Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec



Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube



Links:




* https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/
* https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/
* https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713
* https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
* https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/

 
Links to stories:

*
https://securityaffairs.com/181430/security/after-sharepoint-attacks-microsoft-stops-sharing-poc-exploit-code-with-china.html

*
https://www.cybersecuritydive.com/news/software-vulnerabilities-breaches-checkmarx-report/757793/

*
https://www.securityinfowatch.com/cybersecurity/article/55309774/even-security-leaders-are-breaking-ai-rules-calypsoai-report

*
https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve

*
https://www.darkreading.com/cyberattacks-data-breaches/fake-employees-pose-real-security-risks

I have no idea why Riverside.fm (the service we use to record the podcast) has such an audio/video sync problem for the first minute or so of the recording. We’re working on it…



On to the show. Here are the links for this week’s episode:



https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id



https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor



https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics



https://www.securityweek.com/vibe-coding-when-everyones-a-developer-who-secures-the-code



https://www.securityweek.com/inside-the-dark-webs-access-economy-how-hackers-sell-the-keys-to-enterprise-networks

Want to support our show? Want to get access to episodes a week before everyone else? Become a patreon sponsor here: https://www.patreon.com/defensivesec
If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25
Our new merch store is live: DefSec Store
We’ve added a lot of new items and will continue to do so over time.
On to the show.
 
Here are the links for this week’s episode:










* https://www.bleepingcomputer.com/news/security/spikes-in-malicious-activity-precede-new-cves-in-80-percent-of-cases/
* https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/
* https://nerds.xyz/2025/07/ai-security-flaws-veracode-2025/
* https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/
* https://www.cybersecuritydive.com/news/research-llms-attacks-without-humans/754203/

Want to support our show? Want to get access to episodes a week before everyone else? Become a patreon sponsor here: https://www.patreon.com/defensivesec



If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25



Our new merch store is live: DefSec Store



We’ve added a lot of new items and will continue to do so over time.



On to the show. Here are the links for this week’s episode:




* https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/
* https://mashable.com/article/google-gemini-deletes-users-code
* https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/
* https://www.theregister.com/2025/07/23/lawsuit_clorox_vs_cognizant/
* https://www.bleepingcomputer.com/news/security/allianz-life-confirms-data-breach-impacts-majority-of-14-million-customers/

 
If you’re in Atlanta on August 20, you can join us for a LIVE episode at Mission 25. Register here: MCS Mission: Security’25
Our new merch store is live(ish): DefSec Store – We’ll be adding more items as time goes on. This is managed through Printify, which has a quite expansive range of products to logo up.
Also, some of you may know that Jerry is into photography and contemplating creating a calendar with images he’s taken. Let us know if that sounds interesting. Possible themes are: beach sunsets, flowers, or jet fighters, because that’s about all he’s good at taking pictures of.
 
 
On to the show. Here are the links for this week’s episode:

*
https://www.bleepingcomputer.com/news/security/lamehug-malware-uses-ai-llm-to-craft-windows-data-theft-commands-in-real-time/

*
https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/

*
https://www.darkreading.com/remote-workforce/fully-patched-sonicwall-gear-zero-day-attack

*
https://www.bleepingcomputer.com/news/security/new-crushftp-zero-day-exploited-in-attacks-to-hijack-servers/ (for patreon listeners only)

*
https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html?m=1(for patreon listeners only)










 

Episode 315 is available for our patreon donors and will be posted for everyone else on Monday, July 28. Going forward, episodes will be released to our patreon donors shortly after recording and will be released to everyone else a week later. If you want to become a patreon donor, you can do so here: https://www.patreon.com/defensivesec
Also, our new merch store is live and available here: https://store.defensivesecurity.org
It’s a work in progress and please let me know if you have any issued with it. Thank you all and we’ll talk on Monday!
 

Want to support us? Want even MORE DefSec? Starting this week, we are providing more DefSec for our Patreon donors. Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec









Links:




* https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/



* https://www.axios.com/2025/07/08/scattered-spider-cybercrime-hackers



* https://www.bleepingcomputer.com/news/security/employee-gets-920-for-credentials-used-in-140-million-bank-heist/



*




Additional links for Patreon donors:




* https://www.theregister.com/2025/07/13/fake_it_worker_problem/



* https://www.theregister.com/2025/07/09/chatgpt_jailbreak_windows_keys/

Want to support us?  Want even MORE DefSec?  Starting this week, we are providing more DefSec for our Patreon donors.  Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec
 








https://www.youtube.com/watch?v=BRzMJbBZ490




Links:




* https://www.csoonline.com/article/4012801/the-top-red-teamer-in-the-us-is-an-ai-bot.html



* https://www.darkreading.com/endpoint-security/attackers-top-brands-callback-phishing



* https://www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days



* https://www.darkreading.com/cybersecurity-operations/ransomware-reshaped-how-cyber-insurers-perform-security-assessments



* https://www.darkreading.com/endpoint-security/phishing-training-doesnt-work

Want to support us?  Want even MORE DefSec?  Starting this week, we are providing more DefSec for our Patreon donors.  Sign up to be a Patreon donor today: https://www.patreon.com/defensivesec
 









