Defensive Security Podcast Episode 332

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics

https://www.theregister.com/2025/11/28/posthog_shaihulud/?td=keepreading / https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem

https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/

https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions

Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Defensive Security Podcast Episode 331B

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Reposting Episode 331 due to the wrong mp3 attached to the original.

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

  • https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
  • https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
  • https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
  • https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
  • https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

Repo

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

  • https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
  • https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
  • https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
  • https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
  • https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

Defensive Security Podcast Episode 330

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

  • https://www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/
  • https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools
  • https://www.darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10
  • https://www.computerweekly.com/news/366634363/Google-Dont-get-distracted-by-AI-focus-on-real-cyber-threats

Defensive Security Podcast Episode 329

Podcast: Play in new window | Download | Embed

Subscribe: RSS

https://www.youtube.com/watch?v=3BaNujBx62Y

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/

https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/

https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security

https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery

 

Defensive Security Podcast Episode 328

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links we discuss this week:

https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1

https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/

https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/

https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore

https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Defensive Security Podcast Episode 327

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/

https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/

https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Defensive Security Podcast Episode 326

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are the stories we discuss this week:

https://cybersecuritynews.com/hackers-actively-compromising-databases/

https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/

https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html

https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1

https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Defensive Security Podcast Episode 325

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are links to the stories we discuss this week:

https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/

https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/

https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/

https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/

https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/

https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

Defensive Security Podcast Episode 324

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Here are links to the stories we discuss this week:

  • https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
  • https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html
  • https://www.theregister.com/2025/09/23/gartner_ai_attack/
  • https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/
  • https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-lawsuit/

Defensive Security Podcast Episode 323

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Please follow us on YouTube

Want episodes a week early?  Consider becoming a Patreon sponsor of the DefSec podcast here.

Here are links to the stories we talked about this week:

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

https://cybersecuritynews.com/finwise-insider-breach/

https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/