Podcasts about Malware

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Simple 6 signup link https://simple6.co/r/CFUR98   Meta confirms 20,225 Instagram accounts were hijacked after attackers exploited a bug in its AI-powered High Touch Support tool to reset passwords without verifying email ownership. https://www.bleepingcomputer.com/news/security/meta-ai-support-data-breach-affects-20-000-instagram-accounts/ The Silent Ransom Group is targeting U.S. law firms with fake IT help desk calls, moving from first contact to data exfiltration in hours and sending ransom demands within 30 minutes of leaving the network. https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/ Weil Gotshal reportedly paid $18–20 million to prevent hackers from publishing stolen client data after a Silent Ransom Group attack. https://www.legalcheek.com/2026/06/weil-reportedly-pays-up-to-20-million-after-hackers-steal-client-data/ Jones Day confirms a cyberattack that gave hackers access to client files, also attributed to the Silent Ransom Group campaign targeting BigLaw. https://www.legalcheek.com/2026/04/jones-day-confirms-cyber-attack-after-hackers-access-client-files/ Dark Reading's breakdown of how Silent Ransom Group's law firm extortion campaign operates at scale. https://www.darkreading.com/cyberattacks-data-breaches/silent-ransom-us-law-firms-extortion-attacks   Apple announces that iOS 27's Passwords app will use agentic AI to automatically detect and replace weak or compromised passwords in the background, no user effort required. https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/ https://www.macrumors.com/2026/06/08/apple-passwords-can-now-automatically-fix-passwords-with-agentic-ai/   Citizen Lab researcher John Scott-Railton flags a new attacker technique: malware developers are embedding nuclear and biological weapons text inside their spyware to deliberately trigger AI safety refusals, preventing LLM-based security tools from analyzing the malicious code — a real-world demonstration of how over-tuned safety guardrails create exploitable blind spots. https://x.com/jsrailton/status/2064661778978533571   UK Prime Minister Starmer gives Apple and Google a three-month deadline to install device-level software that detects and blocks explicit images on consumer hardware, with privacy advocates and Signal already calling the mandate a blueprint for mass surveillance. https://metro.co.uk/2026/06/08/phone-will-change-new-government-rules-explicit-images-28694073/   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Ben - https://www.linkedin.com/in/benjamincorll/

An underground forum post breaks down how hackers scan, exploit, and cash out on vulnerabilities — and it reads like a step-by-step guide. Meanwhile, Microsoft is catching heat for stonewalling a researcher who found real zero-days, and a new phishing campaign is hitting small businesses through the platforms they trust most. The OG crew — Joshua Schmidt, Eric Brown, and Nick Mellem — digs into this week's biggest cybersecurity headlines with sharp takes and real-world context that practitioners can actually use. 

The data stealing code compromised over 1,500 packages in the Arch Linux User Repository, making use of Rust, Systemd, NodeJS, & Bun.Grab a Discounted Lifetime Sub & Get on The Wall:https://lunduke.substack.com/p/50-off-yearly-and-massively-discountedMore from The Lunduke Journal:https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

https://rhr.tv/stream Keonne Rodriguez (Samourai dev) updates on prison transfer & furlough request https://x.com/keonne/status/2063959631383179277 Bark Ark Protocol Launches on Bitcoin Mainnet https://blog.second.tech/bark-now-on-bitcoin-mainnet/ Second Introduces Noah and Arké Bitcoin Ark Wallets https://blog.second.tech/introducing-noah-and-arke/ Signal: UK Surveillance Is Not Safety https://signal.org/blog/pdfs/2026-06-08-uk-surveillance-is-not-safety.pdf Mullvad explains UK spyware proposal: mandatory real-time scanning & blocking on all devices https://x.com/mullvadnet/status/2064342870937509988 SimpleX Network Consortium Governance and Foundation Overview https://simplexnetwork.org/consortium.html Pump.fun launches GO: bounty platform to pay anyone for any task https://x.com/pumpfun/status/2062557004829233504 Man tattoos forehead for $2,400 Pump.fun bounty (spells it wrong) https://x.com/discordiaclips/status/2063406281130398012 Strategy Announces Approval of STRC Semi-Monthly Dividends https://www.strategy.com/press/strategy-announces-approval-of-strc-semi-monthly-dividends_06-08-2026 Polymarket Cracks Down on VPN Users Amid Legal Pressure https://gizmodo.com/polymarket-cracks-down-on-vpn-users-as-legal-pressure-intensifies-in-dozens-of-countries-2000765379 Karpathy on Claude Fable 5: strong benchmarks but overly trigger-happy safeguards https://x.com/karpathy/status/2064409694761054332 Malware devs add WMD keywords to spyware to evade LLM scanners https://x.com/jsrailton/status/2064661778978533571 Anthropic Dario Pushes for Regulatory Moat https://darioamodei.com/post/policy-on-the-ai-exponential HRF Freedom Tech in Oslo: https://www.youtube.com/watch?v=QUcG_CJkT6A Dark Wisp Android v1.0.0 Adds Private Interactions, Tor Routing, and NIP-A3 Payments https://github.com/barrydeen/dark-wisp-android/releases/tag/v1.0.0 Kickstr World Cup Game https://kickstr.einundzwanzig.dev/games/7ea5d40f-be37-4895-94cd-2adaf53f45ad Bitaxe ESP-Miner v2.14.0 Release https://github.com/bitaxeorg/ESP-Miner/releases/tag/v2.14.0 Ulendo: borderless calling via Nostr + Bitcoin without local SIM cards https://x.com/codamw/status/2063340269785784526 Microsoft Patches Record 206 Security Flaws https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html Milei proposes AI framework with "non-human corporations" & zero regulation https://x.com/trajektoriepl/status/2062594306670535130 Cuba Poised for Largest U.S. Fuel Shipment Since Cold War Embargo https://financialpost.com/pmn/business-pmn/cuba-poised-for-biggest-us-fuel-shipment-since-cold-war-embargo 3:33 - Guess who's back 12:13 - Dashboard 19:13 - Keonne update 22:43 - Bark 34:33 - UK surveillance 41:03 - Noah & Arké 47:01 - Simple Network Consortium 53:13 - Pumpfun 57:38 - STRC semi-monthly 1:07:33 - Polymarket VPN crackdown 1:11:23 - Fable 1:24:43 - WMD LLM keyword bypass 1:30:38 - Anthropic is too good 1:33:08 - HRF Oslo 1:33:58 - HRF Story of the Week 1:35:23 - Boosts 1:37:33 - Software updates 1:49:03 - Milei AI 1:51:48 - Cuba fuel Shoutout to our sponsors: Coinkite https://coinkite.com/ Strike https://strike.me/ Stakwork https://stakwork.ai/ Salt of the Earth https://drinksote.com/rhr Follow Marty Bent: Twitter https://twitter.com/martybent Nostr https://primal.net/marty Newsletter https://tftc.io/martys-bent/ Podcast https://tftc.io/podcasts/ Follow Odell: Nostr https://primal.net/odell Newsletter https://discreetlog.com/ Podcast https://citadeldispatch.com/

⛓️ SOFTWARE FOR HOME SERVICE BUSINESS: https://home.works

Welkom terug bij Radio Raccoons! In deze twaalfde aflevering van het seizoen bespreken Deevid en Michiel de drukke Microsoftweek: zeven nieuwe AI-modellen in een klap, een persoonlijke assistent die je opbelt en qubits die een pak langer leven. Daarnaast hertekent OpenAI grondig ChatGPT en stevent de IPO van SpaceX op astronomische bedragen af.In de deep dive is Michiel volledig in z'n nopjes, omdat ze het erin hebben over Apples WWDC, met onder andere serieuze upgrades voor Siri. De tooltip van de week: MarkItDown van Microsoft, handig voor wie bestanden naar Markdown wil omzetten. En ze sluiten af met een startup die mensen met camera's naar jouw huis stuurt om robots te trainen. Iemand moet het doen.Techscoopshttps://www.theverge.com/ai-artificial-intelligence/942242/microsoft-build-ai-agents-openai-competitionhttps://www.theverge.com/tech/941664/microsoft-ai-model-reasoning-mai-thinking-1-build-2026https://www.theverge.com/news/939713/microsoft-scout-assistant-openclawhttps://www.theverge.com/ai-artificial-intelligence/941870/microsoft-makes-it-more-secure-to-run-openclaw-on-windowshttps://www.theverge.com/news/941830/microsoft-project-solara-os-ai-agent-gadgetshttps://arstechnica.com/gadgets/2026/06/microsofts-project-solara-is-an-android-os-designed-for-agents-instead-of-apps/https://www.theverge.com/news/940874/microsoft-majorana-2-quantum-chip-buildhttps://arstechnica.com/science/2026/06/microsoft-atom-computing-eeroq-update-their-quantum-computing-progress/https://arstechnica.com/ai/2026/06/chat-is-dead-openai-preps-overhaul-of-chatgpt/https://the-decoder.com/spacex-signs-920-million-per-month-deal-with-google-for-110000-nvidia-ai-chips-ahead-of-ipo/https://the-decoder.com/elon-musks-xai-reportedly-trained-its-coding-models-on-claude-outputs-for-months-before-getting-cut-off/https://www.reddit.com/r/ClaudeAI/comments/1u05t5e/an_active_attack_is_planting_backdoors_inside/https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/Deep divehttps://www.apple.com/apple-intelligence/https://www.theverge.com/tech/942416/apple-siri-ai-update-wwdchttps://www.theverge.com/tech/941202/apple-ios-27-wwdc-2026https://www.theverge.com/tech/943695/apple-wwdc-2026-macos-27-macbook-mac-announcement-featureshttps://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-delayed-in-eu-for-ios-27-and-ipados-27/Tooltiphttps://github.com/microsoft/markitdownWatercooler show-offhttps://arstechnica.com/ai/2026/05/robot-training-startup-will-send-humans-wearing-cameras-to-clean-your-home/

Microsoft malware hits Claude and Gemini users Mythos can exploit new flaws in hours AI tool abuse behind Instagram hacks Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-gemini-malware-mythos-sneaky-flaws-instagram-ai-abuse/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.   But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.   We fight relentlessly to protect your business, brand, and people.   Doppel. Outpacing what's next in social engineering.   Learn more at doppel.com.

