Podcasts about Malware

In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists.  Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts

Hackers exploit critical Langflow flaw to unleash Flodrix botnet Organizations warned of vulnerability exploited against discontinued TP-Link routers Russia detects first SuperCard malware attacks skimming bank data via NFC Huge thanks to our sponsor, Adaptive Security — OpenAI's first cybersecurity investment As deepfake scams and GenAI phishing evolve, Adaptive equips security teams with AI-powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI Content Creator turns threat intel and policy updates into interactive, multilingual training — instantly. Trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI-driven threats. Learn more at adaptivesecurity.com.

Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044 https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/ JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware Distribution Expired discord invite links are revived as vanity links to direct victims to malware sites https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/

In this episode: the inside story of Danabot, the malware-as-a-service platform that thrived in the shadows for nearly a decade—until a critical mistake exposed its creators. Just last week, U.S. prosecutors unsealed charges against sixteen alleged operators, using evidence pulled not from a takedown, but from Danabot's own infection logs. Plus: a roundup of other top stories. Last week was a rerun—life got a little hectic—so we kept the mic hot and recorded a 90-minute marathon episode to make up for it. Let us know if you're intro it. Hacked is brought to you by Push Security Check them out at pushsecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Lords: * Andrew * Andrew Topics: * Finally making a 3D game after using only PICO-8 for 10 years * PICO-8 screen carts * Picotron Viruses * Quest by kittenmaster * https://media24.fireside.fm/file/fireside-uploads-2024/images/3/3597ddeb-e52e-4cda-a59c-c64600489fea/Kvg10u32.png Microtopics: * Professional software developers trying to figure out a terrible UI. * The Real Andrew – it says so on my computer screen. * Make 10 Deluxe. * Double Mustache's Lizard Multiplication, now available in a cardboard box in Staples. * Lizard Multiplication Tables. * Total Toads. * Pizza Panda vs. Pizza Possum. * Children's Allegra, on Nick, Jr. * Eugene, Oregon, the grass seed capital of the world. * Scientists discovering an exciting new antihistamine in the medicine aisle. * Working on whatever feature strikes your fancy for a year and ending up with an undirected project that's nowhere near shipping. * Using the lessons you've learned making small games to make a bigger game. * Making an N64 game for modern PCs. * Two people with the same name, the same headphones, and the same back story. * 3D cameras: a huge pain in the ass. * What makes San Francisco Rush different from Mario Kart. * Getting Keys in Rush 2. * How to collect keys in the middle of the air. * Yellow Taxi Goes Vroom and other car platformers. * Extending the lifetime of an arcade game by adding weird secrets. * Arcade games with a save system. * Feeding Smash Tokens into the gacha system. * Super Mario Bros.: The Movie: The Game. * Looking at Picotron and thinking "I don't have time to draw that many pixels." * The Tweet Jam Andrews. * Is this really that interesting, Andrew? * Foreshadowing the poem. * How much game can you fit on one screen? * Code golfing and limiting yourself to typeable characters. * Reading a David Ahl book and realizing you want to tell the sand how to think. * Playing music on the PC speaker and printing funny phrases on the screen. * Writing a series of text mode animations in C in 1992 and then losing them all. * STDIO jam. * Dig World and Dig World Realms. * Typing in 6 pages of ROT13 text. * Writing an adventure game with a novel-length source code listing and demanding that players type it in. * Accidentally reading ROT13 spoilers. * The people who memorize the eye exam chart. * Rotting ROT13 a different amount. * Running ROT13 multiple times for extra security. * Competing ROT13 implementations that rotate in different directions. * Games in which the game state includes what line of code is currently executing. * How beginners expect game programming to work. * Deliberately contracting the Picotron virus where the characters fall to the bottom of your screen. * A monster that runs around on your desktop and eats your icons. * Turning off networking features for individual programs. * Writing a keylogger to read people's email and it turns out people's email is incredibly boring. * Writing a keylogger by hooking the keyboard interrupt and not bothering to log the state of the shift key. * Capturing the handshake and brute forcing it. * The first S is for Secure. * Screen carts vs. tweet carts. * Colon colon home colon colon. * Question mark? Puzzlescript man. (Or weird asterisk.) * The new default Pico-8 code editor background color. * Forgetting to screen shot the pixels so you open the image in Photoshop and add the pixels back. * Alfonzo's Bowling Challengs. * Unlocking HD streaming at level 2.

