Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security Podcast Episode 323

  Please follow us on YouTube!  Want episodes a week early?  Consider becoming a Patreon sponsor of the DefSec podcast here. Here are links to the stories we talked about this week: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages https://cybersecuritynews.com/finwise-insider-breach/ https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/

Defensive Security Podcast Episode 322

Here are the stories we discuss this week: https://natlawreview.com/article/qantas-airways-cuts-executive-pay-after-cyber-incident-governance-signal-industry https://www.securityweek.com/ransomware-losses-climb-as-ai-pushes-phishing-to-new-heights https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack https://www.theregister.com/2025/09/12/huntress_attacker_surveillance LunaLock Ransomware threatens victims by feeding stolen data to AI models FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

Defensive Security Podcast Episode 321

Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube Links: https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/ https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/ https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713 https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/ https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/

Defensive Security Podcast Episode 320

  Links to stories: https://securityaffairs.com/181430/security/after-sharepoint-attacks-microsoft-stops-sharing-poc-exploit-code-with-china.html https://www.cybersecuritydive.com/news/software-vulnerabilities-breaches-checkmarx-report/757793/ https://www.securityinfowatch.com/cybersecurity/article/55309774/even-security-leaders-are-breaking-ai-rules-calypsoai-report https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve https://www.darkreading.com/cyberattacks-data-breaches/fake-employees-pose-real-security-risks

Defensive Security Podcast Episode 318

I have no idea why Riverside.fm (the service we use to record the podcast) has such an audio/video sync problem for the first minute or so of the recording. We’re working on it… On to the show. Here are the links for this week’s episode: https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics https://www.securityweek.com/vibe-coding-when-everyones-a-developer-who-secures-the-code https://www.securityweek.com/inside-the-dark-webs-access-economy-how-hackers-sell-the-keys-to-enterprise-networks