Apple intenta resucitar Siri con IA contextual mientras OpenAI prepara su tercera fase y una posible salida a bolsa. Microsoft desactiva más de 70 repositorios en GitHub por malware roba credenciales, Nvidia quiere llevar agentes al PC con RTX Spark y una nueva plataforma criogénica de carburo de silicio apunta a controlar mejor la computación cuántica.Puedes seguirnos en YouTube en https://youtube.com/olivernabani y puedes unirte al Discord Mashain en https://olivernabani.com/discord

Hackeři dokázali zmanipulovat AI chatbota společnosti Meta a převzít cizí Instagram účty. V této epizodě CCTV NEWS se podíváme na zneužití umělé inteligence v zákaznické podpoře, zranitelnost v AI nástroji Claude Code od Anthropicu, malware ukrývající své příkazy v komentářích na platformě Steam a také na aktivně zneužívanou zranitelnost Cisco SD-WAN Manager, pro kterou zatím neexistuje bezpečnostní oprava. Přehled nejdůležitějších událostí z oblasti kybernetické bezpečnosti za poslední týden.

Three breaches. No malware. No zero-days. Just trust being exploited. This week on Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three major cybersecurity incidents that reveal a growing reality: attackers are increasingly targeting people, vendors, and physical access instead of technology. NYC Health + Hospitals disclosed a breach affecting 1.8 million individuals after a third-party vendor compromise exposed sensitive patient information, including fingerprints. Carnival Corporation confirmed a cyberattack impacting nearly 6 million people after attackers used social engineering to gain access through an employee account. Meanwhile, the FBI is warning law firms about criminals posing as IT personnel, physically entering offices, deploying malicious USB devices, and stealing privileged client data. These attacks didn't begin with sophisticated malware or advanced exploits. They succeeded because trust was exploited. In this episode, we discuss: • The growing risk of third-party vendor breaches • Why biometric data theft creates permanent consequences • How social engineering continues to defeat security controls • The resurgence of physical intrusion attacks • What CEOs, business owners, IT leaders, and MSPs should be evaluating right now • Why many organizations may be defending the wrong attack surface If your cybersecurity strategy focuses only on networks, endpoints, and firewalls, this episode will challenge some assumptions. Support the show: https://buymeacoffee.com/securitysquawk Subscribe for weekly executive-level cybersecurity analysis focused on business impact, operational risk, and real-world consequences. #CyberSecurity #DataBreach #Carnival #NYCHealthAndHospitals #SocialEngineering #VendorRisk #LawFirmSecurity #CyberAttack #InformationSecurity #MSP #BusinessRisk #SecuritySquawk

Hoy hablamos de un malware con IA que cambia de táctica según la máquina, las sanciones de EE.UU. a Nobitex, el salto de ChatGPT a más de mil millones de usuarios, la posible salida a bolsa histórica de SpaceX y el giro de Google pagando por código Android para entrenar IA.Puedes seguirnos en YouTube en https://youtube.com/olivernabani y puedes unirte al Discord Mashain en https://olivernabani.com/discord

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromise Red Hat's npm namespace. DriveSurge spreads malware through ClickFix and fake updates. FreePBX patches a critical flaw. And Dashlane responds to a brute-force attack. Our guest is ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on digital health platforms. Meta's AI support bot proves a bit too eager to help. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with ⁠Laure Lydon⁠, Opening Chair for Infosecurity Europe and VP of Security and Infrastructure, Flo Health, sharing her expertise on privacy, security, and trust in digital health platforms, especially in sensitive areas like women's health. This interview is part of our partnership with Infosecurity Europe. Selected Reading Inspector general finds NIST mistakes have made vulnerability database ineffective (The Record) Google fixes one actively exploited Android zero-day, 124 flaws (Bleeping Computer) Uncovering Webloc: An Analysis of Penlink's Ad-based Geolocation Surveillance Tech (The Citizen Lab) GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure (Security Affairs) Threat Actor Uses AI to Build EDR Evasion Tools (Infosecurity Magazine) Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Infosecurity Magazine) Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks (Bleeping Computer) Critical Hard-Coded Credentials Vulnerability in FreePBX User Control Panel (Beyond Machines) Dashlane password manager users locked out by brute force attacks (Bleeping Computer) Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome in! You've entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today's most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York's exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. This week, our hosts dive into the evolving threat of software supply chain attacks and the growing risks facing the open-source ecosystem. As developers increasingly rely on third-party packages and AI-powered coding tools, attackers are finding new ways to abuse trusted software to reach a wider range of targets. The discussion explores why these attacks are becoming more common, what recent incidents reveal about the state of software security, and what organizations can do to better protect themselves. Sources:  ⁠ Shai-Hulud worm returns stronger and more automated than ever before⁠ ‘Mini Shai-Hulud' malware compromises hundreds of open-source packages in sprawling supply-chain attack⁠ What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

L'intelligence artificielle vient de renverser le sablier de la cybersécurité. L'entreprise Anthropic publie les premiers résultats de son projet Glasswing.En un seul mois, leur nouveau modèle expérimental, Claude Mythos Preview, a identifié plus de dix mille failles critiques dans les infrastructures logicielles mondiales les plus sensibles.Le goulot d'étranglement n'est plus la détectionConcrètement, le problème a changé de camp. Jusqu'à présent, la sécurité logicielle était freinée par la lenteur de la découverte des vulnérabilités. Aujourd'hui, avec des IA capables d'auditer des millions de lignes de code en un instant, le goulot d'étranglement n'est plus la détection. C'est l'humain.Les développeurs et les équipes de sécurité sont tout simplement noyés. Trouver une faille prend quelques secondes à l'IA. Mais vérifier, documenter et coder le correctif exige toujours du temps et de l'expertise humaine.Chez Cloudflare, partenaire du projet, la vitesse de détection a été multipliée par dix, avec une précision jugée supérieure à celle d'un humain. Le paradigme s'inverse donc totalement pour les directions informatiques.Cette accélération crée une fenêtre de tir redoutable pour les piratesMais attention, cette accélération crée une fenêtre de tir redoutable pour les pirates. C'est le deuxième point crucial. Quand une IA de cette trempe identifie une faille, elle peut aussi générer le code nécessaire pour l'exploiter.Or, face à ce déluge de signalements, les mainteneurs de projets open source sont à bout de souffle. Certains supplient même de ralentir le rythme des divulgations. En moyenne, il faut encore deux semaines pour corriger un bug critique.Si des modèles d'IA aussi puissants tombent dans le domaine public sans garde-fous, cette latence entre la découverte et le déploiement de la mise à jour deviendra mortelle pour les entreprises.Alors, comment réagir face à ce mur qui approche à grande vitesse ?Les entreprises doivent impérativement compresser leurs cycles de mise à jour. La bonne nouvelle, c'est que l'IA apporte ici aussi son propre antidote.Anthropic a lancé la solution Claude Security en version bêta pour les entreprises. L'objectif est de scanner votre code interne pour y débusquer les erreurs et de générer automatiquement les correctifs pour vous faire gagner un temps précieux.En trois semaines, plus de deux mille failles ont ainsi été réparées. Mais au-delà du code, c'est toute l'architecture de défense qui doit évoluer. Il ne faut plus se reposer uniquement sur l'attente d'un correctif, mais durcir les configurations par défaut, imposer l'authentification multifacteur partout et surveiller les flux en temps réel.Le ZD Tech est sur toutes les plateformes de podcast ! Abonnez-vous !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

Originally recorded: Friday May 29, 2026In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A large-scale software supply chain attack dubbed “Megalodon” infected thousands of GitHub repositories with credential-stealing malware in a highly automated campaign that unfolded over a six-hour period on May 18, 2026.Researchers from OX Security have identified a malicious npm package named “mouse5212-super-formatter” that was designed to steal files from Anthropic Claude AI environments by targeting the “/mnt/user-data” directory.Convenience store giant 7-Eleven disclosed a data breach tied to an attack that occurred on April 8, 2026, involving systems that contained franchise-related documents. SecurityWeek article Matt references.CISA has issued an urgent warning about a critical vulnerability in the LiteSpeed cPanel Plugin, tracked as CVE-2026-48172, which is already being actively exploited in the wild.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

RobChrisRob returned after weeks apart to dig deep into matters of infinite importance including children using hand drawn mustaches to circumvent age verification checks, several stories about AI Psychosis, a sloth named Dumpling died after rescue from Sloth World, the robot dog filled with malware, Drunk Deer, Waymos invading an atlanta cul de sac, as well as several movies including Mando & Grogu, Death Watch, and Good Fortune Join our discord to talk along or the Subreddit where you will find all the links https://discord.gg/YZMTgpyhB https://www.reddit.com/r/TacoZone/

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs https://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault https://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/

Die Security-Welt überschlägt sich und täglich werden neue, schwere Sicherheitslücken im Linuxkernel bekannt. Christopher und Sylvester versuchen, Schritt zu halten und erzählen von Dirty Frag und Copy Fail 2. Auch in der PKI-Welt brennt's allerorten: Bei D-Trust schon wieder (oder immer noch) und DigiCert hatte Ärger mit Malware-Angriffen. Außerdem geht Sylvester auf den nur teilweise erfolgreichen Wechsel der Linux-Coreutils zur Programmiersprache Rust ein und erzählt über Ransomwarezahlungen. Die sind nämlich nicht nur ethisch, sondern auch rechtlich ein zweischneidiges Schwert - und eine Garantie für das Ende der Erpressung bieten sie auch nicht.

This week Joseph speaks to Zack Whittaker, an editor at TechCrunch. Zack has been leading coverage into the spouseware or stalkerware industry. This is malware sold to ordinary people, which they then often install on their girlfriend's or someone else's phone. Zack talks about the crazy scope of this problem. Behind the stalkerware network spilling the private phone data of hundreds of thousands Spyzie stalkerware is spying on thousands of Android and iPhone users Stalkerware tag on TechCrunch This Week In Security Newsletter YouTube Version: https://youtu.be/BLb46310iLs Subscribe at 404media.co Learn more about your ad choices. Visit megaphone.fm/adchoices

Can hackers really get to everything, including your external hard drive? I'll cover what malware can do and what you need to do before it happens to you.

A serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems.  Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. David Shipley breaks down four major cybersecurity stories on Cybersecurity Today. First, a newly disclosed zero-day dubbed YellowKey reportedly defeats default Windows 11 BitLocker protection on systems using TPM-only encryption, giving attackers with physical access a path to unencrypted data through the Windows Recovery Environment. Microsoft is investigating, while security experts are urging stronger BitLocker configurations. The episode also examines the TeamPCP threat group's decision to release offensive tooling publicly, dramatically lowering the barrier for copycat supply-chain attacks. Researchers have already spotted malicious NPM packages borrowing similar techniques, including persistence mechanisms aimed at developer environments such as Visual Studio Code and Claude Code. David also looks at disturbing analysis of the FAST16 malware, which researchers believe was engineered to tamper with nuclear weapons simulation software including LS-DYNA and AutoDyn. And finally, U.S. officials reportedly suspect Iranian actors in cyberattacks targeting internet-exposed gas station automatic tank gauge systems, a reminder that weak operational technology security can quickly become a real-world infrastructure problem. 00:00 Sponsor Message 00:24 Headlines Overview 00:50 BitLocker Zero Day 03:32 TeamPCP Tools Leak 06:13 Copycat NPM Malware 06:50 Fast16 Nuclear Sabotage 08:37 Iran Gas Station Hacks 10:28 Hardening Critical Infrastructure 11:16 Wrap Up And Events 11:59 Sponsor Deep Dive #Cybersecurity #Windows11 #BitLocker #ZeroDay #TeamPCP #IranCyberAttack #SupplyChainAttack #CriticalInfrastructure #CyberSecurityToday

