Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Please consider supporting the DefSec podcast here. Here are the links we discuss this week:

This time it’s not a rerun! ]Please consider supporting the DefSec podcast here. Here are the links we discuss this week:

Please consider supporting the DefSec podcast here. Here are the links we discuss this week: https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/ https://www.theregister.com/2026/02/16/open_source_registries_fund_security/ https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/ https://www.securityweek.com/api-threats-grow-in-scale-as-ai-expands-the-blast-radius/ https://www.theregister.com/2026/02/19/rmm_rat_trustconnect/

Please consider supporting the DefSec podcast here. Links to this week’s stories: https://www.theregister.com/2026/02/02/notepad_hijacking_lotus_blossom/ https://www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/ https://www.bleepingcomputer.com/news/security/amos-infostealer-targets-macos-through-a-popular-ai-app/ https://www.theregister.com/2026/02/10/ai_agents_messaging_apps_data_leak/ https://www.theregister.com/2026/02/11/payroll_pirates_business_social_engineering/

Please consider supporting the DefSec podcast here. Links to the stories we cover in this episode:

Please consider supporting the DefSec podcast here. Links to the stories we cover in this episode: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/ https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/ https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/ https://www.bleepingcomputer.com/news/security/voidlink-cloud-malware-shows-clear-signs-of-being-ai-generated/ https://arstechnica.com/security/2026/01/mandiant-releases-rainbow-table-that-cracks-weak-admin-password-in-12-hours/

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to the stories in this episode:

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories:

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/ https://cybersecuritynews.com/mongobleed-poc-exploit-mongodb/ https://cybersecuritynews.com/fortigate-firewall-vulnerability/ https://cybersecuritynews.com/oracle-e-business-suite-hack/

Want to be the first to hear our episodes each week? Become a Patreon donor here. Merry Christmas and Happy Holidays! Links to this week’s stories: https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/ https://thehackernews.com/2025/12/russia-linked-hackers-use-microsoft-365.html?m=1 https://cybersecuritynews.com/amazon-catches-north-korean-it-worker/ https://www.darkreading.com/application-security/fake-proof-ai-slop-hobble-defenders https://www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.theregister.com/2025/12/09/hypervisor_ransomware_attacks_increasing https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable https://www.infosecurity-magazine.com/news/log4shell-downloaded-40-million https://www.infosecurity-magazine.com/news/ncsc-raises-alarms-prompt https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html?m=1

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics https://www.theregister.com/2025/11/28/posthog_shaihulud/?td=keepreading / https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/ https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions Browser extensions pushed malware to 4.3M Chrome, Edge users • The Register

Reposting Episode 331 due to the wrong mp3 attached to the original. Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: Repo Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories:

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/ https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools https://www.darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10 https://www.computerweekly.com/news/366634363/Google-Dont-get-distracted-by-AI-focus-on-real-cyber-threats

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.theregister.com/2025/11/03/mit_sloan_updates_ai_ransomware_paper/ https://www.theregister.com/2025/10/29/ey_exposes_4tb_sql_database/ https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links we discuss this week: https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1 https://www.cybersecuritydive.com/news/artificial-intelligence-security-risks-ey-report/803490/ https://www.cybersecuritydive.com/news/ai-augment-security-identity-soc/803608/ https://www.darkreading.com/cyber-risk/best-end-user-security-awareness-programs-arent-about-awareness-anymore https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/

Want to be the first to hear our episodes each week? Become a Patreon donor here. Links to this week’s stories: https://www.cybersecurity-insiders.com/how-ai-will-shape-the-future-of-cyber-defense-a-one-three-and-five-year-outlook/ https://www.helpnetsecurity.com/2025/10/15/f5-big-ip-data-breach/ https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/ https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/ https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health

Want to be the first to hear our episodes each week? Become a Patreon donor here. Here are the stories we discuss this week: https://cybersecuritynews.com/hackers-actively-compromising-databases/ https://www.bleepingcomputer.com/news/security/hackers-target-university-hr-employees-in-payroll-pirate-attacks/ https://securityaffairs.com/183154/security/threat-actors-steal-firewall-configs-impacting-all-sonicwall-cloud-backup-users.html https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/ https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html?m=1 https://databreaches.net/2025/10/12/from-sizzle-to-drizzle-to-fizzle-the-massive-data-leak-that-wasnt/

Want to be the first to hear our episodes each week? Become a Patreon donor here. Here are links to the stories we discuss this week: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/ https://www.bleepingcomputer.com/news/security/westjet-data-breach-exposes-travel-details-of-12-million-customers/ https://www.cybersecuritydive.com/news/material-cybersecurity-breaches-unreported/760892/ https://www.securityweek.com/red-hat-confirms-gitlab-instance-hack-data-theft/ https://www.securityweek.com/hackers-extorting-salesforce-after-stealing-data-from-dozens-of-customers/ https://databreaches.net/2025/10/04/just-days-before-its-data-might-be-leaked-qantas-airways-obtained-a-permanent-injunction/

Here are links to the stories we discuss this week: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html https://www.theregister.com/2025/09/23/gartner_ai_attack/ https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/ https://www.zdnet.com/article/battered-by-cyberattacks-salesforce-faces-a-trust-problem-and-a-potential-class-action-lawsuit/