David
Security Stuff
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Hackers Exploit Langflow Vulnerability for Remote Code Execution 11.06.2026 0:48
Threat actors are actively exploiting a high-severity vulnerability in Langflow, a popular low-code AI development platform, that allows remote code execution through an unpatched path traversal flaw. The vulnerability, tracked as CVE-2026-5027, is particularly dangerous because Langflow enables unauthenticated auto-login by default, meaning attackers can exploit the flaw without credentials by si...
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk 11.06.2026 0:42
CISA has issued a new directive requiring federal agencies to prioritize patching security vulnerabilities based on risk level rather than using traditional severity scores. The directive builds on CISA's Known Exploited Vulnerabilities catalog and sets aggressive timelines for remediation, with the most critical flaws in publicly exposed systems requiring patches within just three days if th...
OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month 11.06.2026 0:48
OnyxC2 is a sophisticated malware-as-a-service stealer available for as little as 250 dollars per month that gives even non-technical cybercriminals enterprise-grade theft capabilities. The malware can target roughly 210 applications and extensions across nine categories including browsers, password managers, two-factor authentication tools, cryptocurrency wallets, and business systems like FTP an...
Alert Fatigue Is Becoming a Security Threat of Its Own 11.06.2026 0:40
Alert fatigue has become a serious security threat as overwhelmed SOC analysts struggle with massive volumes of alerts that lack proper context and prioritization, leading to both missed threats and employee burnout. The problem is worsening as AI-powered attacks generate even more alerts while human analysts can't keep pace with the volume. Security experts increasingly recommend using AI-dr...
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack 11.06.2026 0:36
The hacking group OceanLotus has launched a sophisticated cyberattack campaign called FireAnt, targeting investors in Vietnam with a new piece of malware dubbed SPECTRALVIPER. The advanced persistent threat group appears to be conducting espionage operations aimed at Vietnamese financial sector professionals, marking another escalation in cyber threats facing the region's business community.
Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks 11.06.2026 0:54
Oracle has issued an emergency security advisory for a critical vulnerability in its PeopleSoft enterprise software that allows unauthenticated remote code execution, affecting versions 8.61 and 8.62 of the widely-used business management suite. The alert comes as the notorious ShinyHunters hacking group reportedly exploited this and other flaws to breach over 300 PeopleSoft instances across more...
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. 11.06.2026 0:35
AI has significantly disrupted traditional vulnerability management systems, prompting Chief Information Security Officers to shift their budgets toward Breach and Attack Simulation platforms. The move reflects a growing recognition that conventional vulnerability scanning approaches are struggling to keep pace with AI-discovered security flaws. As AI becomes increasingly capable of identifying so...
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories 11.06.2026 0:31
A security bulletin highlights three major developments: worm code has been leaked into the wild, an AI agent has been successfully phished, and Claude has released a patch for an action vulnerability. The bulletin also covers 28 additional cybersecurity stories, underscoring ongoing concerns about AI systems becoming both tools for and targets of security threats.
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories 11.06.2026 0:32
The Cybersecurity Stars Awards 2026 has announced winners across 95 categories, recognizing excellence in the field. The awards highlight the industry's focus on emerging challenges including AI-discovered software vulnerabilities, zero trust network access adoption, and the growing demand for cybersecurity risk management expertise. The recognition spans a wide range of cybersecurity discipl...
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks 28.05.2026 0:40
Google Cloud has launched AI Threat Defense, an autonomous cybersecurity platform designed to combat AI-powered cyberattacks in real time. The system combines Mandiant's security expertise, Wiz's cloud security capabilities, and Google's Gemini AI to continuously identify vulnerabilities, predict attack paths, and automatically generate and deploy code fixes in minutes rather than d...
Gitea Vulnerability Exposed 30,000 Deployments to Attacks 28.05.2026 0:50
A critical vulnerability in Gitea, the popular open-source self-hosted Git service, exposed over thirty thousand deployments to unauthorized access, allowing anyone on the internet to pull supposedly private container images without authentication. The flaw, tracked as CVE-2026-27771, had existed in the code for roughly four years before being patched last week in version 1.26.2, potentially expos...
Raising the Cybersecurity Stakes: Ante up for the Agentic Era 28.05.2026 0:49
Organizations are rapidly adopting AI agents that now write the majority of code in many enterprises, but cybercriminals are exploiting this same technology to launch machine-speed attacks that overwhelm traditional manual defenses. The challenge has evolved from simply detecting threats to preventing them autonomously, as threat actors can now weaponize AI to create exploits in minutes rather tha...