New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Released https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

A poisoned software package compromised OpenAI employee devices before security teams could stop it. The company behind critical Ozempic injection components has been offline for weeks after a ransomware attack. And Change Healthcare is now facing another major lawsuit tied to the 2024 breach that crippled healthcare payments nationwide. Three stories. One message: Your business is now exposed to companies you don't control. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three cyber incidents that reveal how third-party trust has become one of the biggest operational risks in business today. This Week's Cybersecurity Breakdown 1. OpenAI, TanStack & the npm Supply Chain Worm A software supply chain attack spread through trusted developer ecosystems at massive speed: 42 npm packages poisoned in six minutes Malware stole GitHub tokens, AWS credentials, and CI/CD secrets OpenAI confirmed two employee devices were compromised ChatGPT Desktop, Codex App, Codex CLI, and Atlas certificates rotated Demonstrates how modern attacks now spread through trusted development infrastructure 2. West Pharmaceutical Ransomware Attack A cyberattack against a company most people have never heard of — but nearly everyone depends on: West Pharmaceutical components are used in roughly 43 billion injectable drug deliveries annually Includes Ozempic, Wegovy, insulin pens, vaccines, and hospital injectables Systems taken offline globally after ransomware deployment Manufacturing disruptions continue weeks later 3. Allied World v. Change Healthcare — The Financial Fallout Begins The legal consequences of the Change Healthcare breach are escalating: Cyber insurer Allied World filed suit seeking more than $1 million in damages Avesis operations were disrupted for roughly 90 days Root cause traced to a low-level Citrix account with no MFA Credentials were reportedly circulating on Telegram prior to the breach The Bottom Line The modern business attack surface is no longer just your company. It's: your software vendors your healthcare clearinghouses your package repositories your pharmaceutical suppliers Every trusted relationship is now a potential point of failure. And when those companies get breached, your business absorbs the consequences. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, supply chain attacks, AI threats, and executive-level cybersecurity strategy.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers have disclosed a new Linux local privilege escalation technique called “Dirty Frag,” which chains together two kernel vulnerabilities: CVE-2026-43284 in xfrm-ESP handling and CVE-2026-43500 in RxRPC.The breach affecting educational technology provider Instructure has raised broader concerns about the security dependencies schools have on third-party cloud platforms.Security researchers at Aikido are tracking a major expansion of the “Mini Shai-Hulud” malware campaign targeting the npm ecosystem.Google Threat Intelligence Group says threat actors are moving from experimental AI usage toward large-scale operational integration of generative models across the cyberattack lifecycle.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In this episode of Unspoken Security, host AJ Nash sits down with Dan O'Day, Senior Consulting Director at Unit 42 by Palo Alto Networks. Dan shares key findings from the 2026 Global Incident Response Report, built from over 750 real-world cyber incidents, covering four major threat trends reshaping the security landscape.Dan breaks down how AI is compressing attack timelines at a dramatic rate. The fastest incidents now move from access to full impact in just 72 minutes, down from 285 minutes the year prior. Attackers are no longer breaking in. They are logging in, using stolen credentials, tokens, and API keys to move laterally and avoid detection. Identity is now the dominant attack surface, playing a material role in nearly 90% of Unit 42's investigations.The conversation closes on a note of cautious optimism. Dan argues that over 90% of breaches stem from preventable gaps, meaning security is solvable. He outlines three priorities for defenders: empowering the SOC to act at machine speed, treating identity as the new perimeter, and securing the entire software supply chain from the first line of code to cloud runtime.Download the Unit 42 Global Incident Response Report 2026 here: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?utm_source=linkedin&utm_medium=social&utm_campaign=na&utm_content=pa001134 Send us Fan MailSupport the show

Adam Engst (TidBITS) discusses a malware incident in a long-running public "Slack Bits" group where a bad actor impersonated Glenn Fleishman via a duplicate Slack display name, tricking him into downloading an info-stealer, prompting Engst to consider shutting down the 1,400-member community. The conversation shifts to Anthropic's Mythos and Project Glasswing (as covered by TidBITS security editor Rich Mogull), which reportedly found long-standing bugs (including in OpenBSD and FFmpeg), raising concerns about AI-accelerated vulnerability discovery, defender/attacker asymmetries, costs and compute barriers, and impacts on zero-day markets. They also cover Apple's iOS signing and update/upgrade distinctions, why Apple supports macOS differently than iOS, broader distrust in institutions, social media's advertising/algorithm problems (including Section 230), bots and AI-driven phishing, and the idea of local, user-controlled AI agents to help protect individuals online.   00:00 Welcome Back Adam Engst 00:20 Slack Impersonation Scare 02:15 Cleaning Up a Public Slack 03:40 Mythos and Glasswing Explained 05:19 AI Bug Hunting Reality Check 08:25 Red Team Blue Team Asymmetry 09:50 Compute Costs and Access Barriers 12:19 Trust Ethics and Regulation 17:50 Personal AI Security Agents 23:34 Zero Day Markets and Exploit Kits 25:40 iOS Signing and Update Windows 27:13 Why Macs Get Longer Support 32:06 Scams Incentives and Pig Butchering 34:02 Life Offline and Misinformation 35:41 Social Media Hot Garbage 36:43 Addiction By Design 37:46 Advertising Model Flaw 38:47 Infinite Scroll Limits 39:39 Dunbar Number Reality 40:54 Platform Power Responsibility 42:46 AI Influencers And Slop 43:37 Bots And Fake Accounts 46:33 AI Phishing And Passkeys 49:21 Closed Communities Trust 53:25 CAPTCHAs And Human Help 56:08 Section 230 And Algorithms 57:46 Chronological Feed Fix 59:35 Two Week News Rule 01:02:41 Ads In Maps Backlash 01:04:10 Wrap Up And Next Part

Episode 298: This week's TechTime episode starts with a cautionary tale: one innocent click on a “totally legit” AI site turns into a malware parade featuring the Beagle backdoor. We break down how a fake Claude page practically begs you to download doom, and why “but it was a Google ad!” is not a legal defense. Then we pivot into the psychology of the OnlyFans boom, where relevance, identity, and questionable career advice collide. Mike the Psychologist weighs in with just enough sass to make you rethink every influencer bio you've ever read.From there, we tackle scam apps people want to believe in, including fake stalking tools with millions of installs—because apparently, common sense is optional. We also cover the Taiwan rail hack, proving once again that outdated radio systems and high‑speed trains are a terrible combo. Add in SSD buying tips that save you from slow‑drive regret, plus a quick Archie Rose single‑malt thumbs‑up. By the end, you'll laugh, you'll learn, and you'll definitely double‑check every download button you see. Tune in to TechTime Radio—where the future is now, the stories matter, and all with a little whiskey on the side.-- Full Episode Details:One bad click can turn “trying a new AI tool” into a full-blown Windows security incident. We walk through a fake Claude AI website that looks real, funnels you into a single download button, and drops a malware chain that ends with the Beagle backdoor. We break down the red flags, what to look for on your PC, and why “it was an ad on Google” is never a safety guarantee.Then we zoom out to the weird intersection of technology and human behavior. We talk about the OnlyFans wave as a modern relevance machine, and why platforms that sell intimacy also reshape identity, privacy, and credibility. From there, we pivot to the upside of AI assistants as a practical Swiss Army knife for daily life, including using prompts to map out a disk cleanup strategy and reduce dependency on random utility apps, while still keeping strict guardrails and verification.Finally, we hit the scams people want to believe, like fake “stalking” apps with millions of installs, and the infrastructure risks we should never tolerate, like high-speed rail systems running on outdated radio security. We cap it with a quick SSD buying tip that can save you from performance disappointment: TLC vs QLC NAND matters more than flashy peak speeds. Add a thumbs-up Archie Rose single malt tasting, and you've got a full hour of breaches, behavior, and better tech choices.Subscribe, share Tech TimeRadio with a friend, and leave a review so more people can find the show.Support the show

The FCC eases restrictions on foreign-made routers. Shiny Hunters hit Canvas and Zara. SailPoint discloses unauthorized access to its GitHub repositories. TrickMo Android banking malware has more tricks up its sleeve. Polish officials warn of increased targeting of ICS and public infrastructure. A federal judge orders $10 million in restitution for stolen zero days. German authorities takedown the Crimenetwork marketplace, again. Monday business breakdown. Dan Lorenc, Chainguard CEO and co-founder, is talking about a recent wave of supply chain attacks. Malware gets signed, sealed and delivered.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dan Lorenc, Chainguard CEO and co-founder, is talking about how the recent wave of supply chain attacks is fundamentally different – and more dangerous –than previous incidents, as well as immediate steps organizations should take as this continues to unfold. Selected Reading US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates (Infosecurity Magazine) ShinyHunters Escalates Canvas Extortion (Infosecurity Magazine) Zara Data Breach Impacts Nearly 200,000 Customers (Infosecurity Magazine) SailPoint Discloses GitHub Repository Hack (SecurityWeek) TrickMo Android banker adopts TON blockchain for covert comms (Bleeping Computer) Polish ABW warns cyberattacks shifting from espionage and data theft toward physical disruption of critical infrastructure (Industrial Cyber) Trenchant Exec Who Sold Zero Days to Russian Buyer Ordered to Pay $10 Million in Restitution to Former Employers (Zero Day) Resurrected 'Crimenetwork' Marketplace Taken Down, Administrator Arrested (SecurityWeek) XBOW secures an additional $35 million in Series C funding. (N2K Pro Business Briefing) Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware (Hackread) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CPanel, WHM release fixes for three new vulnerabilities Official JDownloader site serves malware to Windows and Linux users Sen. Schumer seeks DHS plan on AI cyber coordination Get the show notes here: https://cisoseries.com/cybersecurity-news-new-cpanel-vulnerabilities-jdownloader-delivers-malware-schumer-pushes-dhs/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call.   But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.   We fight relentlessly to protect your business, brand, and people.   Doppel. Outpacing what's next in social engineering.   Learn more at doppel.com.  

