David
Security Stuff
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Tenet Security Emerges From Stealth With $6 Million Seed Funding 17.06.2026 0:44
Tenet Security has emerged from stealth mode with six million dollars in seed funding to address a critical gap in AI security: detecting and stopping dangerous behavior from AI agents in real time. Founded by former Cisco AI Defense researchers, the company uses its own AI agents to monitor and predict potentially harmful actions before they occur, whether from runaway automation or "agentja...
144 Mastra npm Packages Compromised via Hijacked Contributor Account 17.06.2026 0:33
In a significant supply chain attack, 144 Mastra npm packages were compromised after attackers hijacked a contributor's account. The breach highlights ongoing security vulnerabilities in the JavaScript package ecosystem, where compromised developer credentials can lead to widespread distribution of malicious code. This incident underscores the critical need for stronger authentication measure...
1Password Acquires Apono in Reported $250M-$300M Deal 17.06.2026 0:47
1Password has acquired Israel-based Apono in a deal reportedly valued between 250 and 300 million dollars, significantly expanding its identity security capabilities. Apono specializes in just-in-time access governance, providing temporary, narrowly scoped permissions for humans, machines, and AI agents that automatically expire after tasks are completed, eliminating the need for persistent privil...
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats 17.06.2026 0:33
Security researchers have uncovered two dangerous campaigns targeting developers and AI users: malicious JetBrains plugins designed to steal API keys for AI services, and Chrome extensions that capture conversations with AI chatbots. These attacks specifically target valuable credentials and sensitive data from users working with artificial intelligence tools and development environments.
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization 17.06.2026 0:33
Organizations are increasingly seeking to move beyond basic security visibility to more confident threat prioritization through adversarial exposure validation. This approach helps security teams identify and focus on the vulnerabilities that pose the greatest actual risk to their systems, rather than simply cataloging potential issues. The methodology bridges the gap between detecting security pr...
The Top 10 Attack Surface Exposures in 2026 17.06.2026 0:34
Here's a summary of the top attack surface exposures expected in 2026. The article highlights emerging cybersecurity concerns including AI-discovered software vulnerabilities and the ongoing shift from traditional VPN infrastructure to Zero Trust Network Access approaches. Security experts emphasize the need for organizations to modernize their security frameworks and develop specialized expe...
UK Social Media Ban for Minors Has Privacy Experts Worried 17.06.2026 0:42
The UK is set to ban users under 16 from social media platforms like Facebook, Instagram, and TikTok starting in early 2027, joining Australia and Canada in restricting minors' online access. However, privacy experts warn that age verification requirements could force platforms to collect sensitive biometric data and create unprecedented surveillance risks, potentially causing more harm than...
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices 17.06.2026 0:47
A massive credential-harvesting campaign has compromised more than thirty thousand Fortinet firewalls and VPN gateways across nearly two hundred countries, affecting government agencies, telecommunications companies, and other critical sectors. Security researchers from SOCRadar discovered the operation after finding an exposed server belonging to the attackers, who appear to be Russian-speaking a...
Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure 16.06.2026 0:45
Over two dozen fintech and tech companies have formed a coalition called Athena to protect open source software from AI-accelerated cyberattacks by fixing vulnerabilities before they're publicly disclosed. The group, which includes JPMorgan Chase, Cisco, Cloudflare, and Docker, shares vulnerability findings among members and deploys patches through Chainguard Libraries before making them publ...
Cybersecurity Executives Urge the Trump Administration to Ease Restrictions on Anthropic AI Models 16.06.2026 0:47
Over 100 cybersecurity executives from companies like Adobe and Nvidia are urging the Trump administration to lift its export restrictions on Anthropic's latest AI models, Fable 5 and Mythos 5, which the company took offline Friday to comply with the directive. The experts argue the restrictions could help US adversaries more than hurt them, noting that while the models are good at finding so...
Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages 16.06.2026 0:43
Arch Linux has suspended new user registrations on its community-driven Arch User Repository after more than fifteen hundred malicious packages were published in an ongoing supply chain attack called Atomic Arch. The attackers targeted abandoned packages, modifying them to install rootkit-like malware designed to harvest credentials, SSH artifacts, and browser data, while using Linux kernel techno...
White House Issues Memo to Bolster NSS Cybersecurity 16.06.2026 0:42
President Trump signed a new cybersecurity memorandum to strengthen protections for National Security Systems, which handle the government's most sensitive classified information and military operations. The directive establishes a governance structure by reestablishing and modernizing the Committee on National Security Systems, which will set baseline security requirements across all agencie...
Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire 16.06.2026 0:47
TrustCloud has launched Application Assurance, a platform designed to automate how CISOs assess trust in their production applications, replacing the traditional manual questionnaire process that can take months and only provides a snapshot in time. The system uses hundreds of connectors to continuously monitor security tools, infrastructure, documentation repositories, and ticketing systems acros...
Cal Water Investigating Iranian Hackers’ Claims 16.06.2026 0:38
California Water Service is investigating claims by Iran-linked hackers from the group Handala, who say they've stolen 5 gigabytes of data from the utility's systems, including customer billing information and personal data. The hackers, believed to be a front for Iranian government operations, claimed they could have disrupted water service but chose not to, instead leaking the stolen f...
Cybercrime Group Claims Novo Nordisk Hack 16.06.2026 0:37
A cybercrime group called FulcrumSec has claimed responsibility for hacking Danish pharmaceutical giant Novo Nordisk, allegedly stealing one-point-three terabytes of data including intellectual property, undisclosed drug programs, and proprietary AI models. The hackers say they gained access through a GitHub token in March and demanded twenty-five million dollars in ransom, which Novo Nordisk refu...
AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask 16.06.2026 0:45
Security Week surveyed dozens of security experts to create a comprehensive look at how AI is currently being used in cybersecurity. The report examines five key areas including generative AI, agentic AI, shadow AI, machine learning, and artificial general intelligence, exploring both the opportunities and risks each presents. While generative AI is proving useful for tasks like summarizing incide...
Endpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round 16.06.2026 0:47
Endpoint security startup Ent has emerged from stealth mode with a massive 100 million dollar seed funding round, led by Decibel with participation from Sequoia and other major investors. Founded by the cybersecurity veterans behind RiskIQ, which Microsoft acquired, Ent is building an intent-aware security platform that uses real-time AI reasoning to evaluate behavioral patterns of both human user...
Magnitude Emerges From Stealth Mode With $10 Million in Funding 16.06.2026 0:44
San Francisco-based cybersecurity startup Magnitude has launched with 10 million dollars in seed funding led by Ballistic Ventures, introducing an autonomous AI workforce for third-party risk management. The company's platform uses AI agents that continuously monitor vendor ecosystems, automatically identifying vulnerabilities and prioritizing remediation across third-party and downstream dep...
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware 16.06.2026 0:27
North Korean threat actors are deploying NarwhalRAT malware through fake Microsoft security alerts. The attacks use social engineering tactics that mimic legitimate Microsoft warnings to trick users into downloading the remote access trojan. Once installed, NarwhalRAT gives attackers backdoor access to compromised systems, allowing them to steal data and maintain persistent control over infected m...
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth 16.06.2026 0:36
Chinese-linked threat actors have upgraded their SprySOCKS backdoor malware to now target Windows systems, incorporating driver-based stealth techniques to avoid detection. The malware, which was previously focused on other platforms, now uses Windows drivers to hide its presence and maintain persistent access to compromised systems. This evolution represents a significant enhancement in the sophi...
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week 16.06.2026 0:30
Attackers are actively exploiting three security vulnerabilities in Fortinet's FortiSandbox product, including one that was just patched last week. The flaws allow malicious actors to compromise the security sandbox solution, which organizations use to analyze suspicious files and URLs. Fortinet users are urged to apply patches immediately to prevent exploitation of these actively targeted vu...
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive 16.06.2026 0:31
A new survey reveals that 94% of security incidents involve anonymized infrastructure, highlighting how attackers increasingly use tactics to hide their identity and evade detection. Despite this growing threat, security teams remain largely reactive rather than proactive in their defense strategies, struggling to stay ahead of adversaries who leverage anonymized networks and infrastructure to lau...
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds 16.06.2026 0:34
A new Android malware called Rokarolla is targeting users by stealing PINs, SMS authentication codes, and cryptocurrency wallet funds. The sophisticated malware represents a growing threat to mobile security, particularly for users who store sensitive financial information and digital assets on their Android devices. Security experts are urging users to be vigilant about app permissions and to imp...
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service 15.06.2026 0:46
The FBI and Google have successfully dismantled Outsider Enterprise, a massive China-based phishing-as-a-service platform that operated since 2023 and caused an estimated 1.9 billion dollars in losses through the theft of nearly 4 million credit cards. The operation, which targeted victims across 55 countries primarily through text message campaigns, sent over 2.5 million phishing messages in just...
Maine Disables Data Breach Portal Due to Fake Submissions 15.06.2026 0:35
Maine's Attorney General has temporarily shut down its data breach reporting portal after fake breach notifications were submitted targeting VRChat and Discord, falsely claiming millions of users were affected. The portal, which had cataloged nearly six thousand incidents since 2020, is unique because Maine requires organizations to report nationwide breach impacts, not just state residents....
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.