Category: Security

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Please consider supporting the DefSec podcast here.

Links to the stories we cover in this episode:

https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/

https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/

https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/

https://arstechnica.com/security/2026/01/mandiant-releases-rainbow-table-that-cracks-weak-admin-password-in-12-hours/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to the stories in this episode:

• https://www.theregister.com/2026/01/09/pyongyangs_cyberspies_are_turning_qr/
• https://www.scworld.com/perspective/five-ways-to-conduct-a-more-secure-hiring-process
• https://cybersecuritynews.com/vmware-esxi-exploited-toolkit/
• https://www.darkreading.com/cyber-risk/ciso-succession-crisis-highlights-turnover-amplifies-security-risks

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Merry Christmas and Happy Holidays!

Links to this week’s stories:

https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/

https://thehackernews.com/2025/12/russia-linked-hackers-use-microsoft-365.html?m=1

https://cybersecuritynews.com/amazon-catches-north-korean-it-worker/

https://www.darkreading.com/application-security/fake-proof-ai-slop-hobble-defenders

https://www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

• https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
• https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
• https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
• https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
• https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

Repo

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

• https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
• https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
• https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
• https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
• https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

• https://www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/
• https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools
• https://www.darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10
• https://www.computerweekly.com/news/366634363/Google-Dont-get-distracted-by-AI-focus-on-real-cyber-threats

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/

https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/

https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security

https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links we discuss this week:

https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1

https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/

https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/

https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore

https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/

https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/

https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are the stories we discuss this week:

https://cybersecuritynews.com/hackers-actively-compromising-databases/

https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/

https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html

https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1

https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are links to the stories we discuss this week:

https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/

https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/

https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/

https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/

https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/

https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/