Sign up to save your podcasts
Or
Share Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages
00:00 Intro
02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
26:24 Fake OpenAI MCP Integration
32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
36:03 Destructive malware available in NPM repo went unnoticed for 2 years
48:10 Sam & Jony introduce io
58:23 Discussion: how risky are local admin rights?
Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
In May 2025, an international coalition led by Microsoft, the U.S. Department of Justice, Europol, and Japan's Cybercrime Control Center dismantled the Lumma Stealer malware operation.
https://www.wired.com/story/lumma-stealer-takedown-disrupted/
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
Hackers bribed overseas Coinbase customer support agents to steal sensitive user data, leading to a breach prompting a $20M ransom, which Coinbase refused, instead offering a $20M bounty for information leading to the attackers' arrest.
https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html
Fake OpenAI MCP Integration
A fake OpenAI MCP integration was found by a security researcher, showing the importance of security in emerging technologies.
https://www.linkedin.com/feed/update/urn:li:activity:7331118878384615424/
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Three malicious npm packages targeting macOS users of the AI-powered code editor Cursor have infected over 3,200 developers by harvesting credentials.
https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html
Destructive malware available in NPM repo went unnoticed for 2 years
A destructive malware campaign infiltrated the npm ecosystem for over two years, with malicious packages disguised as legitimate tools targeting popular JavaScript frameworks.
https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/
Sam & Jony introduce io
OpenAI has announced the acquisition of Jony Ive's AI hardware startup, io.
https://openai.com/sam-and-jony/
Hosts:
- Jerry Perullo (Founder, https://adversarial.com/)
- Sounil Yu (Founder, https://www.knostic.ai/)
- Mario Duarte (Founder, stealth startup)
Producer: Tillson Galloway (https://tillsongalloway.com)
View all episodes
By Jerry Perullo, Sounil Yu, Mario Duarte
5
2222 ratings
00:00 Intro
02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
26:24 Fake OpenAI MCP Integration
32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
36:03 Destructive malware available in NPM repo went unnoticed for 2 years
48:10 Sam & Jony introduce io
58:23 Discussion: how risky are local admin rights?
Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
In May 2025, an international coalition led by Microsoft, the U.S. Department of Justice, Europol, and Japan's Cybercrime Control Center dismantled the Lumma Stealer malware operation.
https://www.wired.com/story/lumma-stealer-takedown-disrupted/
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
Hackers bribed overseas Coinbase customer support agents to steal sensitive user data, leading to a breach prompting a $20M ransom, which Coinbase refused, instead offering a $20M bounty for information leading to the attackers' arrest.
https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html
Fake OpenAI MCP Integration
A fake OpenAI MCP integration was found by a security researcher, showing the importance of security in emerging technologies.
https://www.linkedin.com/feed/update/urn:li:activity:7331118878384615424/
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Three malicious npm packages targeting macOS users of the AI-powered code editor Cursor have infected over 3,200 developers by harvesting credentials.
https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html
Destructive malware available in NPM repo went unnoticed for 2 years
A destructive malware campaign infiltrated the npm ecosystem for over two years, with malicious packages disguised as legitimate tools targeting popular JavaScript frameworks.
https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/
Sam & Jony introduce io
OpenAI has announced the acquisition of Jony Ive's AI hardware startup, io.
https://openai.com/sam-and-jony/
Hosts:
- Jerry Perullo (Founder, https://adversarial.com/)
- Sounil Yu (Founder, https://www.knostic.ai/)
- Mario Duarte (Founder, stealth startup)
Producer: Tillson Galloway (https://tillsongalloway.com)
More shows like The Adversarial Podcast
View all
Acquired
4,283 Listeners
Odd Lots
1,866 Listeners
Decoder with Nilay Patel
3,146 Listeners
Risky Business
374 Listeners
CyberWire Daily
1,016 Listeners
Click Here
416 Listeners
Darknet Diaries
8,000 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Your Undivided Attention
1,565 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,475 Listeners
The Big Take
156 Listeners
Prof G Markets
1,325 Listeners