David

Security Stuff

Author

David

Category

Technology

Latest episode

Jul 2, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

FortiBleed: 86,000 Fortinet Device Credentials Compromised 19.06.2026

CISA is warning organizations about FortiBleed, a massive credential theft campaign that has compromised over 86,000 internet-facing Fortinet firewalls and VPNs across 194 countries. Russian-speaking threat actors have compiled a verified database of working usernames and passwords through automated testing, representing roughly half of all internet-facing Fortinet devices, and have been using a 4...

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data 19.06.2026

Salesforce has disabled integration with the Klue app after discovering OAuth token abuse that led to customer data exposure. The incident highlights growing concerns about third-party application security and the risks associated with OAuth token management. Salesforce took swift action to disable the integration to protect customer accounts while investigating the breach.

Forget Data Leakage: Shadow AI's Real Threat Is Access Control 19.06.2026

While shadow AI—the use of unauthorized AI tools by employees—is often discussed in terms of data leakage risks, security experts now warn that the bigger threat is access control. When employees use unapproved AI systems, organizations lose visibility and control over who can access sensitive resources, creating security gaps that traditional perimeter defenses can't address. This shifts the...

From Assistive to Agentic: The AI Shift That's Redefining Threat Management 19.06.2026

AI in cybersecurity is rapidly evolving from simple assistive tools to more autonomous agentic systems that can independently discover and manage threats. This shift is prompting organizations to rethink their security strategies, with experts recommending a move toward zero-trust network architectures that limit lateral movement and connect users directly to applications rather than entire networ...

Stressors, AI Forcing Changes to Cybersecurity Teams 19.06.2026

Cybersecurity leaders are feeling the pressure as two-thirds of professionals say their jobs have become significantly harder over the past two years, driven by increased complexity, heavier workloads, and the rapid adoption of AI technologies. The stress is causing a notable shift in the industry, with full-time CISOs dropping from 76% to 63% of companies, while fractional or part-time CISOs have...

SailPoint to Acquire Entro in Reported $200 Million Deal 18.06.2026

Identity security provider SailPoint has announced it will acquire Israeli startup Entro for a reported two hundred million dollars, adding non-human identity and credential security capabilities to its portfolio. Entro, which raised twenty-four million dollars in funding, specializes in secrets discovery, mapping human identities to machine identities, and AI agent threat detection. The acquisiti...

Kodak Admits Data Breach After ShinyHunters Hack Claims 18.06.2026

Imaging and printing company Kodak has confirmed a data breach after the cybercrime group ShinyHunters claimed to have stolen over 2.2 million customer records and threatened to leak the data unless a ransom is paid by June 18th. While Kodak says the breach was limited in scope and has been contained with no ongoing threat to systems or operations, the company is working with cybersecurity experts...

F5 Patches Critical, High-Severity NGINX Vulnerabilities 18.06.2026

F5 has released emergency security updates for NGINX to address multiple vulnerabilities, including two critical flaws with a CVSS score of 9.2 that could allow unauthenticated attackers to execute arbitrary code or cause denial-of-service conditions. The most severe bugs, CVE-2026-42530 and CVE-2026-42055, affect HTTP modules and involve use-after-free and heap-based buffer overflow issues that c...

Rokarolla Banking Trojan Targets 200 Applications 18.06.2026

Mobile security firm Zimperium is warning Android users about Rokarolla, a new banking trojan that can target over 200 cryptocurrency and banking applications. The malware is distributed through malicious websites disguised as popular apps like Chrome and TikTok, and once installed, it can steal lockscreen credentials, capture keystrokes, hijack SMS messages and calls, and even replace cryptocurre...

Critical Command Execution Vulnerability Patched in Cisco ISE 18.06.2026

Cisco has patched a critical vulnerability in its Identity Services Engine products that could allow attackers with admin credentials to execute arbitrary commands and escalate privileges to root level. The flaw, tracked as CVE-2026-20181 with a severity score of 9.1, was fixed along with a high-severity information disclosure bug that could expose hashed credentials to unauthenticated attackers....

Dream Raises $260 Million at $3 Billion Valuation 18.06.2026

Israeli cybersecurity startup Dream has raised 260 million dollars at a 3 billion dollar valuation, bringing its total funding to over 410 million dollars since its founding in 2023. The company, founded by controversial former NSO Group CEO Shalev Hulio along with former Austrian Prime Minister Sebastian Kurz and cybersecurity expert Gil Dolev, offers three platforms focused on sovereign AI and n...

Atlassian, Splunk Patch Critical Vulnerabilities 18.06.2026

Atlassian and Splunk have released patches for critical security vulnerabilities in their products. Splunk fixed a critical flaw in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands, while Atlassian published 100 security bulletins addressing vulnerabilities in third-party dependencies used across products like Jira, Confluence, and Bitbuck...

No Exploits Required 18.06.2026

A veteran security researcher argues that while software vulnerabilities and exploits get a lot of attention, they only account for 32% of initial cyberattacks, with the remaining two-thirds succeeding simply because of the fundamental design of modern networking. The internet's universal connectivity and interoperability, which make it so useful, also make it incredibly difficult to defend,...

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push 18.06.2026

Accenture announced a massive 4.1 billion dollar investment in operational technology cybersecurity, acquiring a majority stake in Dragos while fully purchasing runZero and NetRise. The deal brings together three specialized companies: Dragos for industrial threat detection, NetRise for firmware analysis, and runZero, founded by Metasploit creator HD Moore, for asset discovery and attack surface i...

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network 18.06.2026

A growing security concern is emerging around orphaned AI agents – artificial intelligence systems that may have been deployed within corporate networks but lack proper oversight or access controls. Security experts are warning that these forgotten or poorly managed AI agents could create hidden vulnerabilities, giving them unauthorized access to sensitive data or systems without proper authentica...

The Scripts on Your Checkout Page Are Now a PCI DSS Problem 18.06.2026

The Payment Card Industry Data Security Standard has updated its requirements to explicitly address security risks from third-party scripts running on checkout pages. Organizations that accept credit card payments must now take responsibility for all scripts loading on their payment pages, as malicious or compromised JavaScript code could potentially capture customer payment data. This change refl...

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic 18.06.2026

The DragonForce hacker group has been discovered using Microsoft Teams relay servers to conceal command and control traffic for the Backdoor. Turn malware. By routing their malicious communications through legitimate Microsoft infrastructure, the attackers can effectively hide their activities from traditional security monitoring tools, making the backdoor operations much harder to detect. This te...

EU Gets a Head Start in Developing 6G Network Security 18.06.2026

European researchers are already developing security measures for 6G networks, expected to roll out globally around 2030, through an EU-funded project called Shield-6G. The initiative brings together 19 organizations to create a cyber threat intelligence platform that will use AI-driven detection, digital twins, honeypots, and federated learning to protect the vastly expanded attack surface create...

Get Out of Security Debt by Tackling the Exposure Problem 18.06.2026

Security teams face a critical challenge with 82% of organizations carrying security debt — vulnerabilities that have been open for more than a year. According to Veracode's Chief Security Evangelist Chris Wysopal, the key isn't fixing every vulnerability but reducing exposure time for the most dangerous ones by focusing on critical applications and flaws that combine high severity with...

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks 17.06.2026

Cybersecurity officials are warning about active exploitation of critical vulnerabilities in Joomla and LiteSpeed's cPanel plugin. The Joomla flaw allows unauthenticated attackers to upload malicious files and execute code on servers, while the LiteSpeed vulnerability enables privilege escalation to root access on shared hosting servers. The US Cybersecurity and Infrastructure Security Agency...

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities 17.06.2026

Both Chrome and Firefox have released urgent security updates patching over seventy vulnerabilities combined, including critical memory safety bugs that could allow hackers to remotely execute malicious code. Chrome's update fixes thirty-three security flaws, with seven rated critical severity, most of them use-after-free vulnerabilities that could enable attackers to break out of the browser...

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day 17.06.2026

Microsoft is working on a patch for a vulnerability in Windows Defender dubbed "RoguePlanet" that allows attackers to exploit a race condition and gain System-level privileges on Windows 10 and 11 machines. The zero-day flaw was publicly disclosed last week by security researcher Nightmare Eclipse, who has recently released several exploits targeting Microsoft products out of frustration...

Oracle’s Second Monthly Security Updates Deliver 245 Patches 17.06.2026

Oracle has released its second monthly Critical Security Patch Update, delivering 245 patches across its product portfolio, including Fusion Middleware, MySQL, and PeopleSoft. The update addresses roughly 120 critical vulnerabilities, with 100 flaws exploitable remotely without authentication, though Oracle hasn't confirmed any zero-day exploits despite recent reports of cybercriminals target...

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software 17.06.2026

Rockwell Automation has released patches for multiple vulnerabilities affecting its industrial control systems, including Logix and CompactLogix controllers, along with its FactoryTalk automation software. The flaws range from critical authentication bypasses and denial-of-service issues to a vulnerability that could allow attackers to take over device accounts by changing web interface passwords....

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack 17.06.2026

The DragonForce ransomware group has deployed a sophisticated new backdoor that disguises its malicious traffic as legitimate Microsoft Teams communications, marking the first known malware to abuse Microsoft's TURN relay infrastructure in this way. The custom malware, called Backdoor. Turn, obtains anonymous Teams tokens and uses legitimate Microsoft relay servers to communicate with attacke...

Listen to the Security Stuff podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.