Podcast: Industrial Cybersecurity InsiderEpisode: Federal Agencies Can Enter Private Networks to Hunt Malware. Is Your Plant Prepared?Pub date: 2026-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations. They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what's happening on the plant floor. The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership.Stop assuming “IT has it covered” Define measurable OT security outcomesStart taking steps that make disruption harder and detection faster.Chapters:(00:00:00) Why identity, trust, and vendor access are breaking down in modern plants(00:01:00) The episode's trigger: government-led operations to remove malware from private networks(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance(00:20:00) The logging gap: what IT sees vs. what OT can't see (and why that matters for incident response)(00:24:00) Building automation and facilities systems as weak links attackers love(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

How secure is your Active Directory infrastructure? While at Zero Trust World in Orlando, Richard chatted with Spencer Alessi about his work helping companies secure Active Directory, making it more difficult for black hats to exploit it for lateral moves during a breach attempt. Spencer talks about the increasing speed of these exploits, making it much harder to block them after the fact, so it's best to make AD too difficult to target. Jake Hildreth's Locksmith tools are a great place to start - free and open source. There are also Microsoft tools and Spencer's own AD Security Resource Kit to help evaluate your AD infrastructure and lock it down! Links Locksmith Enhanced Security Admin Environment Active Directory Security Resource Kit Recorded March 4, 2026

Podcast: Three Buddy Problem (LS 39 · TOP 2% what is this?)Episode: Cracking the Fast16 sabotage malware mysteryPub date: 2026-05-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology. Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - WIRED's Andy Greenberg joins the show 1:53 - How the FAST16 scoop landed in Andy's lap 6:45 - JAGS sat on this sample for 7 years 10:33 - How Costin and the Kaspersky team missed the sabotage routine 15:20 - The "holy moly" moment: what FAST16 actually does 18:26 - Territorial Dispute, Shadow Brokers, and the driver list 24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran 28:13 - No C&C, no victims: a worm built for air-gapped networks 34:45 - Was this part of a larger anti-Iran toolkit? 37:55 - Attribution: NSA, Israel, or someone else entirely? 51:39 - What was the actual sabotage? Unanswered questions 55:48 - "Spiritual warfare": the psychological angle and trust in computers 1:20:05 - Equities, going public, and the case for AI-powered reversing 1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone 1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and EkopartyLinks:Transcriptfast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before StuxnetFlame: A complex malware for targeted attacksTerritorial Dispute – NSA's perspective on APT landscapeNewly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program - and Predates StuxnetKim Zetter's Countdown to Zero DayAn Unprecedented Look at Stuxnet, the World's First Digital WeaponThe Flame: Questions and Answers (Kaspersky)SentinelLabs Andy Greenberg on XTLPBLACKAntiy Labs: “Psychological Warfare” to Show Off Cyber CapabilitiesWho's Really Spreading through the Bright Star?LABScon 2026 CFPEkoparty Miami 2026 (Agenda)PIVOTcon AgendaDecipher: Fast16, Stuxnet, and the History of Cyber EspionageThe podcast and artwork embedded on this page are from Security Conversations, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Katherine Boyle speaks with Sarah Rogers, Under Secretary for Public Diplomacy, about the intersection of AI, free speech, and global information systems. They discuss how major technological shifts, from the printing press to the internet to AI, have reshaped communication and power, and why this moment may be even more consequential. Recorded at the a16z American Dynamism Summit, the conversation explores the role of public diplomacy in the digital age, the risks of censorship and overregulation, and how governments are approaching AI as both a national security priority and a platform for global influence. Rogers also highlights the importance of maintaining “AI with a Western soul,” and why preserving open systems and freedom of expression will shape the future of innovation.   Resources: Follow Sarah B. Rogers on X: https://x.com/UnderSecPD Stay Updated:Find a16z on YouTube: YouTubeFind a16z on XFind a16z on LinkedInListen to the a16z Show on SpotifyListen to the a16z Show on Apple PodcastsFollow our host: https://twitter.com/eriktorenberg Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Telegram Mini Apps deliver Android malware CISA orders Federal agencies to patch cPanel bug by Sunday British cyber agency warns of looming 'patch wave' due to speedy AI flaw discovery Get the show notes here: https://cisoseries.com/cybersecurity-news-telegram-mini-apps-malware-cpanel-is-sorry-patch-wave-warning/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem - Episode 96: We're joined by WIRED writer Andy Greenberg to dig into SentinelLabs' bombshell FAST16 research, a newly deciphered piece of sabotage malware that predates Stuxnet by five years and quietly tampered with physics modeling software likely tied to Iran's nuclear program. We discuss the attribution rabbit hole (NSA? Israel? someone else?), the eerie "spiritual warfare" implications of corrupting scientific calculations, and Antiy Labs' very dialectical Chinese rebuttal. Plus, what AI reverse-engineering means for the next decade of cyber paleontology. Cast: Andy Greenberg, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu. Timestamps: 0:00 - WIRED's Andy Greenberg joins the show 1:53 - How the FAST16 scoop landed in Andy's lap 6:45 - JAGS sat on this sample for 7 years 10:33 - How Costin and the Kaspersky team missed the sabotage routine 15:20 - The "holy moly" moment: what FAST16 actually does 18:26 - Territorial Dispute, Shadow Brokers, and the driver list 24:11 - The targets: MOHID, PKPM, and LS-DYNA's link to Iran 28:13 - No C&C, no victims: a worm built for air-gapped networks 34:45 - Was this part of a larger anti-Iran toolkit? 37:55 - Attribution: NSA, Israel, or someone else entirely? 51:39 - What was the actual sabotage? Unanswered questions 55:48 - "Spiritual warfare": the psychological angle and trust in computers 1:20:05 - Equities, going public, and the case for AI-powered reversing 1:32:19 - Antiy Labs' Chinese rebuttal and the apparatchik tone 1:43:04 - Shoutouts: Sergey Mineev, LabsCon CFP, PivotCon, and Ekoparty

