Podcasts about NPM

SummaryIn this episode, hosts Andy Jaw and Adam Brewer discuss the newly announced iPhone 17 and its enhanced security features, particularly the memory integrity enforcement that aims to protect user data from spyware. They also delve into Microsoft's response to allegations regarding the use of Azure by the Israeli Defense Force for surveillance purposes, emphasizing the company's commitment to privacy. The conversation concludes with a discussion on recent supply chain attacks affecting NPM packages and the proactive measures being taken to enhance security in the software development ecosystem.----------------------------------------------------YouTube Video Link: ⁠⁠⁠⁠⁠https://youtu.be/YLTiud1ibhU----------------------------------------------------Documentation:https://www.theverge.com/news/775234/iphone-17-air-a19-memory-integrity-enforcement-mte-securityhttps://security.apple.com/blog/memory-integrity-enforcement/https://blogs.microsoft.com/on-the-issues/2025/09/25/update-on-ongoing-microsoft-review/https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/----------------------------------------------------Contact Us:Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpodYouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠----------------------------------------------------Adam BrewerTwitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewerLinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

This is a preview of Volleyball State's latest episode! To hear the entire podcast, subscribe to Volleyball State on Apple, Spotify, or wherever you get your pods! Lincoln and Jeff look back at Nebraska's historic demolition of Penn State with some eye-popping numbers. Plus, recapping Stanford vs Louisville and a talk with BTN and NPM broadcaster Larry Punteney.Show Sponsors:Alumni Hall, your home for Husker gear and merchandise. Save 15% on your order by mentioning Volleyball State in store or use code VOLLEYBALLSTATE online at https://www.alumnihall.com/nebraska-cornhuskersFor the second straight season, the Omaha Supernovas have led the world in pro volleyball attendance — and in 2026, they're raising the bar with new GM John Cook, former Husker star Merritt Beason, and returning star Brooke Nuneviller. Get your 2026 season tickets at https://www.supernovas.comJIV Athletics makes high-performance underwear engineered specifically for volleyball players.

The biggest security threat isn't in the cloud, it's hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.   Impactful Moments: 00:00 - Introduction 02:00 - Varun's journey from RedLock to Endor Labs 04:00 - Why the software supply chain is broken 07:00 - AI coding assistants and insecure code risks 10:00 - The NPM self-replicating worm discovery 13:00 - Simple controls to enforce Zero Trust in code 16:00 - Pairing AI with security to prevent slop 19:00 - AI-powered security code reviews explained 22:00 - Why 88% of code goes unused 26:00 - Developer efficiency as the new security metric 29:00 - The next wave of AI-driven software threats   Links: Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

First up in the news: LMDE 7 ‘Gigi” BETA released In security and privacy: Mississippi enforces Age Assurance Law, NPM suffers a security breach. Then in our Wanderings, Joe works with Proxmox, and Openmediavault, Jim Troubleshoots hard disks, Majid goes back to work, and Bill works on his "Immich." And finally, the feedback and a couple of suggestions

Is the web breaking under the weight of AI crawlers, platform consolidation, and nonstop security breaches? We dive into the state of browsers, developer burnout, and whether tech regulation can actually keep up. In this panel discussion: We debate if robots.txt and AI licensing standards like RSL can realistically control how AI scrapes the web. The fallout from DIA's acquisition by Atlassian and what it means for indie browser innovation (like the Helium browser, Zen) in a Chromium-dominated world. Why Google's antitrust victory might embolden other tech giants, and what that means for competition. How supply chain attacks like the NPM malware and Shai Hulud worm are exploiting GitHub workflows and package vulnerabilities. The pushback against AI mandates at work, including Coinbase's controversial policy requiring developers to use Copilot. Resources Inside the battle for the future of the web: https://www.businessinsider.com/google-microsoft-openai-fight-standards-limit-ai-access-websites-2025-9 The web has a new system for making AI companies pay up: https://www.theverge.com/news/775072/rsl-standard-licensing-ai-publishing-reddit-yahoo-medium The Browser Company, maker of Arc and Dia, is being acquired: https://www.theverge.com/web/770947/browser-company-arc-dia-acquired-atlassian Google stock jumps 8% after search giant avoids worst-case penalties in antitrust case: https://www.cnbc.com/2025/09/02/google-antitrust-search-ruling.html Massive data breach sees 16 million PayPal accounts leaked online - here's what we know, and how to stay safe:https://www.techradar.com/pro/massive-data-breach-sees-16-million-paypal-accounts-leaked-online-heres-what-we-know-and-how-to-stay-safe PayPal's Glitch Puts €10 Billion on Ice Across European Banks: https://fintechnews.ch/payments/paypal-glitch-freezes-european-banks-10-billion-transactions/77974/ npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack Coinbase CEO explains why he fired engineers who didn't try AI immediately: https://techcrunch.com/2025/08/22/coinbase-ceo-explains-why-he-fired-engineers-who-didnt-try-ai-immediately/ Chapters We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr)

