Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html

https://www.tenable.com/blog/key-findings-from-the-verizon-dbir-2026

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

https://www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/

https://www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/

https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/

https://thehackernews.com/2026/05/developer-workstations-are-now-part-of.html

https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html

https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799

https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.bleepingcomputer.com/news/security/instructure-reaches-agreement-with-shinyhunters-to-stop-data-leak/

https://www.theregister.com/security/2026/05/06/1-in-8-workers-say-selling-company-logins-is-justifiable/5231104

https://www.theregister.com/security/2026/05/02/ai-digs-up-decades-of-code-debt-patch-up/5219734

https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111

https://www.securityweek.com/cyber-insurance-data-gives-cisos-new-ammo-for-budget-talks/

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.darkreading.com/cloud-security/csa-cisos-prepare-post-mythos-exploit-storm

https://www.csoonline.com/article/4159292/insurance-carriers-quietly-back-away-from-covering-ai-outputs.html

https://www.livescience.com/technology/artificial-intelligence/hackers-used-ai-to-steal-hundreds-of-millions-of-mexican-government-and-private-citizen-records-in-one-of-the-largest-cybersecurity-breaches-ever

https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/

https://cybermagazine.com/news/how-cybercriminals-breached-gta-maker-rockstar

Please consider supporting the DefSec podcast here.

Links to this week’s stories:

https://www.darkreading.com/threat-intelligence/axios-attack-complex-social-engineering-industrialized

https://www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/

https://www.bleepingcomputer.com/news/security/google-new-unc6783-hackers-steal-corporate-zendesk-support-tickets/

https://www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues

https://www.businessinsider.com/mercor-lawsuits-data-breach-2026-4