Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

A recent ransomware incident in Nevada highlights concerning detection and forensic challenges. The discussion reveals how AI is being tested by threat actors, raising alarms about automated lateral movement and internal vulnerabilities. The hosts emphasize the critical need for foundational security practices, reframing priorities amid AI hype. They also delve into the urgency of monitoring supply chain risks and remind listeners not to overlook basic threats like credential theft and phishing. The realities of CISO burnout spark a candid conversation on leadership accountability and budget constraints.

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/ https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/ https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links we discuss this week: https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1 https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/ https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/ https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/ https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/ https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/ https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Here are the stories we discuss this week: https://cybersecuritynews.com/hackers-actively-compromising-databases/ https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/ https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/ https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1 https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Want to be the first to hear our episodes each week?  Become a Patreon donor here. Here are links to the stories we discuss this week: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/ https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/ https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/ https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/ https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/ https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

Here are links to the stories we discuss this week: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html https://www.theregister.com/2025/09/23/gartner_ai_attack/ https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/ https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-lawsuit/

Please follow us on YouTube!  Want episodes a week early?  Consider becoming a Patreon sponsor of the DefSec podcast here. Here are links to the stories we talked about this week: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages https://cybersecuritynews.com/finwise-insider-breach/ https://arstechnica.com/security/2025/09/how-weak-passwords-and-other-failings-led-to-catastrophic-breach-of-ascension/

In a riveting discussion, hosts explore Qantas handing down executive pay cuts post-cyber incident. They delve into the alarming rise of ransomware losses exacerbated by AI-driven phishing tactics. The conversation shifts to a significant NPM supply-chain compromise, raising concerns about dependency risks. LunaLock ransomware’s unique extortion method using stolen data for AI training models is a game changer. Finally, the FBI warns about impending Salesforce attacks, prompting vital talks on security measures like MFA.

Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube Links: https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/ https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/ https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713 https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/ https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/