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

This week Noah and Steve dig into an npm attack that Red Hat has issued an alert for. We talk about small and portable laptops, and of course answer your questions. -- During The Show -- 00:52 Intro ZFS Win Meld (https://meldmerge.org/) Domain knowledge scaling 07:32 NPM Supply Chain Attack No compromised packages used in Red Hat software NPM and Node.js What the malicious code does Red Hat is on top of it Reaction to finding a compromise Red Hat Article (https://access.redhat.com/security/supply-chain-attacks-NPM-packages) Aikido Article 1 (https://www.aikido.dev/blog/popular-nx-packages-compromised-on-npm) Aikido Article 2 (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) Aikido Article 3 (https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again) 18:21 Registrar - Josh CloudFlare PorkBun (https://porkbun.com/) Great Nerds 21:47 Small Laptop - Ziggy HP ProBook Noah's GPD Pocket v1 Surface Pro 1 Dell Latitude 2 in 1 StarLabs Star Lite (https://us.starlabs.systems/pages/starlite) 34:56 Ham Radio - Brett Open Source Ham Radio Plan to sell a kit Have a prototype Reddit Post (https://www.reddit.com/r/HamRadio/s/TTodwCYuyG) Arkos Engineering (https://arkosengineering.com/) HT-15 GitHub (https://github.com/Arkos-Engineering/HT-15) 37:58 News Wire Systemd 258 - phoronix.com (https://www.phoronix.com/news/systemd-258) Rust 1.90 - rust-lang.org (https://blog.rust-lang.org/2025/09/18/Rust-1.90.0) Gnome 49 - gnome.org (https://release.gnome.org/49) Firefox 143 - firefox.com (https://www.firefox.com/en-US/firefox/143.0/releasenotes) Thunderbird 143 - thunderbird.net (https://www.thunderbird.net/en-US/thunderbird/143.0/releasenotes) Rayhunter - helpnetsecurity.com (https://www.helpnetsecurity.com/2025/09/17/rayhunter-eff-open-source-tool-detect-cellular-spying) TernFS - phoronix.com (https://www.phoronix.com/news/TernFS-File-System-Open-Source) BCacheFS DKMS - hackaday.com (https://hackaday.com/2025/09/19/bcachefs-is-now-a-dkms-module-after-exile-from-the-linux-kernel) Tails 7.0 - torproject.org (https://blog.torproject.org/new-release-tails-7_0) Porteux - github.com (https://github.com/porteux/porteux/releases/tag/v2.3) Oreon 10 - oreonproject.org (https://oreonproject.org/oreon-10) Azure Linux 3.0 - webpronews.com (https://www.webpronews.com/microsoft-releases-azure-linux-3-0-with-optional-6-12-lts-kernel) Tongyi-DeepResearch-30B-A3B - marktechpost.com (https://www.marktechpost.com/2025/09/18/alibaba-releases-tongyi-deepresearch-a-30b-parameter-open-source-agentic-llm-optimized-for-long-horizon-research) Qwen3-Omni - venturebeat.com (https://venturebeat.com/ai/chinas-alibaba-challenges-u-s-tech-giants-with-open-source-qwen3-omni-ai) AI Risks - scmp.com (https://www.scmp.com/tech/big-tech/article/3326214/deepseek-warns-jailbreak-risks-its-open-source-models) Hugging Face GitHub CoPilot Integration - infoq.com (https://www.infoq.com/news/2025/09/hugging-face-vscode) 40:06 OBS OBS 32.0 Pipewire video capture Lots of other features Pipewire is professional qpwgraph (https://github.com/rncbc/qpwgraph) 9 to 5 Linux (https://9to5linux.com/obs-studio-32-0-pipewire-video-capture-improvements-basic-plugin-manager) 44:53 Tails on Trixie Tails teaches you reproduce-ability Privacy tools Changes New min requirements Persistent Apps 9 to 5 Linux (https://9to5linux.com/tails-7-0-anonymous-linux-os-released-based-on-debian-13-trixie) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/460) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Cybersecurity Today: GitHub's NPM Lockdown, Deep Fake Threats, and Yellowknife's Cyber Incident In this episode of 'Cybersecurity Today', host Jim Love discusses GitHub's response to widespread supply chain attacks in the NPM ecosystem, the alarming rise of deep fake attacks as highlighted by Gartner, and the remarkable handling of a cyber incident by the city of Yellowknife. Tune in for the latest updates on cybersecurity threats, expert analysis, and the steps organizations are taking to combat these sophisticated attacks. Plus, discover Jim's sci-fi romance adventure audiobook 'Elisa: A Tale of Quantum Kisses' now available on major platforms. 00:00 Introduction and Sponsor Message 00:55 GitHub's Response to NPM Supply Chain Attacks 03:19 Gartner's Warning on Deep Fake and AI Attacks 06:03 Yellowknife's Cyber Incident and Response 08:20 Conclusion and Final Thoughts

