Defensive Security Podcast Episode 327

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Links to this week’s stories:

https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/

https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/

https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Defensive Security Podcast Episode 326

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are the stories we discuss this week:

https://cybersecuritynews.com/hackers-actively-compromising-databases/

https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/

https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html

https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1

https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Defensive Security Podcast Episode 325

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to be the first to hear our episodes each week?  Become a Patreon donor here.

Here are links to the stories we discuss this week:

https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/

https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/

https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/

https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/

https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/

https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

Defensive Security Podcast Episode 324

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Here are links to the stories we discuss this week:

  • https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
  • https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html
  • https://www.theregister.com/2025/09/23/gartner_ai_attack/
  • https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/
  • https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-lawsuit/

Defensive Security Podcast Episode 323

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Please follow us on YouTube

Want episodes a week early?  Consider becoming a Patreon sponsor of the DefSec podcast here.

Here are links to the stories we talked about this week:

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

https://cybersecuritynews.com/finwise-insider-breach/

https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/

Defensive Security Podcast Episode 322

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Here are the stories we discuss this week:

https://natlawreview.com/article/qantas-airways-cuts-executive-pay-after-cyber-incident-governance-signal-industry

https://www.securityweek.com/ransomware-losses-climb-as-ai-pushes-phishing-to-new-heights

https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack

https://www.theregister.com/2025/09/12/huntress_attacker_surveillance

LunaLock Ransomware threatens victims by feeding stolen data to AI models
FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

Defensive Security Podcast Episode 321

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec

Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube

Links:

  • https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/
  • https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/
  • https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713
  • https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
  • https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/

Defensive Security Podcast Episode 320

Podcast: Play in new window | Download | Embed

Subscribe: RSS

 

Links to stories:

Defensive Security Podcast Episode 318

Podcast: Play in new window | Download | Embed

Subscribe: RSS

I have no idea why Riverside.fm (the service we use to record the podcast) has such an audio/video sync problem for the first minute or so of the recording. We’re working on it…

On to the show. Here are the links for this week’s episode:

https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id

https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor

https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics

https://www.securityweek.com/vibe-coding-when-everyones-a-developer-who-secures-the-code

https://www.securityweek.com/inside-the-dark-webs-access-economy-how-hackers-sell-the-keys-to-enterprise-networks

Defensive Security Podcast Episode 317

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support our show? Want to get access to episodes a week before everyone else? Become a patreon sponsor here: https://www.patreon.com/defensivesec

If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25

Our new merch store is live: DefSec Store

We’ve added a lot of new items and will continue to do so over time.

On to the show.

 

Here are the links for this week’s episode: