The Everything Feed - All Packet Pushers Pods PP077: News Roundup–Drift Breach Has Long Reach; FCC Investigates Its Own IoT Security Program
Sep 9, 2025
A recent data breach at Salesloft raises questions about whether all publicity is good. The discussion covers alarming industrial vulnerabilities and cybersecurity breaches affecting major companies, highlighting the immediate risks in the food supply chain. The tightening of multi-factor authentication for Azure services and urgent upgrades from Windows 10 are also on the table. Additionally, the complexities of certifying IoT device security amidst political influences are explored, along with mobile security challenges in messaging apps targeting vulnerable users.
AI Snips
Chapters
Transcript
Episode notes
Chat Agent Tokens Enable Wide Supply-Chain Pivot
- OAuth tokens stored in third-party agentic chat platforms can become a broad supply-chain pivot to many enterprise systems.
- Treat any tokens tied to an integrated chat agent as potentially compromised and assume lateral access risk.
Downscope And Rotate Tokens Immediately
- Do downscope and retokenize integrations to follow zero trust principles after a third-party compromise.
- Rotate tokens and audit application-to-application privileges promptly to reduce blast radius.
Grocery-Scale ICS Vulnerabilities Are Real
- Industrial refrigeration controllers from Copeland contained multiple high-severity vulnerabilities that affect grocery-store infrastructure.
- Non-IT industries often accept insecure conveniences, making IoT/ICS devices attractive targets for mischief or ransom.