Cybersecurity Breaches: Phishing, Malware, and National Defense Risks

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. 

Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control.

Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits.

The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks. 

00:00 Introduction - 10 Million Downloads 01:30 NPM Linter Packages Hijacked 05:05 Social Engineering and AI in Cybersecurity 08:57 Microsoft's China-Based Engineers Controversy 12:15 The Real Threat: Social Engineering 16:39 Conclusion and Call to Action