Episodi

  • Episode 88: June 28, 2026

    Episode 88: June 28, 2026
    Jun 28 2026
    This episode covers the quiet but critical signals from a Sunday morning in late June, including a new framework to help companies manage aging open-source projects before they become security nightmares. We dig into a Russian phishing campaign targeting Signal backup keys, an anonymous GitHub account dropping zero-day exploits into the wild, and why even the most secure tools fail when human trust gets weaponized. Stories covered: - New Initiative Tackles Security for End-of-Life Open Source Software (Dark Reading) - https://www.darkreading.com/application-security/initiative-tackles-security-end-of-life-open-source - FBI: Russian hackers now target Signal backup recovery keys (BleepingComputer) - https://www.bleepingcomputer.com/news/security/fbi-russian-hackers-now-target-signal-backup-recovery-keys/ - Anonymous GitHub account mass-dropping undisclosed 0-days (Hacker News) - https://github.com/bikini/exploitarium - Older Runners Have Reshaped College Track and Cross Country. A New Age-Based Rule Could Change That (Runner's World) - https://www.runnersworld.com/news/a71732214/ncaa-eligibility-rule-track-cross-country/ - EFF to Grindr: This Pride Month, Put Safety and Privacy Over Profits (EFF) - https://www.eff.org/deeplinks/2026/06/grindr-put-queer-safety-and-privacy-over-profits - Canadian hacker Aubrey Cottle sentenced to 18 months custody after pleading guilty to cyberattack charges - The Globe and Mail (The Globe and Mail) - https://news.google.com/rss/articles/CBMilAFBVV95cUxOdEh0YlluSk5RT3M4aTZ1U0dMWVFDbUtoZ2lRaEFicE9SQmFaNlR5Uks5SFkwQ0pDazVWc2t6eE9vcGE1N2hSb2hJaVlBSWJMd3RFdHdsSjRuUGFXZDk2aGZpS2U3dkVyX0kycy1OeDcwTmRneFNtekpNdnFOdldaUkxaYWJXbTFNcUJmUE82cV9TNERB?oc=5
    Mostra di più Mostra meno
    6 min
  • Episode 86: June 26, 2026

    Episode 86: June 26, 2026
    Jun 26 2026
    This episode digs into a Cisco SD-WAN zero-day exploit breakdown from Mandiant, a clever macOS malware strain that deceives AI analysis tools with fake error messages, and a former hacker now applying exploit-finding skills to solar energy collection. Adrian North walks through early-morning signals before the noise of the day takes over. Stories covered: - Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access (BleepingComputer) - https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - New macOS malware embeds fake errors to confuse AI analysis tools (BleepingComputer) - https://www.bleepingcomputer.com/news/security/new-macos-malware-embeds-fake-errors-to-confuse-ai-analysis-tools/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - Fifty Years On, New York Honors the Five Who Took the NYC Marathon Out of Central Park (Marathon Handbook) - https://marathonhandbook.com/fifty-years-on-new-york-honors-the-five-who-took-the-nyc-marathon-out-of-central-park/ - An entire Herculaneum scroll has been read for the first time (Hacker News) - https://scrollprize.org/firstscroll - Mother Nature has a Weird and Nasty Way of Welcoming You to the Trail - The Trek (The Trek) - https://news.google.com/rss/articles/CBMiqwFBVV95cUxOR2xiOWV3d2tIMGlaUVc4ODFVcGtoLWt3cElsSkZIMUdIRndzMHRPdG83UVk0bG0tRlNLZllIT3Ftc21FT1Njc3pmUVhDOEtjU29vdU1YRkJzd1pQb3cwZmowbm5sWTF5OWREZmlXUnV2dWNZZXVPQUU3WFpjSE1DQTBZNFpxQkxDZkgtU19TOUhVWDZSb0l2RnJFY3dxYlY2LVdJbkE1UXp1R00?oc=5
    Mostra di più Mostra meno
    6 min
  • Episode 85: June 25, 2026