In this episode of Unspoken Security, host A.J. Nash sits down with Cynthia Kaiser, SVP at Halcyon's Ransomware Research Center. They explore how ransomware grew from a niche crime into a business, and why security teams now face faster attacks, extortion, and a threat landscape that blurs crime and state activity.Cynthia traces the shift from early encryption schemes to double and triple extortion, then explains how professional crews use access brokers, deepfakes, and AI-assisted phishing to move in hours, not weeks. She also breaks down how Russian-speaking groups, Iranian actors, and state-linked operations use cybercrime for profit, cover, and pressure.She argues that defenders still need the basics: harden identity, patch fast, assume breach, and build response plans that include PR. Cynthia closes with a blunt point: ransomware and fraud are not side issues. They hit hospitals, businesses, and families every day in ways nation-state threats often do not.Send us Fan MailSupport the show

Today's Odd Web Requests https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934 Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202 https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202 Assess Secure Boot status with Microsoft Defender https://techcommunity.microsoft.com/blog/MicrosoftDefenderATPBlog/assess-secure-boot-status-with-microsoft-defender/4510356 Deprecating Legacy TLS and Endpoints for POP and IMAP in Exchange Online https://techcommunity.microsoft.com/blog/exchange/deprecating-legacy-tls-and-endpoints-for-pop-and-imap-in-exchange-online/4515201 SAP Related npm Packages Compromised https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

On this week's show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week's cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technology Dmitri has an opinion or two about the US selling Nvidia chips to China Speaking of Chinese AI, Kimi's new 2.6 is very interesting The US sanctions a Cambodian senator for earning mega bucks through scam compounds And a ransomware family is promoting itself as being … quantum-safe? This week's show is sponsored by Trail of Bits. CEO and co-founder Dan Guido chats to Pat about how private inference works and Trail of Bits' audit of WhatsApp's private AI setup. This episode is also available on Youtube. Show notes Exclusive: US State Dept orders global warning about alleged AI thefts by DeepSeek, other Chinese firms | Reuters moonshotai/Kimi-K2.6 · Hugging Face Discord Sleuths Gained Unauthorized Access to Anthropic's Mythos | WIRED Newly Deciphered Sabotage Malware May Have Targeted Iran's Nuclear Program—and Predates Stuxnet | WIRED Hackers deployed wiper malware in destructive attacks on Venezuela's energy sector | The Record from Recorded Future News Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack - Risky Business Media AI Tools Are Helping Mediocre North Korean Hackers Steal Millions | WIRED CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March | The Record from Recorded Future News US, UK authorities warn that Firestarter backdoor malware survives patching | Cybersecurity Dive Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities | CyberScoop UK regulator closes loophole that allowed rogue companies to track phone users' location | Reuters US sanctions Cambodian senator for millions earned through scam compounds | The Record from Recorded Future News Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch Supply Chain Security Incident Update Apple fixes bug that cops used to extract deleted chat messages from iPhones | TechCrunch Kyle Daigle on X: "Wanted to provide more clarity about this. Yesterday, we had a regression in merge queue behavior where, in some cases, squash or rebase commits were generated from the wrong base state, making earlier changes appear reverted in branch history. 2,804 pull requests out of over 4M" / X Securing the git push pipeline: Responding to a critical remote code execution vulnerability - The GitHub Blog One ransomware crew now drives half of all cyber claims: At-Bay | Insurance Business In a first, a ransomware family is confirmed to be quantum-safe - Ars Technica What we learned about TEE security from auditing WhatsApp's Private Inference

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

What if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bitwarden's CLI hit with a supply-chain attack. Commercial routers in Iran fail shortly before the war. Meta logging all employee activity to train replacement AI. GRC's DNS Benchmark Release 5. Two miscellaneous AI thoughts. A bunch of terrific listener feedback. Unraveling the diabolical history of "fast16.sys" Show Notes - https://www.grc.com/sn/SN-1076-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: doppel.com threatlocker.com/twit material.security cyberhoot.com/securitynow guardsquare.com

A .WAV With A Payload https://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Case https://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet https://morganrobertson.net/p4wned/

Malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/ransomware⁠ Audio reference link: ⁠https://watch.amazon.com/detail?gti=amzn1.dv.gti.d6a9f744-47b0-ac70-aa56-b31fd0f58482&territory=US&ref_=share_ios_season&r=web

Malware has shifted from phishing expeditions to open source packages, domains, and repositories. Ned and Kyler welcome Jenn Gile, co-founder of Open Source Malware, to discuss how malware is making its way into open source software. Together they break down NPM compromises, AI-driven infiltration, malicious agent skills, and more. Episode Links: Open Source Malware –... Read more »