David
Security Stuff
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows 05.05.2026 0:36
North Korean threat actor ScarCruft has compromised a gaming platform to distribute BirdCall malware targeting both Android and Windows users. The sophisticated supply chain attack represents a concerning evolution in the group's tactics, using legitimate gaming infrastructure to bypass security defenses and deliver malicious payloads. Security researchers warn this campaign demonstrates incr...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks 05.05.2026 0:36
Security researchers are warning about active exploitation of CVE-2026-29014, a critical vulnerability in MetInfo CMS that allows attackers to execute remote code on vulnerable systems. The flaw is being actively exploited in the wild, putting organizations running unpatched MetInfo installations at serious risk. Administrators are urged to apply security updates immediately to prevent potential c...
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is 05.05.2026 0:35
A new security scan of one million exposed AI services has revealed widespread vulnerabilities in how organizations are deploying artificial intelligence tools. The research found that many AI systems lack basic security protections, making them easy targets for attackers who could exploit these services to steal data or manipulate AI outputs. The findings highlight a growing security gap as compa...
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed 05.05.2026 0:33
Security teams are leaving a critical vulnerability wide open: outdated VPN configurations that attackers are exploiting to move through networks at unprecedented speed. With AI now automating attacks, traditional remote access systems have become one of the fastest pathways to breach, yet most organizations haven't updated their defenses to match the threat. The gap between attack speed and...
How the Story of a USB Penetration Test Went Viral 05.05.2026 0:34
Twenty years ago, Dark Reading published a groundbreaking column about a penetration test where a security expert scattered rigged USB thumb drives in a credit union parking lot, successfully exploiting employee curiosity when workers plugged them into company computers. The article by Steve Stasiukonis became Dark Reading's first viral hit and remains a landmark story in cybersecurity journa...
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats 04.05.2026 0:46
Education technology company Instructure, maker of the widely-used Canvas learning platform, has disclosed a data breach following a cyberattack that disrupted services over the May Day weekend. The company says attackers accessed personal information including names, email addresses, and student ID numbers, while the hacker group ShinyHunters claims to have stolen 3.65 terabytes of data affecting...
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation 04.05.2026 0:43
More than 40,000 servers have been compromised in an ongoing campaign exploiting a recently patched cPanel zero-day vulnerability. The flaw, tracked as CVE-2026-41940, allows attackers to bypass authentication and gain full administrative access to servers, potentially compromising all hosted websites and databases. The vulnerability was likely exploited since late February before being publicly d...
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins 04.05.2026 0:46
CISA is warning that attackers are actively exploiting a nearly decade-old Linux kernel vulnerability dubbed Copy Fail that allows authenticated users to escalate privileges to root shell access. The vulnerability, tracked as CVE-2026-31431, has been added to CISA's Known Exploited Vulnerabilities catalog, with federal agencies given two weeks to patch. Microsoft reports limited exploitation...
OpenAI Rolls Out Advanced Security for ChatGPT Accounts 04.05.2026 0:43
OpenAI has launched Advanced Account Security, an opt-in feature designed for ChatGPT users at higher risk of targeted attacks, including journalists, researchers, and political dissidents. The security upgrade requires physical security keys or passkeys instead of passwords, replaces traditional email and SMS recovery with backup keys, shortens session times, and automatically excludes user conve...
DigiCert Revokes Certificates After Support Portal Hack 04.05.2026 0:39
DigiCert has revoked 60 fraudulently obtained security certificates after hackers breached its support portal in April. The attackers delivered malware through customer chat disguised as a screenshot, infected two systems, then exploited support analyst access privileges to obtain initialization codes for EV Code Signing certificates. Among the revoked certificates, 11 were used to sign the Zhong...
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 04.05.2026 0:46
Cybersecurity mergers and acquisitions remained robust in April 2026 with 33 deals announced, reflecting continued industry consolidation around AI security and identity protection. Notable transactions include Palo Alto Networks acquiring AI gateway firm Portkey for up to 140 million dollars, Cyera buying Ryft for an estimated 100 to 130 million dollars to strengthen its agentic AI security platf...
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks 04.05.2026 0:42
Cisco announced plans to acquire Astrix Security, a startup specializing in securing non-human identities like API keys and OAuth tokens, for a reported $400 million. The acquisition addresses growing security concerns around AI agents and machine-to-machine access, as these automated identities rapidly expand the enterprise attack surface. Cisco plans to integrate Astrix's technology, which...
