Weekly CYBER NEWS

por Alex

Temporada 2

Bleeding Llama and poisoned water supplies

In this episode, we cover the biggest cybersecurity threats making headlines right now — including the critical “Bleeding Llama” vulnerability impacting Ollama AI servers, a supply-chain attack that turned the official JDownloader site into a malware delivery platform, and alarming breaches at Polish water treatment facilities. We also break down the latest Ivanti zero-day under active exploitation, the Quasar Linux RAT targeting developer credentials and cloud secrets, and the Braintrust breach that may have exposed customer AI provider keys. From AI infrastructure security to real-world OT attacks, this episode explains what defenders, developers, and businesses need to watch closely this week.

T2 · E20

10 may 2026

5:19

Cyber Threat Weekly: Water Plant Hacks, Linux Root Exploits & AI Agent Takeovers

This week on the podcast, we break down the cyberattacks targeting critical infrastructure in Poland, a dangerous new Linux “Dirty Frag” privilege escalation exploit, and the latest Ivanti zero-day already being exploited in the wild. We also cover the Quasar Linux RAT targeting developer credentials for software supply chain attacks, the alleged Trellix source code breach, and a new Claude browser extension vulnerability exposing AI agents to takeover. If you want the biggest cybersecurity stories explained clearly and fast, this episode covers what defenders need to know right now.

T2 · E19

10 may 2026

5:25

Cyber Threat Alert: OpenSSH Backdoor, AI Attacks Rising & Critical Infrastructure Breach

This week in cybersecurity, we break down a 15-year-old OpenSSH flaw enabling stealthy root access, a surge in AI prompt injection attacks, and a breach impacting a major utility technology provider. We also uncover how attackers are exploiting Microsoft Teams for malware delivery and why AI infrastructure vulnerabilities are now weaponized within hours. Stay ahead of evolving cyber threats with insights that matter.Source highlights from SecurityWeek, BleepingComputer, and The Hacker News.

T2 · E18

28 abr 2026

6:01

Cybersecurity Daily: OpenAI Supply Chain Scare, Adobe Zero-Day, Marimo RCE Exploits & APT37 Social Engineering (April 2026)

In today’s Cybersecurity Daily, we break down the most critical cyber threats impacting April 2026. OpenAI revokes its macOS signing certificate after the Axios supply chain compromise exposed risks to software-signing pipelines, highlighting how deeply modern attacks can reach into trusted development workflows. We also cover an actively exploited Adobe Acrobat Reader vulnerability (CVE-2026-34621) that enables remote code execution through malicious PDFs, alongside a rapidly exploited Marimo pre-auth RCE flaw where attackers began harvesting secrets within hours of disclosure. On the threat actor side, we analyze North Korea’s APT37 campaign, using Facebook, Messenger, and Telegram to deliver RokRAT malware through a trojanized PDF viewer—showing how social engineering is evolving into long-term trust-based intrusion. Plus, a CPUID supply chain attack distributing malware via CPU-Z and HWMonitor downloads, reinforcing that even official download sources can no longer be fully trusted. The key takeaway: trust is now the primary attack surface—from code signing to social platforms to software distribution.

T2 · E17

13 abr 2026

5:51

Cybersecurity Alert: GPU Rowhammer Breakthrough, Medusa Ransomware Surge, AI RCE Exploits & Nation-State Attacks (April 2026)

In today’s Cybersecurity Alert, we unpack the most critical threats emerging in April 2026. A groundbreaking GPUBreach attack demonstrates how GPU Rowhammer techniques can escalate into full system compromise even bypassing traditional protections like IOMMU—raising serious concerns for AI infrastructure and cloud environments. We also examine Microsoft’s warning on Storm-1175, a fast-moving threat group deploying Medusa ransomware within hours of exploiting new vulnerabilities across enterprise systems. Meanwhile, attackers are actively targeting the Flowise AI platform with a CVSS 10.0 RCE flaw, exposing thousands of internet-facing instances. On the geopolitical front, we cover an Iran-linked password spraying campaign targeting Microsoft 365 tenants and DPRK actors abusing GitHub as command-and-control infrastructure. Plus, new developments in ransomware attribution as authorities identify key figures behind REvil and GandCrab. The key takeaway: attackers are accelerating faster than patch cycles—leveraging hardware, identity, and AI systems as new attack surfaces.

