David
Security Stuff
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It) 13.05.2026 0:36
SANS Institute is promoting a webinar focused on identifying critical security vulnerabilities that standard AppSec tools often overlook, specifically what they call the "lethal path" in applications. The webinar aims to help security professionals build more comprehensive security strategies that can gain executive approval, alongside promoting their LDR514 leadership course and various...
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation 13.05.2026 0:34
An Azerbaijani energy company has fallen victim to multiple cyberattacks exploiting vulnerabilities in Microsoft Exchange servers. The repeated exploitation highlights ongoing security challenges facing critical infrastructure organizations, particularly in the energy sector where outdated or unpatched systems remain vulnerable to known threats. The attacks underscore the importance of timely secu...
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday 13.05.2026 0:38
Microsoft's AI-powered security tool, MDASH, has successfully identified 16 vulnerabilities in Windows that were addressed in this month's Patch Tuesday update. The system represents a significant step forward in using artificial intelligence to proactively discover security flaws before they can be exploited by attackers. This marks a notable advancement in automated vulnerability detec...
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm 13.05.2026 0:42
A China-linked cyber espionage group called FamousSparrow has been discovered targeting an oil and gas company in Azerbaijan, marking the first time Chinese threat actors have been found operating in Azerbaijani industries. The group used sophisticated DLL sideloading techniques and repeatedly breached the company between December and February because the victim failed to patch a vulnerable Micros...
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly 13.05.2026 0:43
Two cyberattack campaigns in Latin America are using AI agents to automate entire hacking operations, from initial reconnaissance to custom tool creation, targeting government and financial organizations in Mexico and Brazil. The attackers jailbroke AI assistants by claiming they were conducting authorized security tests, then used them to scan for vulnerabilities, generate custom malware on the f...
Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? 12.05.2026 0:42
The traditional Security Operations Center model is becoming obsolete not due to lack of skilled analysts, but because cyber threats now operate at machine speed while SOCs remain human-centric workflows. Attackers are deploying AI-powered malware that rewrites itself in real-time and executes campaigns in mere seconds, far outpacing the manual triage and investigation processes that still dominat...
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 12.05.2026 0:45
Over 170 packages across major platforms including TanStack, Mistral AI, and UiPath were compromised in a sophisticated supply chain attack by the hacking group TeamPCP. The attackers exploited GitHub's authentication system by chaining three security vulnerabilities to publish malicious packages that appeared legitimate with valid security certificates, allowing them to steal developer crede...
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means 12.05.2026 0:45
Anthropic's restricted Claude Mythos AI model found only one low-severity vulnerability when testing the widely-used curl tool, despite the company's claims of discovering thousands of zero-days across various codebases. Curl's lead developer Daniel Stenberg says the results suggest Mythos performs no better than previous AI security tools, though some experts argue the limited find...
Apple Patches Dozens of Vulnerabilities in macOS, iOS 12.05.2026 0:41
Apple released sweeping security updates Monday addressing dozens of vulnerabilities across its operating systems, with iOS and iPadOS 26.5 patching over 60 security flaws including 20 WebKit issues that could lead to crashes and data exposure. The company also issued patches for macOS Tahoe resolving nearly 80 vulnerabilities, while rolling back a fix to older iOS versions for a flaw the FBI repo...
SAP Patches Critical S/4HANA, Commerce Vulnerabilities 12.05.2026 0:53
SAP has released 15 security patches in its May 2026 update, including fixes for two critical vulnerabilities in S/4HANA and Commerce, both rated 9.6 on the CVSS scale. The S/4HANA flaw is an SQL injection issue that could allow authenticated attackers to leak data, while the Commerce vulnerability involves a missing authentication check that enables unauthenticated users to execute arbitrary serv...
West Pharmaceutical Services Hit by Disruptive Ransomware Attack 12.05.2026 0:48
West Pharmaceutical Services, a Pennsylvania-based pharmaceutical packaging and delivery systems manufacturer, is working to restore operations following a ransomware attack on May fourth that disrupted business globally. The company proactively shut down affected systems, enlisted Palo Alto Networks' Unit 42 for incident response, and confirmed that attackers exfiltrated data before deployin...
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform 12.05.2026 0:42
Instructure, the company behind the widely-used Canvas educational platform, has reached a deal with hackers who stole data from nearly 9,000 schools and 275 million users during finals week. The hacking group ShinyHunters had threatened to leak the stolen information, which included student IDs, email addresses, and messages, unless schools paid a ransom by May 6th. Instructure says the hackers h...
