I have no idea why Riverside.fm (the service we use to record the podcast) has such an audio/video sync problem for the first minute or so of the recording. We’re working on it…

On to the show. Here are the links for this week’s episode:

https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id

https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor

https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics

https://www.securityweek.com/vibe-coding-when-everyones-a-developer-who-secures-the-code

https://www.securityweek.com/inside-the-dark-webs-access-economy-how-hackers-sell-the-keys-to-enterprise-networks