T2 · E16

8 abr 2026

7:01

Weaponizing human trust to bypass security

In today’s Cybersecurity Daily, we break down the biggest threats shaping April 2026. A coordinated npm supply chain attack involving 36 malicious packages is targeting developers through post-install scripts, exploiting Redis and PostgreSQL to deploy persistent backdoors and steal sensitive data. We also uncover new details behind the Axios npm hack, where attackers used a fake Microsoft Teams error to socially engineer a maintainer and inject malware into widely used packages. Meanwhile, device code phishing attacks have surged over 37x, allowing attackers to hijack sessions and bypass traditional credential-based defenses. Plus, we analyze the European Commission cloud breach, showing how a single compromised AWS key led to multi-entity data exposure, along with critical ShareFile RCE vulnerabilities and stealthy Linux PHP web shell persistence techniques. The key takeaway: modern cyber attacks are shifting from exploits to identity, trust, and automation abuse and defenders must adapt fast.

T2 · E15

5 abr 2026

6:38

Cybersecurity Today: EU Cloud Breach, Axios Supply Chain Attack, React2Shell Exploits & $285M Crypto Hack (April 2026)

In today’s episode of Cybersecurity Today, we break down the most critical cyber threats shaping April 2026. A major European Commission cloud breach linked to a stolen AWS key highlights the cascading impact of supply chain attacks, exposing data across dozens of EU institutions. We also uncover a sophisticated Axios npm supply chain compromise tied to North Korean actors, showing how social engineering is now targeting open-source maintainers at scale. Meanwhile, attackers are actively exploiting the React2Shell vulnerability in Next.js apps, compromising hundreds of systems and harvesting cloud credentials, API keys, and sensitive secrets. Plus, we analyze a $285 million crypto governance takeover, new ShareFile pre-auth RCE vulnerabilities, and SparkCat mobile malware stealing crypto wallet recovery phrases directly from photo galleries. This episode explores a key theme: identity, trust, and human workflows are now the primary attack surface not just code vulnerabilities.

T2 · E14

3 abr 2026

6:12

Cybersecurity Breakdown: Supply Chain Attacks, Chrome Zero-Day, AI Fraud Surge & Mobile Spyware Threats (April 2026)

Stay ahead of today’s rapidly evolving threat landscape in this episode of Cybersecurity Breakdown. We cover major April 2026 cybersecurity developments, including a massive software supply chain attack impacting tools like Trivy, KICS, and LiteLLM, exposing hundreds of thousands of systems and sensitive credentials. We also dive into the latest Google Chrome zero-day vulnerability (CVE-2026-5281) actively exploited in the wild, and why urgent patching is critical for enterprises. On the mobile front, we analyze a WhatsApp spyware campaign using fake iOS apps, highlighting the growing role of social engineering in surveillance operations. Plus, Apple’s response to the DarkSword exploit kit, Cisco’s critical vulnerability patches, and new insights from the World Economic Forum on AI-powered fraud, now a global-scale cyber risk. This episode breaks down what matters most: supply chain security, mobile threats, browser exploits, and AI-driven cybercrime trends—and what security professionals must do next.

T2 · E13

2 abr 2026

5:19

Hackers are hijacking our trusted software

In this episode, we break down the latest cybersecurity threats shaking the digital world—from supply chain compromises like the Axios npm attack to AI-driven fraud becoming a global risk. As attackers increasingly target the very systems we trust package managers, AI platforms, and update channels we explore what this means for organizations and defenders. If trust is the new vulnerability, how do we secure it? Stay ahead with sharp insights into today’s most critical cyber threats.

T2 · E12

1 abr 2026

5:55

Your security tools are now backdoors

A concise daily intelligence report on the latest cyber threats, nation-state activity, and security trends built for defenders, analysts, and tech leaders.

T2 · E11

31 mar 2026

5:15

1 de 5