Sign up to save your podcasts
Or
Share Adversarial Podcast S4E08 – Shai-Hulud worm strikes again, critical React vuln, CrowdStrike insider threat
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Adversarial Podcast S4E08 – Shai-Hulud worm strikes again, critical React vuln, CrowdStrike insider threat
00:00 Intro
02:33 Shai Hulud 2.0
17:12 Max severity React vulnerability
29:23 CrowdStrike catches insider feeding information to hackers
46:24 Anthropic disruptes AI-orchestrated cyber campaign
52:35 Uncertain economy takes effect on cyber teams
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact
Researchers report that Shai-Hulud 2.0 is an ongoing npm supply-chain worm that has compromised hundreds of packages and tens of thousands of GitHub repositories and siphoned secrets through CI/CD pipelines.
Critical React Server Components Vulnerability CVE-2025-55182
React vulnerability React Server Components (RSC) — tracked as CVE-2025-55182 — is a critical (CVSS 10.0) flaw that allows unauthenticated attackers to execute arbitrary code on servers just by sending a crafted HTTP request to vulnerable packages.
CrowdStrike catches insider feeding information to hackers
CrowdStrike caught an insider who had secretly shared screenshots of internal systems with hackers linked to Scattered Lapsus$ Hunters — though the company says no breach of its infrastructure occurred and no customer data was compromised.
Comcast's 2025 Cybersecurity Threat Report
Comcast Business’s 2025 Cybersecurity Threat Report finds that over the 12-month period ending May 31, 2025 the company recorded 34.6 billion cyber events — including 4.7 billion phishing attempts, 9.7 billion “drive-by” compromise attacks, 44,000 DDoS attacks, and 19.5 billion resource-development activities.
Disrupting the first reported AI-orchestrated cyber espionage campaign
Anthropic reports disrupting what it assesses to be the first large-scale, AI-orchestrated cyber espionage campaign, in which a Chinese state-linked group jailbroke Claude Code to autonomously conduct reconnaissance, exploit vulnerabilities, and exfiltrate data across dozens of global targets with minimal human involvement.
Uncertain Economy Takes Toll on Cybersecurity Teams
Economic uncertainty has hit corporate cyber operations: Artico Search and IANS Research report that cybersecurity budgets rose just 4% in 2025 (a five-year low), hiring growth slowed to 7% (down from 12% in 2024), and many security-teams are grappling with tighter budgets, fewer hires, and slower wage growth.
Hosts:
Jerry Perullo (Founder, https://adversarial.com/)
Sounil Yu (Founder, https://www.knostic.ai/)
Mario Duarte (Founder, stealth startup)
Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
View all episodes
By Jerry Perullo, Sounil Yu, Mario Duarte
5
2222 ratings
00:00 Intro
02:33 Shai Hulud 2.0
17:12 Max severity React vulnerability
29:23 CrowdStrike catches insider feeding information to hackers
46:24 Anthropic disruptes AI-orchestrated cyber campaign
52:35 Uncertain economy takes effect on cyber teams
Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact
Researchers report that Shai-Hulud 2.0 is an ongoing npm supply-chain worm that has compromised hundreds of packages and tens of thousands of GitHub repositories and siphoned secrets through CI/CD pipelines.
Critical React Server Components Vulnerability CVE-2025-55182
React vulnerability React Server Components (RSC) — tracked as CVE-2025-55182 — is a critical (CVSS 10.0) flaw that allows unauthenticated attackers to execute arbitrary code on servers just by sending a crafted HTTP request to vulnerable packages.
CrowdStrike catches insider feeding information to hackers
CrowdStrike caught an insider who had secretly shared screenshots of internal systems with hackers linked to Scattered Lapsus$ Hunters — though the company says no breach of its infrastructure occurred and no customer data was compromised.
Comcast's 2025 Cybersecurity Threat Report
Comcast Business’s 2025 Cybersecurity Threat Report finds that over the 12-month period ending May 31, 2025 the company recorded 34.6 billion cyber events — including 4.7 billion phishing attempts, 9.7 billion “drive-by” compromise attacks, 44,000 DDoS attacks, and 19.5 billion resource-development activities.
Disrupting the first reported AI-orchestrated cyber espionage campaign
Anthropic reports disrupting what it assesses to be the first large-scale, AI-orchestrated cyber espionage campaign, in which a Chinese state-linked group jailbroke Claude Code to autonomously conduct reconnaissance, exploit vulnerabilities, and exfiltrate data across dozens of global targets with minimal human involvement.
Uncertain Economy Takes Toll on Cybersecurity Teams
Economic uncertainty has hit corporate cyber operations: Artico Search and IANS Research report that cybersecurity budgets rose just 4% in 2025 (a five-year low), hiring growth slowed to 7% (down from 12% in 2024), and many security-teams are grappling with tighter budgets, fewer hires, and slower wage growth.
Hosts:
Jerry Perullo (Founder, https://adversarial.com/)
Sounil Yu (Founder, https://www.knostic.ai/)
Mario Duarte (Founder, stealth startup)
Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
More shows like The Adversarial Podcast
View all
Acquired
4,610 Listeners
Odd Lots
1,948 Listeners
Decoder with Nilay Patel
3,156 Listeners
Risky Business
374 Listeners
CyberWire Daily
1,022 Listeners
Click Here
418 Listeners
Darknet Diaries
8,045 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Your Undivided Attention
1,599 Listeners
Cyber Security Headlines
137 Listeners
Hard Fork
5,529 Listeners
The Big Take
157 Listeners
Prof G Markets
1,413 Listeners