Please consider supporting the DefSec podcast here.

Links to the stories we cover in this episode:

https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/

https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/

https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/

https://arstechnica.com/security/2026/01/mandiant-releases-rainbow-table-that-cracks-weak-admin-password-in-12-hours/

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to the stories in this episode:

• https://www.theregister.com/2026/01/09/pyongyangs_cyberspies_are_turning_qr/
• https://www.scworld.com/perspective/five-ways-to-conduct-a-more-secure-hiring-process
• https://cybersecuritynews.com/vmware-esxi-exploited-toolkit/
• https://www.darkreading.com/cyber-risk/ciso-succession-crisis-highlights-turnover-amplifies-security-risks

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

• https://www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data
• https://www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/
• https://www.securityweek.com/hacker-claims-theft-of-40-million-conde-nast-records-after-wired-data-leak/
• https://databreaches.net/2025/12/30/software-company-lacked-downstream-liability-for-data-breach/
• https://techcrunch.com/2025/12/12/home-depot-exposed-access-to-internal-systems-for-a-year-says-researcher/

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/

https://cybersecuritynews.com/mongobleed-poc-exploit-mongodb/

https://cybersecuritynews.com/fortigate-firewall-vulnerability/

https://cybersecuritynews.com/oracle-e-business-suite-hack/

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Merry Christmas and Happy Holidays!

Links to this week’s stories:

https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/

https://thehackernews.com/2025/12/russia-linked-hackers-use-microsoft-365.html?m=1

https://cybersecuritynews.com/amazon-catches-north-korean-it-worker/

https://www.darkreading.com/application-security/fake-proof-ai-slop-hobble-defenders

https://www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

https://www.theregister.com/2025/12/09/hypervisor_ransomware_attacks_increasing

https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable

https://www.infosecurity-magazine.com/news/log4shell-downloaded-40-million

https://www.infosecurity-magazine.com/news/ncsc-raises-alarms-prompt

https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html?m=1

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics

https://www.theregister.com/2025/11/28/posthog_shaihulud/?td=keepreading / https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem

https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/

https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions

Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

• https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
• https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
• https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
• https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
• https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

Repo

Want to be the first to hear our episodes each week? Become a Patreon donor here.

Links to this week’s stories:

• https://cloud.google.com/blog/topics/threat-intelligence/unc6040-proactive-hardening-recommendations
• https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/ / https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
• https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
• https://cyberscoop.com/fortinet-delayed-disclosure-exploited-vulnerability/
• https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/