This episode digs into three emerging threats targeting the tools developers and security-conscious users rely on most. We cover a sophisticated npm supply chain attack infiltrating GitHub Actions, a Russian phishing campaign hunting Signal backup keys, and a chilling new exploit that weaponizes AI coding agents through hidden instructions. The common thread? Trust is the new attack surface.
Stories covered:
- Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack (The Hacker News) - https://thehackernews.com/2026/06/miasma-malware-targets-npm-packages-and.html
- FBI: Russian hackers now target Signal backup recovery keys (BleepingComputer) - https://www.bleepingcomputer.com/news/security/fbi-russian-hackers-now-target-signal-backup-recovery-keys/
- Clean GitHub repo tricks AI coding agents into running malware (BleepingComputer) - https://www.bleepingcomputer.com/news/security/clean-github-repo-tricks-ai-coding-agents-into-running-malware/
- Librepods: AirPods liberated (Hacker News) - https://github.com/librepods-org/librepods
- What Western States 100 Training Data Reveals About How to Maintain Performance Late in a Race (Runner's World) - https://www.runnersworld.com/training/a71617479/western-states-training-data/
- What to Do in Houston If You're Here for Business (2026) (Wired) - https://www.wired.com/story/the-wired-guide-to-houston-for-business-travelers/