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

Consumer Reports on Windows 10 updates. Waste (not fraud or abuse) within DoD Cyberoperations. China's DeepSeek produces deliberately flawed code. WebAssembly v3.0 officially released. Firefox v143 updates and new features. Firefox for Android now offers DoH. A nearly terminal flaw in Microsoft's Entra ID. Chrome hits its 6th 0-day this year. Emergency update. DRAM (now DDR5) still vulnerable to RowHammer. SAMSUNG kitchen refrigerators begin showing ads. China says no to NVIDIA. 300 more (new) NPM maliciouspackages found and removed. The EU is already testing proper online age verification. Show Notes - https://www.grc.com/sn/SN-1044-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow go.acronis.com/twit zscaler.com/security 1password.com/securitynow hoxhunt.com/securitynow

In dieser "Passwort"-Folge geht es zunächst um große Pläne, die die US- amerikanische IT-Sicherheitsbehörde CISA für das CVE-System hat. Sylvester ist verhalten hoffnungsvoll, Christopher sieht die Gefahr, dass Macht missbräuchlich zementiert werden könnte. Machtmissbrauch witterten auch viele Kommentatoren beim nächsten Thema: Browserhersteller überlegen, XSLT auszubauen. Die Hosts sehen sich an, was XSLT überhaupt ist und diskutieren, ob es im Browser sinnvoll oder deplatziert scheint. Zum Schluss werfen Christopher und Sylvester einen Blick auf die sich aktuell häufenden Angriffe auf npm und erklären unter anderem, was die Sandwürmer aus Frank Herberts Dune damit zu tun haben. - Darknet Diaries deutsch: https://www.heise.de/news/Darknet-Diaries-heise-online-bringt-deutsche-Version-des-US-Podcasts-10626196.html - Chrome-Sandbox-Exploit: https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html - CISA-Positionspapier: https://www.cisa.gov/sites/default/files/2025-09/CISA_Common_Vulnerabilities_and_Exposures_CVE_Program_Vision-v6_CLEAN.pdf - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Nvidia is set to invest $100 billion in OpenAI as it works toward a gigawatt of new infrastructure per week, and GitHub is rolling out new security controls for NPM.Starring Jason Howell and Tom Merritt.Show notes found here. Hosted on Acast. See acast.com/privacy for more information.

Feross Aboukhadijeh, founder of Socket, joins us to break down the recent wave of NPM supply chain attacks hitting the JavaScript ecosystem, including how attackers used phishing to target developers, snuck malware into popular packages like Prettier and "is", and even abused tools like Claude, Gemini, and TruffleHog. We dig into how GitHub Actions vulnerabilities were exploited, what makes postinstall scripts risky, and and what you can do to protect yourself from future attacks. Links Website: https://feross.org X: https://x.com/feross GitHub: https://github.com/feross LinkedIn: https://www.linkedin.com/in/feross YouTube: https://www.youtube.com/channel/UCHM4OEvQDUq8UszyUrdov-w Resources npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack Chapters 00:00 Intro: NPM supply chain attacks explained 01:10 What is a software supply chain attack? 02:00 NPM phishing campaign: Fake login pages 03:00 Prettier ecosystem compromised 04:00 The “is” package malware incident 05:30 NX package breach (August 27 attack) 06:40 AI-powered supply chain exploit 08:00 GitHub Actions misconfiguration 12:00 Lessons from recent NPM attacks 20:00 How malicious packages get published 25:00 Why install scripts are so risky 30:00 Limitations of banning install scripts 35:00 Open source maintainer challenges 40:00 Smarter approaches to dependency updates 44:00 The future of open source supply chain security 47:00 Closing thoughts and resources We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Feross Aboukhadijeh.