    Episode 85: June 25, 2026
    Jun 25 2026
    This episode digs into two actively exploited Cisco vulnerabilities that are making waves — including a zero-day that gave attackers root access to SD-WAN devices. We also cover a new website publicly shaming companies that still don't support passkeys, and a reformed hacker with an unexpected new mission. Stories covered: - Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access (BleepingComputer) - https://www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/ - Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - New website names and shames companies that still don’t offer passkeys to users (TechCrunch) - https://techcrunch.com/2026/06/24/new-website-names-and-shames-companies-that-still-dont-offer-passkeys-to-users/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - There’s an IKEA Marathon Happening This Year—and You May Have to Self-Assemble Your Medal (Of Course) (Runner's World) - https://www.runnersworld.com/news/a71679229/ikea-marathon/ - Amateur Hacker Used Claude And OpenAI Agents To Hack 14 Companies - bgr.com (bgr.com) - https://news.google.com/rss/articles/CBMigAFBVV95cUxOUy1rd0FqTk1EcF9qaDNtSjg0OUpLR1ZXWTZlM1hRU2xockRCMTF6U1FMZTFDZEw2UUxJTFlnZUpsVlFsa0tLZkRSUTlMRWJKVjhpNmhKNnVGSkp0Z1pNSlRBRDNrN2NYQ083a1NpeFVIMXVZLTVUSWc5blFZNHlJNg?oc=5
    Mostra di più Mostra meno
    6 min
  • Episode 84: June 24, 2026

    Episode 84: June 24, 2026
    Jun 24 2026
    This episode covers active exploitation of a Cisco Unified Communications flaw, LastPass confirming another breach through stolen OAuth tokens, and a former hacker who pivoted to solar energy. Adrian digs into why supply chain attacks are now the standard playbook and shares a Runner's World tip on avoiding long-run mistakes. Stories covered: - Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/ - LastPass confirms data breach in Klue supply chain attack (BleepingComputer) - https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/ - This former hacker saw the light—and now wants to collect all of it - Ars Technica (Ars Technica) - https://news.google.com/rss/articles/CBMirgFBVV95cUxNcUlQeG1mWTJSeC1MOFEwZjBKUHZxdFZxTnh6ZmN4UUhHMXBlYVd4SjZhRnoxSnpaRXFIUnotQnYzWThKR3pDWlRwZjNWVHRSZjNhN3pBLXFINHdfSWpjQWtkWE5fdjYxT3o3dXVzT0RlSm5oVUZNVVFWQ3JtXzFQZzh2cl8wYWZ0eXBFXzBrNWJFRnVKZVFCNC1BNVBpZ2ZfSlQxZFBYZnZuUXdGOFE?oc=5 - 8 Ways You’re Sabotaging Your Long Runs and How to Make Them Feel Easier (Runner's World) - https://www.runnersworld.com/training/a71682764/long-run-mistakes-runners/ - On Her Own Path: Lotti Brinks and the 2026 Western States 100 (iRunFar) - https://www.irunfar.com/on-her-own-path-lotti-brinks-and-the-2026-western-states-100 - The NO FAKES Act Could Silence Satire, Commentary, And News (EFF) - https://www.eff.org/deeplinks/2026/06/no-fakes-act-could-silence-satire-commentary-and-news
    Mostra di più Mostra meno
    6 min
  • Episode 83: June 23, 2026

    Episode 83: June 23, 2026
    Jun 23 2026
    This episode digs into Canada's unprecedented move to remotely clean malware from citizens' devices without permission, Microsoft's attribution of the Mastra AI supply chain attack to North Korean hackers, and a newly published iPhone exploit that lives in hardware Apple can't patch. We also touch on why your best running mentor is probably the local coach who shows up at dawn, not the influencer with perfect splits. Stories covered: - Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices (The Hacker News) - https://thehackernews.com/2026/06/canadas-spy-agency-used-first-of-its.html - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - Your Best Running Mentor Probably Isn’t Who You Think (Marathon Handbook) - https://marathonhandbook.com/your-best-running-mentor-probably-isnt-who-you-think/ - A newbie hacker used "vague, low-skill prompts" in Claude and Codex to breach 14 companies, and the AI Agents did all the legwork - TechRadar (TechRadar) - https://news.google.com/rss/articles/CBMi9wFBVV95cUxQN3dzMmhNd3Y5TzN6OGxsVEI0TEZnZTN2aFY1QkJ2NDZMZWhRZl9EWmI3TjN3RVE1WmlKRWxBd2VBRE9xVHg2VGdEdFJfZmhZTE9xdUxOT2Jid1NRQVQ2RkdlU19PcUJBSFVXVURtWE1fZ1RpVUxjNU93bWdiRjVtdElITDJPRkptcHVmcnQ0Z0k3NDNLMWRJWGV0UlNSN3NVejJoN0NBUldXQzQwOWZRY1RSWk93NkRDLXNQeUlhLTQwOUljR0oyejYtTXhmS2xHT1BNc1hpbHNoZ0hEY1VPLXVEczNUMlRuSGRPTmpsZDZnQjVoNm5r?oc=5 - Linux and Secure Boot certificate expiration (2025) (Hacker News) - https://lwn.net/Articles/1029767/
    Mostra di più Mostra meno
    5 min
  • Episode 82: June 22, 2026

    Episode 82: June 22, 2026
    Jun 22 2026
    This episode digs into a CISA deadline for a critical Splunk vulnerability that's already being exploited in the wild, a North Korean supply chain attack that poisoned over 140 npm packages, and how a junior hacker used legitimate tools like Tailscale to maintain persistence after losing his primary command server. Adrian breaks down six stories that show how attackers are leveraging trust, timing, and creative tradecraft to stay ahead. Stories covered: - CISA: Splunk Enterprise flaw actively exploited, patch by Sunday (BleepingComputer) - https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/ - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMie0FVX3lxTFBNOXBPUEVoeE5CZl82WmNsVTRUMGY0LVJlMXMxZ3NJYnNuV1Y0MlFRY2pReHl1b2UwWVVENTRBeURnVlFpRmh0eEFzNEJUYkNNZ2IyNlRGOFRsMWJ0aTk1aFhfQURpb2ptVlh2N0hnYktPb2dwNGVMTWNZQQ?oc=5 - I Hated Running in the Heat. This Training Switch Led Me to Love It—and Faster Times (Runner's World) - https://www.runnersworld.com/training/a71631076/benefits-track-workouts-in-heat/ - Catching Up With Jimmy Chin: Training for Everest, Time, and His Next Big Project (Climbing Magazine) - https://www.climbing.com/culture-climbing/catching-up-with-jimmy-chin-training-for-everest-time-and-his-next-big-project/ - A bold satellite rescue mission came together in record time, but will it work? (Ars Technica) - https://arstechnica.com/space/2026/06/a-bold-satellite-rescue-mission-came-together-in-record-time-but-will-it-work/
    Mostra di più Mostra meno
    6 min
  • Episode 81: June 21, 2026

    Episode 81: June 21, 2026
    Jun 21 2026
    On today's Signal Check, Adrian digs into a North Korean supply chain attack that poisoned over 140 npm packages, an unpatchable iPhone exploit targeting Apple's SecureROM, and a scrappy hacker who kept his operation alive using Tailscale and SSH after losing his C2 server. Plus, millions in Brazil received a mysterious unauthorized emergency alert that nobody can quite explain yet. Stories covered: - Microsoft links Mastra AI supply chain attack to North Korean hackers (BleepingComputer) - https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline - The Hacker News (The Hacker News) - https://news.google.com/rss/articles/CBMie0FVX3lxTFBNOXBPUEVoeE5CZl82WmNsVTRUMGY0LVJlMXMxZ3NJYnNuV1Y0MlFRY2pReHl1b2UwWVVENTRBeURnVlFpRmh0eEFzNEJUYkNNZ2IyNlRGOFRsMWJ0aTk1aFhfQURpb2ptVlh2N0hnYktPb2dwNGVMTWNZQQ?oc=5 - Unauthorized alert sent to cell phones across Brazil (Hacker News) - https://www.cnn.com/2026/06/20/americas/brazil-hackers-unauthorized-alert-latam - What 50,000 Runners And 76 Studies Teach Us About Racing The NYC Marathon Smarter (Marathon Handbook) - https://marathonhandbook.com/what-50000-runners-and-76-studies-teach-us-about-racing-the-nyc-marathon-smarter/ - The Free and Open Web Is Under Attack at the IETF (EFF) - https://www.eff.org/deeplinks/2026/06/free-and-open-web-under-attack-ietf
    Mostra di più Mostra meno
    7 min
  • Episode 80: June 20, 2026

    Episode 80: June 20, 2026
    Jun 20 2026
    This episode covers critical security patches for NGINX that can't wait until Monday, a messy OAuth breach at Klue that gave hackers direct access to Salesforce data, and an unpatchable exploit in millions of older iPhones that Apple can't fix with software. Adrian walks through what moved overnight and why it matters before the weekend noise kicks in. Stories covered: - F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution (The Hacker News) - https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html - Klue OAuth breach victim list grows as Icarus hackers claim attack (BleepingComputer) - https://www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/ - Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (The Hacker News) - https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html - I Faded During My First Two Races. This Simple Workout Helped Me Finish the Next One Strong—and Set a PR. (Runner's World) - https://www.runnersworld.com/training/a71631335/fartlek-training-race-stronger/ - A bold satellite rescue mission came together in record time, but will it work? (Ars Technica) - https://arstechnica.com/space/2026/06/a-bold-satellite-rescue-mission-came-together-in-record-time-but-will-it-work/ - The Free and Open Web Is Under Attack at the IETF (EFF) - https://www.eff.org/deeplinks/2026/06/free-and-open-web-under-attack-ietf
    Mostra di più Mostra meno
    6 min