In this episode of Insights into Technology, we dive deep into the dark web of cybersecurity as a new hacker collective takes a surprising aim at Russia in retaliation for geopolitical tensions. Discover how Microsoft is tightening its security belts by blocking over 120 risky email attachments in Outlook, aiming to shield users from malicious threats. We also explore a privacy oversight that left Google scrambling when their 'Find My Device' feature inadvertently became a tool for hackers to reverse-engineer user phone numbers. Join us as we unravel these digital dramas and their profound implications on global cyber landscapes.

In this episode of Insights into Technology, we dive deep into the dark web of cybersecurity as a new hacker collective takes a surprising aim at Russia in retaliation for geopolitical tensions. Discover how Microsoft is tightening its security belts by blocking over 120 risky email attachments in Outlook, aiming to shield users from malicious threats. We also explore a privacy oversight that left Google scrambling when their 'Find My Device' feature inadvertently became a tool for hackers to reverse-engineer user phone numbers. Join us as we unravel these digital dramas and their profound implications on global cyber landscapes.

In this episode of Unspoken Security, host AJ Nash sits down with Jennifer Leggio, Chief Strategy Officer of W2 Communications, to discuss the unspoken challenges impacting career fulfillment. Jennifer shares her personal experiences with toxic work environments, imposter syndrome, and the struggle to balance ego and self-awareness. She highlights the importance of advocating for yourself while remaining empathetic to others' struggles.Jennifer introduces the concept of "self-energy," emphasizing the need to prioritize what's best for everyone, not just yourself. She also explores the impact of personal trauma on professional life and offers practical advice for building resilience. Jennifer emphasizes the value of self-care, including meditation and affirmations. She shares her personal "courage plan" framework to help listeners overcome obstacles and create a more fulfilling life.This episode challenges listeners to examine their behaviors and create a path toward greater self-awareness and personal growth, both personally and professionally.Send us a textSupport the show

TRUFFA DELLA RACCOMANDATA: Quando il postino non è quello che sembra!Una truffa si sta diffondendo in Italia usando false raccomandate e finti postini. Scopri come riconoscerla, come difenderti e cosa fare se hai dei dubbi.#truffa #sicurezza #raccomandata #cybercrime #protezione #malware #allerta #truffaitalia #frode #attenzione

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Hospital employee installs malware on coworkers' computers https://www.thebaltimorebanner.com/community/criminal-justice/matthew-bathula-umd-hospital-hack-32KWAHLG2RBNLFFVX5BAFILRCM/   SentinelOne outage https://www.bleepingcomputer.com/news/technology/sentinelone-last-weeks-7-hour-outage-caused-by-software-flaw/   AVCheck taken down https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/   Airport stay tips https://www.wsj.com/lifestyle/travel/what-you-can-learn-from-my-miserable-night-stranded-at-the-airport-f6a8a94a   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Glenn - https://www.linkedin.com/in/glennmedina/ Koby - https://www.linkedin.com/in/koby-caputo-117358145/

The decentralised finance (DeFi) market is booming—but the world's best hackers are on a constant look-out for ways to steal your crypto tokens.North Korea, which recently committed the largest theft in cryptocurrency history, is probably top of the hackers' game. What do crypto users need to know about the risks in this unregulated but fast-growing market?In the latest episode of Unseen Money from New Money Review, Timur Yunusov and Paul Amery are joined by Arseny Reutov, chief technology officer at Decurity, a security audit and ethical hacking firm specialising in DeFi.During the podcast, we discuss:Malware, ethereum and the recent $1.5bn Bybit hackState-of-the-art techniques in DeFi hacksMixers, cross-chain bridges and the laundering of stolen fundsHow North Korea became the world leader in crypto hacksWays of detecting flaws in DeFi smart contractsWho audits DeFi?Incentives to report, rather than exploit smart contract flawsIs DeFi security improving?