If you like what you hear, please subscribe, leave us a review and tell a friend!

On this episode, Treaty Oak Clean Energy's CEO Chris Elrod joins Andrew Burnes to discuss the firm's near-term pipeline in the Southeast, efforts to raise USD 1bn of debt capital during the calendar year, issues with interconnection timelines in MISO, and the impacts of the end of tax credits and start of FEOC requirements for solar and storage projects.NPM is a leading data, intelligence & events company providing business development led coverage of the US & European power, storage & data center markets for the development, finance, M&A and corporate community.Download our mobile app.

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week's topic segment, we're discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

This week we have a bit of a different sound. Alan's recording system is on the fritz. We had an attempt to record the week before this recording but the pc just kept freezing up. Anyway we talk about the troubled nature of his machine and the troubles in NodeJs land with the frequent NPM security issues. You can find all links from this episode on polymatic.link/show129 Socials: Alan polymatic.link/alan Socials: John polymatic.link/john For feedback: podcast@polymatic.media Website polymatic.media

 This week on the PHP Podcast, Eric and John discuss NativePHP bringing everything, including the Kitchen Sink, PHP Foundation announcement of the SDK for MCP, Nuno's Explanation of Laravel MCP, PHP 8.5 Pipe Operator, the Supply Chain issue with NPM, and more. Links from the show: GitHub – NativePHP/kitchen-sink-mobile: NativePHP for mobile demo app […] The post PHP Podcast: 2025.09.18 appeared first on PHP Architect.

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-892

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Show Notes: https://securityweekly.com/psw-892

In this episode of The Bitcoin Brief, Max and Q delve into the latest happenings in the world of Bitcoin and privacy. In this shorter Bitcoin Brief catch‑up, we dive straight into the latest on Passport Prime: Foundation has completed a third‑party security audit for KeyOS, is squashing final bugs, and is testing a bulletproof firmware‑update flow before giving the factory the green light. While early‑access units have slipped from initial estimates, the team stresses security parity with Passport Core, continued transparency, and a no‑questions‑asked refund policy for those who prefer not to wait. We then unpack last week's NPM supply‑chain scare that briefly impacted Ethereum‑focused flows; despite the rapid containment (netting attackers mere cents), it's a timely reminder to use hardware wallets for significant funds and to verify amounts, fees, change, and destination addresses on every send.On policy, we examine the resurfacing “mixer rule” push in the US that would effectively criminalise mainstream privacy behaviours on public blockchains—potentially sweeping up CoinJoin/PayJoin, address freshness, swaps, and simple transaction splitting—highlighting why principled privacy and robust, neutral protocols matter. We field a listener question on making Lightning more accessible, weighing today's trade‑offs between self‑hosting and managed hubs (e.g., Alby), and the convenience of Phoenix/Zeus, with an eye toward emerging designs like Ark/Spark. Rounding out with releases: Cake Wallet's Pay Anything (seamless cross‑asset paying), native Tor on iOS, and Cupcake for air‑gapped signing; Craig Raw's Frigate Electrum server experiment for efficient Silent Payments scanning; and Braiins Deck, a tidy desk display for price, mempool, and mining stats. Boosts, meets, and a reminder: stay vigilant, stay private, and keep building.IMPORTANT LINKS https://freesamourai.comhttps://p2prights.org/donate.htmlhttps://ungovernablemisfits.comVALUE FOR VALUEThanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.You can support this episode using your time, talent or treasure.TIME:- create fountain clips for the show- create a meetup- help boost the signal on social mediaTALENT:- create ungovernable misfit inspired art, animation or music- design or implement some software that can make the podcast better- use whatever talents you have to make a contribution to the show!TREASURE:- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com- DONATE via Monero @ https://xmrchat.com/ugmf- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/FOUNDATIONhttps://foundation.xyz/ungovernableFoundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.As a sovereign computing company, Foundation is the antithesis of today's tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can't be evil”.Thank you Foundation Devices for sponsoring the show!Use code: Ungovernable for $10 off of your purchaseCAKE WALLEThttps://cakewallet.comCake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.Features:- Built-in Exchange: Swap easily between Bitcoin and Monero.- User-Friendly: Simple interface for all users.Monero Users:- Batch Transactions: Send multiple payments at once.- Faster Syncing: Optimized syncing via specified restore heights- Proxy Support: Enhance privacy with proxy node options.Bitcoin Users:- Coin Control: Manage your transactions effectively.- Silent Payments: Static bitcoin addresses- Batch Transactions: Streamline your payment process.Thank you Cake Wallet for sponsoring the show!MYNYMBOXhttps://mynymbox.netYour go-to for anonymous server hosting solutions, featuring: virtual private & dedicated servers, domain registration and DNS parking. We don't require any of your personal information, and you can purchase using Bitcoin, Lightning, Monero and many other cryptos.Explore benefits such as No KYC, complete privacy & security, and human support.