Trellix Source Code Repository Breached 04.05.2026 0:37
Cybersecurity firm Trellix has disclosed a breach of part of its source code repository, though the company says there's no evidence the code was exploited or that its release process was compromised. The timing suggests a possible connection to a wider supply chain campaign linked to hacker groups TeamPCP and Lapsus Dollar, which has also hit other security companies including Checkmarx, Aqu...
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks 04.05.2026 0:31
A critical cPanel vulnerability is actively being exploited by threat actors targeting government agencies and managed service providers. The security flaw in the widely-used web hosting control panel software has been weaponized in active attacks, allowing hackers to potentially compromise hosting infrastructure. Security experts are urging administrators to immediately patch their systems, as th...
2026: The Year of AI-Assisted Attacks 04.05.2026 0:36
Security experts are warning that twenty twenty-six could mark a turning point where attackers leverage AI to dramatically accelerate their operations, collapsing the time defenders have to respond to threats. The concern centers on how AI-powered tools can turn standard remote access systems into rapid breach pathways, with attackers moving faster than human security teams can react. The shift re...
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia 04.05.2026 0:38
The threat actor group Silver Fox has launched a targeted phishing campaign against users in India and Russia, using fake tax-themed documents to deliver a new malware strain called ABCDoor. The sophisticated campaign exploits people's concerns about tax compliance to trick victims into opening malicious attachments that install the backdoor malware. Once deployed, ABCDoor gives attackers per...
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More 04.05.2026 0:34
Security researchers have uncovered multiple serious threats this week, including a new AI-powered phishing campaign, an Android spying tool in active use, and a critical Linux exploit that could compromise systems. Additionally, GitHub disclosed a remote code execution vulnerability that has since been patched, highlighting the ongoing challenges organizations face in maintaining secure developme...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass 04.05.2026 0:29
Progress Software has issued a critical security patch for MOVEit Automation addressing a high-severity authentication bypass vulnerability. The bug could allow attackers to circumvent security controls and gain unauthorized access to the file transfer system. This marks another significant security update for MOVEit, which has faced previous serious vulnerabilities that have been exploited in wid...
How Dark Reading Lifted Off the Launchpad in 2006 04.05.2026 0:42
Dark Reading, a leading cybersecurity news site, is celebrating its 20th anniversary after launching in May 2006 without a traditional print counterpart. Co-founder Terry Sweeney recounts the site's rapid two-month launch, spearheaded by entrepreneur Steve Saunders and an early editorial team including Tim Wilson and Kelly Jackson Higgins, who built the publication's reputation through h...
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools 04.05.2026 0:35
A new phishing campaign has compromised more than 80 organizations by exploiting legitimate remote management tools SimpleHelp and ScreenConnect. Attackers are using these trusted RMM platforms to gain unauthorized access to corporate networks, turning standard IT administration software into weapons for credential theft and system infiltration. The campaign highlights how cybercriminals increasin...
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia 04.05.2026 0:33
A Chinese state-backed hacking group called Silver Fox has launched over 1,600 socially engineered attacks against organizations in India and Russia, using tax-themed messages as bait. The campaign targets multiple sectors and aims to deliver several types of malware, including a previously unknown backdoor called ABCDoor and another tool called ValleyRAT, giving the attackers persistent access to...
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability 04.05.2026 0:30
A critical authentication-bypass vulnerability in cPanel is now under active exploitation, with multiple proof-of-concept exploits emerging shortly after disclosure. The situation is particularly concerning as one researcher claims the flaw may have been exploited as a zero-day for at least a month before it became publicly known. The vulnerability threatens millions of systems that rely on cPanel...
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems 03.05.2026 0:49
The Pentagon announced Friday it has secured deals with seven major tech companies including Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection, and SpaceX to integrate their artificial intelligence into classified military networks. The agreements will allow the military to use AI for tasks like accelerating target identification, organizing supply lines, and supporting battlefiel...
New Bluekit Phishing Kit Features AI Assistant 02.05.2026 0:45
Security researchers at Varonis have discovered Bluekit, a sophisticated new phishing kit that includes an AI assistant and automates the entire attack workflow from domain registration to credential harvesting. The kit offers over 40 website templates targeting major platforms like Apple, Gmail, and GitHub, and features advanced capabilities including two-factor authentication bypass, voice cloni...
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom 01.05.2026 0:49
Over 1,800 developers have been hit by the Mini Shai-Hulud supply chain attack that compromised packages across PyPi, NPM, and PHP ecosystems, including popular tools like Lightning and Intercom with nearly 10 million monthly downloads combined. The malware, attributed to the TeamPCP hacking group, steals credentials, API keys, tokens, and other secrets from infected machines, then uploads the sto...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.