V říjnu po 10 letech skončí bezplatná podpora Windows 10. Kdo nezačal plánovat přechod na podporovaný systém, koleduje si o malér. Na děravý systém se bude silně útočit, přičemž hackeři dnes používají automatizované nástroje. Je jedno, jestli jste jednotlivec z malé vesnice, nebo velká firma. Malware ohrožuje každého.Používání nezáplatovaného systému je zkrátka rizikové, popisuje Lucie Adámková, Business Unit Manager Software & Networking ve společnosti eD system. Řešení se nabízí více. Mikrozáplaty od alternativních dodavatelů nejsou plnohodnotným řešením. Domácnostem by stačit mohly, firmám nikoli, myslí si Adámková.02:35 – Firmy versus domácnosti06:10 – Ochota upgradovat09:12 – Konec podpory jako problém18:53 – Kompatibilita se zhorší22:47 – Jak se s odchodem Windows 10 vypořádat?30:34 – (Ne)atraktivita Windows 365

Patrick McKenzie (patio11) discusses software reversing and AI's transformative impact on cybersecurity with Caleb Fenton, co-founder of Delphos Labs. They explore how LLMs are revolutionizing the traditionally tedious work of analyzing compiled binaries, the nation-state cyber warfare landscape, and how AI is shifting security from reactive to proactive defense. They cover the technical details of malware analysis, the economics of vulnerability detection, and the broader implications as both defenders and attackers gain access to increasingly powerful AI tools. –Full transcript available here: https://www.complexsystemspodcast.com/machine-learning-meets-malware-with-caleb-fenton/–Sponsor:  MercuryThis episode is brought to you by Mercury, the fintech trusted by 200K+ companies — from first milestones to running complex systems. Mercury offers banking that truly understands startups and scales with them. Start today at Mercury.com Mercury is a financial technology company, not a bank. Banking services provided by Choice Financial Group, Column N.A., and Evolve Bank & Trust; Members FDIC.–Links:Delphos Labs: https://delphoslabs.com/ Virus Total: https://www.virustotal.com/gui/home/upload “Thel fraud supply chain”, Bits about Money https://www.bitsaboutmoney.com/archive/the-fraud-supply-chain/ –Timestamps:(00:00) Intro(01:20) Understanding software reversing(03:52) The role of AI in software security(06:12) Nation-state cyber warfare(09:33) The future of digital warfare(16:45) Sponsor: Mercury(17:49) Reverse engineering techniques(30:15) AI's impact on reverse engineering(41:45) The importance of urgency in security alerts(42:47) The future of reverse engineering(43:21) Challenges in security product development(44:46) AI in vulnerability detection(46:09) The evolution of AI models(48:06) Reasoning models and their impact(49:06) AI in software security(49:49) The role of linters in security(57:38) AI's impact on various fields(01:02:42) AI in education and skill acquisition(01:08:51) The future of AI in security and beyond(01:12:43) The adversarial nature of AI in security(01:19:46) Wrap

Meta and Yandex are de-anonymizing Android users' web browsing identifiers LummaC2 fractures as Acreed malware becomes top dog Hewlett Packard Enterprise warns of critical StoreOnce auth bypass Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires?  Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects – she manages all the communication and follow-up too.  You simply get notified when everything's done so you can do a quick review.  Stop wrangling cats and see what Sue can do for you at www.conveyor.com.  

In dieser Folge gibt es ein längeres Gespräch zu einer eigentlich recht marginalen Neuerung im WebPKI-Ökosystem. Auf Drängen von Chrome bauen CAs ein Feature aus TLS-Zertifikaten aus, das einige wenige Serverbetreiber nutzten. Ist es statthaft, die Marktmacht derart zu nutzen - und ist die Begründung sinnvoll? Das diskutieren Sylvester und Christopher ausgiebig. Außerdem hat Sylvester ein kleines, nützliches Werkzeug für Tor-Nutzer namens Oniux gefunden und erzählt anhand eines kleinen Fehlers im Ankündigungsartikel des Tor Project, welche Auswirkungen es haben kann, wenn eine .onion-URL irrtümlich bei einem DNS-Server landet. Außerdem befassen die Hosts sich mit den "Busts" gegen Cybercrime-Strukturen, die Malware-Loader und Infostealer vertrieben. Im großen Stil haben Ermittler und IT-Unternehmen diese kriminellen Banden hochgenommen. Und zu guter Letzt gibt es noch ein Eis mit einem falsch kodierten &-Zeichen... - Reddit-AmA mit Sylvester und Christopher: https://www.reddit.com/r/de_EDV/comments/1ksksrb/ama_mit_christopher_kunz_und_sylvester_tremmel_am/ - Digicert zu X9-CA: https://www.digicert.com/blog/how-the-clientauth-crackdown-is-pushing-finance-toward-x9-pki - Oniux: https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/ Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

