
Sign up to save your podcasts
Or


Story 1: Developer Supply Chains Under Sustained Assault
* OX Security — TeamPCP / GitHub breach
* StepSecurity — Nx Console VS Code extension
* GitHub Security Blog — Investigating unauthorised access
* SafeDep — Megalodon mass GitHub repo backdooring
* StepSecurity — Megalodon CI/CD secrets exfiltration
* Aikido Security — Laravel-Lang supply chain attack
* Snyk — Laravel-Lang supply chain advisory
* The Hacker News — Packagist supply chain attack
* Socket — TrapDoor cross-ecosystem campaign
Story 2: Kali365 — FBI Warns of oh-auth Token Theft Platform
* FBI IC3 Public Service Announcement
* Arctic Wolf — Kali365 token and session theft
* The Record — FBI warns of Kali365
* Microsoft — Protect against consent phishing
* Microsoft — Configure user consent
* Microsoft — Block device-code flow with Conditional Access
Story 3: A Zombie Account Hands Over the Water Supply
* The Register — Zombie user account let hackers control the city’s water
Honourable Mentions
* Check Point Research — Nimbus Manticore operations during the Iranian conflict
* Microsoft Security Blog — Fox Tempest malware-signing service
* Malwarebytes — NYC Health + Hospitals breach
* Aikido Security — Google API key 23-minute deletion window
* MSRC — Microsoft Defender CVE-2026-41091
* Dark Reading — Microsoft Exchange OWA zero-day
By The Defensive LineStory 1: Developer Supply Chains Under Sustained Assault
* OX Security — TeamPCP / GitHub breach
* StepSecurity — Nx Console VS Code extension
* GitHub Security Blog — Investigating unauthorised access
* SafeDep — Megalodon mass GitHub repo backdooring
* StepSecurity — Megalodon CI/CD secrets exfiltration
* Aikido Security — Laravel-Lang supply chain attack
* Snyk — Laravel-Lang supply chain advisory
* The Hacker News — Packagist supply chain attack
* Socket — TrapDoor cross-ecosystem campaign
Story 2: Kali365 — FBI Warns of oh-auth Token Theft Platform
* FBI IC3 Public Service Announcement
* Arctic Wolf — Kali365 token and session theft
* The Record — FBI warns of Kali365
* Microsoft — Protect against consent phishing
* Microsoft — Configure user consent
* Microsoft — Block device-code flow with Conditional Access
Story 3: A Zombie Account Hands Over the Water Supply
* The Register — Zombie user account let hackers control the city’s water
Honourable Mentions
* Check Point Research — Nimbus Manticore operations during the Iranian conflict
* Microsoft Security Blog — Fox Tempest malware-signing service
* Malwarebytes — NYC Health + Hospitals breach
* Aikido Security — Google API key 23-minute deletion window
* MSRC — Microsoft Defender CVE-2026-41091
* Dark Reading — Microsoft Exchange OWA zero-day