Nov 21, 2025 | Podcast
https://socket.dev/blog/npm-malware-campaign-uses-adspect-cloaking-to-deliver-malicious-redirects Researchers have uncovered a concerning trend of malicious NPM packages that are abusing the Adspect cloud-based service to bypass security measures and lead unsuspecting...
Nov 20, 2025 | Podcast
https://www.itnews.com.au/news/optus-takes-826000-hit-for-anti-scam-breaches-621882 In a significant blow to Australia’s second-largest telecommunications provider, Optus has been slapped with an $826,000 fine by the Australian Communications and Media Authority...
Nov 19, 2025 | Speaking
Did a keynote presentation at the Sydney AI Security Summit where I spoke about Lessons from the software supply chain and what they teach us about securing AI. Just as we don’t assume that open source components are always safe, we shouldn’t also assume...
Nov 19, 2025 | Podcast
https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422 Microsoft’s Azure cloud platform has been the target of a record-breaking distributed denial-of-service (DDoS)...
Nov 18, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/w3-total-cache-wordpress-plugin-vulnerable-to-php-command-injection A critical security flaw has been identified in the popular W3 Total Cache (W3TC) WordPress plugin, which could allow unauthenticated attackers to...
Nov 17, 2025 | Podcast
https://github.com/sbaresearch/whatsapp-census/blob/main/Hey_there_You_are_using_WhatsApp.pdf A recently disclosed vulnerability in the popular messaging app WhatsApp has raised significant security concerns, as it allows attackers to potentially access the phone...
Nov 14, 2025 | Podcast
https://aivss.owasp.org The Open Web Application Security Project (OWASP) has introduced the AI Vulnerability Scoring System (AIVSS), a framework designed to assess the security risks associated with artificial intelligence-powered technologies. The AIVSS aims to...
Nov 13, 2025 | Podcast
https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Security researchers have uncovered a concerning series of malicious NuGet packages that contain harmful code designed to disrupt and sabotage various applications and...
Nov 12, 2025 | Podcast
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2025/wochenrueckblick_44.html The Swiss National Cyber Security Centre (NCSC) is alerting iPhone users to a concerning phishing scam that aims to steal their Apple ID credentials by falsely claiming to have found...
Nov 11, 2025 | Podcast
https://www.wiz.io/vulnerability-database/cve/cve-2025-31133 Researchers have disclosed three critical vulnerabilities in the runC container runtime, a core component of Docker and Kubernetes, that could allow attackers to break out of the container environment and...
