This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsquatting"—that can compromise software supply chains when developers unwittingly install them. Dave’s story is on Cisco Talos uncovering a widespread toll road smishing campaign across multiple U.S. states, where financially motivated threat actors—using a smishing kit developed by “Wang Duo Yu”—impersonate toll services to steal victims' personal and payment information through spoofed domains and phishing sites. Maria's got the story of how scammers are using fake banking apps to fool sellers with phony payment screens—and walking away with thousands in goods. Our catch of the day comes from listener John who writes in to share a suspicious text message he received.

Resources and links to stories:

Have a Catch of the Day you'd like to share? Email it to us at [email protected].