David

Security Stuff

Author

David

Category

Technology

Latest episode

Jul 2, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Exploitation of Recent Oracle E-Business Suite Vulnerability Begins 30.06.2026

Threat actors have begun actively exploiting a critical vulnerability in Oracle E-Business Suite's Payments component that carries a severity score of 9.8 out of 10. The flaw, which Oracle patched in late May, allows unauthenticated attackers to completely take over the Payments system via HTTP, and security firm Defused detected the first exploitation attempts over the weekend through its ho...

Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat 30.06.2026

Chris Thompson went from hacking video games as a teenager to founding IBM's first dedicated red team and leading X-Force Red, before recently launching RemoteThreat to use AI against malicious actors. His unconventional path included convincing major companies like EA to hire him at eighteen for security work, and he built his career on proving skills rather than academic credentials — a phi...

Aflac Japan Data Breach Impacts 4.38 Million 30.06.2026

Aflac Life Insurance Japan has disclosed a major data breach affecting 4.38 million customers after hackers accessed their systems between June 15th and 25th. The stolen information includes names, addresses, phone numbers, dates of birth, and insurance account details, with banking information for about 230,000 people also compromised, though credit card data remained secure. The incident has dis...

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks 30.06.2026

Adversa AI has discovered a major vulnerability in open source AI coding agents, dubbed GuardFall, that exploits decades-old Bash shell tricks to bypass security guards and execute malicious commands. Of eleven popular agents tested, only one—Continue—was able to block all the attack techniques, which use methods like quote removal and spacing manipulation to disguise destructive commands that the...

BlueHammer Vulnerability Exploited in Ransomware Attacks 30.06.2026

The cybersecurity agency CISA has confirmed that the BlueHammer vulnerability in Microsoft Defender is now being actively exploited in ransomware attacks. The flaw, tracked as CVE-2026-33825, was publicly disclosed by a disgruntled researcher in April before Microsoft had released patches, and was initially exploited as a zero-day for privilege escalation. While CISA added the vulnerability to its...

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials 30.06.2026

Researchers have discovered a new attack method called "BioShocking" that exploits vulnerabilities in AI-powered web browsers to steal user credentials. The attack takes advantage of how AI agents interact with websites, potentially tricking them into revealing sensitive login information. Security experts warn that as AI-powered browsing tools become more common, organizations need to i...

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth 30.06.2026

Progress Software has disclosed a critical vulnerability in its Kemp LoadMaster product that could allow attackers to execute commands with root privileges without authentication. The pre-authentication flaw represents a serious security risk, as it would give unauthorized users complete control over affected systems. Organizations using Kemp LoadMaster are urged to patch immediately to prevent po...

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks 30.06.2026

Researchers have discovered critical vulnerabilities in Apple's AirDrop and Android's Quick Share features that allow nearby attackers to crash devices and bypass security checks. The flaws affect the file-sharing systems that millions of users rely on daily, potentially enabling malicious actors within wireless range to disrupt device functionality. Both Apple and Google will need to is...

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer 30.06.2026

Cybercriminals are actively exploiting a vulnerability in SimpleHelp remote access software, identified as CVE-2026-48558, to deploy malicious tools including TaskWeaver and the Djinn Stealer credential-stealing malware. The attacks demonstrate how threat actors are quickly weaponizing newly discovered software vulnerabilities to gain unauthorized access to systems and steal sensitive data. Organi...

What the Numbers Say About FIFA 2026 Cyber Risk 30.06.2026

The 2026 FIFA World Cup presents significant cybersecurity challenges, with major sporting events historically attracting increased cyber threats from hackers seeking to exploit massive data flows and interconnected systems. Organizers and security teams are analyzing threat patterns from previous tournaments to prepare defenses against potential attacks on ticketing systems, broadcasting infrastr...

AI-Generated Workflows Are a Silent Security Disaster 30.06.2026

AI-generated workflows are creating a significant security problem in organizations. These automated systems function effectively but lack transparency, meaning team members can't fully understand how they work or identify potential vulnerabilities. The issue is particularly concerning because the automation operates silently in the background, making security risks harder to detect and addre...

OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI 29.06.2026

OpenAI has launched a limited preview of its GPT-5.6 model lineup, with Sol being marketed as its most advanced cybersecurity AI, specifically optimized for defensive security tasks like vulnerability identification and patch development. Following consultation with the US government, the tiered release includes Sol for high-intensity reasoning, Terra for everyday workloads at half the cost of pre...

US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve 29.06.2026

The US government is offering up to $10 million for information on two Russian state-sponsored hacking groups that have been targeting government officials, military personnel, journalists, and political figures through sophisticated phishing campaigns on messaging apps like Signal and WhatsApp. The hackers, tracked as UNC5792 and UNC4221 and linked to Russian intelligence services, pose as app su...