Links:

* https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
* https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/
* https://www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/











Patreon exclusive discussions:

* https://www.helpnetsecurity.com/2025/06/27/cybersecurity-risk-reduction-breach-transparency/
* https://www.theregister.com/2025/06/24/vulnerability_management_gap_noone_talks/

 
 
Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec





Links:




* https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/
* https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
* https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/
* https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec
Links: 



https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html?m=1https://www.csoonline.com/article/4002103/cisos-beware-genai-use-is-outpacing-security-controls.htmlhttps://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html?m=1

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec







Links: 



https://www.theregister.com/2025/06/06/chatgpt_for_evil/https://www.theregister.com/2025/06/06/ransomware_negotiation/https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agentshttps://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/ / https://x.com/deepakravindran/status/1930776943101894869

Like what we’re doing with the DefSec Podcast and want to help support us? Donate here: https://www.patreon.com/defensivesec



In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss a range of topics including the introduction of a new cryptocurrency, Guard Llama Coin, and the implications of recent cybersecurity incidents involving ConnectWise and ransomware attacks. They explore the challenges organizations face in responding to nation-state attacks, the complexities of ransomware tactics, and the importance of employee security awareness. The conversation emphasizes the need for timely patching and proactive security measures to protect against evolving threats.



Links: 



https://www.theregister.com/2025/05/30/connectwise_compromised_by_sophisticated_government/https://www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attackhttps://www.darkreading.com/threat-intelligence/3am-ransomware-adopts-email-bombing-vishing

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including a significant data breach at Coinbase, the challenges of cryptocurrency security, the importance of patch management, and the evolving landscape of cyber threats. They also discuss insider threats, the failures of rigid security programs, and the overlooked cybersecurity risks in mergers and acquisitions. The episode concludes with a discussion on emerging threats, particularly the potential for ransomware to infect CPUs.
Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec



Links:https://go.theregister.com/feed/www.theregister.com/2025/05/21/coinbase_confirms_insider_breach_affects/https://www.theregister.com/2025/05/14/improve_patching_strategies/https://www.bleepingcomputer.com/news/security/ransomware-gangs-increasingly-use-skitnet-post-exploitation-malware/https://www.darkreading.com/vulnerabilities-threats/rigid-security-programs-failhttps://www.darkreading.com/cyber-risk/hidden-cybersecurity-risks-mergers-acquisitionshttps://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/

In this episode, Jerry and Andrew discuss  the importance of data security, phishing attacks targeting hiring managers, the implications of paying ransoms, and the recent Disney data breach incident. They emphasize the need for better training for employees and the challenges of managing software supply chains. The conversation highlights the evolving landscape of cyber threats and the necessity for organizations to adopt more robust security practices.



Links:https://www.darkreading.com/cyber-risk/venom-spider-phishing-schemehttps://go.theregister.com/feed/www.theregister.com/2025/05/08/powerschool_data_extortionist/https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/https://www.theregister.com/2025/05/02/disney_slack_hacker_revealed_to/



Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode, we discuss the Google Mandiant 2025 M-Trends report.  The report is available here: https://services.google.com/fh/files/misc/m-trends-2025-en.pdf
Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss the latest trends in cybersecurity, focusing on the rise of BEC scams and the significant losses attributed to cybercrime in 2024. They explore emerging threats, including social engineering tactics and hardware vulnerabilities, particularly in management interfaces. The conversation also delves into the complexities of vulnerability management, the risks associated with supply chain attacks in open source software, and the alarming rate at which CVEs are being exploited. The hosts emphasize the need for organizations to be proactive in their security measures and to understand the evolving landscape of cyber threats.



Links:




* https://www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/



* https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/



* https://www.theregister.com/2025/04/21/microsoft_apple_patch/



* https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html



* https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html




Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

Summary



In this episode of the Defensive Security Podcast, hosts Jerry Bell and Andrew Kalat discuss various cybersecurity topics, including the rise of ransomware, the importance of backup strategies, and the implications of AI in phishing attacks. They discuss into the challenges of managing non-human identities and the need for effective communication of security metrics. The conversation also touches on the recent Oracle breach and the evolving landscape of cybersecurity threats.





Links:




* https://www.cybersecuritydive.com/news/remote-access-tools-ransomware-entry/745144/
* https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers
* https://thehackernews.com/2025/04/explosive-growth-of-non-human.html?m=1
* https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html?m=1
* https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec

In this episode, Jerry and Andrew discuss various cybersecurity topics, including the recent Oracle Cloud security breach, a GitHub supply chain attack, insider threats, and the implications of AI in cybersecurity. They explore the challenges of maintaining trust in cloud services, the complexities of insider threats, and the evolving landscape of cybercrime driven by AI advancements. The conversation emphasizes the need for robust security measures and the importance of adapting to emerging threats in the cybersecurity realm.
Links:

* https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
* https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/
* ttps://www.securityweek.com/39-million-secrets-leaked-on-github-in-2024/
* https://www.theregister.com/2025/04/02/deel_rippling_espionage/
* https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/

Like what we’re doing and want to help support us? Donate here: https://www.patreon.com/defensivesec