Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Episode 315 is available for our patreon donors and will be posted for everyone else on Monday, July 28. Going forward, episodes will be released to our patreon donors shortly after recording and will be released to everyone else a week later. If you want to become a patreon donor, you can do so here: https://www.patreon.com/defensivesec Also, our new merch store is live and available here: https://store.defensivesecurity.org It’s a work in progress and please let me know if you have any issued with it. Thank you all and we’ll talk on Monday!  

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec Links: https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/ https://www.axios.com/2025/07/08/scattered-spider-cybercrime-hackers https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/ Additional links for Patreon donors: https://www.theregister.com/2025/07/13/fake_it_worker_problem/ https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/

The hosts reflect on personal memories while blending humor with security insights. They introduce an AI bot, Expo, that's revolutionizing vulnerability identification. The chat turns to advanced application security tools and the growing role of AI in this field. Cyber threats are evolving, with new tactics like callback phishing emerging. There's an urgent call for organizations to step up their vulnerability management. Fans can look forward to exciting merchandise updates and exclusive content opportunities.

The hosts humorously discuss Patreon support and introduce new exclusive content for donors. They reveal a critical vulnerability in MegaRack systems that could allow hackers unauthorized access. The episode also highlights the importance of professionalism in cybersecurity marketing and the challenges new hires face regarding phishing risks, tying in historical malware stories. Engaging anecdotes about email overload during orientations blend with discussions on combating social engineering, making for an entertaining and informative listen.

The hosts kick off with light-hearted weekend stories, balancing gaming and home repairs. They dive into a staggering 16 billion credential leak, clarifying it's a rehash of existing breaches. The conversation shifts to new cyber threats like deepfake malware and Google security manipulations. They highlight the struggles of open-source software maintenance, stressing the unsustainable burden on volunteer contributors. Finally, the discussion emphasizes the necessity of cybersecurity awareness and the challenges of genuine networking in the InfoSec community.

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec Links:  https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html?m=1https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.htmlhttps://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html?m=1

The speakers dive into the dark side of AI, discussing its misuse in creating deceitful applications and the ethical implications of such trends. They explore how cybercriminals are leveraging advanced AI tools and evolving ransomware tactics, raising alarm over the increasing complexity of cybercrime. Another key topic includes a significant Coinbase breach linked to bribed employees, spotlighting insider threats and the critical need for stringent security measures. The episode wraps up with reflections on community engagement and the importance of proactive cybersecurity strategies.

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats. Links:  https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attackhttps://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing

The conversation kicks off with a lighthearted vibe as the hosts share personal anecdotes. They dive into a significant Coinbase data breach tied to insider threats, emphasizing the importance of proactive cybersecurity. The challenges of patch management are explored, highlighting the need for adaptive strategies in a rapidly evolving threat landscape. They discuss the cybersecurity risks in mergers and acquisitions and the dangers of inflexible security programs. The episode wraps up with a troubling look at emerging threats, particularly ransomware targeting CPUs.

In this episode, Jerry and Andrew discuss  the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices. Links:https://www.darkreading.com/cyber-risk/venom-spider-phishing-schemehttps://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/ Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec