Episodes

  • Episode 43: May 14, 2026

    Episode 43: May 14, 2026
    May 14 2026
    This episode covers two unpatched Windows zero-days that bypass BitLocker and escalate privileges, a self-replicating worm spreading through npm packages in the TanStack ecosystem, and a critical remote code execution flaw in the Exim mail server. Adrian breaks down how disclosure tensions, supply chain infections, and legacy infrastructure vulnerabilities are colliding all at once. It's a packed signal day that shows just how fast things can unravel. Stories covered: - Windows BitLocker zero-day gives access to protected drives, PoC released (BleepingComputer) - https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/ - Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits - Forbes (Forbes) - https://news.google.com/rss/articles/CBMiuwFBVV95cUxQS1J1OUpHM1RWdDF6LXdqLThRTUFHMFFmVWk5ZGphU2ZWVnR4NWQxeTZFWmpWQmFCSldobzFvVUZKdVVXNG14Y1Y1YTdWczhnUWNGX0JtSkJ2dGpxQl9vTUlSQkdpYzdvV3A5VWNqWG4xMTZwSVN0bE8yQVNVNnN2TURTSG1pSElaR0hmTUVHNmMzSDd1MTlwNUVSWkVobjlaWFhiblZ2VzczV21YcVR3WmxHNm45MHF2TU5V?oc=5 - Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain (Dark Reading) - https://www.darkreading.com/application-security/worm-redux-fresh-mini-shai-hulud-infections-bite-supply-chain - New critical Exim mailer flaw allows remote code execution (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-critical-exim-mailer-flaw-allows-remote-code-execution/ - ‘Strava Brain’ Is Making Your Long, Hot Runs Harder Than They Need to Be (Runner's World) - https://www.runnersworld.com/news/a71273015/elapsed-time-strava-summer-runs/ - Want to Start Trail Running Like Rachel Entrekin? Begin With These Top 10 Essentials (Runner's World) - https://www.runnersworld.com/trail-running/a71293507/trail-running-gear-for-beginners/
    Show More Show Less
    6 mins
  • Episode 42: May 13, 2026

    Episode 42: May 13, 2026
    May 13 2026
    This episode covers Microsoft's rare zero-day-free Patch Tuesday, Google's discovery of the first AI-developed exploit bypassing two-factor authentication, and a self-propagating worm infecting hundreds of npm packages in the open source ecosystem. Adrian also touches on the rising cost of high-performance running shoes and what it says about premium pricing creep. Stories covered: - It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight (Dark Reading) - https://www.darkreading.com/application-security/patch-tuesday-microsoft-zero-day-sight - Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation (The Hacker News) - https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html - Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain (Dark Reading) - https://www.darkreading.com/application-security/worm-redux-fresh-mini-shai-hulud-infections-bite-supply-chain - Our Favorite New Shoes All Cost $200 and Up. But You Don’t Have to Spend That Much (Runner's World) - https://www.runnersworld.com/training/a71270170/amazing-runners-world-show-epsiode-114-favorite-shoes-of-2026/ - She Ran 250 Miles in an Astonishing 56 Hours—Beating All the Men at Cocodona and Making History - Runner's World (Runner's World) - https://news.google.com/rss/articles/CBMihAFBVV95cUxNNjZOVEZBdEFwcFdSUHRJRFNWRHZVU3dKLWxtT2xvRUVfRFlnMm9wOUN5bVRPSWRoTzhnOHlObzMtQXNVRDZJSlctV3VJem40UlcwRlI4a0RXNGxtX29VaHlrOUNTTnNYUDVFaEhRb1hkUEwxaXp2ZHBCNkstV1RsZlBzbDQ?oc=5 - New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots (The Hacker News) - https://thehackernews.com/2026/05/new-trickmo-variant-uses-ton-c2-and.html
    Show More Show Less
    5 mins
  • Episode 41: May 12, 2026

    Episode 41: May 12, 2026
    May 12 2026
    This episode digs into Google's confirmation of the first AI-generated zero-day exploits now being used in the wild, marking a major shift in the threat landscape. We also cover a supply-chain compromise in the TanStack Router project and what it means for every developer pulling dependencies. Stories covered: - Google: Hackers used AI to develop zero-day exploit for web admin tool (BleepingComputer) - https://www.bleepingcomputer.com/news/security/google-hackers-used-ai-to-develop-zero-day-exploit-for-web-admin-tool/ - Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation (The Hacker News) - https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html - Postmortem: TanStack npm supply-chain compromise (Hacker News) - https://tanstack.com/blog/npm-supply-chain-compromise-postmortem - Our Favorite New Shoes All Cost $200 and Up. But You Don’t Have to Spend That Much (Runner's World) - https://www.runnersworld.com/training/a71270170/amazing-runners-world-show-epsiode-114-favorite-shoes-of-2026/ - 2026 Transvulcania Ultramarathon Results: David Sinclair and Blandine L'Hirondel Topple Course Records - iRunFar (iRunFar) - https://news.google.com/rss/articles/CBMickFVX3lxTFBvTk83UDFJUE5panhXQVppTWNKSkk5T1U2U1g4Yzg0VEtIOFljWVpNSlZjanVseGJsSWFNdDB2bnlYT3hLSmY0cjV2LU11amlHVTJqNUswY0YxTVctckNaTWNfTmREZ3JBLUktSXJQREVuUQ?oc=5 - Linux bitten by second severe vulnerability in as many weeks (Ars Technica) - https://arstechnica.com/security/2026/05/linux-bitten-by-second-severe-vulnerability-in-as-many-weeks/
    Show More Show Less
    6 mins
  • Episode 39: May 10, 2026

