Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics https://www.theregister.com/2025/11/28/posthog_shaihulud/?td=keepreading / https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/ https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Reposting Episode 331 due to the wrong mp3 attached to the original. Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/ https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/ https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/ https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/ Repo Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/ https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/ https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/ https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

A recent ransomware incident in Nevada highlights concerning detection and forensic challenges. The discussion reveals how AI is being tested by threat actors, raising alarms about automated lateral movement and internal vulnerabilities. The hosts emphasize the critical need for foundational security practices, reframing priorities amid AI hype. They also delve into the urgency of monitoring supply chain risks and remind listeners not to overlook basic threats like credential theft and phishing. The realities of CISO burnout spark a candid conversation on leadership accountability and budget constraints.

https://www.youtube.com/watch?v=3BaNujBx62Y Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/ https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/ https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery  

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links we discuss this week: https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1 https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/ https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/ https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/ https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/ https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/ https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Here are the stories we discuss this week: https://cybersecuritynews.com/hackers-actively-compromising-databases/ https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/ https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/ https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1 https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Here are links to the stories we discuss this week: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/ https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/ https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/ https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/ https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/ https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

  Here are links to the stories we discuss this week: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html https://www.theregister.com/2025/09/23/gartner_ai_attack/ https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/ https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-lawsuit/

  Please follow us on YouTube!  Want episodes a week early?  Consider becoming a Patreon sponsor of the DefSec podcast here. Here are links to the stories we talked about this week: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages https://cybersecuritynews.com/finwise-insider-breach/ https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/