  In this episode of Cybersecurity Today, host David Shipley discusses several key cyber incidents affecting organizations and individuals. A new rust-based information stealer, known as Eddie Steeler, is being distributed via deceptive CAPTCHA verification pages. ConnectWise, a management software firm, has been breached in an attack suspected to be linked to a nation-state actor, affecting a limited number of its ScreenConnect customers. Additionally, threat actors are now abusing Google App Script to bypass phishing defenses, exploiting the trusted Google brand to trick users. Lastly, a significant data breach at Nova Scotia Power has exposed the social insurance numbers of up to 140,000 customers, making it one of the largest utility data breaches in North America. 00:00 Introduction to Today's Cybersecurity News 00:31 Eddie Steeler Malware Campaign 02:32 ConnectWise Cyber Attack 04:49 Google App Script Phishing Attacks 06:50 Nova Scotia Power Data Breach 08:02 Conclusion and Listener Engagement

Today malware is all nation state actors and organized crime, but in the beginning it was more about making a statement. Dan is a malware historian. He finds old hardware and viruses, runs them, and sees what happens. So we sat down to discuss the history of malware, where it's come from, and where he thinks it's going next. Check out his amazing YouTube channel at ⁠https://www.youtube.com/user/danooct1 Hacked is brought to you by PushSecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

News and Updates: Netflix and YouTube will use AI Gen ads for cheaper plans TikTok videos to get free software result in malware Texas bans social media for those under 18 Texas creates age-verification laws despite privacy concerns Baby gets lifesaving Personalized Gene-Editing cure

In this unfiltered episode of Unspoken Security, host A. J. Nash explores the looming threat quantum computing poses to our digital infrastructure with experts Robert Clyde, Managing Director of Clyde Consulting and Chair of crypto-security firm CryptoQuanti, and Jamie Norton, a Board Director at ISACA with extensive cybersecurity credentials. They cut through the technical jargon to explain how quantum computing fundamentally differs from classical computing and why its exponential processing power threatens to break current encryption standards."While current quantum computers operate at around 150 qubits, once they reach sufficient power, everything from banking transactions to secure communications could be compromised instantly," warns Robert during the discussion of "Q Day" — the moment when quantum computers become powerful enough to defeat public-key cryptography underpinning internet security.Despite the alarming scenario, the experts offer practical guidance on preparing for this threat. They outline how organizations should begin implementing post-quantum cryptography solutions developed by NIST, emphasizing that proactive preparation, not panic, is the critical response security professionals should adopt today. Listen to the full episode to understand the quantum threat and learn the concrete steps your organization should take now before Q Day arrives.Send us a textSupport the show

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world's hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum?All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:How I found a Star Wars website made by the CIA - Ciro Santilli on YouTube.How the CIA failed Iranian informants in its secret war with Tehran - Reuters.Isis and al-Qaeda sending coded messages through eBay, pornography and Reddit - Independent.Games Without Frontiers: Investigating Video Games as a Covert Channel - IEEE.General David Petraeus used clever Gmail trick during affair - Network World.Cambodia is home to world's most powerful criminal network: report - SCMP.How to protect yourself from suspicious messages and scams- WhatsApp.Is WhatsApp Safe? Tips for Staying Secure - WhatsApp.Hacked on WhatsApp – how to stay safe when using the messaging app - BBC.Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp - The Hacker News.Kon-Tiki: The Epic Raft Journey Across the Pacific - YouTube.Still Standing with Jonny Harris - CBC.Niki de Saint Phalle & Jean Tinguely - Myths & Machines - Hauser & Wirth.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta– Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!

CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

That Q&A time is here again, and this month we field emails and Discord Qs about such things as the hopeful return of the webring, what to do with the hardware if your PC is compromised by a bad actor, Nvidia cards in Linux, using game consoles as streaming media boxes, human stenography in courtrooms being replaced by recordings (and maybe AI), an extremely ambitious plan to stream some ducks, and perhaps the best pirate radio station idea we've ever heard. Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

Operation Endgame dismantles cybercriminal infrastructure. DOGE's use of the Grok AI chatbot raises ethical and privacy concerns. Malware on the npm registry uses malicious packages to quietly gather intelligence on developer environments. Researchers link Careto malware to the Spanish government. Exploring proactive operations via letters of marque. Hackers hesitate to attend the HOPE conference over travel concerns. Our guest is Jeffrey Wheatman, Cyber Risk Expert at Black Kite, warning us to "Beware the silent breach." AI threatens to spill secrets to save itself. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we were joined at the RSAC Conference by Jeffrey Wheatman, Cyber Risk Expert at Black Kite, as he is sharing his thoughts on "Beware the silent breach." Listen to Jeffery's interview here.Selected Reading Operation ENDGAME strikes again: the ransomware kill chain broken at its source (Europol) Russian developer of Qakbot malware indicted by US for global ransomware campaign (CNews) Russian hackers target US and allies to disrupt Ukraine aid, warns NSA (CNews) Exclusive: Musk's DOGE expanding his Grok AI in U.S. government, raising conflict concerns (Reuters) 60 malicious npm packages caught mapping developer networks (Developer Tech) Mysterious hacking group Careto was run by the Spanish government, sources say (TechCrunch) An 18th-century war power resurfaces in cyber policy talks (Next Gov) Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales (404 Media) Anthropic's new AI model turns to blackmail when engineers try to take it offline (TechCrunch) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

It's common to want confirmation your machine hasn't been compromised in some way. We can get close, but we can't prove it.

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875

This week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Show Notes: https://securityweekly.com/psw-875

Large language models are helping developers move faster than ever. But behind the convenience of AI-generated code lies a security vulnerability: package hallucinations. In this episode, Ashok sits down with U.S. Army cybersecurity officer and PhD researcher Joe Spracklen to unpack new research on how hallucinated package names—fake libraries that don't yet exist—can be weaponized by attackers and quietly introduced into your software supply chain. Joe's recent academic study reveals how large language models like ChatGPT and Code Llama are frequently recommending software packages that don't actually exist—yet. These fake suggestions create the perfect opportunity for attackers to register malicious packages with those names, compromising developer machines and potentially entire corporate networks. Whether your team is deep into AI pair programming or just starting to experiment, this conversation surfaces key questions every tech leader should be asking before pushing AI-generated code to production. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode... What "package hallucinations" are and why they matter How AI code assistants can introduce real vulnerabilities into your network Which models were most likely to hallucinate packages Why hallucinated package names are often persistent—not random How attackers could weaponize hallucinated names to spread malware What mitigation strategies were tested—and which ones failed Why simple retrieval-based techniques (like RAG) don't solve the problem Steps security-conscious teams can take today to protect their environments The importance of developer awareness as more non-traditional engineers enter the field Mentioned in this episode Python Package Index (PyPI) npm JavaScript package registry Snyk, Socket.dev, Phylum (dependency monitoring tools) Artifactory, Nexus, Verdaccio (private package registries) ChatGPT, Code Llama, DeepSeek (AI models tested) Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Subscribe to the Convergence podcast wherever you get podcasts including video episodes to get updated on the other crucial conversations that we'll post on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.   Follow the Pod Linkedin: https://www.linkedin.com/company/convergence-podcast/ X: https://twitter.com/podconvergence Instagram: @podconvergence

Welchen Wert haben GitHub-Stars?GitHub selbst ist ein Social Network für Entwickler*innen. Ob du es wahrhaben willst oder nicht. Man interagiert miteinander, kann sich gegenseitig folgen und Likes werden in Form von Stars ausgedrückt. Das bringt mich zu der Frage: Welchen Wert haben eigentlich GitHub Stars? Denn Fraud in Social Networks, wie das Kaufen von Followern, ist so alt wie die Existenz solcher Plattformen.Wie sieht es also auf GitHub damit aus? In dieser Episode schauen wir uns eine wissenschaftliche Untersuchung zum Thema Fake Stars auf GitHub an. Was sind GitHub-Stars wert? Aus welcher Motivation heraus kaufen sich Leute eigentlich GitHub Stars? Welche Herausforderungen gibt es, Fake Stars zu erkennen? Wie werden GitHub Stars eigentlich genutzt?Aber bei der wissenschaftlichen Untersuchung bleibt es nicht. Wir haben die Community gefragt, welche Bedeutung GitHub Stars für sie haben, ob Stars ein guter Indikator für die Qualität eines Projekts sind, wie diese Entscheidungen beeinflussen und nach welchen Kriterien die Community Stars vergibt.Zwei kleine Sneak-Peaks:Einen GitHub Star kannst du auf dem Schwarzmarkt bereits für $0.10 kaufenDas Kaufen von GitHub Stars beeinflusst das organische Stars-Wachstum von Repositories innerhalb der ersten zwei Monate. Danach flacht es ab.Du willst mehr davon? Dann schalte jetzt ein.Bonus: GitHub als Social Network für Entwickler.Ein Dank an unsere Community-Mitglieder:Dario TignerSchepp Christian Schäfer Philipp WolframMoritz KaiserStefan BrandtSimon BrüggenMelanie PatrickMaxi KurzawskiStefan BetheTim GlabischHolger Große-PlankermannMirjam ZiselsbergerSimon LegnerUnsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

