Mar 7, 2025 | Podcast
https://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments A recent study demonstrates that even in hardened environments with read-only file systems, attackers can exploit file write vulnerabilities in Node.js applications to achieve...
Mar 6, 2025 | Podcast
https://socket.dev/blog/malicious-pypi-package-exploits-deezer-api-for-coordinated-music-piracy A PyPi package named ‘automslc,’ downloaded over 100,000 times since 2019, has been pirating music from the Deezer streaming service using hardcoded...
Mar 5, 2025 | Podcast
https://www.modat.io/post/doors-wide-open-critical-risks-in-ams A widespread security risk has been discovered involving misconfigured and exposed Access Management Systems (AMS) across numerous industries and countries. This exposure has resulted in hundreds of...
Mar 4, 2025 | Podcast
Let’s tackle something more fundamental: how to build security into your organization’s DNA. We’re talking about creating a security culture by design. Because here’s the truth – you can have the best tools, the strongest policies, and the most...
Mar 3, 2025 | Podcast
https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931 A former Disney engineer, Matthew Van Andel, had his life turned upside down after downloading a seemingly harmless AI tool from GitHub. The software, intended for creating AI...
Feb 28, 2025 | Speaking
I just finished a guest lecture at UNSW for a second-year subject. It was fantastic to engage with such curious students, many of whom were eager to learn about the realities of working in cyber security. I hope I’ve inspired some of the next batch of cyber security...
Feb 28, 2025 | Podcast
https://www.bloomberg.com/news/articles/2025-02-21/apple-removes-end-to-end-encryption-feature-from-uk-after-backdoor-order Apple has removed its Advanced Data Protection (ADP) feature, which provides end-to-end encryption for iCloud data, for new users in the United...
Feb 27, 2025 | Podcast
https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails A widespread phishing scam is exploiting PayPal’s “new address” feature to send fraudulent purchase notifications to users, tricking them...
Feb 26, 2025 | Podcast
https://www.protectivesecurity.gov.au/system/files/2025-02/PSPF-Direction-002-2025.pdf The Australian government has banned all Kaspersky Lab products and web services from its systems, citing an “unacceptable security risk” due to potential foreign...
Feb 25, 2025 | Speaking
Yesterday I had the privilege of participating in a panel at the Application Strategy Summit and discussed with fellow panelist Graham Bucknell and Jason Ford on modernising app security to meet the complex demands of today’s application ecosystem and...
