Exploiting Vulnerabilities in OpenSSH: Identity Verification and Denial of Service

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australian spooks scrubbed Medibank data off Zservers bulletproof hosting
• Why device code phishing is the latest trick in confusing poor users about cloud authentication
• Cloudflare gets blocked in Spain, but only on weekends and because of… football?
• Palo Alto has yet another dumb bug
• Adam gushes about Qualys’ latest OpenSSH vulns

Enterprise browser maker Island is this week’s sponsor and Chief Customer Officer Bradon Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches.

This episode is also available on Youtube.

Show notes

• Five Russians went out drinking. When they got back, Australia had struck
• Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News
• Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers
• What is device code phishing, and why are Russian spies so successful at it? - Ars Technica
• Anyone Can Push Updates to the DOGE.gov Website
• Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak
• Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive
• Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog
• China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News
• RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign
• A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED
• How Phished Data Turns into Apple & Google Wallets – Krebs on Security
• New hack uses prompt injection to corrupt Gemini’s long-term memory
• Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News
• US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News
• EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate
• Remembering David Jorm - fundraising for Mental Health research