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-892

A new self-replicating malware infects the NPM repository. Microsoft and Cloudflare disrupt a Phishing-as-a-Service platform. Researchers uncover a new Fancy Bear backdoor campaign. The VoidProxy phishing-as-a-service (PhaaS) platform targets Microsoft 365 and Google accounts. A British telecom says its ransomware recovery may stretch into November. A new Rowhammer attack variant targets DDR5 memory. Democrats warn proposed budget cuts could slash the FBI's cyber division staff by half at a heated Senate Judiciary Committee hearing. On our Industry Voices segment, we are joined by Abhishek Agrawal from Material security discussing challenges of securing the Google Workspace. Pompompurin heads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Abhishek Agrawal, CEO and Co-Founder of Material Security, discussing challenges of securing the Google Workspace. You can hear Abhishek's full conversation here. Selected Reading Self-Replicating Worm Hits 180+ Software Packages (Krebs on Security) Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader (Help Net Security) Fancy Bear attacks abuse Office macros, legitimate cloud services (SC Media) VoidProxy phishing operation targets Microsoft 365, Google accounts (SC Media) UK telco Colt's cyberattack recovery seeps into November (The Register) Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack (The Register) Senators, FBI Director Patel clash over cyber division personnel, arrests (CyberScoop) House lawmakers move to extend two key cyber programs, for now (The Record) BreachForums founder caged after soft sentence overturned (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Why You Need Phishing-Resistant Authentication NOW. The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be. https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290 S1ngularity/nx Attackers Strike Again A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories. https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again ChatGPT s Calendar Integration Can Be Exploited to Steal Emails ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP. https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/

Cybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More... In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 JavaScript libraries on NPM, exploiting developer tokens for spread, including those maintained by CrowdStrike. Love explains practical but challenging measures to mitigate such threats. He also explores steganography's role in hiding malicious scripts within seemingly benign image files, urging vigilance against embedding hidden commands. Additionally, the episode covers a cyber incident in Yellowknife, causing severe disruptions to municipal services and emphasizing the importance of cyber hygiene and support from higher government levels. Lastly, Jim examines how a Windows 11 patch has created a new vulnerability, stressing the need for enhanced monitoring and quick updates. 00:00 Introduction and Overview 00:21 The Shy Ude Worm: A New Threat 02:19 Steganography: Hiding in Plain Sight 05:30 Cybersecurity Incident in Yellowknife 07:24 Microsoft's Patch Problems 08:27 Conclusion and Contact Information

This is a recap of the top 10 posts on Hacker News on September 16, 2025. This podcast was generated by wondercraft.ai (00:30): Man jailed for parole violations after refusing to decrypt his Tor nodeOriginal post: https://news.ycombinator.com/item?id=45261163&utm_source=wondercraft_ai(01:51): Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromisedOriginal post: https://news.ycombinator.com/item?id=45260741&utm_source=wondercraft_ai(03:12): Top UN legal investigators conclude Israel is guilty of genocide in GazaOriginal post: https://news.ycombinator.com/item?id=45259553&utm_source=wondercraft_ai(04:33): Things you can do with a Software Defined Radio (2024)Original post: https://news.ycombinator.com/item?id=45262835&utm_source=wondercraft_ai(05:55): Linux phones are more important now than everOriginal post: https://news.ycombinator.com/item?id=45256651&utm_source=wondercraft_ai(07:16): Denmark close to wiping out cancer-causing HPV strains after vaccine roll-outOriginal post: https://news.ycombinator.com/item?id=45265745&utm_source=wondercraft_ai(08:37): Waymo has received our pilot permit allowing for commercial operations at SFOOriginal post: https://news.ycombinator.com/item?id=45264562&utm_source=wondercraft_ai(09:59): I feel Apple has lost its alignment with me and other long-time customersOriginal post: https://news.ycombinator.com/item?id=45256577&utm_source=wondercraft_ai(11:20): "Your" vs. "My" in user interfacesOriginal post: https://news.ycombinator.com/item?id=45257627&utm_source=wondercraft_ai(12:41): Robert Redford has diedOriginal post: https://news.ycombinator.com/item?id=45261159&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

This week on Reimagining Cyber, we unpack one of the biggest supply chain attacks of the year: the NPM hack. Attackers compromised widely used packages like Chalk and Debug—billions of weekly downloads—slipping in code that silently hijacked crypto transactions. Tyler Moffitt joins us to explain how it happened, who's most at risk, and the practical steps every developer and security leader should take right now.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.

Apple Updates Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities. https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286 Microsoft End of Life October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end. https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011. https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605 Phishing Targeting Rust Developers Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week. https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064 Samsung Patches 0-Day Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day. https://security.samsungmobile.com/securityUpdate.smsb

Show DescriptionDave's got a Whiskey related content warning, recent security vulnerabilities in NPM, challenges with password management, and the complexities of digital security. They delve into Google's antitrust issues and the dynamics of the browser market, before transitioning to innovations in CSS, including custom properties and functions. The conversation wraps up with thoughts on the future of CSS and web development. Listen on WebsiteLinks Whiskey Web and Whatnot: Web Development, Neat Storybook: Frontend workshop for UI development Largest NPM Compromise in History - Supply Chain Attack : r/programming We all dodged a bullet - Xe Iaso Post by @cabel.panic.com — Bluesky Special: One on One with a Hacker – ShopTalk 1Password Watchtower This 25-minute video is the most riveting sudoku puzzle you will ever watch | The Verge Many years on the job and I still don't get it. - daverupert.com if() - CSS | MDN CSS at-rule functions - CSS | MDN CSS color-scheme-dependent colors with light-dark() – Bram.us Matthias Ott

Segment 1 - Interview with Jeff Pollard Introducing Forrester's AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode's interview, we're talking to Forrester analyst Jeff Pollard. I'm pulling this segment's description directly from the report's executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won't be as simple or as straightforward as mobile and cloud — and that's bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there's funding and acquisitions, but we're not going to talk about them AI's gonna call the cops on you and everyone's losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and Otter.ai got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn't like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you're building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity's most urgent realities: compromised credentials aren't a possibility — they're a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren't “breaking in” anymore… they're logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island's enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-424

In this episode, we are joined by special guests Mike Herchel and Andy Giles, founders of Dripyard. Dripyard is a premium Drupal theme designed to reduce the cost of ownership and enhance the developer experience for modern Drupal projects. Mike and Andy share insights into their motivation behind launching Dripyard, the detailed work that goes into creating accessible, high-quality themes, and how their themes will integrate with upcoming Drupal features like Canvas. We also discuss the module of the week, Content First, and a crucial public service announcement about a supply chain attack impacting NPM tools. For show notes visit: https://www.talkingDrupal.com/520 Topics Meet the Guests: Mike Herchel and Andy Giles Module of the Week: Content First Public Service Announcement: NPM Supply Chain Attack Event Spotlight: Bad Camp 2025 Introducing Dripyard: A New Drupal Theme Company The Concept and Vision Behind Dripyard The Importance of Accessibility in Themes Building Themes for the General Public Supporting Drupal CMS and Canvas Supporting Custom and Contrib Modules Styling Challenges with Webform Module Consulting Services for Theme Integration Sub-Theming and Customization Options Support and Assistance for Non-Developers Recipes for Efficient Theme Setup Modern CSS and JavaScript Practices Target Audience and Market Focus Licensing and Open Source Considerations Final Thoughts and Contact Information Module of the Week with Martin Anderson-Clutz - mandclu.com mandclu Content First - The Content First module provides a simple tool for viewing the plain text content of any node without design, media, or layout distractions. It helps content teams, editors, and designers focus on what matters most: the content itself. Whether you're drafting, reviewing, or rethinking your site's messaging, this module supports a true “content-first” approach by giving you a clean, layout-free version of your page. Resources Dripyard Supply Side Attack - Also this link grep -r --binary-files=text _0x112fa81 to diagnose if you've been impacted Should I Use a Carousel? Guests Mike Herchel mherchel Andy Giles andyg5000 dripyard.com Hosts John Picozzi - epam.com johnpicozzi Martin Anderson-Clutz - mandclu.com mandclu James Sansbury - tugboatqa.com q0rban

Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity. 00:00 Introduction and Headlines 00:35 Massive NPM Attack: What Happened? 02:53 Void Proxy: A New Phishing Threat 05:31 Jaguar Land Rover Cyber Attack Impact 06:59 Marks and Spencer Leadership Change 08:04 Conclusion and Final Thoughts

Segment 1 - Interview with Jeff Pollard Introducing Forrester's AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode's interview, we're talking to Forrester analyst Jeff Pollard. I'm pulling this segment's description directly from the report's executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won't be as simple or as straightforward as mobile and cloud — and that's bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there's funding and acquisitions, but we're not going to talk about them AI's gonna call the cops on you and everyone's losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and Otter.ai got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn't like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you're building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity's most urgent realities: compromised credentials aren't a possibility — they're a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren't “breaking in” anymore… they're logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island's enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-424

Segment 1 - Interview with Jeff Pollard Introducing Forrester's AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode's interview, we're talking to Forrester analyst Jeff Pollard. I'm pulling this segment's description directly from the report's executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won't be as simple or as straightforward as mobile and cloud — and that's bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there's funding and acquisitions, but we're not going to talk about them AI's gonna call the cops on you and everyone's losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and Otter.ai got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn't like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you're building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity's most urgent realities: compromised credentials aren't a possibility — they're a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren't “breaking in” anymore… they're logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island's enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Show Notes: https://securityweekly.com/esw-424

The panel opened with reflections on the tragic assassination of Charlie Kirk and other recent violent events, framing them through the lens of The Fourth Turning by Strauss & Howe.Discussion on how history moves in ~80–100 year cycles of crisis and renewal, with Bitcoin and decentralized protocols potentially forming the backbone of the next institutional order.John emphasized perspective, comparing today's turmoil with past upheavals (1960s, 1970s, World Wars), and highlighted the role of media saturation in shaping perceptions.Panelists praised Kirk's willingness to debate respectfully, lamenting the erosion of open dialogue in society.Shifted to macro: China's gold accumulation as a hedge against dollar hegemony, interpreted as part of a global move toward neutral reserve assets—gold today, Bitcoin tomorrow.Deep dive into U.S. financial surveillance: the inefficiencies of the Bank Secrecy Act (BSA) and threats of extending the Patriot Act to digital assets. Panelists argued KYC/AML laws are largely ineffective at stopping crime but very effective at surveilling citizens.Highlighted the DOJ's case against Samourai Wallet as an example of U.S. hostility toward Bitcoin privacy tools.Covered this week's major supply-chain attack on NPM packages, noting minimal impact but using it as a PSA: always verify addresses on hardware wallets and beware phishing scams.Tether launched a U.S.-regulated stablecoin (USAT). The panel explored how this intersects with the Genius Act, which would require stablecoin reserves to be in U.S. Treasuries, effectively creating a new forced buyer of U.S. debt.Quick hits: MicroStrategy denied S&P 500 inclusion (for now), BLS quietly revised U.S. job numbers down by 900k, Gemini goes public, and Michael Saylor positions MicroStrategy as a “Bitcoin capital markets” play. Swan Private helps HNWI, companies, trusts, and other entities go beyond legacy finance with BItcoin. Learn more at swan.com/private. Put Bitcoin into your IRA and own your future. Check out swan.com/ira.Swan Vault makes advanced Bitcoin security simple. Learn more at swan.com/vault.

The crypto community once again is dodging digital landmines as Ledger’s CTO screams “stop those onchain transactions!” thanks to a sneaky NPM supply chain attack hitting over a billion downloads. That’s right, hackers are out here snatching crypto like it’s candy. Meanwhile, Bitcoin Hyper’s presale is going full supernova, Oracle’s AI cloud dreams are spiking their stock, and Trump Media is hoarding $6 billion in CRO tokens for Truth Social’s big flex. From Nasdaq’s $50M Gemini IPO bet to Worldcoin’s AI identity takeover, we’re unpacking it all with our signature badness. Grab your hardware wallet, strap in, or strap on if you are into that kind of thing, and jump on board for our bad news episode #789 of The Bad Crypto Podcast. Full Show Notes at: http://badco.in/789 SUBSCRIBE, RATE, & REVIEW: Apple Podcast: http://badco.in/itunes Google Podcasts: http://badco.in/google Spotify: http://badco.in/spotify Amazon Music: http://badco.in/amazon FREE NFTs when you JOIN THE BAD CRYPTO NIFTY CLUB at https://badcrypto.uncut.network FOLLOW US ON SOCIAL MEDIA: Twitter: @badcryptopod - @joelcomm - @teedubya Facebook: /BadCrypto - /JoelComm - /teedubyaw Facebook Mastermind Group: /BadCrypto LinkedIn: /in/joelcomm - /in/teedubya Instagram: @BadCryptoPodcast Email: badcryptopodcast[at]gmail[dot]com Phone: SEVEN-OH-8-88FIVE- 90THIRTY DISCLAIMER: Do your own due diligence and research. Joel Comm and Travis Wright are NOT FINANCIAL ADVISORS. We are sharing our journey with you as we learn more about this crazy little thing called cryptocurrency. We make NO RECOMMENDATIONS. Don't take anything we say as gospel. Do not come to our homes with pitchforks because you lost money by listening to us. We only share with you what we are learning and what we are investing it. We will never "pump or dump" any cryptocurrencies. Take what we say with a grain of salt. You must research this stuff on your own! Just know that we will always strive for RADICAL TRANSPARENCY with any show associations.Support the show: https://badcryptopodcast.comSee omnystudio.com/listener for privacy information.

https://rhr.tv/stream - charlie kirk assassinated https://primal.net/e/nevent1qqsq83rgz6xea93qwm3r2k256zualrnn8sez3wwe7jf3s6fcjc3753g6rw5tp - ukrainian refugee iryna zarutska murdered in charlotte -massive protests in indonesia and nepal, bitchat adoption spikes https://primal.net/e/nevent1qqs0eljval9cks7g6zag4x0w5y0k9p95kq0k7gxshwxhfa24wtsmhhq457vz7 - US Government To Bring PATRIOT Act to Digital Assets https://www.therage.co/us-government-to-bring-patriot-act-to-digital-assets/ - Wholesale prices unexpectedly declined 0.1% in August, as Fed rate decision looms https://www.cnbc.com/2025/09/10/ppi-inflation-august-2025-.html - 10Y Treasury yield sinks to 4.05%, its lowest level in over 5 months https://x.com/TFTC21/status/1965151472376840274 - craig raw releases frigate electrum server https://primal.net/e/nevent1qqsxtg6cdtyv9yytwl3kc0jnzzssc8k7xzwju64tyqqry9wfwld8tvcvqunxg - zaprite launches event tickets functionality https://blog.zaprite.com/introducing-zaprite-event-tickets/ - DTAN torrent search updates https://primal.net/e/nevent1qqs0ass0muu26x0jeq9qnuty0guz94ftdx82xk84lkme03pnhjdqn2qkpeau2 - android security patches moves to quarterly model instead of monthly https://primal.net/e/nevent1qqsqjkv0czfh6py3vs6gcyu2259xkdte3tfk9vwpwpu7v430vthjmns7v03hz - NATO has invoked Article 4 of the North Atlantic Treaty at Poland's request after dozens of Russian one-way attack drones violated Polish airspace https://primal.net/e/nevent1qqsgel5fey6c2gqpz97wgejx5798xxc9j9twh56s869mhvtp927m5tgd4h72m 2:35 - Charlie Kirk 14:40 - Iryna Zarutska 21:45 - Dashboard 23:25 - Bitchat amid protests 32:15 - Digital asset PATRIOT Act 44:55 - PPI -0.1% 50:45 - 10yr yield 54:15 - Boosts 55:25 - HRF Story of the Week 57:29 - Software updates 1:17:25 - NPM vulnerability 1:21:10 - NATO Article 4 1:25:45 - MAHA 1:32:35 - Cattlebike 1:45:25 - Bessent ass kicking Shoutout to our sponsors: Coinkite https://coinkite.com/ Stakwork https://stakwork.ai/ Obscura https://obscura.net/ Follow Marty Bent: Twitter https://twitter.com/martybent Nostr https://primal.net/marty Newsletter https://tftc.io/martys-bent/ Podcast https://tftc.io/podcasts/ Follow Odell: Nostr https://primal.net/odell Newsletter https://discreetlog.com/ Podcast https://citadeldispatch.com/

Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic. https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266

Crypto News: Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries. SwissBorg hacked for $41M SOL after third-party API compromise. CoinShares to go public in the US through $1.2B SPAC merger. HashKey launches $500M digital asset treasury fund in Hong Kong.Show Sponsor -

AI Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, WhatsApp, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-510

Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors. Plus, Apple's new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China's surveillance ecosystem; and controversy around a Huntress disclosure of an attacker's operations after an EDR agent was mistakenly installed. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).