David

Security Stuff

Author

David

Category

Technology

Latest episode

Jul 2, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

The Credential Crisis: How Stolen Credentials Defeat Modern Security 27.05.2026

Stolen credentials have become one of the most effective attack methods in cybersecurity because when attackers use legitimate login information, they essentially appear as authorized users, making detection extremely difficult. The problem spans both human credentials like passwords and biometrics, as well as non-human credentials like API keys and session tokens, with companies potentially manag...

‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems 27.05.2026

Researchers at Adversa AI have discovered "SymJack," a new attack method that exploits AI coding agents to inject malicious code into software development pipelines by hijacking symlinks in project files. The attack works by disguising a malicious symlink as an innocuous file that, when approved by an unsuspecting developer, secretly registers a malicious server that can steal credential...

Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform 27.05.2026

Canadian identity security company Lastwall has raised 11.5 million dollars in a Series A extension to expand its quantum-resilient identity platform across North America. The company provides passwordless authentication and identity management for defense and government organizations, with its flagship product evaluating 200 contextual signals like keystroke patterns and mouse movements to assign...

Romanian Hacker Sentenced to Prison in US for Selling Access to State Network 27.05.2026

A Romanian hacker has been sentenced to four years and eight months in a US prison after pleading guilty to breaching an Oregon state government network and selling access to it for three thousand dollars in Bitcoin. Forty-five-year-old Catalin Dragomir admitted to hacking and selling access to at least ten organizations, causing losses exceeding two hundred fifty thousand dollars, though he claim...

SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay 27.05.2026

SecurityWeek is hosting its third annual AI Risk Summit on August 11th and 12th, 2026, in Half Moon Bay, California, bringing together security leaders, AI researchers, and policymakers to tackle the challenges of AI adoption and security. The conference will cover topics including securing AI deployments, adversarial attacks, deepfakes, governance frameworks, and data protection, with early regis...

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries 27.05.2026

London-based cybersecurity startup RevEng. AI has secured 15 million dollars in Series A funding, led by the NATO Innovation Fund, bringing its total funding to 19.5 million dollars. The company uses an AI model called BinNet to analyze compiled software at the binary level, hunting for vulnerabilities and backdoors without requiring access to source code. This capability is becoming increasingly...

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites 27.05.2026

AI chatbots are being exploited to direct users to malicious websites that install cryptojacking malware, which secretly uses victims' computer resources to mine cryptocurrency. Security researchers have discovered that attackers are manipulating chatbot recommendations to serve these harmful links, representing a new evolution in how AI systems can be weaponized to distribute malware. This d...

Gitea Vulnerability Exposes Private Container Images without Authentication 27.05.2026

A critical security flaw has been discovered in Gitea, the popular open-source software development platform, that allows attackers to access private container images without any authentication. The vulnerability effectively bypasses security controls, potentially exposing sensitive proprietary code and container configurations to unauthorized users. Organizations using Gitea for container registr...

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees 27.05.2026

Shadow AI—where employees use unauthorized AI tools—is becoming a major security challenge for companies. IT leaders are struggling to balance the need for security controls with keeping workers productive, as banning these tools outright often just drives usage further underground. The solution involves creating clear policies, offering approved AI alternatives, and implementing monitoring system...

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure 27.05.2026

International law enforcement has successfully dismantled the GlassWorm malware infrastructure, which was being used to target software developers in a sophisticated supply chain attack. The operation disrupted a campaign that threatened to compromise developer environments and potentially poison legitimate software with malicious code. Authorities are continuing to investigate the scope of the at...

Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security 27.05.2026

Dark Reading is marking its 20th anniversary by looking at how cybersecurity has evolved from perimeter-focused defenses in 2006 to today's complex, AI-driven security landscape. The shift was driven by major infrastructure changes including cloud computing, mobile devices, and the Internet of Things, which forced security teams to move beyond simple firewalls and antivirus software to addres...

Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands 26.05.2026

Dutch authorities have arrested two men, ages 57 and 39, who allegedly provided bulletproof hosting services to Russian hackers through front companies designed to evade European Union sanctions. The suspects reportedly helped Stark Industries, a sanctioned web hosting provider run by Moldovan nationals, continue operating by transferring its infrastructure to Dutch companies that rented and resol...

Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries 26.05.2026

Lithuanian authorities are investigating a massive data breach involving over 600,000 entries from national real estate and legal entity registers, which was accessed using legitimate login credentials from authorized institutions. Officials suspect a foreign country, likely Russia, orchestrated the breach as part of ongoing hybrid warfare operations against the Baltic nation. The head of Lithuani...

Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available 26.05.2026

SecurityWeek's Threat Detection and Incident Response Summit, which took place on May 20th, is now available for free on-demand viewing for a limited time. The virtual event features sessions from leading security professionals covering critical topics including AI-driven defense, breach response strategies, identity protection, and modern detection techniques to help security teams combat al...

Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images 26.05.2026

DockSec is a new open source security tool that uses AI to help developers actually fix vulnerabilities in Docker images, not just find them. While existing scanners can detect hundreds of vulnerabilities in container images, DockSec runs tools like Trivy and Docker Scout, then uses an LLM to correlate findings, eliminate duplicates, and provide plain-English explanations with exact Dockerfile fix...

Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations 26.05.2026

Anthropic has expanded Claude's enterprise appeal by announcing integrations with 28 major security and compliance platforms, including CrowdStrike, Palo Alto Networks, Microsoft, and Okta. Through the new Claude Compliance API, IT and security teams can now access conversation content and activity logs, allowing them to monitor and govern Claude using the same policies they apply to other wo...

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment 26.05.2026

Hackers exploited a zero-day vulnerability in KnowledgeDeliver, a learning management system widely used in Japan, to deploy web shells and Cobalt Strike backdoors. The flaw, tracked as CVE-2026-5426, stemmed from hardcoded encryption keys in Digital Knowledge deployments that allowed attackers to craft malicious payloads and compromise systems through ViewState deserialization attacks. Google&apo...

Iranian APT Targets Aviation, Software Companies With Updated Tools 26.05.2026

Check Point researchers report that Iranian APT group Nimbus Manticore, linked to Iran's Revolutionary Guard, has updated its tactics to target aviation and software companies in Saudi Arabia, Australia, and increasingly the United States. The group is now using a technique called AppDomain hijacking instead of DLL sideloading, deploying new backdoors like MiniFast through fake job offers and...

185,000 Likely Impacted by 7-Eleven Data Breach 26.05.2026

7-Eleven suffered a data breach in April impacting approximately 185,000 individuals, according to breach notification website HaveIBeenPwned. The attack, which occurred on April 8th and targeted the company's Salesforce systems containing franchise documents, exposed personal information including names, addresses, email addresses, and dates of birth. The notorious extortion group ShinyHunte...

AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security 26.05.2026

AppOmni has launched Marlin AI, an autonomous investigation tool designed to tackle the growing complexity of securing software-as-a-service applications, where misconfiguration remains the primary security vulnerability. Marlin automatically detects suspicious configuration settings across multiple SaaS apps, investigates their severity by analyzing related activities like unusual downloads or IP...

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks 26.05.2026

India's cybersecurity agency CERT-In is now recommending that organizations patch internet-facing vulnerabilities within just 12 hours, a dramatic reduction from previous guidelines. The new urgency stems from the rise of AI-assisted attacks that can discover and exploit security flaws much faster than traditional methods. This marks a significant shift in cybersecurity response times as arti...

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning 26.05.2026

Iranian hackers are using a combination of phishing emails and search engine manipulation to deliver two new malware variants called MiniFast and MiniJunk V2. The attackers are leveraging SEO poisoning techniques to boost malicious websites in search results, tricking users into downloading the malware which can steal sensitive information and establish persistent access to compromised systems. Se...

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You 26.05.2026

MFA prompt bombing, also called "push fatigue," is a cyberattack technique where hackers flood users with repeated multi-factor authentication push notifications until the victim accidentally or deliberately approves one just to stop the alerts. Security experts warn this tactic exploits human psychology and notification fatigue, making even MFA-protected accounts vulnerable when attacke...

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back 26.05.2026

A new webinar from The Hacker News is highlighting the emerging threat of AI-powered DDoS attacks that are becoming increasingly sophisticated and harder to defend against. Experts warn that artificial intelligence is fundamentally reshaping the attack landscape, making traditional defense strategies less effective. The session aims to teach security professionals new techniques for combating thes...

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions 26.05.2026

Microsoft has released security patches for CVE-2026-45659, a remote code execution vulnerability affecting multiple versions of SharePoint Server. The critical flaw allows attackers to potentially execute arbitrary code on vulnerable systems, prompting Microsoft to prioritize fixes across its SharePoint server lineup. System administrators are urged to apply the patches immediately to protect the...

Listen to the Security Stuff podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.