Category: Podcast

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec

Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube

Links:

• https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/
• https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/
• https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713
• https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
• https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support our show? Want to get access to episodes a week before everyone else? Become a patreon sponsor here: https://www.patreon.com/defensivesec

If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25

Our new merch store is live: DefSec Store

We’ve added a lot of new items and will continue to do so over time.

On to the show.

Here are the links for this week’s episode:

• https://www.bleepingcomputer.com/news/security/spikes-in-malicious-activity-precede-new-cves-in-80-percent-of-cases/
• https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/
• https://nerds.xyz/2025/07/ai-security-flaws-veracode-2025/
• https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/
• https://www.cybersecuritydive.com/news/research-llms-attacks-without-humans/754203/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

Links:

• https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
• https://www.axios.com/2025/07/08/scattered-spider-cybercrime-hackers
• https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/

Additional links for Patreon donors:

• https://www.theregister.com/2025/07/13/fake_it_worker_problem/
• https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Want to support us?  Want even MORE DefSec?  Starting this week, we are providing more DefSec for our Patreon donors.  Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec

Links:

• https://www.csoonline.com/article/4012801/the-top-red-teamer-in-the-us-is-an-ai-bot.html
• https://www.darkreading.com/endpoint-security/attackers-top-brands-callback-phishing
• https://www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
• https://www.darkreading.com/cybersecurity-operations/ransomware-reshaped-how-cyber-insurers-perform-security-assessments
• https://www.darkreading.com/endpoint-security/phishing-training-doesnt-work

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links: 

https://www.theregister.com/2025/06/06/chatgpt_for_evil/
https://www.theregister.com/2025/06/06/ransomware_negotiation/
https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agents
https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/
https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/ / https://x.com/deepakravindran/status/1930776943101894869

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant data breach at Coinbase, the challenges of cryptocurrency security, the importance of patch management, and the evolving landscape of cyber threats. They also discuss insider threats, the failures of rigid security programs, and the overlooked cybersecurity risks in mergers and acquisitions. The episode concludes with a discussion on emerging threats, particularly the potential for ransomware to infect CPUs.

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:
https://go.theregister.com/feed/www.theregister.com/2025/05/21/coinbase_confirms_insider_breach_affects/
https://www.theregister.com/2025/05/14/improve_patching_strategies/
https://www.bleepingcomputer.com/news/security/ransomware-gangs-increasingly-use-skitnet-post-exploitation-malware/
https://www.darkreading.com/vulnerabilities-threats/rigid-security-programs-fail
https://www.darkreading.com/cyber-risk/hidden-cybersecurity-risks-mergers-acquisitions
https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss the latest trends in cybersecurity, focusing on the rise of BEC scams and the significant losses attributed to cybercrime in 2024. They explore emerging threats, including social engineering tactics and hardware vulnerabilities, particularly in management interfaces. The conversation also delves into the complexities of vulnerability management, the risks associated with supply chain attacks in open source software, and the alarming rate at which CVEs are being exploited. The hosts emphasize the need for organizations to be proactive in their security measures and to understand the evolving landscape of cyber threats.

Links:

• https://www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/
• https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/
• https://www.theregister.com/2025/04/21/microsoft_apple_patch/
• https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html
• https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode, we celebrate the 300th episode of the Defensive Security Podcast then discuss various cybersecurity topics including the rise of AI-driven threats, the importance of zero trust architecture, best practices for incident response, the impact of human error on security breaches, and the risks associated with collaboration tools. We also cover the dangers of malvertising campaigns exploiting platforms like GitHub.

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Links:

• https://venturebeat.com/security/51-seconds-to-breach-how-cisos-are-fighting-back-against-lightning-fast-attacks/
• https://www.theregister.com/2025/03/10/incident_response_advice/
• https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals
• https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface
• https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Summary

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a Disney employee’s mishap with an AI tool that led to a significant hack, vulnerabilities in VMware ESX hypervisors, and a developer’s sabotage of their ex-employer. They also explore the implications of GitHub repository exposure and the growing risks associated with third-party vendors in cybersecurity.

Link to support Andy and Jerry’s work creating the Defensive Security Podcast: https://www.patreon.com/defensivesec

Story links:

• https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931
• https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc
• https://www.theregister.com/2025/03/08/developer_server_kill_switch/
• https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/
• https://www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims