical policy by strictly adhering to it, eventually leading to its abandonment. Sponsored by Dangly3D.com, where you can find new 3D printed Easter Cookie Dragons and Peacock Dragons.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

00:00 - PreShow Banter™ — Fun Jank Decks05:25 - BHIS - Talkin' Bout [infosec] News 2025-03-17 - Malicious browser plugins will destroy us ALL!!!!!06:35 - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension14:37 - Story # 1b: Chrome Web Store is a mess31:14 - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages36:17 - Story # 3: China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days44:44 - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data49:31 - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info51:25 - Story # 6: Hackers Take Credit for X Cyberattack54:32 - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account

In this episode of the Karma Stories Podcast, host Rob narrates a story from the Malicious Compliance subreddit about a manufacturing engineer who was ordered to disable critical testing on a new product due to unfounded blame from the design team. Despite warnings, the order led to increased failure rates and months of troubleshooting before the real issue was identified. This tale highlights the repercussions of ignoring expert advice and the valuable lessons learned by all involved.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

A federal judge in Richmond heard oral arguments in a malicious prosecution lawsuit against Virginia Attorney General Jason Miyares Tuesday morning. Brad Kutner was in the courtroom when the judge suggested the dispute might not end as soon as Miyares wants. 

In this episode of the Karma Stories Podcast, Rob shares five jaw-dropping stories from the Malicious Compliance subreddit. From an inexperienced project manager causing a catastrophic failure to a VP's cost-cutting decision leading to chaos, these tales of following absurd orders to the letter will have you both laughing and shaking your head in disbelief. Tune in for stories of engineers, schedulers, and office workers who turned the tables on their clueless bosses.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Welcome to another episode of the Karma Stories Podcast! Host Rob shares three captivating tales from the Malicious Compliance subreddit. The first story is about a student in Texas who cleverly uses her school's dress code rules to stand up against biased enforcement. The second story features a CEO's email blunder that leads to an unintended but hilarious IT catastrophe. The third story takes place in a community garden where a boy's misadventure in a compost heap results in comedic justice. Tune in for these amusing and thought-provoking stories!Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

There are forces in this world we cannot see—forces that lurk in the spaces between reality and nightmare, waiting for the right moment to make themselves known. Some arrive in the guise of an innocent discovery, whispering temptation to those who dare to pry. Others lie just beyond the veil of the ordinary, pulling the lost and weary into places they were never meant to find. In this episode of Horror Hill, host Erik Peabody invites you to witness the consequences of meddling with the unknown. Two stories, two doomed paths, and one chilling certainty: once the darkness takes notice of you, it will never look away. To watch the podcast on YouTube: http://bit.ly/ChillingEntertainmentYT Don't forget to subscribe to the podcast for free wherever you're listening or by using this link: https://bit.ly/HorrorHillPodcast If you like the show, telling a friend about it would be amazing! You can text, email, Tweet, or send this link to a friend: https://bit.ly/HorrorHillPodcast Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode of the Karma Stories Podcast, Rob shares four entertaining tales from the malicious compliance subreddit. The episode begins with a story about a demanding café owner named Steve who learns the hard way about the consequences of threatening to cancel service. Next, we hear about employees forced to wear business attire, who creatively protest by wearing mismatched outfits. The third story follows the same team, as they humorously comply with a micro-managing boss's sign-in board, leading to its quick removal. Finally, there's a tale of a UK government worker who follows new demanding work rules to the letter after a motorbike accident but ends up quitting due to unbearable conditions. These stories highlight the unintended chaos and hilarity that can arise from strictly following unreasonable demands. Tune in for laughs, lessons, and some satisfying acts of workplace rebellion!Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

I jump into the studio after a beautiful weekend in LA to chop up all of the news and entertainment from the weekend. I dive into my not so deep thoughts about the Oscar's, why I find it an odd occurrence for wildfires to hit South Carolina, and a few of my thoughts on the race for advancements in AI research and development. Let's get into another great weekend discussion!

In today's episode of the Karma Stories Podcast, Rob narrates three fascinating stories from the Malicious Compliance subreddit. The first story revolves around a teacher who is forced to give an accurate grade to a student due to an insistent parent, resulting in unintended consequences. The second story is about a manager who mishandles client funds, leading to legal complications. Finally, the third tale features a grocery store employee who strictly follows health and safety guidelines amidst a complaint, causing a stir at work. Tune in for these compelling tales of rules, compliance, and the unexpected outcomes that follow.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710 Compromised Visal Studio Code Extension downloaded by Millions Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details. https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26 ByBit Theft Due to Compromised Developer Workstation ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit. https://x.com/benbybit/status/1894768736084885929 https://x.com/safe/status/1894768522720350673 PoC for NAKIVO Backup Replication Vulnerability This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit. https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ OpenH264 Vulnerability https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x rsync vulnerability exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html Healthcare Malware Hunt Part 1: Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware. https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

Join Rob on the Karma Stories Podcast as he shares three intriguing stories from the Malicious Compliance subreddit. In this special 1500th episode, Rob narrates tales of stubborn adherence to flawed directives, highlighting the humorous and often frustrating consequences. From a dump truck delivery gone wrong, a bodybuilding Navy driver challenging gym dress codes, to a savvy military officer outsmarting a bureaucratic leave denial, these stories showcase the cleverness and resilience of those who choose compliance with a twist. Tune in for a mix of laughs and lessons learned.Submit your own stories to KarmaStoriesPod@gmail.com.Karma Stories is available on all major Podcasting Platforms and on YouTube under the @KarmaStoriesPodcast handle. We cover stories from popular Reddit Subreddits like Entitled Parents, Tales From Tech Support, Pro Revenge and Malicious Compliance. You can find new uploads here every single day of the week!Rob's 3D Printing Site: https://Dangly3D.comBecome a supporter of this podcast: https://www.spreaker.com/podcast/karma-stories--5098578/support.

