In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps.

Security researcher Philippe Caturegli discovered a typo in MasterCard’s DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back years, could have been exploited by attackers to redirect users, intercept data, and manipulate services.

The Script Kiddie Trap: In a turn of events that underscores the “no honor among thieves” trope, a threat actor baited low-skilled hackers (script kiddies) with a fake malware builder. Instead of gaining hacking capabilities, they unwittingly installed a backdoor on their own machines, allowing the original attacker to steal their data and take control of their systems.