Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec Defensive Security Podcast Episode 337
Jan 26, 2026
Discussion of QR-code phishing campaigns and the rise of 'quishing' targeting mobile devices. Practical hiring security: live technical interviews, proctoring tricks, and spotting fraud signals like VPNs and odd timezones. Deep dive into a long-exploited ESXi VM escape, hypervisor trust risks, and how commoditized exploit toolkits amplify ransomware threats. CISO turnover, succession problems, and the impact on security programs.
AI Snips
Chapters
Books
Transcript
Episode notes
QR Codes As Phishing Vectors
- QR codes are being used in targeted phishing to send victims to fake SSO/VPN login portals that capture credentials.
- Jerry Bell and Andrew Kallett stress this exploits gaps in email filtering and unmanaged personal phones.
Adopt Phishing-Resistant Authentication
- Deploy phishing-resistant authentication like FIDO/passkeys to reduce credential theft via quishing.
- Enforce SSO support for SaaS to centralize strong auth and reduce shadow accounts.
Shadow Admins Create Security Gaps
- Shadow administration creates weaker local accounts when teams bypass IAM for speed.
- Consistent controls across assets matter more than one-off deployments to prevent credential gaps.