In this eye-opening episode of Unspoken Security, host AJ Nash welcomes notorious hacker and security expert Jayson E. Street to discuss why traditional security awareness training falls short. Jayson explains that most corporate security training is merely policy-driven compliance, not actual security education.Instead of focusing on checkbox exercises once a year, Jayson advocates for building situational awareness—a security mindset that extends beyond the workplace into everyday life. He shares practical strategies for gamifying security training, fostering a culture where employees feel like participants rather than targets, and creating year-round engagement through creative competitions.Through entertaining stories and candid insights from his experience as a simulated adversary for hire, Jayson challenges the industry's approach to security training and offers a refreshing perspective on how to make organizations genuinely more secure.Send us a textSupport the show

Chill with Chris, Rob and John as they take a look at Epic Games going full Star Wars with both Rocket League and Fortnite for the month of May.  Also, LOTDQQ gets a facelift and leans you toward a few new games/apps. Finally, they test drive the new version 4.5 of Suno.ai and crank out some bangers.   Enjoy!!

Example of Modular Malware Xavier analyzes modular malware that downloads DLLs from GitHub if specific features are required. In particular, the webcam module is inspected in detail. https://isc.sans.edu/diary/Example%20of%20%22Modular%22%20Malware/31928 Sysaid XXE Vulnerabilities IT Service Management Software Sysaid patched a number of XXE vulnerabilities. Without authentication, an attacker is able to obtain confidential data and completely compromise the system. watchTowr published a detailed analysis of the flaws including exploit code. https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability Cisco Patched a vulnerability in its wireless controller software that may be used to not only upload files but also execute code as root without authentication. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC Unifi Protect Camera Vulnerability Ubiquity patched a vulnerability in its Protect camera firmware fixing a buffer overflow flaw. https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Jon Cho of Dashlane.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Why is the M&S cyber attack chaos taking so long to resolve? - BBC News.M&S 'had no plan' for cyber attacks, insider claims, with 'staff left sleeping in the office amid paranoia and chaos' - Sky News.Hackers target the Co-op as police probe M&S cyber attack - BBC News.Harrods latest retailer to be hit by cyber attack - BBC News.Alleged ‘Scattered Spider' Member Extradited to US - Krebs on Security.British 'ringleader' of hacking group 'behind M&S cyber attack' fled his home after 'masked thugs burst in and threatened him with blowtorches' - Daily Mail.Incidents impacting retailers – recommendations - NCSC.Ex-Disney employee gets 3 years in the clink for goofy attacks on mousey menus - The Register. United States of America V Michael Sheuer - Plea Agreement - US District Court PDF.At 99, David Attenborough shares strongest message for the ocean - Oceanographic magazine.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan! Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Material - Email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in

A critical flaw in a Samsung's CMS is being actively exploited. President Trump's proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is  Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.Selected Reading Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek) Trump would cut CISA budget by $491M amid ‘censorship' claim  (The Register) New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News) Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek) Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer) Malware scammers target HR professionals with Venom Spider malware (SC Media) Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer) US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security) Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patrick Wardle's a busy guy, and 2025 is no exception! No Starch Press just published volume two of the Art of Mac Malware on Detection, including a free PDF version. Objective by the Sea is back in October in the Balearics. iOS Security Research is a new area of focus, but there's plenty to talk about. Welcome back, Patrick! Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Patrick Wardle - LinkedIn Links: The Art of Mac Malware Volume 2 Sponsors: Kandji 1Password Nudge Security Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson  

Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

Register for upcoming webcasts & summits - https://poweredbybhis.com00:00 - PreShow Banter™ — Talking Bout Red Green02:24 - InfoSec CEO Charged with Installing Malware! – BHIS - Talkin' Bout [infosec] News 2025-04-2803:01 - Story # 1: CEO of cybersecurity firm charged with installing malware on hospital systems11:22 - Story # 2: 2025 Data Breach Investigations Report25:05 - Story # 3: The Age of Realtime Deepfake Fraud Is Here29:00 - Story # 4: Whistleblower: DOGE Siphoned NLRB Case Data33:09 - Story # 5: Top employee monitoring app leaks 21 million screenshots on thousands of users36:59 - Story # 6: 159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure42:13 - Story # 7: SAP zero-day vulnerability under widespread active exploitation46:29 - Story # 8: FBI: US lost record $16.6 billion to cybercrime in 202447:55 - Story # 8b: FBI Report Doc53:50 - Story # 9: M- Trends 2025 Report

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. New information about data loss in unpowered SSD mass storage. Lots of terrific feedback from our listeners. How malware has taken to hiding inside the Windows Sandbox and what you can do to stop it Show Notes - https://www.grc.com/sn/SN-1023-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: legatosecurity.com threatlocker.com for Security Now outsystems.com/twit hoxhunt.com/securitynow

The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag  ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through Europe's digital landscape. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kim Jones, the new Host of CISO Perspectives podcast, previewing the latest episode where Kim is joined by Larry Whiteside Jr. discussing “Are we a trade or a profession?” Industry Voices On our Industry Voices segment, Bob Maley, CSO of Black Kite, sharing insights on the growing risk of third-party cyber incidents. Selected Reading Many Malware Campaigns Linked to Proton66 Network (SecurityWeek) New Rust Botnet Hijacking Routers to Inject Commands Remotely (Cyber Security News) CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops (GB Hackers) Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 (SecurityWeek) Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily (Infosecurity Magazine) $40bn Southeast Asian Scam Sector Growing “Like a Cancer” (Infosecurity Magazine) Fog ransomware notes troll with DOGE references, bait insider attacks (SC World) Reborn: Cybercrime Marketplace Cracked Appears to Be Back (BankInfo Security) Nemesis darknet market founder indicted for years-long “borderless powerhouse of criminal activity” (Cybernews) Digital Weaning Guide from the United States (Dagbladet Information) Two top cyber officials resign from CISA (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Nick Cerne, Security Consultant from Bishop Fox, to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges. The author demonstrates how Rust's inherent anti-analysis traits and memory safety features can create more evasive malware tooling, including a simple dropper that injects shellcode using lesser-known Windows APIs. Through hands-on comparisons and decompiled output analysis, the post highlights Rust's growing appeal in offensive security while noting key OPSEC considerations and tooling limitations. The research can be found here: Rust for Malware Development Learn more about your ad choices. Visit megaphone.fm/adchoices

RedTail: Remnux and Malware Management A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used. https://isc.sans.edu/diary/RedTail%2C%20Remnux%20and%20Malware%20Management%20%5BGuest%20Diary%5D/31868 Critical Erlang/OTP SSH Vulnerability Researchers identified a critical vulnerability in the Erlang/OTP SSH library. Due to this vulnerability, SSH servers written in Erlang/OTP allow arbitrary remote code execution without prior authentication https://www.openwall.com/lists/oss-security/2025/04/16/2 Brickstorm Analysis An analysis of a recent instance of the Brickstorm backdoor. This backdoor used to be more known for infecting Linux systems, but now it also infects Windows. https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor https://blog.nviso.eu/wp-content/uploads/2025/04/NVISO-BRICKSTORM-Report.pdf OpenAI GPT 4.1 Controversy OpenAI released its latest model, GPT 4.1, without a safety report and guardrails to prevent malware creation. https://opentools.ai/news/openai-stirs-controversy-with-gpt-41-release-lacking-safety-report

xorsearch Update Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions. https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854 Shorter Lived Certificates The CA/Brower Forum passed an update to reduce the maximum livetime of certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates. https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI New Malware Harvesting Data from USB drives and infecting them. Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files. https://securelist.com/goffee-apt-new-attacks/116139/