    Episode 39: May 10, 2026
    May 10 2026
    This episode covers a dangerous new Linux zero-day called Dirty Frag that grants root access across major distros, a mass ShinyHunters attack defacing Canvas portals at hundreds of universities, and CISA's urgent four-day patching deadline for a critical Ivanti flaw already being exploited in the wild. Adrian also touches on volcanic trail running victories and a lightning-fast Clojure implementation in Go that boots in seven milliseconds. Stories covered: - New Linux 'Dirty Frag' zero-day gives root on all major distros (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/ - Canvas login portals hacked in mass ShinyHunters extortion campaign (BleepingComputer) - https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/ - CISA gives feds four days to patch Ivanti flaw exploited as zero-day (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day/ - 2026 Transvulcania Half Marathon Results: Volcanic Victory for Ruth Gitonga and Philemon Kiriago (iRunFar) - https://www.irunfar.com/2026-transvulcania-half-marathon-results - Show HN: I made a Clojure-like language in Go, boots in 7ms (Hacker News) - https://github.com/nooga/let-go - Zara data breach exposed personal information of 197,000 people (BleepingComputer) - https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/
    Show More Show Less
    4 mins
  • Episode 38: May 09, 2026

    Episode 38: May 09, 2026
    May 9 2026
    This episode covers critical zero-day exploits hitting Palo Alto firewalls before disclosure, an unpatched Linux privilege escalation flaw called Dirty Frag, and ShinyHunters breaching Canvas for the second time. Adrian breaks down how the window between vulnerability discovery and exploitation is collapsing fast. If you're running enterprise infrastructure or Linux systems, this Signal Check is essential listening. Stories covered: - PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage (The Hacker News) - https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html - Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News) - https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html - Canvas login portals hacked in mass ShinyHunters extortion campaign (BleepingComputer) - https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/ - 2026 Cocodona 250 Mile Results: Rachel Entrekin Wins Outright and Kilian Korth Takes Men’s Race in Record Times (iRunFar) - https://www.irunfar.com/2026-cocodona-250-mile-results - Poland says hackers breached water treatment plants, and the US is facing the same threat (TechCrunch) - https://techcrunch.com/2026/05/08/poland-says-hackers-breached-water-treatment-plants-and-the-u-s-is-facing-the-same-threat/ - DOGE used ChatGPT in a way that was both dumb and illegal, judge rules (The Verge) - https://www.theverge.com/policy/927071/doge-chatgpt-grants-canceled
    Show More Show Less
    7 mins
  • Episode 37: May 08, 2026

    Episode 37: May 08, 2026
    May 8 2026
    This episode covers a critical zero-day exploit in Palo Alto firewalls that went unpatched for nearly a month, malware hiding in PyPI packages using workplace chat tools for cover, and a major breach at Canvas that exposed student data across universities. We also dig into why trust systems in open-source repos keep getting weaponized and close with an ultramarathon story that redefines what the human body can actually endure. Stories covered: - PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux (The Hacker News) - https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html - Palo Alto Networks firewall zero-day exploited for nearly a month (BleepingComputer) - https://www.bleepingcomputer.com/news/security/pan-os-firewall-rce-zero-day-exploited-in-attacks-since-april-9/ - Canvas, used by schools and universities across the U.S., breached by hacker group - FOX13 Memphis (FOX13 Memphis) - https://news.google.com/rss/articles/CBMi9gFBVV95cUxQbWIzLVJFd3BNcWNGam9KQWdJNnJsT0ozeUZ1UVFpTGltY0RNb1FyUTlvUEtydVVxMFJsQmlmMTBrYkRuUzJyRUdtTXRZQ2dzQTlNQlJnOUVpbmYta05NcW9wMkZ6UnV5NXh2WkV3bExPTzN6NE8wZC02X0dKdkJlY3BScmhfTV84eW40TDN1THlNN3BJY1JnRmszTEM5TGlVOFFnS3h2NjJHOUtXMXNsWlYta3RjZXRGcWhLV2hwcFFSakdfaGFSejhaQW1aQWpGN1o5TGYzb21UUlh2RTA3dldxbkRPNHMzZ0hUcnJnQ1NFOGdWQlE?oc=5 - She Ran 250 Miles in an Astonishing 56 Hours—Beating All the Men at Cocodona and Making History (Runner's World) - https://www.runnersworld.com/news/a71240926/rachel-entrekin-wins-cocodona-250/ - A hacker ran me over with a robot lawn mower (The Verge) - https://www.theverge.com/tech/925696/yarbo-robot-lawn-mower-hack-remote-control-camera-access-mqtt - Dirtyfrag: Universal Linux LPE (Hacker News) - https://www.openwall.com/lists/oss-security/2026/05/07/8
    Show More Show Less
    6 mins
  • Episode 2026-04-23

    Episode 2026-04-23
    Apr 23 2026
    This episode digs into North Korean hackers weaponizing job interviews to infect developers, the concerning reality that CISA was shut out from testing Anthropic's security AI tool, and Meta's new policy of tracking every keystroke and mouse click to train its AI models. It's a Signal Check packed with uncomfortable truths about who gets access, who gets targeted, and what counts as consent in the age of surveillance capitalism.
    Show More Show Less
    7 mins
  • Episode 2026-04-20

    Episode 2026-04-20
    Apr 20 2026
    This episode digs into the surprisingly organized underground economy of stolen credit cards, where fraudsters use customer service metrics and escrow systems to avoid getting scammed themselves. We also explore the EU's rushed age-verification app that researchers dismantled in minutes, and why your push notifications might be leaking more metadata than you think.
    Show More Show Less
    7 mins