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access 29.06.2026

JFrog has released technical details and a proof of concept for DirtyClone, a high-severity Linux kernel vulnerability that allows local users to gain root privileges. The flaw, tracked as CVE-2026-43503 with a score of 8.8, is a variant of similar memory corruption bugs and affects popular distributions like Debian, Fedora, and Ubuntu that enable unprivileged user namespaces. The vulnerability po...

OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review 29.06.2026

OpenAI and Anthropic are releasing their newest AI models to limited, Trump administration-approved customers following unprecedented government cybersecurity reviews. OpenAI's GPT-5.6 Sol will be accessible only to approved partners, while Anthropic received clearance to deploy its Mythos 5 model to select cyber defenders after earlier being blocked by export controls. The government scrutin...

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack 29.06.2026

The National Association of Insurance Commissioners has confirmed it was hit in the recent Oracle PeopleSoft zero-day attack campaign orchestrated by the ShinyHunters cybercrime group. The breach compromised publicly available financial reporting data and technical information, though NAIC says no personal or payment information was stolen, and state insurance department systems were not affected....

Chinese Framework Powers 200,000 Scam Sites 27.06.2026

Cybersecurity researchers at Infoblox have discovered over 200,000 scam websites built using templates powered by Uni-App, a legitimate Chinese open-source development framework. The fraudulent sites range from fake cryptocurrency exchanges to phishing operations and so-called pig-butchering scams, including the notorious RainbowEx platform that defrauded thousands in Argentina. While the framewor...

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards 27.06.2026

OpenAI has unveiled a preview of GPT-5.6 Sol, a new model that will feature restricted access and enhanced cybersecurity protections. The limited rollout suggests OpenAI is taking a cautious approach with this latest iteration, prioritizing security safeguards before a wider release. The announcement comes as AI companies face increasing pressure to address potential security vulnerabilities in th...

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild 26.06.2026

Cybersecurity officials have confirmed the first-ever exploitation of PTC Windchill, a widely-used product lifecycle management platform, in real-world attacks. The vulnerability, tracked as CVE-2026-12569, allows remote attackers to execute arbitrary code without authentication, and hackers have been using it to deploy webshells for remote command execution and data exfiltration. CISA has added t...

New Enterprise-Ready MCP Specification Brings New Security Challenges 26.06.2026

The Model Context Protocol, introduced by Anthropic in 2024, is transitioning to an enterprise-ready version on July 28, 2026, giving companies a 12-month window to prepare. While the new stateless protocol eliminates some vulnerabilities like session hijacking, security firm Akamai warns it introduces new attack surfaces including workflow hijacking risks, potential data leakage through HTTP head...

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets 26.06.2026

The Russian state-sponsored hacking group Turla, linked to Russia's Federal Security Service, has been deploying a new backdoor called StockStay against Ukrainian government and military targets since 2022. The espionage tool, which masquerades as legitimate software like PDF viewers or calculators, supports extensive capabilities including file exfiltration, screen capture, and system inform...

Linux Foundation Unveils New Open Source Security Project Akrites 26.06.2026

The Linux Foundation has launched Akrites, a new open source security initiative that establishes a shared Security Incident Response Team to coordinate vulnerability discovery, patching, and disclosure across the open source software ecosystem. Backed by major tech companies including Google, Microsoft, AWS, and OpenAI, the project aims to address a critical timing problem where AI-enabled attack...

$3 Million Reportedly Stolen in Polymarket Hack 26.06.2026

Cryptocurrency-based prediction market Polymarket has promised to fully refund users after hackers stole roughly 3 million dollars through a compromised third-party vendor that injected malicious code into the platform's frontend. According to blockchain security firm PeckShield, the attackers made off with around 3 million dollars worth of pUSD, Polymarket's trading currency, from at le...

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks 26.06.2026

Google has uncovered details about STOCKSTAY, a new backdoor being used by the Russian hacking group Turla in espionage campaigns targeting Ukraine. The malware represents an evolution in Turla's toolkit as the group continues its intelligence-gathering operations against Ukrainian entities. Google's disclosure provides security teams with fresh indicators to detect and defend against th...

Nebulock Raises $25 Million for AI-Native Contextual Security 26.06.2026

Boston-based cybersecurity startup Nebulock has raised 25 million dollars in Series A funding, bringing its total funding to over 33 million dollars, with FirstMark leading the round. The company, which emerged from stealth a year ago, uses AI-powered autonomous threat hunting to track behavioral patterns across endpoints, cloud, identity, and network systems, creating what they call a "behav...

Listen to the Security Stuff podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.