Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/ https://cybersecuritynews.com/mongobleed-poc-exploit-mongodb/ https://cybersecuritynews.com/fortigate-firewall-vulnerability/ https://cybersecuritynews.com/oracle-e-business-suite-hack/

Most parked domains are now delivering malicious content, sparking discussions on effective mitigation strategies. Device code phishing re-emerges, allowing attackers to exploit Microsoft 365 accounts through low-bar tools. Amazon uncovers a suspicious keystroke delay that signals potential remote access interference. The risks of remote hiring, particularly with North Korean contractors, are examined alongside the challenges posed by AI-generated proofs of concept in cybersecurity. Lastly, a serious zero-day vulnerability in Cisco email appliances highlights pressing defensive priorities.

Dive into the alarming 700% rise in hypervisor ransomware and discover why these systems are prime targets. Learn about critical vulnerabilities, such as the React deserialization issue and Log4Shell's lingering presence. Hear tips on improving security through authentication and segmentation, plus the discussion on the dangers of AI coding tools. The need for cautious AI adoption is emphasized, along with how to secure LLMs against manipulation. Overall, a mix of pressing threats and practical security advice awaits!

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics https://www.theregister.com/2025/11/28/posthog_shaihulud/?td=keepreading / https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/ https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Reposting Episode 331 due to the wrong mp3 attached to the original. Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/ https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/ https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/ https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/ Repo Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/ https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/ https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/ https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

A recent ransomware incident in Nevada highlights concerning detection and forensic challenges. The discussion reveals how AI is being tested by threat actors, raising alarms about automated lateral movement and internal vulnerabilities. The hosts emphasize the critical need for foundational security practices, reframing priorities amid AI hype. They also delve into the urgency of monitoring supply chain risks and remind listeners not to overlook basic threats like credential theft and phishing. The realities of CISO burnout spark a candid conversation on leadership accountability and budget constraints.

https://www.youtube.com/watch?v=3BaNujBx62Y Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/ https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/ https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery  

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links we discuss this week: https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1 https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/ https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/ https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/ https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/ https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/ https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Here are the stories we discuss this week: https://cybersecuritynews.com/hackers-actively-compromising-databases/ https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/ https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/ https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1 https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/