Malicious fake images of a female politician circulated during the general election are being investigated by gardaí. The sexually explicit photos were created using AI deepfake technology to cast a slur on the victim's character. Fionnán Sheahan discusses this worrying development for Irish democracy, while SDLP MLA Cara Hunter shares how her own experience as a victim of a pornographic deepfake attack that nearly ruined her political career. Host: Tabitha Monahan; Guests: Fionnán Sheahan and Cara HunterSee omnystudio.com/listener for privacy information.

SUPPORT MY WORK:SUBSTACK: https://dersh.substack.com/The Dershow staring Alan Dershowitz* APPLE PODCAST: https://podcasts.apple.com/us/podcast/the-dershow/id1531775772SPOTIFY: https://open.spotify.com/show/7Cx3Okc9mMNWtQyKJZoqVO?si=1164392dd4144a99_________________________________________________________FOLLOW ME:TWITTER: https://twitter.com/AlanDershRUMBLE: https://rumble.com/user/Sav_saysLOCALS: https://dershow.locals.com/YOUTUBE: https://www.youtube.com/c/TheDershowWithAlanDershowitz________Youtube: @thedershowwithalendershowitz

Actor Alec Baldwin has filed a civil lawsuit against Santa Fe District Attorney Mary Carmack-Altwies, Special Prosecutor Kari Morrissey, and other officials, claiming malicious prosecution and violations of his civil rights. The lawsuit follows the dismissal of criminal charges against Baldwin in connection with the 2021 death of cinematographer Halyna Hutchins on the set of Rust. Baldwin was holding a prop pistol during a rehearsal when it discharged, killing Hutchins and wounding director Joel Souza. Baldwin faced an involuntary manslaughter charge, which was thrown out in July by Judge Mary Marlowe Sommer. The judge cited prosecutorial misconduct, including the withholding of key evidence related to the live ammunition on set. The lawsuit, filed Thursday, names additional defendants, including investigators from the Santa Fe County Sheriff's Office, the First Judicial District Attorney's Office, the Santa Fe County Board of Commissioners, and the county itself. In the filing, Baldwin's attorneys accuse prosecutors of engaging in a “malicious and unlawful” pursuit of the actor for political and personal reasons. “Criminal prosecutions are supposed to be about the search for truth and justice, not to pursue personal or political gain or harass the innocent,” attorneys Luke Nikas and Alex Spiro stated. “Kari Morrissey and the other defendants violated that basic principle, over and over, and trampled on Alec Baldwin's rights. We bring this action to hold the defendants accountable for their misconduct and to prevent them from doing this to anyone else.” The lawsuit alleges that prosecutors intentionally concealed evidence that would have cleared Baldwin and instead sought to scapegoat him for Hutchins' death. Special Prosecutor Andrea Reeb is accused of making statements about how pursuing the case could benefit her political career as a Republican state representative. Baldwin's attorneys claim that false and incomplete testimony from Morrissey was used to secure his indictment. Responding to the lawsuit, Morrissey said, “In October 2023, the prosecution team became aware that Mr. Baldwin intended to file a retaliatory civil lawsuit. We look forward to our day in court.” The incident, which occurred during the filming of the Western Rust, reignited debates about firearms safety on film sets and led to multiple lawsuits, including Baldwin's. The actor is seeking financial damages through a jury trial, arguing that the defendants must be held accountable for their actions. “Defendants must now be held accountable for their malicious and unlawful pursuit of Baldwin,” the complaint states. The tragic shooting of Halyna Hutchins has left a lasting impact on Hollywood, with many calling for stricter safety protocols. Baldwin's lawsuit underscores broader concerns about the role of political influence and prosecutorial accountability in high-profile cases. #AlecBaldwin #RustLawsuit #HalynaHutchins #CivilRights #MaliciousProsecution #MovieSetSafety #Hollywood Want to listen to ALL of our podcasts AD-FREE? Subscribe through APPLE PODCASTS, and try it for three days free: https://tinyurl.com/ycw626tj Follow Our Other Cases: https://www.truecrimetodaypod.com The latest on The Downfall of Diddy, The Trial of Karen Read, The Murder Of Maddie Soto, Catching the Long Island Serial Killer, Awaiting Admission: BTK's Unconfessed Crimes, Delphi Murders: Inside the Crime, Chad & Lori Daybell, The Murder of Ana Walshe, Alex Murdaugh, Bryan Kohberger, Lucy Letby, Kouri Richins, Malevolent Mormon Mommys, The Menendez Brothers: Quest For Justice, The Murder of Stephen Smith, The Murder of Madeline Kingsbury, The Murder Of Sandra Birchmore, and much more! Listen at https://www.truecrimetodaypod.com

In this episode, we explore the following stories: "Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics" Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques. URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics "Information Stealer Masquerades as LDAPNightmare PoC Exploit" A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare. URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit "How Extensions Trick CWS Search" Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate. URL: How Extensions Trick CWS Search "Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)" Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution. URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)