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” 28.05.2026 0:48
IBM and Red Hat are launching Project Lightwell, a five billion dollar initiative backed by over 20,000 engineers to systematically secure open source software across enterprise supply chains. The project will use artificial intelligence to identify and validate vulnerabilities at scale, creating an "enterprise clearinghouse" that will deliver vetted patches and security updates to busin...
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails 28.05.2026 0:47
France-based startup Edamame has launched a runtime security platform designed to detect when AI coding agents drift from their intended purpose and potentially cause security breaches. The system monitors agents like Cursor and Claude Desktop through six integrated layers that track divergence from developer intent and detect attack patterns such as credential harvesting and token exfiltration, w...
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks 28.05.2026 0:41
A critical vulnerability in FortiClient Endpoint Management Server, first patched in April, is now being actively exploited to deploy information-stealing malware disguised as a fake Fortinet security update. The flaw, which carries a CVSS score of nine point one and requires no authentication, allows attackers to execute malicious PowerShell commands through FortiClient's own management syst...
New BTMOB Android Malware Enables Full Device Takeover 28.05.2026 0:42
Security researchers at ESET are warning about BTMOB, a new Android remote access trojan that gives hackers full control of infected devices through phishing campaigns disguised as streaming services and cryptocurrency apps. What makes this malware particularly dangerous is that its creators are selling it with an easy-to-use builder that lets even non-technical criminals customize attacks for dif...
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware 28.05.2026 0:43
North Korean state-linked hackers are targeting cryptocurrency companies with a new operation called JINX-0164, using fake recruiter personas to deliver malware specifically designed for macOS systems. The campaign represents a continued threat to the crypto industry as attackers pose as job recruiters to trick employees into downloading malicious software that can compromise company networks and...
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users" 28.05.2026 0:38
A new report reveals that AI-related security risks in enterprises are disproportionately concentrated among a small group of heavy users, dubbed "power users." This finding suggests that organizations may need to focus their AI governance and security efforts on monitoring and managing the behavior of these high-usage individuals rather than applying blanket policies across all employee...
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More 28.05.2026 0:36
Researchers have discovered multiple security vulnerabilities including a Claude AI security plugin flaw, an Azure privilege escalation issue, and a Kali365 multi-factor authentication bypass. Additionally, new FIFA-themed scams have emerged, with over 15 separate security threats detailed in today's bulletin. These findings underscore the expanding attack surface as AI technologies become mo...
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal 28.05.2026 0:43
Microsoft is facing criticism after removing a security researcher's GitHub account following their public disclosure of a zero-day vulnerability, with the company arguing that such disclosures put users at unnecessary risk before patches can be developed and deployed. The incident has reignited debate within the cybersecurity community about responsible disclosure practices, with Microsoft d...
Nordic CISOs Handle Rising Cyber Threats Remarkably Well 28.05.2026 0:43
Nordic CISOs are managing to hold cyber threats steady despite rising attack volumes and faster exploitation times, according to a new Stockholm-based Truesec report. Ninety-one percent of surveyed chief information security officers in northern Europe reported consistent levels of severe cybersecurity incidents compared to two years ago, even as average exploitation times dropped from 53 days to...
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security 28.05.2026 0:33
Organizations are increasingly turning to cyber insurance, which is fundamentally changing how companies approach cybersecurity by requiring them to quantify their risk in concrete terms. The shift is forcing businesses to be more strategic about their security posture, as insurers demand clear metrics and accountability before providing coverage. Industry observers believe this requirement to mea...
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data 27.05.2026 0:49
The FBI is warning about a brazen new tactic from the Silent Ransom Group, a cybercrime gang that's now sending operatives in person to law firms pretending to be IT support staff. After phishing attempts or phone calls claiming to help with supposed technical issues, if remote access fails, the hackers actually dispatch someone on-site who plugs in USB drives or external hard drives directly...
GlassWorm Botnet Disrupted 27.05.2026 0:44
CrowdStrike, working with Google and the Shadowserver Foundation, has successfully disrupted the GlassWorm botnet that has been targeting open source software developers for over six months. The sophisticated malware used multiple resilient command-and-control channels including the Solana blockchain, Google Calendar, BitTorrent, and traditional servers, and was designed to steal developer credent...
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers 27.05.2026 0:36
A cyberattack that disrupted LA Metro's internal systems in mid-March has been linked to Iranian state-sponsored hackers, according to cyber intelligence firm Gambit. The attack, initially claimed by a group calling itself Ababil of Minab, resulted in hundreds of terabytes of data being wiped and over one terabyte exfiltrated, though passenger rail and bus services remained unaffected. Forens...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.