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware 12.05.2026 0:46
Cybercriminals are using the lure of free OnlyFans accounts to distribute CRPx0, a sophisticated cross-platform malware targeting Windows and macOS users. The malware operates in three stages: first stealing cryptocurrency by swapping wallet addresses in the clipboard, then exfiltrating sensitive data, and finally deploying ransomware that encrypts files with a ransom demand. The campaign has repo...
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak 12.05.2026 0:31
Instructure has reached a ransom agreement with the hacking group ShinyHunters to prevent the leak of 3.65 terabytes of data from Canvas, its learning management platform. The massive data trove reportedly contained sensitive information from the widely-used educational software system. This marks another high-profile case of a company negotiating directly with cybercriminals to prevent data expos...
Why Agentic AI Is Security's Next Blind Spot 12.05.2026 0:37
Agentic AI, or AI systems that can act autonomously on behalf of users, is emerging as security's next major vulnerability because it operates with limited oversight while having significant access to sensitive systems and data. These AI agents can make decisions and take actions without explicit human approval in each instance, creating a new attack surface that organizations aren't ade...
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages 12.05.2026 0:31
A malicious worm dubbed "Mini Shai-Hulud" has successfully compromised multiple high-profile software packages including TanStack, Mistral AI, and Guardrails AI. The attack appears to target the software supply chain by infiltrating these widely-used developer tools and packages, potentially affecting numerous downstream applications and users who depend on these libraries.
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help 12.05.2026 0:25
A new webinar from Radiant Security addresses a critical problem in security operations centers: why the riskiest alerts often go unanswered. The presentation will explore how security teams can better prioritize and respond to high-risk threats that might otherwise slip through the cracks due to alert fatigue or resource constraints.
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots 12.05.2026 0:42
Cybersecurity researchers have discovered a new variant of the TrickMo Android malware that uses The Open Network as a command and control system and leverages SOCKS5 proxies to turn infected devices into network pivots. This advanced capability allows attackers to route malicious traffic through compromised Android phones, effectively using them as stepping stones to breach corporate networks and...
20 Leaders Who Built the CISO Era: 2 Decades of Change 12.05.2026 0:47
Dark Reading, celebrating its 20th anniversary, has profiled 20 influential figures who shaped the modern cybersecurity landscape and the chief information security officer role. The list includes pioneers like Steve Katz who formalized the CISO position at Citicorp, security researchers like Dan Kaminsky and Troy Hunt, and controversial figures including Edward Snowden and convicted cybercriminal...
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested 11.05.2026 0:43
German police have successfully shut down the second iteration of the Crimenetwork dark web marketplace just days after it was resurrected following an initial takedown in December 2024. The original marketplace, which operated for over 12 years with more than 100,000 users, facilitated the trade of stolen data, drugs, and falsified documents using cryptocurrency, generating an estimated 3.6 milli...
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks 11.05.2026 0:43
A new Linux vulnerability called Dirty Frag, which chains two flaws to allow unprivileged users to gain root access, may already be exploited in the wild according to Microsoft. The vulnerability was prematurely disclosed before patches were ready, affecting major Linux distributions and the IPsec and RxRPC kernel components with a notably high success rate since it doesn't require timing-bas...
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 11.05.2026 0:37
Cybersecurity firm Checkmarx has warned that a malicious version of its Jenkins AST plugin was published to the Jenkins Marketplace as part of an ongoing supply chain attack. The incident stems from a security breach that began in March when the TeamPCP hacker gang accessed Checkmarx's repositories through a separate Trivy supply chain attack, later followed by data exposure from the Lapsus d...
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools 11.05.2026 0:44
Canvas, a widely-used online learning platform serving tens of thousands of schools globally, was knocked offline by a cyberattack just as students were preparing for final exams. A hacking group called ShinyHunters claimed responsibility, saying they accessed nearly 9,000 schools' data including billions of private messages, and demanded individual schools negotiate settlements directly. The...
SailPoint Discloses GitHub Repository Hack 11.05.2026 0:36
Identity management provider SailPoint has disclosed that hackers gained unauthorized access to some of its GitHub repositories on April 20th through a vulnerability in a third-party application. The company says it quickly contained the breach and found no evidence that customer data in production or staging environments was compromised, though it did notify customers whose information was stored...
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring 11.05.2026 0:42
Cloudflare is laying off more than eleven hundred employees worldwide as part of what executives are calling an AI-driven restructuring for the "agentic AI era." The company says AI usage by employees has surged over 600 percent in the past three months across departments like HR, marketing, finance, and engineering, prompting a reorganization they insist is not about cost-cutting or per...
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos